Abstract

Integrated payment platforms have significantly improved the convenience of daily life, yet they also present a fertile ground for fraudulent behavior. This paper focuses on the detection of anomalous merchants at the transaction level on such platforms, as locating specific anomalous patterns at such a granular level aids in taking corresponding security measures. However, in an integrated payment scenario, a limited number of imprecise labels are accessed at the merchant level rather than the transaction level, thus rendering transaction-level anomaly detection quite difficult. Meanwhile, the collected data comprises not only normal merchants and target anomalies (of interest) but also non-target anomalies (of lesser interest). To address these challenges, we adopt a two-step approach. First, we cluster merchants exhibiting similar behaviors and filter out potential non-target anomalies to better understand the transactional patterns among normal merchants. Then, we learn transaction representations encapsulated within hyperspheres, considering three key aspects: transaction context, historical information, and merchant information; and leverage such representations to determine anomaly scores for individual transactions. Real-world transactions from an integrated payment platform were used in the experiments. The results demonstrate that our model outperforms several state-of-the-art baselines, with an average AUPRC improvement of 10.5%-11.6%, 16.5%-16.7%, and 3.7%-5.4% in the three discovered merchant clusters.