Memento provides next-generation technology and solutions that enable financial institutions to rethink and improve the way they combat fraud and manage compliance. Memento customers realize unmatched business value and rapid ROI.

Home > Forums > Bank Fraud Forum > Insights and Opinions > The Tip Of The Iceberg

RECENT NEWS

View All

bank fraud forum
< Back to listing

The Tip Of The Iceberg

June 30, 2009 by Paul McCormack
4 comment(s)

Be it bad luck, divine intervention or just the natural evolution of most frauds, the Association of Certified Fraud Examiners states that 25% of fraud is uncovered by accident or chance. Whether an employee calls in sick and their colleague discovers the fraud, an incriminating document is left on printer for the boss to find, or a customer receives their statement and calls to question a transaction that they do not recognize, the fraud surfaces more by chance than systematic detection.

Often, fraudulent transactions are reviewed by multiple people in an organization, yet, no one detects the fraud. Why? The reasons are as varied as the fraud. They don't know what fraud looks like; they don't have time to scrutinize the transaction; or they don't have all of the pieces of data available to identify the fraud. Whatever the reason, failing to appropriately detect and address a fraudulent transaction can prove to be extremely costly.

Depending on the circumstances, once detected, the institution's reaction can range from shock to embarrassment to disbelief to anger. Because the fraud is discovered by chance, no one can really claim credit for stopping the fraud. In fact, the discovery can be a major source of embarrassment for the responsible department. There is nothing more damning for a manager than to be accused of not knowing what is going on in his or her department. However, there is a way to gain the upper hand when fraud is uncovered by accident...

Often one transaction can be the "tip of an iceberg". Once discovered, treat this fraud as an opportunity to understand what's beneath the water line. Failure to act might allow a very large "iceberg to develop unseen and unchecked. Research shows that fraud grows exponentially over time if allowed to do so.

So once a fraudulent transaction is discovered, what should a company do to gain the upper hand? Metaphorically, dive in the water and learn about the rest of the iceberg! How? Use the elements of the accidental discovery to mine the data. Gain the upper hand by adopting an aggressive, proactive approach to detecting transactions with similar elements.

The vast majority of frauds have common elements. Use the data to find those elements in other transactions. The discovery of the fraud is on some level, a gift. If the fraud involved a general ledger, mine the ledger for similar transactions. If the fraud involved a customer account, locate all of the accounts that the fraudster(s) accessed, etc.

Whatever the method, use your institution's data to stop the iceberg from growing out of control. It may be indicative of a huge problem, or a huge problem in training; either way it will not get better if you fail to act. Ignore the tip of the iceberg at your peril.

Have you used the "tip of the iceberg" to uncover fraud?


Make a Comment

* = Required
*
*
*
*
 

Recent Comments:

