Welcome to Understanding Link Analysis. The purpose of my site is to discuss the methods behind leveraging visual analytics to discover answers and patterns buried within data sets.

Visual analytics provides a proactive response to threats and risks by holistically examining information. As opposed to traditional data mining, by visualizing information, patterns of activity that run contrary to normal activity surface within very few occurances.

We can dive into thousands of insurance fraud claims to discover clusters of interrelated parties involved in a staged accident ring.

We can examine months of burglary reports to find a pattern leading back to a suspect.

With the new generation of visualization software our team is developing, we can dive into massive data sets and visually find new trends, patterns and threats that would take hours or days using conventional data mining.

The eye processes information much more rapidly when information is presented as images, this has been true since children started learning to read. As our instinct develops over time so does our ability to process complex concepts through visual identification. This is the power of visual analysis that I focus on in my site.

All information and data used in articles on this site is randomly generated with no relation to actual individuals or companies.

Using Visual Analysis to Detect Fraud in Remittance Transactions

Companies engaged in international cash remittance face numerous fraud and compliance challenges within the transaction flow. There are additional challenges faced in the remittance industry as these transactions move from in-person to eCommerce based where organized fraud rings and those engaged in AML activities can be more difficult to parse.

Online remittance transactions pose a number of risks to the company including card not present fraud, regulatory compliance issues surrounding individuals creating multiple accounts to circumvent sending limits, KYC issues and the wide variety of Anti-Money Laundering (AML) activities associated with illegal transfer of funds.

In this article I would like to discuss ways of leveraging visual analytics to detect patterns in online remittance fraud and compliance issues. Protecting and ensuring the integrity of online cash remittance transactions is a layered approach starting with fraud and compliance scoring. Fraud and compliance models, however, need to keep up with emerging and ever changing fraud and compliance trends. To address this issue, we are going to leverage visual analytics to quickly detect these emerging trends to provide timely scoring rule updates to penetrate and decision transactions.

Know Your Data

The first step in establishing effective proactive visual analytics is to know the data which is being captured in the transaction flow and how each entity in that data potentially relates or links to other activity which has occurred.

While online remittance transactions lack the identification details present in face to face transactions, in a lot of way, online transactions leave a great fingerprint of electronic discovery which should be leveraged to discover relationships between transactions.

It is also important to identify which attributes in the online transaction must be valid in order for fraud or compliance rule violations to take place. While a great deal of information in online remittance transactions can be faked, there a certain key pieces of information which must be accurate in order for the crime or violation to succeed. Using those pieces of information as your distinct identifiers for your entities in visual analytics will ensure greater accuracy in identifying potential trends or clusters of interrelated transactions, accounts and recipients.

Building Your Entities

Once the data that is going to be used for analysis has been identified, the next step is assigning that data or combination of data points to our visual entities. Lets begin with what is most often captured during online remittance transactions:

  • Sender information including names, date of birth, address, email and phone
  • Funding source information such as credit card and bank account numbers
  • Recipient information such as name, address, phone and email address
  • Recipient disbursement information such as bank account numbers, cash pickup locations, identification presented and agent names.
  • eCommerce information such as IP addresses, cookie information or device ID fingerprinting information.
All of the data contained in these five categories come together to form the infrastructure for visual analytics. As you can see, its a great deal of information that is being captured and even in sophisticated fraud schemes, the more data left behind, the greater the possibility of the attributes being reused over time.

As organized fraud and money laundering rings count on velocity of transactions and accounts to commit their activities, the greater the probability that attributes being captured in the transactions flow will be re-utilized over time leading to clusters of interrelated activity.

Building the Visualization

We clearly have a hierarchy to the data that is being captured in the remittance process. At the top of the data hierarchy we have the sender account. Attributes such as address, phone, email, IP, device and funding sources all relate to the sender. For the first section of our visualization we are going to set up our schema to reflect that first level hierarchy.

From the picture above you can see we have associated our phone, device ID, address, transfer, bank account, credit card account and email with the sender entity. Now that the sender hierarchy has been established we need to compose the recipient's hierarchy.

From the picture above you can see we have associated the recipient entity with the recipient bank account, ID, phone, email address and the transaction. As the transaction is associated with the sender and recipient, that is our linking entity between both the sender and the recipient in the remittance transaction.

Once we join the recipient entity and the recipient's associated attributes with the sender entity and the sender's associated attributes we are able to compile a complete visualization of the remittance activity between the sender and the recipient.

This visualization template forms the structure for utilizing visual analytics to discover potential fraud and compliance issues in the transaction flow.

