Saved in:
Bibliographic Details
Main Authors: Kerdabadi, Mohsen Nayebi, Byron, William Andrew, Sun, Xin, Iranitalab, Amirfarrokh
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2509.20339
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866909805085458432
author Kerdabadi, Mohsen Nayebi
Byron, William Andrew
Sun, Xin
Iranitalab, Amirfarrokh
author_facet Kerdabadi, Mohsen Nayebi
Byron, William Andrew
Sun, Xin
Iranitalab, Amirfarrokh
contents Account Takeover (ATO) fraud poses a significant challenge in consumer banking, requiring high recall under strict latency while minimizing friction for legitimate users. Production systems typically rely on tabular gradient-boosted decision trees (e.g., XGBoost) that score sessions independently, overlooking the relational and temporal structure of online activity that characterizes coordinated attacks and "fraud rings." We introduce ATLAS (Account Takeover Learning Across Spatio-Temporal Directed Graph), a framework that reformulates ATO detection as spatio-temporal node classification on a time-respecting directed session graph. ATLAS links entities via shared identifiers (account, device, IP) and regulates connectivity with time-window and recency constraints, enabling causal, time-respecting message passing and latency-aware label propagation that uses only labels available at scoring time, non-anticipative and leakage-free. We operationalize ATLAS with inductive GraphSAGE variants trained via neighbor sampling, at scale on a sessions graph with more than 100M nodes and around 1B edges. On a high-risk digital product at Capital One, ATLAS delivers 6.38 percent AUC improvement and more than 50 percent reduction in customer friction, improving fraud capture while reducing user friction.
format Preprint
id arxiv_https___arxiv_org_abs_2509_20339
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Spatio-Temporal Directed Graph Learning for Account Takeover Fraud Detection
Kerdabadi, Mohsen Nayebi
Byron, William Andrew
Sun, Xin
Iranitalab, Amirfarrokh
Machine Learning
Account Takeover (ATO) fraud poses a significant challenge in consumer banking, requiring high recall under strict latency while minimizing friction for legitimate users. Production systems typically rely on tabular gradient-boosted decision trees (e.g., XGBoost) that score sessions independently, overlooking the relational and temporal structure of online activity that characterizes coordinated attacks and "fraud rings." We introduce ATLAS (Account Takeover Learning Across Spatio-Temporal Directed Graph), a framework that reformulates ATO detection as spatio-temporal node classification on a time-respecting directed session graph. ATLAS links entities via shared identifiers (account, device, IP) and regulates connectivity with time-window and recency constraints, enabling causal, time-respecting message passing and latency-aware label propagation that uses only labels available at scoring time, non-anticipative and leakage-free. We operationalize ATLAS with inductive GraphSAGE variants trained via neighbor sampling, at scale on a sessions graph with more than 100M nodes and around 1B edges. On a high-risk digital product at Capital One, ATLAS delivers 6.38 percent AUC improvement and more than 50 percent reduction in customer friction, improving fraud capture while reducing user friction.
title Spatio-Temporal Directed Graph Learning for Account Takeover Fraud Detection
topic Machine Learning
url https://arxiv.org/abs/2509.20339