Call detail record analysis to identify fraudulent activity

What is claimed is: 1. A computer-implemented method for determining a risk score for a call, the computer-implemented method comprising: receiving a call from a particular phone number; retrieving pre-stored information relating to the particular phone number to derive a reputation feature and a velocity feature; including the reputation feature and the velocity feature in a feature vector; and generating a risk score for the call based on the feature vector. 2. The computer-implemented method of claim 1 , further comprising: labeling the feature vector; training a machine learning model using the labeled feature vector and other labeled feature vectors; and using the machine learning model to generate the risk score for the call. 3. The computer-implemented method of claim 1 , further comprising taking an action based on the risk score for the call, wherein the taking an action based on the risk score for the call includes at least one of displaying the risk score on a display during the call, storing the risk score in a database during the call, altering an interactive voice response (IVR) call flow during the call, notifying police, notifying an owner of an IVR system, disabling a feature in an IVR system during the call, locking down an IVR system during the call, requiring alternative identification during the call, or requesting additional information during the call. 4. The computer-implemented method of claim 1 , wherein the feature vector includes a behavior feature derived from the call. 5. The computer-implemented method of claim 1 , wherein the pre-stored information is stored in a database and retrieved from the database before the including the reputation feature and the velocity feature in the feature vector. 6. The computer-implemented method of claim 1 , wherein the velocity feature is a sequence of calls or attempted calls from at least one originating phone number similar to the particular phone number. 7. The computer-implemented method of claim 1 , wherein the velocity feature is at least one of a number of distinct account identifiers, a number of distinct originating phone numbers associated with an account identifier, or a number of destinations called. 8. The computer-implemented method of claim 7 , wherein the feature vector includes a velocity feature based on at least one of a number of calls, a duration of at least one prior call, a duration between calls, or a periodicity between calls. 9. The computer-implemented method of claim 1 , wherein the reputation feature is at least one of suspicious activity, malicious activity, a prior complaint, a device type, a carrier, a route taken by the call prior to entering a telephone exchange, a route taken by the call after leaving a telephone exchange, or a location. 10. The computer-implemented method of claim 1 , wherein the pre-stored information is stored in a non-relational database. 11. The computer-implemented method of claim 1 , wherein the pre-stored information is stored in a graph database. 12. The computer-implemented method of claim 1 , wherein the risk score is generated during the call. 13. The computer-implemented method of claim 1 , wherein the retrieving pre-stored information relating to the particular phone number to derive a reputation feature and a velocity feature is done using at least one query to select the pre-stored information. 14. A computer-implemented method for determining a risk score for a call, the computer-implemented method comprising: storing information extracted from received calls; performing queries of the stored information to select data using keys, wherein each key relates to one of the received calls, and wherein the queries are parallelized; transforming the selected data into feature vectors, wherein each feature vector relates to one of the received calls and includes a velocity feature and a reputation feature; and generating, during the call, the risk score for the call based on the feature vectors. 15. The computer-implemented method of claim 14 , wherein each feature vector includes a behavior feature. 16. The computer-implemented method of claim 14 , further comprising: training a machine learning model using the feature vectors; using the machine learning model to generate the risk score for the call; and displaying the risk score for the call on a display during the call, wherein the queries are parallelized using a thread pool. 17. An apparatus that determines a risk score for a call, the apparatus comprising: at least one processor; a non-transitory computer readable medium coupled to the at least one processor having instructions stored thereon that, when executed by the at least one processor, causes the at least one processor to: receive a call from a particular phone number; retrieve pre-stored information relating to the particular phone number to derive a reputation feature and a velocity feature; include the reputation feature and the velocity feature in a feature vector; and generate a risk score for the call based on the feature vector. 18. The apparatus of claim 17 , wherein the velocity feature is a sequence of calls or attempted calls from at least one originating phone number similar to the particular phone number. 19. The apparatus of claim 18 , further comprising a display that displays, during the call, the risk score for the call. 20. An apparatus that determines a risk score for a call, the apparatus comprising: at least one processor; a non-transitory computer readable medium coupled to the at least one processor having instructions stored thereon that, when executed by the at least one processor, causes the at least one processor to: store information extracted from received calls; perform queries of the stored information to select data using keys, wherein each key relates to one of the received calls, and wherein the queries are parallelized; transform the selected data into feature vectors, wherein each feature vector relates to one of the received calls and includes a velocity feature and a reputation feature; and generate, during the call, the risk score for the call based on the feature vectors.