## Live High-Risk Transactions

In [0]:
SELECT
  event_time,
  customer_id,
  merchant_id,
  amount,
  risk_score
FROM workspace.default.streaming_scored_transactions
WHERE risk_score >= 70
ORDER BY event_time DESC
LIMIT 100;

Databricks visualization. Run in Databricks to view.

## Risky Merchants (Live)

In [0]:
WITH ranked_merchants AS (
  SELECT
    merchant_id,
    COUNT(*) AS transaction_count,
    ROUND(AVG(risk_score), 2) AS avg_risk_score,
    RANK() OVER (ORDER BY AVG(risk_score) DESC) AS risk_rank
  FROM streaming_scored_transactions
  GROUP BY merchant_id
)
SELECT *
FROM ranked_merchants
WHERE risk_rank <= 20;


Databricks visualization. Run in Databricks to view.

## Risk Trends Over Time

In [0]:
SELECT
  date_trunc('minute', event_time) AS minute,
  ROUND(AVG(risk_score), 2) AS avg_risk
FROM streaming_scored_transactions
GROUP BY minute
ORDER BY minute;


Databricks visualization. Run in Databricks to view.

## Risk by Customer Cluster (Streaming + ML)

In [0]:
SELECT
  c.prediction AS cluster_id,
  COUNT(*) AS transaction_count,
  ROUND(AVG(s.risk_score), 2) AS avg_risk
FROM streaming_scored_transactions s
JOIN customer_clusters c
  ON s.customer_id = c.customer_id
GROUP BY c.prediction
ORDER BY avg_risk DESC;


Databricks visualization. Run in Databricks to view.

## Cluster Sizes (Context)

In [0]:
SELECT
  c.prediction AS cluster_id,
  MAX(s.risk_score) AS max_risk,
  COUNT(*) AS transaction_count
FROM streaming_scored_transactions s
JOIN customer_clusters c
  ON s.customer_id = c.customer_id
GROUP BY c.prediction
ORDER BY max_risk DESC;


Databricks visualization. Run in Databricks to view.

In [0]:
SELECT
  prediction AS cluster_id,
  COUNT(*) AS customers
FROM customer_clusters
GROUP BY prediction;


Databricks visualization. Run in Databricks to view.