# Investigative Fraudulant Transactions: A Data-Driven Approach
Financial fraud is a growing concern, and identifying suspicious activity is crucial to preventing potential losses. In this analysis, I will investigate potential fraudulent transactions by analyzing spending trends for specific cardholders. Using SQL queries and visual analytics, I aim to uncover patterns that may indicate unusual or suspicious behavior.

The objective of this investigation is to:

- Analyze transaction trends for select cardholders.
- Compare spending behaviors to identify potential anomalies.
- Visualize transaction patterns to support fraud detection efforts.
Through this analysis, I will generate insights that can assist in detecting fraudulent activity and help the CFO make data-driven decisions regarding financial security

In [None]:
!pip install pandas
!pip install hvplot
!pip install sqlalchemy
!pip install holoviews
!pip install psycopg2

In [None]:
# Initial imports
import pandas as pd
import calendar
import hvplot.pandas
from sqlalchemy import create_engine
import holoviews as hv


In [3]:
# Create a connection to the database
engine = create_engine("postgresql://postgres:postgres@localhost:5432/fraud_detection")


In [4]:
# Create a connection to the database
username = 'postgres'
password = 'Summer2023'
host = 'localhost'
port = '5432'
database_name = 'Fraud_detection'
# Create the connection URL with username and password.
db_url = f'postgresql://{username}:{password}@{host}:{port}/{database_name}'
# Create the database engine.
engine = create_engine(db_url)

## Fraud Detection Analysis Using SQL and Time Series Visualization

In this project, I analyze transactional data to detect potential fraudulent activity. Two high-value customers of a firm (cardholder IDs 2 and 18) may have been compromised. To investigate, I use SQL to extract their historical transaction records and hvPlot to visualize spending patterns over a one-year period.

Approach:
1. Query Transactional Data: Use SQL to extract transaction history for both cardholders.
2. Time-Series Analysis: Perform trend analysis on spending behavior over time.
3. Data Visualization: Generate individual and combined transaction trend plots using hvPlot.
4. Fraud Detection: Identify anomalies and compare patterns to assess possible fraudulent activity.


In [6]:
# load transaction data for cardholder 2 and 18 from the database
# The query retrieves transaction details, including cardholder info, card numbers, and transaction history
query="""Select
             a.card_holder_id,
             a.customer_name,
             b.card_number,
             c.transaction_id,
             c.transaction_date,
             c.amount,
             c.merchant_id
        FROM card_holder as a
        LEFT JOIN credit_card as b on a.card_holder_id = b.card_holder_id
        LEFT JOIN transaction as c on b.card_number = c.card_number
        WHERE a.card_holder_id = 2 or a.card_holder_id = 18"""
# execute the query and storing the result in a DataFrame 
card_holder =  pd.read_sql(query, engine)
 #Displaying the dataframe
card_holder

Unnamed: 0,card_holder_id,customer_name,card_number,transaction_id,transaction_date,amount,merchant_id
0,18,Malik Carlson,4498002758300,567,2018-01-01 23:15:10,2.95,64
1,18,Malik Carlson,344119623920892,2077,2018-01-05 07:19:27,1.36,30
2,2,Shane Shaffer,4866761290278198714,2439,2018-01-06 02:16:41,1.33,127
3,2,Shane Shaffer,4866761290278198714,1867,2018-01-06 05:13:20,10.82,70
4,18,Malik Carlson,344119623920892,3457,2018-01-07 01:10:54,175.00,12
...,...,...,...,...,...,...,...
227,18,Malik Carlson,344119623920892,1994,2018-12-27 18:46:57,1.70,55
228,18,Malik Carlson,4498002758300,114,2018-12-28 08:45:26,3.46,82
229,18,Malik Carlson,344119623920892,1228,2018-12-28 09:00:45,12.88,60
230,2,Shane Shaffer,675911140852,962,2018-12-28 15:30:55,11.03,2


### Exploring Cardholder Transaction Patterns

In [7]:
transactions_under_2="""Select
                             a.card_holder_id,
                             a.customer_name,
                             b.card_number,
                             c.transaction_id,
                             c.transaction_date,
                             c.amount,
                             c.merchant_id 
                        FROM card_holder as a
                        LEFT JOIN credit_card as b on a.card_holder_id = b.card_holder_id
                        LEFT JOIN transaction as c on b.card_number = c.card_number
                        WHERE (a.card_holder_id = 2 OR a.card_holder_id = 18) AND c.amount < 2.00
                        GROUP BY a.card_holder_id, c.transaction_id,b.card_number,c.transaction_date,c.amount,c.merchant_id;"""
# Executing the query and displaying the results as a dataframe
under_2 =  pd.read_sql(transactions_under_2, engine)
under_2

