Fraud Prevention: Does one size fit all?
Vishal Marria is CEO of Quantexa.
Fraud is a complex and far-reaching issue, having this year become the crime most commonly experienced in the UK. From international credit card fraud to opportunistic insurance fraud, the multi-faceted nature of fraud means that it cannot be tackled using a one-size-fits-all approach. Criminals use a variety of deceptive and underhand tactics to ensure that their activities are hidden or appear ostensibly legitimate, making it extremely difficult to identify.
White collar crimes are often treated as victimless but their impact on society can be irreparably damaging. From subsequent increased costs to consumers and huge time costs on both businesses and individuals that have been defrauded, the effects of fraud are far more pervasive than one might expect. On a wider, and perhaps more sinister scale, fraudulent activity also involves the laundering of money used to fund human trafficking, terrorist activity, nuclear proliferation and drug dealing.
Furthermore, the advent of the internet has irrevocably changed the nature of fraud, providing a level of anonymity that makes it increasingly difficult to know who you are dealing with. This is further compounded by our willingness to share our data online. Put simply, the more data we share online, the easier it is for fraudsters to harness such information for their own gain. While the internet makes our lives easier by allowing us to shop and bank online, it gives greater opportunities to steal our identities and access our accounts. The result is a huge rise in the amount of consumer fraud across sectors.
Current fraud prevention practices focus on isolated and linear approaches to monitoring. While these approaches appear to be successful, in actuality they only scratch the surface. A new approach is needed that allows organisations to better contextualise the activity they are seeing, to gain a better understanding of which behaviour is potentially criminal, and which is legitimate. This involves positioning entities and transactions within a much wider network, allowing connections to be drawn between various activities that would otherwise not be made. In doing so, they can protect their organisations against financial loss and reputational damage, but more importantly, they can protect their most vulnerable customers as well as ensuring that the experiences of their best customers are not affected.
It is estimated in the U.K. that approximately 1 per cent of all banking applications for lending are fraudulent or misrepresented in some way. Banks have systems in place to screen these applications, but they tend to be outdated, preconfigured systems that are based on simple rules, looking at just a thin slice of data. Fraudsters have been able to actively capitalise on this by systematically testing the thresholds of the systems in place, often by trial and error, and as a result becoming familiar with the parameters. They can then systematically attack an organisation, gaining access to large amounts of money in short timeframes.
The systems do not work largely due to the methods that they use. For example, a traditional approach will look at an individual application for lending and will ask a question such as, 'is the applicant under the age of 25 and has a salary greater than £100k?'. Whilst this may identify someone who is inflating their salary, it will also identify many applications which are not fraudulent.
The solution to this problem is to create context and apply sophisticated analytics across the wide range of data that is available. Techniques such as entity resolution and network analysis allow systems to make associations between applications, accounts and people that otherwise would have gone unnoticed. This approach looks at all the information available rather than a single piece isolation – in doing so, the wider context can be fully explored, and the risks better understood.
Returning to our earlier example – if the applicant was socially connected to four other individuals, all of whom had applied for lending in recent months, each with unusually high salaries given their demographic, the system is much more easily able to identify that application as genuinely at high risk of being fraudulent. This also reduces the vast number of false positives that an institution has to focus on, allowing more time to be dedicated to real frauds.
Detecting fraud is not an exact science with one problem often morphing in to another. Working with a tier 1 organisation, we detected a cluster of customer accounts that were all connected by having a shared address and the same contact numbers. The system identified them as suspicious for fraud because none of the accounts were paying council tax or bills and had a high cash usage. In a short space of time, money flowed into this suspicious ring of accounts and was quickly withdrawn. These accounts are known as money mules - the purpose of the fraudulent activity was in fact to launder money. Criminals were using these accounts to turn the profits of crimes into apparently legitimate assets. The line between fraud and money laundering is often blurred and that grey area is something that the criminals can capitalise on. Yet, banks are under significant pressure to better identify money laundering activity – recent terrorist activities have resulted in increased public and political concern, with a real need for organisations to understand how these activities are funded.
Ultimately, there are so many different types of criminal activity that each requires a tailored approach in order to prevent it. The proliferation of internet banking and digital sharing have made it easier than ever for fraudsters to attack financial institutions, whilst legacy, outdated systems are being systematically abused by criminals to transfer the profits of crimes around the world. Organisations must use methods to help them understand the wider context of the activity they wish to risk assess. Methods such as entity and network analytics have consistently helped organisations to understand the workings of a criminal and to make connections that would otherwise have gone unnoticed. By understanding the bigger picture and thinking like a criminal, we can limit the successes of these fraudsters and prevent them from striking again.
Vishal Marria, CEO of Quantexa