What is the safest first step in a fraud graph implementation?

Define canonical entity identity and suspicious motif queries before scoring

Run Louvain on raw claims immediately

Define canonical entity identity and suspicious motif queries before scoring

Export everything to spreadsheets

After identity resolution and motifs are in place, what most improves analyst trust in fraud scores?

Returning path evidence per alert plus a suppression/confirmation feedback loop.

Hiding the graph and showing only a risk number.

Returning path evidence per alert plus a suppression/confirmation feedback loop.

Running more algorithms in parallel.

Exporting everything to spreadsheets.

Reference Implementation — Insurance Fraud Graph — Semantic Web Academy

Overview

Reference Implementation — Insurance Fraud Graph

End-to-end fraud-ring detection: ingestion motifs, suspicious subgraphs, GDS scoring, and investigator workflow integration.

Why it matters

Fraud graphs fail when teams jump straight to algorithms without stable identity resolution and motif definitions.

Going deeper

Production blueprint:

Canonical entities: Person, Device, Phone, Vehicle, Workshop, Claim.
Quality gates: uniqueness constraints + duplicate alerts.
Motif layer: shared identifiers, rapid-claim bursts, repeated workshop patterns.
GDS layer: community detection and centrality for prioritization.
Investigator UI: path evidence per alert and suppression feedback loop.

Analogy

A fraud graph done right is building the case file before accusing anyone. Jumping straight to Louvain on raw claims is naming suspects before you've even confirmed identities — you'll 'detect' rings that are just two spellings of the same garage. Identity resolution and motif definitions are the evidence chain that makes the later algorithm trustworthy.

Pitfalls — what breaks when this is weak

Algorithms before identity. Duplicate entities fabricate fake rings. Fix: canonical identity + uniqueness constraints first.
No motif layer. Raw community detection has no explanation. Fix: define suspicious motifs (shared device, rapid-claim bursts) the analyst can read.
No investigator feedback loop. Scores never improve. Fix: capture suppression/confirmation back into the model.

Make it stick

Use the prompts below to anchor reference implementation — insurance fraud graph to a real graph you own.

›What is the canonical identity for each real-world entity in your fraud domain, and is it constrained?
›Which 2–3 suspicious motifs would an investigator recognise on sight?
›How would confirmed/dismissed alerts feed back to improve scoring?

Reading in progress · 0 of 4 activities done