Unnamed: 0,card_holder_id,customer_name,card_number,transaction_id,transaction_date,amount,merchant_id
0,2,Shane Shaffer,675911140852,662,2018-04-29 18:35:27,0.7,75
1,2,Shane Shaffer,675911140852,708,2018-02-26 01:52:16,1.01,81
2,2,Shane Shaffer,675911140852,2332,2018-04-01 11:54:51,1.08,140
3,2,Shane Shaffer,4866761290278198714,2439,2018-01-06 02:16:41,1.33,127
4,2,Shane Shaffer,675911140852,2440,2018-05-24 20:39:06,1.76,87
5,2,Shane Shaffer,4866761290278198714,3345,2018-05-22 22:34:52,1.19,48
6,2,Shane Shaffer,4866761290278198714,3395,2018-02-03 18:05:39,1.41,65
7,2,Shane Shaffer,4866761290278198714,3407,2018-03-20 17:15:15,1.64,60
8,2,Shane Shaffer,675911140852,3409,2018-09-21 01:57:52,1.58,85
9,2,Shane Shaffer,4866761290278198714,3421,2018-10-02 18:48:15,1.17,149


### Identifying Low-Value Transactions Per Cardholder

In [8]:
# using count function to count the number of transactions under $2.00 per cardholder
transaction_counts = under_2.groupby('card_holder_id')['transaction_id'].count()

# Display the counts
print(transaction_counts)


card_holder_id
2     11
18    19
Name: transaction_id, dtype: int64


### Investigating Potential Fraud: Evidence of a Hacked Credit Card
Upon analyzing the transaction patterns of both cardholders, there seems to be a discrepancy between their activity. Cardholder 18 (Malik Carlson) shows frequent small transactions alongside a sudden large spike on 2018-01-07. This sudden spike raised conerens and a red flag for Malik while Cardholder 2 (Shae Shaffer) had a more consistent spending pattern.

### Plotting both cardholder transactions 
Now I will use hvplot to create an interactive visual for both Malik (Cardholder 18) and Shane (Cardholder 2)

In [9]:
# Plot for cardholder 2
cardholder_2_plot = card_holder[card_holder['card_holder_id'] == 2].hvplot.line(
    x="transaction_date",
    y="amount",
    xlabel="Date",
    ylabel="Transaction Amount",
    title="Cardholder 2 transactions",
    legend=True,
    color='orange'
)

cardholder_2_plot


In [10]:
# Plot for cardholder 18 
cardholder_18_plot = card_holder[card_holder['card_holder_id'] == 18].hvplot.line(
    x="transaction_date",
    y="amount",
    xlabel="Date",
    ylabel="Transaction Amount",
    title="Cardholder 18 transactions",
    legend=True,
    color='green'
)

cardholder_18_plot



### Combined Transaction Trends for Cardholder 2 and Cardholder 18
To better compare the spending behaviors of Cardholder 2 (Shane Shaffer) and Cardholder 18 (Malik Carlson), I will combine the transaction plots for both cardholders into a single chart. This will allow a side-by-side visualization a clearer comparison of their transaction patterns over the year.

In [11]:
# Concatenate both charts into one
combined_chart = cardholder_18_plot * cardholder_2_plot

# plotting the chart
combined_chart.opts(legend_position= 'top_left')

By examining the combined chart, we can easily spot differences in transaction volumes, frequency, and the occurrence of unusual spikes, especially with Cardholder 18, whose high-value transactions stand out against the more consistent spending of Cardholder 2.

### Identifying the Top 100 Highest Transactions Between 7:00 AM and 9:00 AM
I will filter the transactions that occurred between 7:00 AM and 9:00 AM and identify the top 100 highest transactions between both cardholders

In [12]:
#querying the top 100 transactions between 7.00 to 9:00 am
top_100_transactions="""Select
                             a.card_holder_id,
                             a.customer_name,
                             b.card_number,
                             c.transaction_id,
                             c.transaction_date,
                             c.amount,
                             c.merchant_id
                        FROM card_holder as a
                        LEFT JOIN credit_card as b on a.card_holder_id = b.card_holder_id
                        LEFT JOIN transaction as c on b.card_number = c.card_number
                        WHERE (a.card_holder_id = 2 OR a.card_holder_id = 18)
                         AND
                        EXTRACT(HOUR FROM c.transaction_date) BETWEEN 7 AND 9
                        ORDER BY c.amount
                        DESC LIMIT 100;"""
top_100 =  pd.read_sql(top_100_transactions, engine)
 #Displaying the results
top_100