Paul McCormack
July 15, 2009 - 3:10 PM
"Tony, I really appreciate the feedback. As David Hood notes in his post, "The Community Against Fraud”, there is "strong sense of community that exists in fraud prevention”. Sharing your thoughts took time and effort. Thanks for strengthening the fraud community! I think you touched on the Holy Grail when you mentioned allowing "the fraud investigator to interact with disparate data and uncover non-obvious relationships” The 9/11 commission cited the failure of imagination as one of the reasons that the attacks were not thwarted. That may be very true. In more concrete terms, it may also have been the failure to share data between agencies using a technology platform that could gather the data, (disparate or otherwise) and provide the analyst with the beginnings of the picture, or in this case, the indicators of a terrorist attack planned for US soil. However, I think that is important to note that once presented with a "new picture”, investigators may be unable to appropriately interpret the data. With new and improved data analysis tools must come additional training to reorient, or reeducate the investigator on how best to interpret the data on their screen. You noted the following, "I believe that the optimal analytical system includes a combination of rules to detect fraud, automated models to predict fraud and interactive analytics to investigate suspicious activity.” If I understand your comment correctly; the "combination of rules” would be defined by the bank that owns the software. Banking, more than any other industry (and certainly the airlines for regulatory reasons), is more apt to share information about how to detect fraud (See David Hood's article). That's actually where I believe banks have a distinct advantage. Most other industries that I been exposed to are almost completely in the dark about how their competitors detect and prevent fraud. Further, you mentioned "Automated models to predict fraud” presumably that would be tried and tested fraud rules that repeatedly detect fraud? And finally, I completely agree that an optimal system should include interactive analytics. So many fraud detection platforms are remarkably rigid. They do not allow the bank, or user to update the "rules” or data feeds to reflect the latest intelligence. In my opinion, in order to be truly effective, a fraud detection platform should be flexible enough that new streams of data can added with minimal effort, and incorporate rules that can be quickly changed to reflect changes in fraud schemes. Fraudsters do not perpetrate fraud in the same manner month after month, why should banks not demand the ability to change their fraud rules accordingly? I also agree with your statement regarding collaboration. Unfortunately, collaboration within corporate fraud departments can be somewhat lacking. Often there are just not enough hours in the day to allow investigators to weigh in on a fraud investigation being conducted by another member of the team. Better data aggregation, or case management, coupled with the ability to "slice and dice” the data quickly can help leverage the collective knowledge of the fraud department rather than just one, or possibly two investigators allocated to the case. Better yet, allowing investigators to see patterns in different investigations can be an invaluable training tool. On a side note, having met with various federal, state and local law enforcement agencies I can attest to the importance of presenting complex cases in a readily understandable fashion (i.e. visual). There are some extremely smart people in law enforcement (and obviously the intelligence agencies you mention) however, leveraging their knowledge and engaging their assistance is so much easier when you present the case in manner they can understand and then "sell” to their boss, or the U.S. Attorney's office etc. Law enforcement must understand the fraud before they invest their time and effort to pursue. There is no quicker way to lose law enforcement support than to waste their time with an overly complex or badly organized case. Again, thank you for taking the time to comment. You very eloquently expanded on my original post. I truly appreciate the insight, as well as the time and effort you put forth to respond. I look forward to seeing more of your comments! "
eGregie
July 20, 2009 - 8:30 AM
"Good article and insightful comments, keep up the good work! "
aagresta
July 28, 2009 - 4:03 PM
"Thank you Paul. I enjoyed your article. From an analytics perspective, it seems to me that there are two major classes of analysis that allow the fraud investigator to look below the water line. Predictive Analytics can be used to build models that predict outcomes such as how much money is at risk or the probability of fraud taking place. This can be effective and is used by some banks today. These models require robust input data sets, period recalibration and expertise to manage the building and deployment of models. You allude to the 2nd analytic technique in your article which we should also discuss. You write: "Use the elements of the accidental discovery to mine the data. Gain the upper hand by adopting an aggressive, proactive approach to detecting transactions with similar elements. The vast majority of frauds have common elements. Use the data to find those elements in other transactions. The discovery of the fraud is on some level, a gift. If the fraud involved a general ledger, mine the ledger for similar transactions." One way to do this is through "Interactive Analytics" or "IA”. IA allows the fraud investigator to interact with disparate data and uncover non-obvious relationships that may exist below the water line. This form of analytics is consistent with the expertise of the fraud investigator and also happens to be how the CIA, FBI and NSA solve mission critical applications in the areas of financial crimes analysis, cyber breaches and homeland defense. In this context, a more appropriate way of describing this technique is "Investigative Analytics". In either case, the core components seem to be 1) fraud analysts visualizing rich picture of alerts, accounts, loan officers, historical transactions and other data in a variety of visual forms to detect non-obvious relationships that may exist below the water line, 2) unifying these data sources inside these visualizations so that a complete picture can be drawn and 3) collaborating with other team members, local law enforcement or government agencies to solve share insights. In some cases, the data unification piece should be done "on demand” when needed. In other words, as the analyst uncovers something suspicious, additional data can be brought into the investigation and incorporated into a single visualization. This often reveals the hidden insights necessary to solve the case. I believe that the optimal analytical system includes a combination of rules to detect fraud, automated models to predict fraud and interactive analytics to investigate suspicious activity. With the appropriate feedback loops to improve rule sets and create new input variables for the predictive models, interactive analytics provides a complimentary approach to these technologies. Paul, thank you for your article. Your approach and thinking is right on target, Fraud continues to become a bigger and bigger problem worldwide. I only hope that others share in this approach and begin to deploy these techniques so that the honest citizens don't have to pay for losses that continue to pile up as a result of this problem. Tony Agresta Centrifuge Systems www.centrifugesystems.com 571-830-1390 "
aagresta
July 29, 2009 - 9:27 AM
"Here is some additional thinking on this topic: You are correct Paul, I was referring to a combination of rules, models and the ability to explore suspicious events as three core capabilities in a fraud analysis system. As you know, when the rules are met (and indicate some form of fraud) they can trigger alerts which lead fraud investigators to explore the data and potentially open up the case which may include results of the interactive investigative analysis. The rules could incorporate the results of a model designed to predict fraud. Both the rules and models need to be refined again and again. The interactive analytics piece can uncover new rules or refinements to existing rules that need to be incorporated into the process. It can also uncover new information that would lead to a new variable being used in the automated models to predict fraud. So, this is all a very circular process with each component feeding off the others. Integrated data consortiums across banks, brokerage and insurers would go a long way in the fight against fraud since more complete views into activity across financial institutions would be available. There is some movement in this area today but my guess is this will take years to complete if it is ever done at all. Backing through federal and state laws would help. Short of this, the ability to integrate new sources of data into the analysis can be extremely powerful. Our experience indicates if this can be done "on demand” without a lot of technical work, results can be generated much more quickly. The ability to auto-detect common identification fields across disparate data is one the keys to success here. On the collaboration side of things, our approach has been to create a live repository of analytical assets that can be shared with anyone who has the proper privileges. This has been done to overcome the exact point you make about not having enough time to get the job done. For example, if John detects some form of fraud and publishes it for review, Jane can be automatically notified. She can then retrieve this analytical asset and begin her own analysis, potentially extending it beyond what John did because she has more data. Then Jane can publish results and the cycle continues while also being extended to others. In this fashion, the analysis is always "alive" but also "secure" when it needs to be. Hopefully by force multiplying the efforts of a group, we can help reduce the fraud problem worldwide. Thanks for all the feedback. I really appreciate your input. Tony Agresta Centrifuge Systems www.centrifugesystems.com 571-830-1390 "
Solutions Overview
Technology
Approach
Forums
About Memento
WE CAN ALSO BE FOUND:
  • facebook
  • linkedin
  • twitter

©2012 Memento, Inc. All rights reserved.
55 Network Drive Burlington, MA 01803
1-877-371-0673 |

Privacy/ Usage Agreement | Contact Us | Sitemap