Connecting The Dots
0 comment(s)
We've now had a few weeks to catch our breath and collect our thoughts on the attempted terrorist attack on Christmas Day. As I'm sure you all know by now, a young man – Umar Farouk Abdulmutallab – hid explosives in his underwear and tried to take down a plane over Detroit. Flames shot from his clothes, passengers tackled him, and a weapon of mass destruction was defused.
Clearly, in this case, flames were the "red flags" that caused a co-passenger to act.
There were other red flags, and early warning signs, evidently. Abdulmutallab's father reported his son's extreme views to the CIA (but his name was not added to the airlines' no-fly list). His application for a British visa was rejected (but that information was never passed on to the American embassy, which apparently had no reason to deny his American visa).
The list of early warning signs is substantial in its length, and in retrospect, the flutter from the red flags is loud, raucous, and should have been heard! But, as the riddle goes, "if a tree falls in a forest, and no one is around to hear it, does it make a sound?.
I'm tempted to stop at this point, and leave you to go on the philosophical journey that the riddle tees up (Do objects cease to exist if you stop observing them? Does the light bulb in the refrigerator really turn off when you close the door?). You may return a Buddhist. But I digress.
In some ways our elaborate, expensive, global, multi-national, anti-terror infrastructure actually did its job. It raised the alerts – the red flags – that should have been raised. Consider the following recent statements by President Obama (the emphasis is mine).
| |
In his public comments, the president said that U.S. intelligence had uncovered numerous "red flags" prior to the attack.
"The U.S. government had sufficient information to have uncovered this plot and potentially disrupt the Christmas Day attack, but our intelligence community failed to connect those dots, which would have placed the suspect on the no-fly list," Obama said. |
Red Flags, Connecting the Dots… The point is this: whether it is to apprehend terrorists well before flames shoot out from their thighs, or to catch fraudsters well before they make off with their loot, the basic formula is simple. Detect seemingly isolated, anomalous events and red flags, and then perform forensic research to analyze and investigate each event to validate and connect the dots.
On the surface, this is a process that is carried out by fraud professionals every single day. Detection systems produce fraud alerts, and fraud analysts research those alerts to validate them, and thoroughly investigate them to ensure that all dots are connected.
However, anti-terror intelligence cells are not alone in lamenting their inability to efficiently connect dots. I have a hypothesis that bank fraud detection units often have good detection systems to raise red flags and alerts, but fraud analysts often spend way too much time trying to investigate these alerts.
Think about it. What does an analyst do when an alert is raised on a suspicious, "duplicate" On-Us check? First, pull the check image. That involves accessing the check image archive, and several steps to pull the appropriate check. Next, pull the signature card, or a "comp†item. A few more steps. Pull transactions on the account to see whether there was a deposit pattern that can explain the duplicate. (Cue up the Jeopardy theme.) Who is this customer, anyway? How many accounts does he have? (I'll be right with you, Alex.)
On and on.
And, by the way, analysts often discover, through their investigation of the alert, that the actual fraud scheme is quite different from the reason why the alert was raised in the first place (the equivalent of stopping a person for running a red light, and discovering that they have a loaded unlicensed handgun in the back seat).
Forensic research and investigation tools are important – they save time and money; more importantly, they help analysts connect the dots in unforeseen ways. Fraud management infrastructure usually weighs in on the side of detection, and forensic investigation is usually an afterthought. Without research tools though, the picture can never be completed.
The Christmas Day bomber provides more stark evidence of this. But for the timely actions of a few agile passengers, we'd be lamenting more than the inability to connect the dots.