Real-time link analysis: fighting fraud with Persona’s Graph
Mirela Ciobanu
17 Apr 2026 / 8 Min Read
Real-time link analysis is essential for stopping sophisticated financial fraud. Persona Product Manager Anita Ilango explains how link analysis uncovers hidden connections to protect the financial sector.
What sophisticated or large fraud attacks dominated the headlines in 2025 for fintechs and banks, and which ones do you anticipate will continue in 2026?
AI-powered fraud attacks were consistently in the headlines, particularly cases where fraudsters used high-quality deepfakes or impersonated executives. I think there’s something inherently unsettling in what’s happening with AI-powered fraud, so it makes sense that reporters cover it often. I anticipate this will continue in 2026, especially as we see more data breaches and identity theft from AI-orchestrated cyberattacks and agentic fraud.
Besides detecting and stopping these types of fraud, what problems do fintechs and banks struggle with in the age of deepfakes and high competition from peers?
Fraud fighters were some of the earliest to experience the impacts of generative AI, but GenAI fraud isn’t actually the most urgent problem right now. Leading fraud detection systems can effectively and repeatedly catch most deepfaked selfies, and fintechs and banks tend to prioritise this type of fraud prevention.
As a result, we’re seeing sophisticated fraud actors evolve from GenAI fraud to synthetic identity attacks and identity muling. Identity mulling is when fraudsters pay real people to create accounts, complete selfie verifications, and then hand over the login credentials.
We've seen coordinated fraud originating from Eastern Europe, Southeast Asia, and parts of Africa. These operations range in scale. Sometimes it’s informal, like when fraudsters hit the streets and look for people willing to take selfies. The more organised operations have office-like setups with people cycling through a standardised process.
These efforts are distinct from coercion in scam compounds or identity theft, where the affected individual hasn’t consented to the use of their identity. Identity mules are willing participants in these schemes, even if some might not fully understand if and how their identity will be used to commit fraud.
One of the ways to take down fraud rings is real-time link analysis solutions like Graph. Tell us more about it and why it’s becoming more important for fighting fraud.
Link analysis is a data analysis technique for identifying, evaluating, and understanding relationships between entities. It’s powerful for fraud detection because fraudsters rarely carry out singular, isolated attacks. Instead, they create multiple accounts, reuse techniques, coordinate with one another, or copy each other.
Without link analysis tooling, fraud teams have to manually verify if a suspicious account was connected to others. It can take hours, sometimes days, to investigate large fraud rings. Persona’s Graph enables link analysis in real time, allowing teams to surface suspicious links and block entire fraud rings in minutes. Graph can also be used to proactively block connected accounts during onboarding or reverification.
Fraudsters are using AI to create deepfakes and social engineering to trick consumers. Does a solution like Graph help in both of these situations?
Bad actors often reuse devices, ID templates, deepfakes, or other components of a fraudulent scheme while swapping out a single element, such as a name or portrait.
Graph uncovers these connections, allowing you to stop fraudsters from onboarding to your product, taking over accounts, and scaling their attacks. Even if they switch devices or hide their IP address, Persona’s device identifiers can help reveal the connection and suspect behaviour.
Graph-based link analysis is an effective barrier against fraud rings, deepfakes, identity mules, and other sophisticated attacks. It can also offer important insights that you can use to protect your customers who are in the midst of a social engineering trance.
Graph can connect with other parts of Persona’s platform in real time. What processes in a fintech’s or bank’s customer life cycle does the solution address?
The platform approach enables you to use the insights you collect from link analysis throughout user life cycles:
-
Onboarding: Use the results to increase assurance when you’re running initial checks during onboarding. You can also automate decisions, such as blocking users who share the same device with 10 other users.
-
Transactions: Rerun Graph to check for suspicious signals and connections before approving specific transactions.
-
Account reviews: Schedule recurring Graph queries, such as ‘find clusters of 15+ accounts sharing device fingerprint created in the last seven days’, and receive Slack or email alerts with the results.
-
Account management: Tag clusters of bad actors, compromised devices, or identification elements. Add these tagged groups to blocklists and create rules to auto-deny future attempts from connected bad actors.
-
Investigations: Immediately see Graph connections in Cases, our investigations hub, to determine if it's an isolated incident or part of a coordinated ring. You can also start an investigation in Graph Explorer, the visualisation tool.
What can link analysis see that identity verification fraud checks cannot?
Identity verification checks whether the person is who they claim to be at a singular moment in time. Link analysis checks whether the user is connected to known fraud in the past or future. It’s an important distinction.
