Marko Budiselic is Co-Founder & CTO of Memgraph
Graph database expert Marko Budiselic finds useful clues in how one major South African Bank is using a non-relational approach to the fraud problem
For all the convenience of our digital lives, there is a trade off: while we can do things on our mobile banking apps in seconds that used to take an afternoon at a branch and lots of paper-based processes, it also means it has become easier for cyber criminals to speed up their attempts at fraud using the power of tools such as AI.
In parts of the Global South, mobile banking is by far the preferred choice for consumers—which makes any potential vulnerabilities in online banking all the more concerning for both users and financial services providers. This is particularly true in the Republic of South Africa, where World Bank figures suggest mobile adoption continues to grow, with most citizens now equipped with smartphones.
A customer recently shared fascinating insights into how a specific form of data modelling technology, graphs, has allowed them to head off that danger. An example of cyber success in its own right, the experience also shows the growing relevance of this technological approach in the context of rising cybersecurity threats in the banking sector more broadly. Let’s take a closer look.
The social secret of a new type of fraud
The organisation is Capitec, which since its opening for business in 2001 has grown to serve more than 25 million customers. It offers a range of low-cost retail and business banking and digital services, underpinned by a focus on simple, transparent, and accessible banking.
As noted, bad actors also exploit the same principle of accessibility. A growing concern, says the company’s Head of Product, Derick Schmidt, was protecting customers from authorised push payment fraud, where criminals trick victims into willingly transferring money from their own bank accounts to accounts controlled by the scammer.
As Schmidt puts it, customers would be offered a MacBook at an attractive price, make the payment, and never receive the item. Technically, the item has been ‘approved’ by the user, says Schmidt—but plainly, it is theft. Authorised push payment fraud is difficult to prevent, as clients are manipulated into sending money voluntarily, meaning the transaction can appear legitimate when viewed in isolation.
But he and his colleague Jan Ehlers, a Data Scientist and Data Engineer at the bank, began to realise that this type of fraud is rarely one-on-one. Instead, it involves multiple victims targeted at once, with the real signal sitting in the surrounding network of users.
The breakthrough here is that this is not a traditional hacking attack, but an issue where graph technology is uniquely suited to provide insight: relationship networks, or what is often referred to as the ‘social graph’.
As Schmidt states, “That fraudster actually doesn’t just target you; they target quite a lot of people. So if someone is in contact with a lot of people with Capitec accounts and they suddenly come into money—though they move the money on as quickly as they can—then there are clues worth following up here.”
That has started to take shape through a graph database tool that allows Capitec Bank’s internal security team to model clients, accounts, and transactions—creating a dataset of connections between customers. On top of this, they can run algorithms such as neighbourhood aggregation to identify hidden clusters of suspicious behaviour.
Ehlers says this would be next to impossible using conventional relational database approaches. Traditional, case-by-case ‘investigation maps’ drawn manually by fraud specialists work well for simple chains—where Alice pays Bob, Bob pays Charlie, and David pays Alice, for example—but they are not effective at scale, across millions of transactions and millions of account holders.
Graphs: the ideal foundation for a social fraud countermeasure
Not to get too in the weeds on the technicalities here, but the result is that the bank can now run its tool to detect what would otherwise be completely hidden fraud connections, and even spot fraudsters whose details come up across clusters of victims. Finally, all this is then fed into a dedicated AI and machine-learning model in production, which scores over 3.5 million clients daily within a two-hour window, and produces a relatively low false positive rate of just 2.1%.
Even more strikingly, analysts now detect up to 50% more suspicious activities compared with previous solutions, while investigation time has dropped by an impressive 40%.
In short, the bank’s clients were being socially engineered into sending money to a fraudster’s account, but a graph-based system is proving highly effective at detecting suspicious accounts and patterns in its transactions. A key giveaway is often lots of money flowing into a specific account and then being moved on quickly within a short time window.
It is worth returning to why graphs were the ideal foundation for this breakthrough. Fraud in banking is becoming increasingly sophisticated, often involving networks of accounts, devices, and identities. As a result, chief security officers need ways to detect these relationships early, before the bad actors realise they have been identified.
As Schmidt, says: “The answer is graph—as it’s the hidden fraud connections that you can discover here that’s very important. After all, if you can find a pattern, you can weed out quite a few of the scammers at once.”
‘Patterns’ is the key word. Capitec Bank’s knowledge graph integrates multiple data sources, including transaction histories, customer profiles, device IDs, and public watchlists, linking them into a single connected view.
The team knew this was the right approach when early graph-based analysis revealed networks of up to nine linked accounts sharing devices or phone numbers. These were patterns it previously had no idea about.
As the cyber wars heat up, let’s use the best tools
The conclusion is that knowledge graphs allow banks globally to map relationships between customers, accounts, transactions, and devices, and detect complex, networked fraud patterns, making them a powerful anti-fraud tool. Their value extends beyond authorised push payment fraud to any case where not just social engineering is the attack surface, but silent networks of criminals are hiding in plain sight.
There is huge promise in this, and as Schmidt warns, “Hackers, scammers, and AI are making it much easier to impersonate and scam clients.” Maybe graphs in banking have turned up in the nick of time?
Marko Budiselic is Co-Founder & CTO of Memgraph, a high-performance, in-memory graph database that serves as a real-time context engine for AI applications, powering enterprise solutions with richer context, sub-millisecond query performance, and explainable results that developers can trust. The Capitec story is explored on this dedicated webinar.
