Graph Neural Network‑Based Payment Fraud Detection at eBay

eBay’s global payment system relies on a sophisticated risk‑control architecture to safeguard user funds, prevent account and card theft, and reduce platform losses. Traditional algorithms struggle with graph‑structured transaction data, prompting the adoption of Graph Neural Networks (GNNs) for large‑scale fraud detection.

Payment Risk Overview

The transaction lifecycle is divided into three risk assessment stages: pre‑transaction (malicious registrations and account hijacking), during transaction (card‑theft, IP abuse, etc.), and post‑transaction (account‑level risk scoring).

E‑commerce Fraud Types

Buyer account and card theft

Seller fraud and counterfeit goods

Collusion between buyers and sellers

Prohibited items, money‑laundering, and compliance risks

Graph‑Based Risk Management

eBay builds a billion‑node relationship graph from transaction logs, user profiles, device fingerprints, and third‑party blacklists. Seed risky accounts are expanded into local communities using graph‑based community detection, which are then merged into dense sub‑graphs. GNNs predict risk scores for unknown accounts within these sub‑graphs, dramatically increasing risk density detection.

Why GNNs Work

GNNs aggregate neighbor information at each layer, allowing the model to learn relational patterns that traditional supervised models (e.g., decision trees, LightGBM) miss. The iterative embedding updates capture both node features and graph topology, enabling inductive inference on unseen nodes.

Challenges of Deploying GNNs

Shallow depth leading to over‑smoothing

Full‑graph training limits scalability

Heterogeneous graphs require type‑aware processing

Model interpretability is essential for risk decisions

Fraud patterns evolve rapidly, demanding dynamic‑graph solutions

xFraud Framework

The xFraud system consists of a Predictor and an Explainer . The Predictor uses GraphSAGE sampling on heterogeneous graphs, encodes node types into learnable embeddings, and applies multi‑head attention to weight edges. The Explainer identifies minimal sub‑graphs and feature sets whose removal significantly changes the prediction, providing actionable explanations.

Dynamic Heterogeneous Graph Extension

Time is modeled as temporal edges linking the same entity across snapshots, forming a heterogeneous graph that captures both structural and temporal information. This approach mitigates the scalability issues of traditional dynamic‑graph training while preserving rich temporal context.

Engineering Considerations

Deploying GNNs in a payment‑risk environment requires graph partitioning that preserves connectivity, efficient sub‑graph feature retrieval, and sub‑millisecond inference latency using high‑performance graph databases. Both offline training and online serving must handle massive, evolving graphs.

In summary, eBay’s adoption of GNNs through the xFraud framework demonstrates how heterogeneous, dynamic graph learning can significantly improve the detection and explanation of both individual and organized fraud in large‑scale e‑commerce payment systems.