When we think of social networks today, we think of Facebook, LinkedIn and Twitter -- online vehicles for interaction with family, friends and acquaintances.
But there's another, older type of social network, and it's being used to help detect fraud. It is the connections between people in the physical world.
These connections are things like common phone numbers and addresses for people who live together or work for the same company (think the "Six Degrees of Kevin Bacon" game, where you try to professionally link performers with actor Kevin Bacon). They can be used, in conjunction with other data, to determine whether someone is up to no good.
Banks, telecoms providers and insurance companies, among other businesses, are using analytic software to correlate all of their various data sources to produce visualizations of relationships between customers and customer activity so that they can identify suspicious behaviour. And they are seeing incredible results, says Dan McKenzie, fraud solutions specialist at SAS Canada. Financial organizations are finding 20 to 50 times more fraudulent activity than they did without the tools, says Mr. McKenzie, because a computer can quickly analyze much more data than a human investigator and flag suspected mischief.
For example, fraudsters will take out a credit card, run up bills on it (they can get up to 150 per cent of the stated credit limit), then disappear without paying it off. They do this repeatedly under different names and rake in substantial sums of money, with the card issuer none the wiser. But using link analysis, fraud hunters can identify links between these apparently different people, determine they are actually one person and build a map of the fraudulent activity that helps investigators spot the culprit when they apply for a new card.
How? The software looks at dozens of data items attached to each defaulted account and ties together commonalities. For example, perhaps there's a John Smith at address A with phone number B, working for company X. He's defaulted on a credit card and disappeared. Then a John Brown applies for a card from address C, but with the same phone number B, and he maxes out his card and disappears, and a Jane Brown at address A with a new phone number gets a card, and, funny thing, she also works for X. Link analysis would be smelling a rat by now, and flag this for investigation, since it's potentially the same person committing serial fraud.
Since fraudsters tend to milk a fake ID for all its worth, there may also be welfare claims, lines of credit, overdrafts, insurance claims and other revenue sources involved as well. But, says Mr. McKenzie, these fraudsters tend to strike quickly, get what they can from a few transactions and get out quickly to avoid detection.
Fraudsters don't always work alone. In some large organizations, someone on the inside may conspire with a fraudster, perhaps granting credit, feeding information to facilitate identity theft, or passing health or insurance claims through that should not have been paid out. Link analysis can also help identify these folks as well as the fraudsters they're assisting. For example, Mr. McKenzie says that a major Canadian bank used a complex multi-year case involving over $132 million in mortgage fraud and 17 conspirators ranging from lawyers and real estate agents to home buyers (and even some of its own employees) to justify its purchase of link analysis software, which could have identified the problem much sooner.
As connections are created, they build a network. Everyone has a social network, consisting of friends, family, suppliers, co-workers, casual acquaintances, and even the bus driver they see on the way to work each day, and those networks are distinctive. Fraudsters' networks tend to grow faster than most, because they're essentially the same person with the same contacts multiplied by the number of fake identities. By looking at the behaviour of an individual's network, investigators can make educated guesses about whether it's actually one real person, or a bunch of pseudo people. SAS's mapping tool even lets investigators view the suspect network's growth over time by simply dragging a slider along a timeline.
There is, however, a challenge in mapping those networks. Banking systems are often siloed by line of business, so the data isn't necessarily available to correlate. For example, if a North American's credit card is suddenly used in Australia, the transaction approval system has to decide immediately whether it's a legitimate transaction by a traveler, or fraud. If information on the user's social network was available, and the system knew that the customer's wife had also been spending in Australia, chances are he's just on a family vacation. But if he made a transaction back home with another bank's card around the same time as the Australian transaction, alarm bells would ring. However, that information is not always available.
To complicate things further, fraudsters also do their best to look totally normal until the last minute, which makes them tougher to spot. The addition of a technique called predictive modeling, which compares customer behaviours to those of known fraudsters, helps identify problems earlier. And when you combine multiple techniques, you get more identification of fraud and fewer false positives, as well as improved analyst efficiency. The last thing a financial institution wants to do is chase off legitimate customers by branding them fraudsters!
Instead, it can look at their social networks to separate the good guys from the bad.