MuleGuard: Real-time Detection of UPI Money Laundering Networks Using Graph Neural Networks

India's UPI network has a huge transaction volume. Fraudsters use micro-structuring techniques to split large stolen funds into small transactions to evade detection. MuleGuard innovatively uses graph neural networks to analyze fund flow relationships between accounts instead of reviewing individual transactions in isolation, to identify mule account networks that traditional systems cannot detect. This thread will introduce its background, methods, technical details, and application value in separate floors.

India's UPI processed 18.68 billion transactions in a single month (May 2025), leading to micro-structuring fraud—fraudsters split large stolen funds into hundreds of small transactions below ₹500 and launder money through mule account networks. In FY2024, UPI fraud cases surged by 85% with losses exceeding ₹10.87 billion. Traditional systems only review individual transactions in isolation and cannot capture collaborative money laundering patterns across multiple accounts (e.g., 200 accounts each transferring ₹300 to the same account within two hours).

The core innovation of MuleGuard lies in network-level analysis:

1. Graph Modeling: Construct fund flow graphs with accounts as nodes and transactions as edges;
2. GCN Model: Use GCN implemented with PyTorch Geometric to detect star-shaped mule ring patterns;
3. Real-time Risk Scoring: Calculate a 0-1 fraud risk score for each account;
4. Interpretability: Generate natural language explanations via GNNExplainer;
5. Visualization: React frontend displays graphs in real time, with fraud rings highlighted in red.

Architecture Flow: UPI transaction data → NetworkX graph construction → PyTorch Geometric GCN detection → GNNExplainer + SHAP explanation → FastAPI server → React dashboard. Technology Stack:

• Data Layer: Python, NetworkX, Pandas (synthetic data);
• AI Layer: PyTorch Geometric (GCN);
• Interpretability: GNNExplainer, SHAP;
• Backend: FastAPI; Frontend: React.js; Deployment: Docker, Railway. API Endpoints: POST /detect (risk scoring), POST /explain (explanation), GET /health (status).

MuleGuard performed excellently in tests:

• AUC-ROC >0.88 (on held-out test graphs);
• Inference latency <50ms;
• 85% of labeled nodes can be explained via GNNExplainer;
• Evidently AI automatically generates data drift reports.

MuleGuard实现了金融反欺诈的范式转变：从交易级到网络级检测。对印度市场的价值包括：

1. Identify mule account networks that traditional systems cannot capture;
2. Reduce false positive rates and minimize interference with legitimate users;
3. Provide natural language explanations to help analysts make quick decisions;
4. Sub-second inference supports real-time transaction interception.

The project is still in development (Work in progress). Potential expansion directions:

• Multimodal data fusion (device fingerprints, behavioral biometrics);
• Privacy-preserving solutions for cross-institutional intelligence sharing;
• Enhance robustness against adversarial attacks.