CMP -- United Business Media

Intelligent Enterprise

Better Insight for Business Decisions

 UBM
Intelligent Enterprise - Better Insight for Business Decisions
Part of the TechWeb Network
Intelligent Enterprise
search Intelligent Enterprise
Advanced Search

RSS
Webcasts
Whitepapers
Subscribe
Home



May 28, 2002

The Hidden Truth

Data analysis can be a strategic weapon in your company's management and control of fraud

By Girish Keshav Palshikar

Fraud or scams — euphemistically called economic offenses — are a dominant white-collar crime in today's business environment. An unfortunate but rather well-known fact is that many businesses and government organizations, particularly in financial and related services, suffer from fraud of various kinds. Fraud bleeds businesses to the tune of hundreds of billions of dollars worldwide, annually. Continued prevalence of such malpractices on a large scale can have disastrous long-term consequences not only for the businesses involved but also for the investors, financial institutions, government, and economy, in general.

Today's highly automated business systems collect vast amounts of data regarding almost all kinds of business transactions and activities. With the advent of data warehousing and corporate memory systems, you can now access both current and historical business data. Clearly, evidence of fraud and fraudulent activities is partly hidden in these enormous quantities of data. Data analysis techniques can help businesses perform effective fraud management to prevent losses and bring the culprits to justice.

Fraud management involves a whole gamut of activities: early warnings and alarms; telltale symptoms and patterns of various types of fraud; profiles of users and activities; fraud detection, prevention, and avoidance; minimizing false alarms and avoiding customer dissatisfaction; estimating losses; risk analysis; surveillance and monitoring; security (of computers, data, networks, and physical facilities); data and records management; collection of evidence from data and other sources; reports; summaries; data visualization; links to management information systems and operation systems (such as billing and accounting); and control actions (such as prosecution, employee education and ethics programs, hotlines, and cooperation with partners and law enforcement agencies).

Executive Summary

Girish Keshav Palshikar

Today's highly automated business systems collect vast amounts of data regarding almost all kinds of business transactions and activities. With the advent of data warehousing and "corporate memory" systems, it's now possible to access not only the current business data but also historical data. Clearly, evidence of fraud and fraudulent activities is partly hidden in these enormous quantities of data. It should be possible, using data analysis techniques, to perform effective fraud management to prevent losses and help bring the culprits to justice. This article describes the state of the art.

Several critical issues make building fraud management systems a challenging and difficult task: enormous volumes of data with complex structure; changing behavior of users, business activities, and fraudsters; continuous evolution of newer fraud particularly to bypass existing detection techniques; need for fast and accurate fraud detection without undue burden on business operations; risks or false alarms; and social issues such as privacy and discrimination.

In this article, I'll take a brief look at the various types of fraud and the means and processes, in particular software-based techniques, that you can use to detect, investigate, and prevent them.

What is Fraud?

Oxford Advanced Learner's Dictionary defines fraud as "an act of deceiving illegally in order to make money or obtain goods." Indeed, in fraud, groups of unscrupulous ("morally challenged," if you prefer!) individuals manipulate or influence the activities of a target business with the intention of making money or obtaining goods through illegal or unfair means. Fraud cheats the target organization of its legitimate income and results in a loss of goods, money, and even good will and reputation. Fraud often employs illegal and always immoral or unfair means.

Outright criminal activities — typically involving violence or other physical means — such as break-in thefts, industrial espionage, sabotage, attacks and robberies, and so forth are usually excluded from the scope of fraud. But even within a particular organization, the full scope of what exactly constitutes fraud isn't always clear. A particular difficulty is distinguishing fraud from losses due to incompetence, procedural lapses, accidents, mismanagement, wrong decisions, or business risks. General economic offenses also include criminal acts other than fraud: money laundering, financing of criminal or antinational activities, corruption, bribery, kickbacks, and so on.

Nevertheless, due to their potential for significant negative impact, fraud has been studied in-depth as a phenomenon. Luckily, fraud falls into typical similar types that share common characteristics, means, and methods. Just as a garden-variety house theft can occur in only some specific ways — break-in, lock picking, gaining entry, and confidence by misrepresenting identity — fraud shares similar modus operandi. Consequently, an organization can take advantage of these commonalities to establish business practices to protect itself from fraud and resultant losses. Of course, any particular fraud in an organization need not meet all of characteristics.

Fraud often consists of many instances or incidents involving repeated transgressions using the same method. Fraud instances can be similar in content and appearance but usually aren't identical.

Fraud investigations are a complex, time-consuming, and tedious activity and require a great deal of knowledge of finance, economics, business practices, market analysis and business conditions, investigative skills, and law. A comprehensive investigative and surveillance business process for fraud management (often set up in the form of a fraud control center within an organization) often includes a number of steps, activities, and deliverables. I'll take a brief look at the core of this business process: data analysis.

Data Analysis Techniques for Fraud Detection

The techniques used for fraud detection fall into two primary classes: statistical techniques and artificial intelligence (AI) techniques. Many commercial tools are available for fraud detection that provide a variety of techniques from either of these areas, although usually not in any single integrated tool. Important statistical data analysis techniques for fraud detection are:

  • Data preprocessing techniques for detection, validation, error correction, and filling up (estimation) of missing or incorrect data.
  • Calculation of various statistical parameters such as averages, quantiles, performance metrics, probability distributions, and so on. For example, the averages may include average length of call, average number of calls per month (or per day), and average delays in bill payment.
  • Models and probability distributions of various business activities either in terms of various parameters or probability distributions.
  • Computing user profiles (classifications of users, customers, and orders into various categories) and statistical characterization of these profiles (in terms of parameters, probability distributions, and so forth).
  • Time-series analysis of time-dependent data.
  • Clustering and classification to find patterns and associations among groups of data.
  • Matching algorithms to detect anomalies in the behavior of transactions or users as compared to previously known models and profiles. Techniques are also needed to eliminate false alarms, estimate risks, and predict future of current transactions or users.

In addition, a number of auxiliary tools can help surveillance personnel quickly grasp the nature of business data and activities. These include canned queries, summary reports, data visualization in various forms, software filters in the form of early warning indicators, alarm conditions, and so on. Usually, these techniques require considerable human expertise and active participation. Also, they're used in a sort of iterative way, where suspicious transactions are first identified and then further investigated to locate the victims, suspects, and their methods, which are then investigated to enable prevention or gather evidence.

I've already remarked that fraud management is a knowledge-intensive activity. Therefore, applications of knowledge-based techniques from AI are a natural idea. Important AI techniques used for fraud management include:

  • Data mining to classify, cluster, and segment the data and automatically find associations and rules in the data that may signify interesting patterns, including those related to fraud.
  • Expert systems to encode expertise for detecting fraud in the form of rules.
  • Pattern recognition to detect approximate classes, clusters, or patterns of suspicious behavior either automatically (unsupervised) or to match given inputs.
  • Machine learning techniques to automatically identify characteristics of fraud.
  • Neural networks that can learn suspicious patterns from samples and used later to detect them.

Other techniques such as Bayesian networks, decision theory, and sequence matching are also used for fraud detection.


Most Popular This Week
Kimball University: Better Business Skills for BI and Data Warehouse Professionals
Business Process Management 101: The Basics of BPM and How to Choose the Right Suite
Forrester Sees Convergence Trend In BI, Search
A Mashup Gives New Meaning to 'Military Intelligence'

IE Weekly Newsletter
Subscribe to the newsletter
    Email Address