A practical guide to six SQL patterns for detecting transaction fraud: velocity checks, impossible travel detection, suspicious amount patterns, merchant anomaly clustering, off-hours behavior analysis, and composable window function primitives. Each pattern includes working SQL with explanations of thresholds, false positives, and platform-specific notes (Snowflake, BigQuery, Postgres). The post also covers important caveats around NULL handling, privacy, cost of window functions, and the need for human review in fraud workflows.
Table of contents
1. Velocity2. Impossible travel3. Amount anomalies4. Suspicious merchants5. Off-hours6. Window functions for chained signalsPutting it togetherThings I left outSort: