Cross-Channel Mule Ring Detection for Indian Bank
Powered by Heterogeneous Graph Neural Networks | Indian Bank Hackathon 2026
Money mule fraud is a network-level problem being fought with transaction-level tools. RingWatch closes the architectural gap by unifying Mobile App, UPI, ATM, and Web Banking logs into a single, live heterogeneous entity graph.
Unlike traditional systems that flag suspicious accounts, RingWatch identifies entire coordinated mule rings in real-time, assigning roles to members and providing an automated regulatory audit trail.
Traditional siloed systems miss fraud patterns spanning multiple channels within minutes. For example, an inflow via UPI followed by immediate splits via IMPS and cash withdrawals at ATMs often goes undetected because no single system sees the full picture.
graph TD
A[Multi-Channel Ingest] -->|Kafka| B[Stream Processing]
B -->|Flink| C[Heterogeneous Graph]
C -->|Neo4j/Redis| D[GNN Inference Engine]
D -->|HGT/PyG| E[Decision & Action Engine]
E -->|Dashboard| F[Analyst Review & SAR]
Outputs a complete ring object instead of a binary score. Roles include:
- Coordinator: Orchestrates inflows and splits.
- Relay Mule: Forwards funds to obscure the trail.
- Cash-Out Mule: Final point of ATM withdrawal.
- Peripheral: Potentially unwitting victim.
A specialized detector for India's regulatory boundary. It catches mule operators who structure transactions just below the Rs. 10,000 RBI reporting threshold.
Analyzes how transactions occur (e.g., copy-pasted UPI IDs, GPS spoofing, login-to-transaction velocity) to link operators across fresh accounts.
No automatic permanent freezes. RingWatch uses a human-in-the-loop approach:
- Soft Flag: Enhanced monitoring.
- Temporary Hold: Max 4 hours per RBI guidelines.
- Escalation: Auto-generated SAR (Suspicious Activity Report) for analyst review.
| Component | Technology | Rationale |
|---|---|---|
| Graph DB | Neo4j | Native graph storage for complex relationship modeling. |
| GNN Framework | PyTorch Geometric | Industry standard for Graph Neural Networks. |
| Model | Heterogeneous Graph Transformer (HGT) | Handles multi-type nodes/edges natively. |
| Ingestion | Apache Kafka | Scalable real-time event streaming. |
| API | FastAPI + Redis | Sub-200ms inference latency. |
| Dashboard | Streamlit + D3.js | Rapid deployment with interactive graph visualizations. |
For more detailed information, please explore the docs/ folder:
- System Architecture: Deep dive into the data pipeline and graph schema.
- Innovation Features: Details on smurfing detection, fingerprinting, and GNNExplainer.
- Compliance & Operations: RBI mapping and the 3-tier action model.
- Data Strategy: Synthetic data calibration and evaluation metrics.
MuleHunter.AI tells Indian Bank which accounts are suspicious across banks. RingWatch tells Indian Bank exactly how the money moved, who orchestrated it, and why—in under 200 milliseconds, before the ATM dispenses cash.