Business analysis can be critical in the detection of fraud, Suren de Silva, SAS’s solutions manager for financial crimes, told the SAS Users’ NZ conference, held in Wellington recently.
However, it is crucial that statistical analysis tools be used intelligently and flexibly and continue to evolve, with a multi-vectored approach, de Silva says. “Models” that look for fixed departures from the ordinary should be complemented with more flexible techniques such as data mining, which can uncover unexpected clusters of unusual behaviour that will bear further investigation.
He compares the fraudster to a bacterium that has evolved to be resistant to antibiotics widely deployed for decades. It should be no more surprising that fraudsters have in a similar way learned to make their activities inconspicuous to common analysis techniques.
Moreover, they are a different kind of criminal. It is no longer the occasional customer claiming something they are not entitled to. These days, organised crime is involved - the Russian Mafia is a real force [in IT crime] in Australia, he told the conference.
Increasing use of the internet and other electronic trading routes and the general use of more indirect channels in business means “you hardly see your customers any more”, de Silva says
The internet has sparked a more global approach to business, which means more customers but also a greater chance of attracting overseas fraudsters.
Fraud detection today is split into silos, says de Silva; particular classes of customer are often investigated narrowly for the particular kinds of fraud they usually attempt. Criminals move across the silos by, for example, using “mules” to attempt sophisticated fraud on their behalf, when the organisation will be looking for relatively simplistic fraud from such a person. Detection personnel must similarly move across the silos, he says.
“All approaches have strengths and weaknesses,” he says “If you rely too heavily on a single detection method, you will be wrong, catastrophically so at times.”
Traffic on social networks is one new source of information that needs to be factored into today’s investigations, de Silva says.
False positives – innocent customers investigated for fraud – are a risk to the business’s reputation. Using a simple table of “suspected/not suspected” against conspiring/not conspiring, he showed the conference that despite a single test being 99 percent accurate at finding actual fraud, a positive result from the test could still be wrong in 99.9 percent of cases.
Looking to past behaviour to predict future action – as conventional models often do – misses out on changes in tactics and the possibility of a catastrophic surprise, de Silva says.
Using data from multiple sources and monitoring clusters of unusual behaviour, he says, assists in detection of criminal behaviour.
The company has developed a “Fraud Framework” for deploying such a battery of detection tools and reports positive results from pilot customers.