Unnamed: 0,card_holder_id,customer_name,card_number,transaction_id,transaction_date,amount,merchant_id
0,18,Malik Carlson,344119623920892,136,2018-07-18 09:19:08,974.0,19
1,18,Malik Carlson,4498002758300,3019,2018-08-14 08:38:49,18.54,55
2,2,Shane Shaffer,675911140852,2836,2018-02-27 08:27:00,18.52,6
3,18,Malik Carlson,344119623920892,2590,2018-02-18 08:54:19,18.3,69
4,2,Shane Shaffer,4866761290278198714,2595,2018-10-24 09:56:38,16.84,70
5,2,Shane Shaffer,4866761290278198714,2555,2018-10-30 09:45:03,16.64,48
6,18,Malik Carlson,4498002758300,2717,2018-06-10 07:55:27,16.16,10
7,2,Shane Shaffer,675911140852,3182,2018-05-28 07:57:39,15.96,128
8,2,Shane Shaffer,675911140852,929,2018-03-10 08:52:09,13.53,109
9,18,Malik Carlson,344119623920892,1228,2018-12-28 09:00:45,12.88,60


## Investigating Anomalous Transactions for Potential Fraud
Upon reviewing the transactions between 7:00 AM and 9:00 AM, one transaction stands out as potentially suspicious due to its unusually high amount compared to the rest of the data.The transaction for $974.00 on 2018-07-18 for cardholder 18 (Malik Carlson) seems inconsistent with the regular spending behavior observed between both cardholders.
## Comparison of Fraudulent Transactions Between Time Frames
I chose the hours between 7:00 AM - 9:00 AM compared to the rest of the day since fraudulent transactions may be more likely to occur during these hours due to fewer transaction verifications or system checks. The discrepancy in transaction values, coupled with the irregular timing, raises concerns about the potential for fraud, particularly for the large transaction amounts.

## Identifying Top Merchants Prone to Small Transaction Fraud
Now we will conduct an analysis of merchants with the highest frequency of small transactions, we observe the following top 5 merchants, which could be more prone to fraudulent activities involving small transaction amounts. 

In [13]:
top_merchants="""SELECT
                     a.merchant_id,
                     b.merchant,
                     c.category,
                 COUNT(*) AS small_transaction_count
                 FROM transaction as a
                 JOIN merchant as b on (a.merchant_id=b.merchant_id)
                 LEFT JOIN merchant_category as c on (b.category_id=c.merchant_category_id)
                 WHERE amount < 2.00
                 GROUP BY a.merchant_id, b.merchant, c.category
                 ORDER BY small_transaction_count
                 DESC LIMIT 5;"""
top_merchants =  pd.read_sql(top_merchants, engine)
 #Displaying the dataframe
top_merchants

Unnamed: 0,merchant_id,merchant,category,small_transaction_count
0,141,Wood-Ramirez,bar,7
1,145,Hood-Phillips,bar,6
2,48,Baker Inc,food truck,6
3,36,Hamilton-Mcfarland,restaurant,5
4,114,Greene-Wood,bar,5


### Section 2: Investigative Fraud Transactions Cont.
We will now switch over to another potential fradulant activity of a client whose corporate credit card may have been misused. Specifically, there are suspicions that unauthorized transactions may have been made from an expensive restaurant during the first quarter of 2018. The cardholder name is Nancy Contreras with a cardholder ID 25.

To explore this concern, I analyzed the transaction data for cardholder ID 25 between January 2018 and June 2018, with the aim of identifying any unusual spending patterns or outliers that might suggest fraudulent behavior.

Analysis
Upon analyzing the data, I will create a box plot to visualize the distribution of transaction amounts over the selected time period. By examining the plot, I aimed to identify any transactions that deviated significantly from the norm.


