Retail Anti-Fraud System in Practice: End-to-End Architecture from Anomaly Detection to Graph Neural Networks

This project presents a complete end-to-end anti-fraud system for retail, integrating anomaly detection, XGBoost, and Graph Neural Networks (GNN). It covers full engineering practices using Python, FastAPI, and MLflow, addressing real-time data processing, model accuracy, and system maintainability. The system provides multi-layered fraud protection, from unsupervised anomaly detection to GNN-based团伙 fraud identification.

In the digital retail era, fraud has evolved from simple credit card theft to complex network attacks. Traditional rule engines struggle to adapt to rapidly changing fraud methods. Machine learning systems can learn subtle patterns from historical data to identify anomalies that are hard for humans to detect. This project aims to build a production-grade system to tackle these challenges.

The system uses a modular architecture to solve three core issues: real-time data processing, model accuracy, and maintainability. Data Layer: Features include behavioral (purchase frequency, avg order amount), transactional (amount, payment method, address match), temporal (late-night transactions, holiday anomalies), and network (device fingerprint, IP) signals. Model Layer: Three-tier strategy:

1. Unsupervised anomaly detection (Isolation Forest/One-Class SVM) as first line of defense for unknown fraud.
2. XGBoost as core classifier for labeled data, capturing non-linear feature interactions.
3. GNN to model relational networks (e.g., shared devices/IPs) for团伙 fraud detection.

Traditional ML treats transactions as independent, ignoring relationships which are critical for fraud detection (e.g., shared devices, similar addresses). GNN handles such structural data well. Graph Construction: Nodes (users, devices, IPs, addresses), edges (user-device, user-IP, order-address), node/edge features (user registration time, address similarity). Model Choice: GraphSAGE is preferred for inductive learning, generalizing to new nodes (new users/devices) without retraining.

FastAPI Deployment: High-performance async API for real-time fraud detection, optimized for low latency (millisecond-level decisions). Supports single/batch predictions and A/B testing. MLflow Management: Tracks experiments (parameters, metrics), manages model versions (rollback support), maintains a model registry (dev/test/prod environments), and simplifies model serving as REST APIs.

Technical Metrics: Address class imbalance with Precision@K (true fraud in top K suspicious transactions), Recall (captured fraud ratio), AUC-ROC (discrimination ability), AUC-PR (more informative for imbalance). Business Metrics: Fraud loss reduction vs rule engines, false positive cost (customer churn,客服 cost), improved manual review efficiency.

Model Drift Detection: Monitor data drift (feature distribution changes), concept drift (feature-label relationship changes), and performance decay. Adversarial Defense: Feature混淆 (add adversarial perturbations), model integration (heterogeneous model voting), behavior biometrics (mouse轨迹, typing rhythm) to enhance robustness.

For teams building anti-fraud systems:

1. Start simple: Baseline rule-based system first, then add ML.
2. Prioritize data quality: Invest in annotation and cleaning.
3. Balance detection and user experience: Avoid over-strict rules.
4. Build feedback loop: Incorporate manual review results into model training.
5. Focus on interpretability: Explain rejection reasons to customers and support teams.