Blog / link analysis

Ravelin Connect released as standalone product

Ravelin’s hugely popular graph network product now available for the first time as a standalone product. Integrate directly through a simplified API for a host of data visualisation use cases. Martin Sweeney, CEO and co-founder explains more.

Ravelin Connect released as standalone product

Ravelin Connect is not a new product from Ravelin; it's been part of the Ravelin Enterprise suite for some time. All of our customers benefit from the network insights it gives both as contribution to a machine learning score as well as using the networks themselves to investigate fraud.

Now it is also available as a standalone product, with its own API that can be used in isolation to the rest of Ravelin. We will go in to look at some scenarios where this is useful. But before that, it might be worth a short reflection on its development to date - read more about this here.

Blazingly fast fraud detection

Connections within data sets have many useful properties for fraud detection, and Link Analysis has long been the technique for examining and exploiting them. Graph Databases have also been used for some time in the Crime and Intelligence communities.

The major challenge with conventional off the shelf Graph Databases is that these tools have deliberately sacrificed performance for flexibility. In our research, we found them to be several orders of magnitude too slow to use in a checkout flow.

Our use case was fraud detection pure and simple. And our timeframe was the checkout flow of an e-commerce site or app. That is, we wanted a reply in milliseconds. So we built our own. All data is stored entirely in memory - nothing on disk. 99th percentile response times for counts from a network is 1ms. It is as close to real-time as anyone can reasonably expect.

Ravelin Connect: a visual insight to your business.

Ravelin Connect is a fully-fledged visual tool to aid with analysis. It’s worth re-stating that the overriding purpose of Ravelin Connect is still fraud related. The data it consumes is mostly useful in that scenario and it is in risk-related use cases that is it exclusively deployed today.

Once integrated, Ravelin Connect shows the largest networks you have, most popular nodes in the network, and the fastest growing networks, so you can discover and stay on top of abuse in your platform.

Networks that form all at once from a single device are indicative of Account Takeover attacks for instance. Small networks with very slow growth over a longer time period are more likely to be legitimate - for example, credit card sharing amongst friends and family for ordering takeaways.

You can see the formation of the graph through time to understand how the graph formed, view the network at various depths, and hide unconnected nodes to remove noise.

There are a host of scenarios for fraud and payment analysts to explore, and the possibilities for accidental discovery are endless. All users gain a new insight into their user base previously hidden deep inside their traditional Relational databases.

Interacting with Machine Learning

Ravelin Connect can also now supercharge your in-house Machine Learning fraud detection system, something we see at very large e-commerce merchants.

Through our API and backfill, the count of nodes, the distance to fraud in hops, and the min, max and mean degree (count of connections) of each node type within a given distance from a target node can be retrieved, resulting in a very powerful retrofit of Connect onto an existing data set.

Historical features are available for training models populating these data warehouses. This allows the impact of Connect to be easily evaluated by simulating what the system would have done with the added network intelligence.

How to integrate with Ravelin Connect

Integration is simple: you just POST customer data to one endpoint.

Customers can be connected to each other by sharing one or more of the following attributes:

- Phone number

- Email

- Device ID

- Payment card (via a consistent identifier per card)

Depending on the issue you are trying to solve other data can be added; for instance in fraud scenarios chargebacks can be added and/or customers that have been marked as fraudulent. Promo codes can be added where there are terms of service abuse scenarios to be explored.


Of particular note is that Ravelin Connect can work with minimal data and return a useful result. It can even work with encrypted or anonymised data. In comparison with a ‘full’ Ravelin integration there is much less setup to do. Of course the trade off is that the richness of the results that it provides. But let’s look quickly at how Ravelin Connect can be used.

Deterministic, Probabilistic or both

The features from Ravelin Connect can be treated in two ways:

Deterministic: This is where you use rules to determine an action based on the values that we return. A good example would be to block a transaction where the network contains fraud. One of the outputs that Connect returns is hopsToFraud: this shows how many hops away from a reviewed fraudster, or chargeback, a particular customer is. It is highly predictive of fraud as it shows whether a fraudster has been caught reusing previous details, or is part of a larger network of compromised credit cards. It is recommended to use the deterministic approach initially to get instant value from Ravelin Connect.

Probabilistic: This is where the features of a network are fed into a machine learning model to make an assessment of the probability of that network being fraudulent. So it is not the network itself that is being assessed for the presence of fraud but rather the resemblance of that network to ones that have been fraudulent in the past. This can provide a significant boost to fraud detection accuracy - we have seen 30% improvements attributable to these network features.

We feel it is important to state that we use both a probabilistic and deterministic approach in our Enterprise product for clients - and are very happy with the results! We deterministically prevent customers if they are within a configurable distance from fraud, and add step-up authentication if they are further away than that distance. We feed count based and topological features into machine learning models, and let them decide what ‘fraudulent networks’ look like in the context of a particular client. It’s a powerful combination.

Use cases

This is an indicative and not exhaustive list of scenarios where Ravelin Connect is being used today. However

  1. Fraud detection: we have explored this fairly well already in this blog post. Used deterministically or probabilistically as part of a comprehensive fraud detection strategy, network features give a huge boost to your ability to detect and prevent fraud.
  2. Account Takeover: Networks that cluster around a single device or a single account are a very strong indicator of ATO. Networks that develop all of a sudden are also highly suspect. The ability of graph networks to present data in this way is supremely useful as part of an ATO strategy.
  3. Promo abuse: the ability to add promo codes or vouchers is a great way to rapidly visualise and uncover code reuse and abuse and terms of service violations. Ravelin Connect will highlight all the fastest growing and largest networks and allow you to see them form over time. Serial abusers will find nowhere to hide.
  4. Your idea here: There are ton of scenarios where Ravelin Connect potentially has a role. Anywhere the connection to a bad actor is of interest is a potential use case.

Learn more about link analysis here.