Does your company need a fraud detection system? Have you been designated the point person to investigate that possibility? If so, consider this your fraud detection primer as you research existing tools, make decisions about the time and money you want to dedicate to the process and scope out what fraud detection might be able to do for your organization. If you're not actively interested in pursuing a fraud detection system, you may want to read on anyway and consider the good will ­ not to mention hefty bonus ­ you might generate if you could prevent your company from losing millions of dollars.

Yes, you read that right ­ millions of dollars. Everyone knows about fraud, but few want to talk about it. Companies want to keep their losses quiet for several reasons, the most compelling reason being that customers quickly figure out who is footing the bill for fraud.

There's one more reason you might not have heard what fraud detection systems can do. The more organizations talk about their fraud detection systems, the less effective they can be. Think about it. Do you think football teams with effective defenses want to diagram their plays for the media while their opponents are watching? Why point out your weak spots and show what you're doing to compensate?

So without giving away any specific process, let's get a general idea of what fraud detection systems can do and how you can use technology to identify potential losses.

Successful decision support systems (DSSs) have a lot in common with successful fraud detection systems. The end user searches for clusters of behavior, associations and anomalies and makes corporate decisions based on those results. Searching for clusters of behavior allows organizations to target sales and marketing efforts where they will have their greatest impact. If customers in the north buy more coats, for example, that tells the coat company where to concentrate its inventory and its advertising.

Looking for associations can provide organizations with less obvious, but equally important, information to use in targeting their customers. For example, discovering products that help sell each other has proven very profitable to retailers. To maximize profits, stores will place these products in close proximity to each other.

Combing through data for anomalies is where organizations may find the biggest ­ and most useful ­ surprises. It is also where fraud detection systems and DSSs have the most in common. In a regular DSS, a car manufacturer may find that one well-heeled neighborhood is likely to purchase more high-end sport utility vehicles, while an equally prosperous neighborhood is likely to purchase more convertibles.

The same rules apply to fraud detection that apply to DSS. The analyst ­ or artificial intelligence (AI) program ­ is looking for anomalies, or known or unknown behavior patterns, associations or sequences of events.

Anomalies found by fraud detection systems might include examples like the following:

  • The same person applying for a mortgage two or more times in one year, for property in the same city block.
  • A credit card number used in cities 10,000 miles apart within 24 hours.
  • A mobile phone number making a number of foreign calls for the first time in the six years since service was begun.
  • An importer of foreign goods claiming his shipment of straw hats is coming from Siberia.

These examples would all be "known" rules in the business of fraud detection and prevention. In other words, many organizations already know many of these rules, but they do not have a fraud detection system in place to implement the rules in an automated fashion. If they had the infrastructure in place, the companies could question the transactions in an automated way that would result in less fraud.
The automated tools that may be used to facilitate fraud detection may include DSSs, OLAP tools, statistical analysis and AI implementations, such as heuristics, neural networks, data mining algorithms and, if required, a tactical analysis system (TAS).

The first step in creating that infrastructure ­ a fraud detection system ­ would be to "codify" these known rules in a system that is capable of discovering the potential fraud quickly enough to identify and prevent potential loss.

The second step in creating a fraud detection system might be to discover unknown information in an organization's data. This process is sometimes called "knowledge discovery in databases" (KDD) or "data mining" (DM).

This is not to say that KDD or DM are fraud detection, though. They are tools that could also be used to determine appropriate marketing strategies, more economical delivery routes or more profitable products, for example. But fraud detection requires a tool to be used specifically to discover what we've been talking about ­ patterns, event sequences, associations, clusters of behavior and anomalies.

Let's pause at this point to distinguish between fraud detection and the other applications of similar algorithmic models. While the correlation between what is discovered in your data and return on investment (ROI) in DSS and DSS-related customer relationship management (CRM) can be reasonably predicted, it may not be true in fraud detection.

Fraud detection systems "narrow the window" of possible perpetrators, but they do not absolutely "find" fraud every time. What fraud detection systems do is allow analysts to focus on the most probable pieces of information available rather than wade through it all, hoping to stumble onto something. Results are always greater than randomly selecting transactions, but those results may be more sensitive to the volume and accuracy of the data than with DSS or CRM. The reason behind this is that the ratio of actual fraud to the total population of targeted data is much less than most other applications of DSS or CRM. In other words, just because there's an anomaly, it doesn't mean there's fraud.

For instance, once I was in Brazil and then in Niagara Falls in the same 24-hour period. When I tried to use my credit card to buy gas in Niagara Falls, my credit card company stopped my transaction. Company representatives asked the clerk at the gas station to confirm my photo identification. I was not up to any fraud, but I had just committed some anomalous behavior and "tripped" some programmatic flags in the credit card company's tactical analysis system (TAS). Most people tripping these flags (fraud rules) are probably not doing anything fraudulent. However, because some people are up to no good, these flags allow the analyst, or program, to focus on the riskiest pieces of data. If I had been a credit card thief, I would have been snagged prior to any purchase and any loss to the company.

Evaluating transactions a week or a month after they occur may be good enough for some kinds of fraud detection, especially where the perpetrator is a legitimate business that can be sued or indicted later. It may also be good enough when the company doesn't risk anything by waiting until the analysts or AI programs are able to see the data (e.g., when no money is disbursed until the fraud detection process is completed). This would be the case with importation documents of a known business entity or with evaluating initial loan applications.

Other forms of fraud detection must be implemented in a nearly "real-time" fashion. Examples of this more urgent type of fraud detection would include stopping the use of stolen phone numbers and credit cards and even preventing drugs or terrorists from coming into the country. These types of systems are designed to intercept a transaction, evaluate it against known patterns of similar "good" and "bad" transactions (individually and/or in the aggregate), and pass it along to be finally processed by the remainder of the operational system and/or an analyst. This is an implementation of a tactical analysis system (TAS).

Of course, the processing path of the targeted transactions will vary according to the application. As with the credit card company, a person may be brought into the loop to investigate and resolve the transaction in one form or another. This could occur within hours, minutes or even seconds after the system discovers something worth targeting, depending on the requirements of the organization.

So, what is fraud detection? It is the application of known business rules and algorithms as solutions to both known and newly discovered problems (or symptoms of problems), much like a decision support system. But fraud detection is undertaken for the sole purpose of reducing risk by identifying potential perpetrators of fraud.

Your organization may not be as far away from successful fraud detection as you might think, but you may not be as close, either. While you know about the tools and the technology, you're going to need assistance with the application. Successful fraud detection systems require a commitment ­ both financially and organizationally ­ or you'll fail to reap their rewards.

Initially, a small commitment will be enough as long as you follow through. What you may learn in your initial efforts should be enough to entice you to pursue the project further; but if it's not, cut your losses and avoid an expensive research project that does not live up to expectations.

Again, it's like the football team. What's the point of recruiting a million-dollar quarterback if you don't invest in the offensive line to support him?

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access