In [14]:
# Querying the daily transaction data for cardholder 25 within the time frame from January 1st to June 30th, 2018.
query25 ="""Select
                 a.card_holder_id,
                 a.customer_name, 
                 b.card_number,
                 c.transaction_id,
                 c.transaction_date,
                 c.amount,
                 c.merchant_id 
            FROM card_holder as a
            LEFT JOIN credit_card as b on a.card_holder_id = b.card_holder_id
            LEFT JOIN transaction as c on b.card_number = c.card_number
            WHERE a.card_holder_id = 25 AND transaction_date BETWEEN '2018-01-01' AND '2018-06-30'"""
# Executing the query and loading the result into a pandas DataFrame
query25 =  pd.read_sql(query25, engine)
 #Displaying the first 10 rows of the resulting DataFrame
query25.head(20)


Unnamed: 0,card_holder_id,customer_name,card_number,transaction_id,transaction_date,amount,merchant_id
0,25,Nancy Contreras,4319653513507,2083,2018-01-02 02:06:21,1.46,93
1,25,Nancy Contreras,372414832802279,1552,2018-01-05 06:26:45,10.74,86
2,25,Nancy Contreras,4319653513507,2108,2018-01-07 14:57:23,2.93,137
3,25,Nancy Contreras,372414832802279,754,2018-01-10 00:25:40,1.39,50
4,25,Nancy Contreras,372414832802279,3023,2018-01-14 05:02:22,17.84,52
5,25,Nancy Contreras,372414832802279,3333,2018-01-16 02:26:16,1.65,31
6,25,Nancy Contreras,4319653513507,2662,2018-01-18 12:41:06,15.86,43
7,25,Nancy Contreras,372414832802279,565,2018-01-21 23:04:02,2.22,149
8,25,Nancy Contreras,4319653513507,1415,2018-01-30 18:31:00,1177.0,64
9,25,Nancy Contreras,4319653513507,647,2018-01-31 05:46:43,2.75,81


### Analyzing the Expenditure Pattern of Cardholder 25
To better understand the spending habits of cardholder ID 25 between January and June 2018, I will generate a box plot using hvPlot. This will help identify trends in her expenditure, as well as highlight any potential outliers that may indicate unusual behavior or unauthorized transactions.

In [15]:
cardholder_25_boxplot = query25.hvplot.box(
    y="amount",
    by='transaction_date',
    xlabel="Date",
    ylabel="Transaction Amount",
    title="Expenditure Data for Cardholder ID 25 (Jan 2018 - Jun 2018)",
    rot=45,
    width=1200,  # Adjust the width
    height=600,   
)

cardholder_25_boxplot

# Investigating Outliers in the Expenditure Pattern for Cardholder ID 25
Upon analyzing the box plot, there were several outliers that were identified in her transactions. A closer look at these anomalies, especially on June 22nd and March 6th, reveals that these transactions stand out significantly from her regular spending behavior.

In total, there appear to be between 6 and 8 outliers across various months, which could potentially signal unauthorized activity or an irregular pattern in spending.

### Analyzing Monthly Expenditures for Cardholder ID 25
In this step, we will:

- Map the numeric months (1-6) to their corresponding month names (e.g., January, February, etc.).
- Loop through each month from January to June 2018, isolating the data for each month.
- Generate box plots for the expenditure data, visualizing the distribution of transaction amounts per month.

This analysis will help identify any unusual spending patterns or outliers by month, providing insights into the cardholder’s behavior over the first half of 2018.

In [16]:
#Creating a dictionary mapping numeric months to month names
month_names = {
    1: 'January',
    2: 'February',
    3: 'March',
    4: 'April',
    5: 'May',
    6: 'June',
}

# Converting numeric months to month names
query25['month_name'] = query25['transaction_date'].dt.month.map(month_names)

# A list to store the box plots
box_plots = []

# Iterating over each month
for month_num, month_name in month_names.items():
    month_data = query25[query25['transaction_date'].dt.month == month_num]

    # Generate 6 box plots for monthly expenditure data using hvPlot
    box_plot = month_data.hvplot.box(
        y="amount",
        xlabel="Date",
        ylabel="Transaction Amount",
        title=f"Box plot for Cardholder ID 25 - {month_name} 2018",
        rot=45,
)
#  Append the individual box plot to the list of box plots
    box_plots.append(box_plot)

# Organizing the individual box plots into a single layout, arranged in two columns
combined_box_plots = hv.Layout(box_plots).cols(2)

# Displaying the combined chart
combined_box_plots.opts(shared_axes=False)  
    


## Conclusion

Looking over the boxplots for January, March, April, May, and June, all exhibit few major outliers. The month of February is the only month that has a more evenly distributed spending pattern.
This could indicate that the cardholder’s typical spending is small, and high-value transactions should be further investigated.
Given the isolated nature of high-value transactions, a fraud detection system should flag these anomalies for further investigation.