Using Big Data to Fight Fraud

Drew Robb

Updated · Apr 18, 2013

If it was easy to detect fraud, there wouldn’t be much of it around. But these days, the sheer volume of information being generated makes it more difficult than ever to detect.

“Organizations today typically have a fragmented approach to dealing with security and fraud risks, which leaves them vulnerable to even more attacks as criminals are quick to find and exploit any points of weakness,” said Ellen Joyner-Roberson, global marketing principal at SAS Security Intelligence Solutions. “As a result, security risks and financial crimes are increasing dramatically due to a weak global economy, growth in organized crime and the increasing sophistication of fraudulent schemes.”

Not Your Usual Analytics

Unfortunately, many current analytics systems do not support robust analytical modeling, making it difficult to process and analyze information fast enough to make a difference. Different departments often have disparate data sources and processes, so it’s tough to spot suspicious activity across the enterprise.

In addition, there is a constant struggle to balance tougher anti-fraud efforts with a good customer experience. If vendors stop more transactions that are suspicious in an attempt to reduce fraud losses, they may anger customers trying to complete legitimate transactions.

Banking, insurance, government, health care and retail are obvious targets for con artists. The banking industry, for example, has a big problem with identity theft and account takeover. There, it is critical that decisions are made in real time at the point of sale, which requires a monitoring and analytics approach that can instantly model for behavior changes and stop that transaction without getting it wrong too many times.

Due to such demands, the consensus is that traditional business intelligence (BI) isn’t sophisticated enough. It needs to be backed up by domain-embedded rules and adaptive analytics that can be tailored to different types of fraud or financial crime. Context also plays a vital part, and integrating contextual information from mobile apps and other channels can heighten success. And geospatial and velocity data capture at transaction origination should be backed up by decision making in real time.

“To fight fraud before it causes financial losses, companies are using real-time interdiction (definition: to forbid or debar) capabilities wherever they can, and with raw response times under 200 milliseconds,” said Joyner-Roberson.

Her company developed SAS Security Intelligence to address this market. It comprises various SAS products to address fraud and improper payments, regulatory compliance and security. This includes SAS Fraud Management, SAS Network Analytics, SAS Financial Crimes Suite and SAS Fraud Framework.

SAS Security Intelligence takes an enterprise approach to data management and consolidation, combining data integration, data quality and master data management into a unified environment that brings together cross-channel enterprise data on a single platform. It has the ability to score and decision all transactions in real-time and intercept suspect deals.

Haystacks, Needles and Big Data

Big Data only magnifies the problems inherent in tracking down wrongdoers. Just how do you deal with capturing, processing, and storing massive amounts of real-time data so you can learn and adapt to changing behavior patterns?

“The needle in the haystack analogy is particularly appropriate for fraud detection due to the small amount of fraud compared to the whole of legitimate Web traffic,” said Jesse McKenna, head of Threat Research for Silver Tail Systems, RSA. “However, as fraud patterns constantly shift and evolve, so does the needle you are looking for. Today it may be a needle, tomorrow a pushpin or a nail.”  

The challenge is that you don’t know exactly what you are looking for other than it will be different than the rest of the pile. While Big Data means you may be able to derive more insights, finding the meaningful data and building detection algorithms that aren’t brittle and won’t quickly become irrelevant takes a deep understanding of fraud.

That’s where behavioral analytics and adaptive detection methods become important. You need ways to isolate what is different that you may have never seen before.

Analytics apps also have to be of value to fraud investigators, who are the ones with the experience of the real world. Machines can burn through the data mountain to locate unusual occurrences, but they are nowhere near as good as people at evaluating and understanding context. Therefore, the app has to facilitate the people or fraud units it serves, not burden them with delays or lengthy procedures.

RSA’s Silver Tail Systems product suite (consisting of Forensics, Mitigator, and Profile Analyzer tools) provides behavioral analytics, real-time custom rules and mitigation capabilities, as well as a forensics interface for performing investigations.

For example, by monitoring the details of every HTTP/S request that is sent to a website, it learns what normal behavior looks like for the website and can then identify criminal behavior and alert the appropriate teams for investigation. Alternately, it can communicate with other network devices to redirect or terminate the Web session in real-time.

User-based behavioral analytics (in addition to the population-based ones) helps identify when a particular user is deviating from their normal behavior, as is the case with many fraud and account compromise scenarios.  

“Silver Tail was created by ex-eBay and PayPal fraud professionals who lived the battle against fraud at a time when they were protecting the two most targeted brands on the Internet,” said McKenna. “Their experiences motivated them to keep up with shifting Web fraud attacks instead of playing catch-up.”

Visual Aids

IBM is also involved in fraud analytics via a combination of IBM SPSS Modeler, SPSS Statistics, SPSS Collaboration and Deployment Services, SPSS Data Collection, SPSS Decision Management, IBM Cognos BI, Cognos Express, Cognos Insight, Cognos Disclosure Management and Cognos Financial Statement Reporting.

IBM believes that visualization is a vital part in making sense of analytics information, especially when it comes to facilitating the work of professionals in fraud detection.

“As data volumes continue to go up, BI tasks can benefit greatly from the use of information visualization techniques,” said Don Campbell, CTO, IBM Business Analytics. “Good visual representations can help individuals intuitively understand complex data. Visualization can be a powerful presentation and information consumption interface. But it doesn’t stand on its own.”

Graphical representation is also a focus of 21CT, a provider of analytics for investigation and pattern detection. It has released enhanced graph search for its LYNXeon product to help spot cyber attackers and document criminal behavior. The rationale behind the product is that machine -based attacks can be caught by machines, but human-based attacks require specialized tools to help people detect them before the damage is done.

“Health care fraud, notably Medicare, is an enormous problem, costing billions a year,” said Kyle Flaherty, vice president of Marketing at 21CT. “The challenge is not only the enormous amounts of data, but also in the disparate connections within the data. Additionally, fraud has been rampant in this arena and the malicious entities have become sophisticated.”

While regular BI tools provide insight into one slice of the overall information, Flaherty said, they are not good enough for fraud detection, which depends on operational insight and the ability for a human to hunt through visualized data, discover links, and detect overall patterns of activity.

“Fraud detection is a human versus human battle, and BI tools can spit out more data and graphs to help illustrate the problem,” said Flaherty. “In the end you need to be able to hop around the data and investigate.”

Drew Robb is a freelance writer specializing in technology and engineering. Currently living in California, he is originally from Scotland, where he received a degree in geology and geography from the University of Strathclyde. He is the author of Server Disk Management in a Windows Environment (CRC Press).

Drew Robb
Drew Robb

Drew Robb is a writer who has been writing about IT, engineering, and other topics. Originating from Scotland, he currently resides in Florida. Highly skilled in rapid prototyping innovative and reliable systems. He has been an editor and professional writer full-time for more than 20 years. He works as a freelancer at Enterprise Apps Today, CIO Insight and other IT publications. He is also an editor-in chief of an international engineering journal. He enjoys solving data problems and learning abstractions that will allow for better infrastructure.

More Posts By Drew Robb