Abstract

Real-time fraud detection must balance accuracy with millisecond-level latency as adversaries evolve tactics across accounts, devices, merchants, and networks. This paper presents a streaming framework that models payment ecosystems as dynamic, heterogeneous graphs and detects anomalies by fusing Graph Neural Networks (GNNs) with online anomaly detectors. Incoming transactions update a temporal multi-relational graph (card–device–merchant–IP), from which a lightweight GNN (GraphSAGE/GAT variants with edge features and time encoding) produces embeddings on the fly. These embeddings feed (a) a cost-sensitive classifier for known fraud and (b) unsupervised detectors (e.g., Isolation Forest/Deep SVDD) to surface novel, label-sparse attacks. To cope with class imbalance and concept drift, we employ streaming reweighting, adaptive thresholds tuned on precision@k, and continual learning via replay and drift triggers. The system exposes local explanations (subgraph rationales via GNNExplainer/motif scores) to support analyst review and regulatory needs, while a deployment blueprint (feature cache, micro-batching, and asynchronous inference) meets <50–100 ms decision budgets. We evaluate on mixed synthetic/industry datasets with evolving fraud scenarios, reporting ROC-AUC/PR-AUC, detection delay, alert volume, and business impact under cost constraints. Results show consistent gains over rule-based, tabular ML, and static graph baselines, particularly for low-footprint fraud and fast-moving attack campaigns. The proposed design offers a practical path to accurate, auditable, and scalable fraud screening in production payment streams.