For example, a fraud analyst at Persona noticed that users were submitting IDs with different portraits and matching birthdays. A single birthday won’t flag risk signals, and you wouldn’t create a verification check against a specific birthdate because you’d erroneously block a lot of good users.
But the analyst was suspicious, and he used Graph to quickly uncover a fraud ring using an ID template. He blocked dozens of bad accounts and figured out how to block similar attempts in the future based on the accounts’ shared attributes.
How is Persona’s Graph different from other fraud solutions on the market?
Persona’s Graph integrates automatically with Persona’s platform to sync data from our verification flows, like device identifiers, IP addresses, and user-submitted images. Alternative solutions can be restricted to batch processing, but if you want to catch attacks as they scale and make decisions during the user session, you need real-time link analysis.
Graph is also really flexible and allows you to sync custom data, like your promotion codes or hashed payment information. Graph query results can also be returned to you via API or webhooks if you want to trigger, monitor, or analyse them elsewhere.
There are many ways to approach link analysis, and comparing the options is definitely important. Some organisations opt to build and maintain these tools on their own, while others buy solutions. We actually recently demoed Graph to the fraud team at a company with an in-house link analysis tool. Now, they’re using Persona’s Graph for fraud detection and large-scale investigations, and their internal tool for risk scoring.
There’s also a benefit for fraud teams who use Graph to add more context to their audits and board reports. Instead of saying, ‘we blocked 500 accounts this quarter’, they can add the context that ‘we identified and blocked 12 fraud rings connected on xyz properties totalling 500 accounts’.
Can you share some real examples where Graph-enabled fintechs or FIs detect and stop fraud? What are some learnings that these shared?
Of course! Without naming customers directly, I can say we work with a lot of fintechs and financial institutions, and I can share some important trends we’re seeing.
We’ve been seeing synthetic identity fraud and identity mule attacks, sometimes with deepfake selfies. We’ve also been seeing more cross-platform fraud, where bad actors test defences across multiple fintech products to find the weakest link, then scale attacks within that target organisation.
Some recent examples:
-
A large fintech platform used Graph to find over 1,700 accounts linked to flagged devices and determined that over 99% of the accounts were fraudulent. There were five browser fingerprints linked to over 300 accounts.
-
A fintech lender found that 97% of fraudulent accounts were linked to five or more accounts by IP address, browser fingerprint, Social Security number, phone number, or email address. We estimated they could save at least USD 8.9 mln by automating decisioning and blocking fraud with Graph.
-
A mobile payment platform with tens of millions of users manages chargebacks by automatically checking whether the account filing a dispute is linked to other suspicious accounts.
You can read more customer stories on the Persona website. We also recently published an ebook about how link analysis works and what an effective link analysis strategy looks like in 2026. Or, if you’d prefer to watch or listen, there was a recent webinar with Handshake AI focused on pattern and link analysis.
About the author
Anita Ilango is a product manager at Persona, where she works on Graph, a product that helps teams uncover hard-to-detect fraud using link analysis. Previously, Anita co-founded Goldilocks Labs, exploring new approaches to search and knowledge discovery. Before that, she was an early employee at Clay, serving as the company's first product manager. Earlier in her career, Anita was a Lead Venture Partner at Contrary, working with early-stage founders. She holds a B.S. in Computer Science from UCLA.
About Persona
Persona provides identity verification and fraud prevention infrastructure that helps businesses onboard users securely and compliantly. The platform offers government ID verification, biometric authentication, KYC/KYB compliance, AML screening, and continuous monitoring across 200+ countries and territories. Persona partners with leading fintechs, crypto platforms, and enterprises including Travelex, Payoneer, Brex, Bridge, and BitGo to verify identities quickly while reducing friction, leveraging reusable identity solutions and risk-based workflows to scale trust across the digital ecosystem.
News on Fraud and Fincrime
Expert views on Fraud and Fincrime
The Paypers is a global hub for market insights, real-time news, expert interviews, and in-depth analyses and resources across payments, fintech, and the digital economy. We deliver reports, webinars, and commentary on key topics, including regulation, real-time payments, cross-border payments and ecommerce, digital identity, payment innovation and infrastructure, Open Banking, Embedded Finance, crypto, fraud and financial crime prevention, and more – all developed in collaboration with industry experts and leaders.
Current themes
No part of this site can be reproduced without explicit permission of The Paypers (v2.7).
Privacy Policy / Cookie Statement
Copyright