- Security TWENTY
- Women in Security Awards
Financial institutions lose billions of pounds every year to fraud (source: Experian1). Traditional methods of fraud detection have played an important role in minimising these losses, with preventative security measures such as the Address Verification Service and online protection services such as Verified by Visa. While these measures certainly address chinks in institutions’ armour, they can’t neutralise the threat of fraud altogether. Fraudsters are simply too sophisticated, and perpetually one step ahead, write Gorka Sadowski, Founder and CEO of Akalak; and Philip Rathle, VP of products for Neo Technology.
Nothing demonstrates the new challenges facing banks better than ‘first-party’ fraud, which includes applications for fake credit cards and overdrafts. It is a serious problem for banks – according to Experian, a quarter of a bank’s consumer debt write downs come from first party fraud. This type of fraud is typically very difficult to detect. Fraudsters behave very similarly to legitimate customers until the moment they “bust out”, cleaning out all their accounts and promptly disappearing.
The problem with fraudulent rings
One of the features of first-party fraud is the exponential relationship between the number of individuals involved and the overall pound value being stolen. To put it into context, ten fraudsters sharing 10 data elements (name, date of birth, phone number, address etc) can create 100 false identities; and if they exploit just three financial instruments per identity, each with a £5K credit limit, the potential loss is £1.5 million. The ability to maximize the ‘take’ by involving more people makes first party fraud particularly attractive to organised crime. The involvement of networks of individuals actually makes the job of investigation easier, however. Graph-oriented methods of fraud detection can drill down into data and spot relationships between unconnected separate entities.
Catching fraud rings and stopping them before they do damage is a major challenge. Traditional methods of fraud detection are not geared to look for the right thing: in this case, the rings created by shared identifiers – such as names (or patterns in names), occupations, and addresses. Standard fraud detection methods—such as a deviation from normal purchasing patterns — are based on analysing data in isolation, rather exploring connections. While these are approaches are indeed useful for catching fraudsters acting alone, they fall short in their ability to detect rings.
The best way to identify rings is to use connected ‘social network’ analysis. This involves exploring and identifying any connections between customers before looking at their spending patterns. These operations are very difficult for conventional bank databases to explore. These relational databases are designed to identify values, rather than explore relationships within the data. As a result, social network analysis is seldom, if ever, carried out. Graph databases are designed to query intricate connected networks and can be used to identify fraud rings in a quick and easy way. They can uncover patterns that are difficult to detect using traditional representations such as tables. These tools offer new methods of discovering fraud and other sophisticated scams with a very high level of accuracy, and are capable of flagging advanced fraud scenarios as they are happening, rather than playing catch-up afterwards.
What is more, understanding the connections between data, and deriving meaning from these links, doesn’t necessarily mean gathering new data. Significant insights can be drawn from an institution’s existing data, simply by reframing the problem and looking at it in a graph. When it comes to fraud, two points are very clear.
The first is the importance of detecting fraud as quickly as possible so that criminals can be stopped before they have an opportunity to do too much damage. As business processes become faster and more automated, the time margins for detecting fraud are becoming narrower and narrower, increasing the need for real-time technology. The second is the value of connected analysis. Sophisticated criminals have learned to attack systems where they are weak. Traditional technologies, while still suitable and necessary for certain types of prevention, are not designed to detect elaborate fraud rings. This is where graph databases can add value.
From fraud rings and collusive groups, to educated criminals operating on their own, graph databases provide a unique ability to uncover a variety of important fraud patterns, in real time. Ultimately, this saves businesses time and money when it comes to fighting crime.
About the authors
Gorka Sadowski is Founder and CEO of Akalak, who provide technology and cyberSecurity services. Akalak has helped clients in the US and Europe. Philip Rathle is VP of Products for Neo Technology. Neo4j from Neo Technology is a graph database, with a ten-year history of 24×7 production deployments. Customers include a number of Global 2000 organisations spanning a variety of sectors and uses, including fraud detection.
1. Experian at http://www.experian.com/assets/decision-analytics/white-papers/first-partyfraud-wp.pdf.