Know the Good from the Bad and the Ugly

The key to any kind of analysis is to know the footprint left behind on good transactional activity. Like a pickpocket in a crowd, if you understand the behavior of the crowd it is easy to spot the pickpocket. The many of the crowd are behaving in a particular pattern, completely contrary to the pickpocket as the he has a different objective then the crowd does.

The same principal applies to online remittance transaction. Good remittance activity all follows a similar pattern, there is a sender who is associated with an address, phone, email address, cookie, device and payment instrument. Occasionally the sender may move or change his email address but for the most part in good activity we know the sender's attributes shouldn't be associated with other accounts.

Likewise with the recipient, a good sender may send to two or three different people on a regular basis over time. That recipient generally is only associated with that sender, or in some cases if a family is all sending to the same recipient, two or three senders. That recipient's phone number, address, email address, ID or bank account shouldn't be linked to multiple recipients in good transactions.

By knowing what good activity looks like, it makes it easy to spot signs of problematic transaction activity. Just like the pickpocket in the crowd, by identifying what my good transactional flow looks like in a visualization (above), I am going to be able to quickly identify a bad pattern that I need to focus on.

Leveraging Visual Analysis to Find The Problem

As in most types of financial analysis, the more associations between accounts, senders and recipients, the higher the probability of fraud or compliance issues. The higher number of relationships between the entities in the transaction flow, the higher the probability. This is what allows us to leverage visual analytics to look at thousands of transactions simultaneously and quickly identify those which have the highest probability of fraud or compliance issues, something that wouldn't be possible through data mining.

Lets start the analysis, as a Fraud and Compliance Analyst, I want to examine all the transactions which have occurred at my company over the past 24 hours. I start by creating a query in my visualization tool that will pull in all sender entities who have transacted since yesterday when I left work.

My results look pretty daunting although keep in mind I am looking for the pickpocket in the crowd so based on my visualization as I start the expansion process I am not going to be focusing on the good behavior or clusters, only the bad.

Visual analytics is based on levels of relationships between entities. In our analysis I am trying to find indications of multiple relationships between my senders and my recipients which are indicative of fraud or compliance issues. On my initial query I brought in all sender accounts who transacted in the last 24 hours, now I need to begin the process of expansion or finding the entities linked to my sender.

The first level of expansion is going to bring back those entities in my visualization which are directly linked to the sender. Remember from the architecture that we set up, the sender is linked to the sender's address, phone, email address, bank account, cookie and device ID. On my first expansion that is what I am going to get back.

Now I need to bring in the recipients who are linked to those transactions. The next expansion level is going to bring in the 2nd level of entities associated with the sender which includes the recipient along with any sender which is associated with any attribute my initial sender is using (linked senders).

Now I am at my second level of expansion and have all linked sender's and unique recipients. To discover bad interrelationships between senders and recipients (clusters), I need one further expansion level in order to link recipients together by their attributes and also visualized by linked senders. My next expansion level returns this information.

Now my analysis is starting to take shape. From the picture above you can see I have several clusters of interrelated transactions, senders and recipients which I am going to want to investigate for potential fraud and compliance issues. Lets start with the largest

From this cluster I have already identified a potential issue. I have four separate accounts which are all being accessed by one account holder ID. As I know from experience and from my visualization, good transaction flows never has this behavior. By leveraging visual analytics I was able to visualize over 2300 transactions over the past 24 hours and pinpoint a potential fraud issue in minutes.

From the information I learn about this activity I can leverage social networking analysis to determine which attribute in the activity needs to be integrated into my fraud and compliance rule set to disrupt the organized fraud activity.

This was a fraud specific example, but I can leverage my visual analysis of transactions to additionally detect compliance related issues. For example, I can quickly spot multiple sender accounts in different names all associated with the same address or phone number. I can find multiple recipients with different names all utilizing the same deposit account or identification card.


Visual analytics is an important part of a layered prevention approach to fraud and compliance discovery. By incorporating both fraud and compliance modeling to prevent problematic transactions from surfacing in line, and visual analytics to discover new emerging patterns or changes in known fraud and compliance patterns, I can quickly update the fraud and compliance rule engine with higher quality rule sets increasing penetration and decreasing false positives or customer friction.

The tool used in my example for visual analytics was i2 Analyst Notebook and iBase. This is an exceptional tool for visual analysis but keep in mind that regardless of the tool, the importance is on utilizing visual analysis as a principal and a complete understanding of the analyst to detect and understand the patterns shown.