Analytics as a fraud and abuse deterrent

You will often hear that you need a predictive manner to detect fraud before it even happens, but the best method is to set up a system so water tight that you discourage potential fraudsters in the first place and discourage them to knock at your door in the first place.

Fraud deterrence is not earlier fraud detection even though the analytical techniques described below also reach that objective.

?

“Deterrence involves an analysis of the conditions and procedures that affect fraud enablers, in essence, looking at what could happen in the future given the process definitions in place, and the people operating that process. Deterrence is a preventive measure – reducing input factors” (The handbook of fraud deterrence. Cendrowski, Harry., Martin, James P., Petro, Louis W. Hoboken, N.J.: Wiley.)

And one of the main conditions augmenting deterrence is a very tight control process based on and supported by efficient data analytics.

There is an analogy that is often used to better explain the difference between remediation, early detection and deterrence. The parallel can be drawn with weight gain leading to health problems.

Working Out would be the equivalent of Remediation. You’ve already put on the weight and decide to go to the gym before it’s too late. The more time you wait the more weight you put on.

Scale would be the equivalent of Early Detection. You weight yourself to detect weight gain before it’s even noticeable. If you do so frequently you could identify any increase and even a trend.

Removal of Causal Factors would be the equivalent of Deterrence. This would mean understanding the consequences of being overweight and doing more physical activity before anything unhealthy weight gain.

In short, a system that actually detects fraud and abuse (even the difficult cases involving collusions and undeclared corporate interests) will not only detect leakage but also send a signal to potential fraudsters to move on. The efficiency of the system obviously needs to be combined with targeted internal and external communication of the success of the solution in identifying loopholes and culprits.

"The fraudster's greatest liability is the certainty that the fraud is too clever to be detected."

Louis J. Freeh (Former Director of the FBI).

?

One could perhaps add to Louis Freeh’s comment that greediness in the end often spells a fraudsters downfall. Back to the topic however, on average detected frauds last 16 months before they are detected when using manual and semi manual systems.

The data analytics described below have been honed and efficiently applied to detect anomalies in spend and payments that can continuously adapt to changing trends. This has meant more efficient investigations, audit, compliance and even forensics.

In short, analytics and machine learning techniques can be built for purpose efficiently detect anomalies in customer payments and to identify anomalies in procurement spend as well as internal travel and expenses.

This type of solution surfaces real time scored alerts for investigation teams to determine if the anomalies are related to error, process breaches or intentional.

?

?

"While introducing AI into the government will save money through optimizing processes, it should also be deployed to eliminate waste, fraud, and abuse."

Will Hurd, American Politician

?

Combining the following techniques together will close the net with the right mesh size to make sure you identify what needs to be found without over identifying and generating too many alerts.

Predictive analytics

In the 2002 movie Minority Report starring Tom Cruise a specialized “pre crime” police team called identifies criminals before they even go to action.

Some policing solutions didn’t wait for 2054 to attempt predicting crime will occur in a certain neighborhood at a certain time and assisting law enforcement to pre-empt crime by patrolling the identified neighborhood.

Algorithms don’t have mutant psychic qualities and the policing models are highly debated. However, similar techniques can be applied to fraud and abuse detection to assess how likely a 3rd party or employee is to commit fraud or have committed fraud that wasn’t identified.

This technique called supervised modeling requires a history of investigations with a human feedback loop to train the model to detect suspect payments, suppliers or customers.

?

Machine learning and text mining

Machine learning is a term that covers sereval mathematical techniques – one of which, text analytics, can be very pertinent to fraud and abuse identification. Many smoke signals and dodgy behaviour can be found in text descriptions of invoices, purchase orders, bid and contract documentation and even emails.

Text-mining, word clusters are all part of what is called sentiment analysis and can lead to the identification of key concepts and words that may be errors or suspicious. For example, in an invoice it could find that c/o in an address, “urgent payment”, spelling mistakes, incoherent bank accounts are all indicators of wrongdoing.

?

Anomaly detection

This technique is part of unsupervised modeling and looks for unknown unknowns. It doesn’t need a target variable to function correctly.

