Investigators Need Context and Analytics to Detect Fraud Effectively
Current fraud prevention practices focus on isolated and linear approaches to monitoring. While these approaches appear to be successful, they only scratch the surface. A new approach is needed that allows organisations to better contextualise the activity they are seeing, to gain a better understanding of which behaviour is potentially criminal and which is legitimate.
Fraud is a complex and far-reaching issue, having this year become the most commonly experienced crime in the UK. From international credit card fraud to opportunistic insurance fraud, the multi-faceted nature of fraud means that it cannot be tackled using a one-size-fits-all approach. Criminals use a variety of deceptive and underhand tactics to ensure that their activities are hidden or appear ostensibly legitimate, making it extremely difficult to identify.
White collar crimes are often treated as victimless but their impact on society can be irreparably damaging. From subsequent increased costs to consumers and huge time costs on both businesses and individuals that have been defrauded, the effects of fraud are far more pervasive than one might expect. On a wider, and perhaps more sinister scale, fraudulent activity also involves the laundering of money used to fund human trafficking, terrorist activity, nuclear proliferation and drug dealing.
Furthermore, the advent of the internet has irrevocably changed the nature of fraud, providing a level of anonymity that makes it increasingly difficult to know who you are dealing with. This is further compounded by our willingness to share our data online. Put simply, the more data we share online, the easier it is for fraudsters to harness such information for their own gain. While the internet makes our lives easier by allowing us to shop and bank online, it gives greater opportunities to steal our identities and access our accounts. The result is a huge rise in the amount of consumer fraud across sectors.
Current fraud prevention practices focus on isolated and linear approaches to monitoring. While these approaches appear to be successful, they only scratch the surface. A new approach is needed that allows organisations to better contextualise the activity they are seeing, to gain a better understanding of which behaviour is potentially criminal and which is legitimate. This involves positioning entities and transactions within a wider network to draw connections between various activities that would otherwise not be seen. In doing so, they can protect their organisations against financial loss and reputational damage, but more importantly, they can protect their most vulnerable customers.
It is estimated that approximately one per cent of all banking applications for lending in the UK are fraudulent or misrepresented in some way. Banks have systems in place to screen these applications, but they tend to be outdated, preconfigured systems that are based on simple rules, looking at just a thin slice of data. Fraudsters have been able to actively capitalise on this by systematically testing the thresholds of the systems in place through trial and error, and as a result become familiar with the parameters. They can then systematically attack an organisation, gaining access to large amounts of money in short timeframes.
Detecting fraud is not an exact science, as one problem often morphs in to another.
The systems do not work largely due to the methods that they use. For example, a traditional approach will look at an individual application for lending and will ask questions such as, ‘is the applicant under the age of 25?’ and ‘do they have a salary greater than £100k?’. Whilst this may identify someone who is inflating their salary, it will also identify many applications which are not fraudulent.
The solution to this problem is to create context and apply sophisticated analytics across the wide range of data that is available. Techniques such as entity resolution and network analysis allow systems to make associations between applications, accounts and people that otherwise would have gone unnoticed. This approach looks at all the information available rather than a single piece in isolation – in doing so, the risks better understood.
Returning to our earlier example – if the applicant was socially connected to four other individuals, all of whom had applied for lending in recent months, each with unusually high salaries given their demographic, the system is much more easily able to identify that application as genuinely at high risk of being fraudulent. This also reduces the vast number of false positives that an institution must focus on, allowing more time to be dedicated to real frauds.
Detecting fraud is not an exact science, as one problem often morphs in to another. Working with a tier one organisation, we detected a cluster of customer accounts that were all connected by having a shared address and the same contact numbers. The system identified them as suspicious for fraud because none of the accounts were paying council tax or bills and had a high cash usage. In a short space of time, money flowed into this suspicious ring of accounts and was quickly withdrawn. These accounts are known as money mules – the purpose of the fraudulent activity was in fact to launder money. Criminals were using these accounts to turn the profits of crimes into apparently legitimate assets. The line between fraud and money laundering is often blurred and that grey area is something that the criminals can capitalise on. Yet banks are under significant pressure to better identify money laundering activity. Recent terrorist activities have resulted in increased public and political concern, and a real need for organisations to understand how these activities are funded.
Ultimately, there are so many different types of criminal activity that each requires a tailored approach to prevent it. The proliferation of internet banking and digital sharing have made it easier than ever for fraudsters to attack financial institutions, whilst legacy, outdated systems are being systematically abused by criminals to transfer criminal profits around the world. Organisations must use sophisticated methods to help them understand the wider context of the risky activity they are attempting to assess. Methods such as network analytics have consistently helped organisations to understand the workings of a criminal and to make connections that would otherwise have gone unnoticed. By understanding the bigger picture and thinking like a criminal, we can limit the successes of these fraudsters and prevent them from striking again.