A fraud detection method and apparatus are provided, arranged to:
(i) select a sample of entities, including at least one entity known to have been exposed to fraudulent activity or suspected of having been so exposed;
(ii) inputting, from an activity database, transaction data defining activity in respect of the sample of entities, the transaction data identifying associated information processing points;
(iii) processing the input transaction data to determine, using a predetermined set of metrics, evidence of compromise in any one or more of the identified information processing points; and
(iv) ranking the identified information processing points according to likelihood of compromise.
In this way, one or more information processing points may be identified as a potential source of fraud and steps triggered to identify, from the activity database, any other entities associated with those potential sources of fraud to prevent further fraud.