Benfords law that looks into the distribution of digits after the comma and before, isolation forest and clustering are techniques that are very efficient when combined together. This method organizes data to identify outliers compared to peers in the case of third parties or payments.

Benfords can easily be explained. It is verified that datasets comprised of numbers that are products of multiple, independent factors will tend to follow the distribution below for first digits.

We generally apply this to First 2 Digits, First 3 Digits, Last 2 Digits that also have their own distributions.

So, if your distribution is significantly different than what is expected using Bedford’s law, this is an anomaly/outlier.

We’ve successfully used this type of techniques to benchmark the risk level of a company compared to those in the same industry by comparing the overall level of anomalous invoices or payments. Had this technique been use at the time frauds such as Enron would have been detected before it was too late.

What is also powerful about the technique is that a certain level of anomalies are to be detected so if someone is playing with account statements or numbers knowing these techniques can be applied they will have a hefty task to simulate a correct level of error and distribution of error.

?

Entity resolution and link analysis

In the James Bond movie…there is a scene where Q has generated a web view of links on a screen highlighting the links between people, location on a timeline.

The first step to generating this analysis is entity resolution or deduplication of data combined with third party data enrichment.

For example, the following entities containing name, dob, address, id and phone number) could be resolved into one:

?

If in addition you had the following entry in a PEP list "Smith 01/1980" there is a high probability that the person described above is a politically exposed person. In the same manner you could identify him as an ultimate beneficial owner and if you could access a companies declared corporate interest information identify potential signs of collusion.

The entity resolution technique is also very efficient to simply cleanse data that is simply prone to error and duplication and miss spellings. This is very often the cases when data is siloed, when a company has gone thru acquisitions sprees with complex system integrations or when dealing with legacy systems in full ERP migration

One of the complexities however when it comes to link analysis once you have resolved entities is to identify the relevant nodes (person, company, address, phone and account numbers, IDs and passports) and the relationships that make sense for the purpose of fraud waste and abuse identification. Everything is connected to everything else…but not all connections have equal significance and weight…Two people may have lived at the same address, but was it at the same time and was it in a tower or in a town house.

Many fraudsters create smoke screens and use false identities or associates to cover their traces. This is a typical behavior using shell companies and a challenge for the identification of the real ultimate beneficial owners of companies.

?

Business rules

Business rules are a perfect place to start with since business users usually know what happened in the past and want to avoid happening in the future. Even though these rules are backwards looking and have a tendency to generate high false positives they bring business logic and acumen into the equation.

Score cards combining business rules can be built to permantently score the more risky one and rank them in descending ordre of importance. Unlike an AML solution where you need to review all alerts in the context of procurement risk you can choose to investigate based on capacity. Aggregation of alerts per supplier, employee, customer are key to giving a holistic view of the risk per logical entity.

These business rules surface data issues, process breaches and eventually opportunistic fraud or organized fraud.

It’s the combination of signals and context that determines the severity of an alert. For example, a high velocity change of an account number could be due to the fact the company is a start up or the employee responsible for the master file is inexperienced and making errors. However, if the account is changed and a payment is made before being changed back to the original number of another and the person making the account number change isn’t the usual operator or not allowed to do so there may be an issue. Furthermore, if the owner of the supplier being paid is on a PEP list the alert would be all the more important to investigate.

Once there is a history of cases the machine learning algorithms mentioned above could be used to ponderate the relative weights of the scenarios thus improving the scoring.

"Facts are threatening to those invested in fraud."

DaShanne Stokes, University of Pittsburg

?

Fraud prevention always beats running after the money that left the door. Better safe than sorry. The next step however is deterring the wanna be fraudsters from even attempting anything. This can only be done by facts (a very efficient proactive service) that they know about since it was communicated as such and based on some success stories of catching fraudsters.

Deterrence strategies?seek to influence a fraudsters behavior, discouraging them from engaging in unwanted activities. In contrast, denial strategies endeavor to improve a technology, process, or practice so that despite adversarial ventures, an attack might have a low rate of success.

https://www.sas.com/sas/webinars/roundtable-analytics-for-deterrence-in-procurement.html