Entity Graph

Tracked entities

The entity graph connects nodes representing:

• →Customers (userId / customerId)
• →Devices (deviceId, deviceSessionId)
• →IP addresses
• →Counterparties and beneficiaries (receiverId)
• →Accounts and linked identities

How links form

Links are created automatically when transactions share identifiers — for example, two customers sending funds to the same beneficiary, or multiple accounts using the same device fingerprint. Include metadata.receiverId and metadata.counterparty in score requests to strengthen graph linkage. See payload richness tiers.

Graph traversal

MaiGuard performs multi-hop traversal across the graph at scoring time. Shared identity signals (same device across accounts, same IP across customers) increase risk scores on connected nodes. Automatic cluster detection surfaces mule networks and synthetic identity rings.

Use cases

• Detect mule accounts receiving and forwarding funds across multiple identities
• Identify synthetic identity rings sharing devices or IP addresses
• Surface high-risk counterparties connected to multiple flagged customers
• Export graph snapshots for SAR and compliance reporting