T-Bank: how a graph neural network stopped 4.2 billion rubles of fraud per year

Contexte

T-Bank (formerly Tinkoff) serves 41 million customers, processes 18 billion transactions per year. Since 2022, fraud attacks increased 4.1×: social engineering via messengers, fake bank calls, phishing SIM cards. The dominant vector: "bank representative" — victim transfers money to a "safe account". Average loss: 87,000 rubles. Through 2023, the bank reimbursed 38% of customer losses (by court order or goodwill), directly hitting P&L.

Problème

The legacy rule-based antifraud saw only the transaction itself: amount, recipient, time, geo. That was enough in 2018. By 2024, fraudsters learned to bypass: split amounts under thresholds, use "yeast" accounts (thousands of small accounts for laundering), synchronize attacks across hundreds of victims simultaneously.

Every rule trigger required manual review: 12,000 alerts per day, 280 antifraud agents, average review time 9 minutes. False positive rate 47%: legitimate transfers blocked, customers churned to other banks. NPS dropped. The real attacks slipped through rule gaps: fraudsters built cases not covered by any rule.

Solution

T-Bank built a graph neural network that sees a transaction in the context of the entire connection network: sender, recipient, their historical behavior, shared contacts, devices, IP addresses, IPv6 segments, phone numbers. The graph contains 380 million nodes (customers + counterparties) and 14 billion edges (transactions, shared devices, shared phone prefixes).

Architecture: a modified GraphSAGE with inductive learning — the model works on new customers it hasn't seen before (critical — the bank registers 400K new customers per month). Inference latency: 47ms per transaction (payment-system requirement: <200ms). The model looks at 3-hop neighborhood: "a friend of a fraudster's friend" already gets flagged.

Key innovation: temporal embedding — each graph node has 14 "time layers", one per day of week + 7 for recent days. This catches "sleeping" recipients who activate every two weeks to receive stolen money.

A second-layer LLM classifier handles edge cases: it sees the transaction + risk score + 5 nearest graph neighbors and writes an explanation of why it thinks this is fraud. This sharply accelerated analysts: 9 minutes of investigation became 90 seconds of verifying a ready hypothesis.

Résultat

Direct fraud losses dropped 4.2 billion rubles per year (from 6.1B to 1.9B). False positive rate fell from 47% to 8% — customers no longer get "your transfer is paused" when sending money to grandma. NPS among customers with at least one alert rose from 31 to 64.

The antifraud team shrank from 280 to 110 — the remaining handle complex cases with LLM explanations. Compensation payouts dropped 2.4×: the model catches attacks before money leaves the card, not after.

Main production challenge: graph drift. Fraudsters adapt in 2-3 weeks: new patterns, yeast accounts, social engineering vectors. The team automated retraining: every week the model sees a subsampled prior week + newly confirmed fraud cases, and weights update.

Leçons

1. The graph sees what the transaction doesn't. 3-hop neighborhood is the sweet spot; 4-hop adds noise.
2. Temporal embedding is critical for "sleeper" patterns. Fraudsters activate accounts for 2-3 minutes every two weeks.
3. LLM explanation for the analyst isn't a cherry, it's a 6× multiplier on team throughput.
4. Inductive learning beats transductive: 400K new customers per month — the model must work on those it didn't see in training.
5. Weekly retraining on fresh confirmed cases is the only way to keep pace with fraudster adaptation.