photo by Carrie Plummer
How Data Analytics and Actionable Intelligence Empower the New Breed of Fraud Analyst
At their most basic level, investigations are all about detecting patterns and making connections between people, places, systems, and events. This has never been an easy task with evidence scattered across multiple systems, involving multiple data types, and representing intentionally hidden activity.
Investigators have more and more electronic data available to them, but bigger is not always better. With less time and resources to wade through all this data, finding quality leads is a challenge. What you need is the right data and a fraud detection solution that extracts actionable intelligence to answer your most important investigative questions.
Taking advantage of this actionable intelligence with a few critical investigative building blocks—executed correctly from the start—can further improve your chances of success. The practices described below focus on enabling investigators to apply their experience and creativity in four critical areas of fraud investigations: targets, labels, situational awareness, and scope. With data analytics and visualization, investigators can then take the process even further.
This new realm of innovative technology (also called predictive analytics or big-data analytics) builds on the four critical areas listed and then applies technology so you gain actionable intelligence for your investigation. Like all good planning efforts, these building blocks will save you time and resources by increasing the efficiency and effectiveness of your efforts.
1. Rigorously define the targets you are investigating.
Properly defining what you are looking for will make it easier to notice when you see it, and keep you on target. For example, friendly fraud and account-takeover fraud both result in losses but can require completely different investigative approaches.
The same is true in healthcare fraud. A hunt for wasteful billing practices due to provider confusion can be completely different from a hunt for professional fraudsters who are adept at obfuscating their behavior and intentionally stealing millions of dollars.
The concepts of fraud and loss are generally not actionable without more precise definitions. It’s fine to measure aggregate losses, but without subject-matter expertise expressed in the form of fraud segmentation and labeling, your outputs (and you) will likely suffer from confusion, over-extended ideas, and unnecessary thrash.
2. Focus on the quality and consistency of your data labeling.
Having a sense of inter-rater reliability for fraud labels is critical, particularly when you are not only making binary decisions but also when you’re classifying accounts into different fraud segments. Pay special attention to the tools and data provided to you. Their ability to empower you to think creatively and critically is key to high quality decisions.
If possible, it can help to allow a set of transactions you would have blocked to go through, and then observe whether they show behaviors consistent with the negative activity you expected (chargebacks, an unexplained surge in similar behaviors, complaints, etc). This control group logic is critical for many fraud fighting efforts because it relates directly to measuring false positives and optimization (see point #4).
There is also a fine balance to achieve with calibrating automated response test results. It’s quite common to see a model or rule return with abysmal performance only to realize after vetting that it had “caught” hundreds of transactions that were bad and simply mislabeled or not yet caught.
3. Prioritize situational awareness in both relative and absolute terms.
A successful investigator needs to identify what segments of the population contain the most fraud vs. what segments of the population have the highest fraud rate. The bigger question in investigations is often not how well you will do, but where you should focus your efforts for the highest impact.
Very few events are more frustrating than trouncing fraudsters, only to realize later that you missed the biggest players because more salient fraudsters in segments with higher fraud rates distracted you. Clever ways of weighting relative vs. absolute losses can help with targeting, but there’s no substitute for situational awareness.
4. Clearly define success.
Without a clear definition of success, you risk burning out or going down worthless or counterproductive rabbit holes. Success is often best stated in terms of an aggregate true positive rate (TPR) and false positive rate (FPR). A goal of “stopping the fraud” is generally insufficient because it does not provide clear guidelines on tolerable false positives.
Keep in mind, the aggregate of automated responses is often not just the sum of their impacts, but rule and model overlap is an entirely different discussion. Also note that TPR and FPR are not the only metrics for success. You may be trying to shape the battlefield and push fraudsters into more salient behavior patterns (and away from good actors) before cracking down or you may be harassing them to confuse their attempts at reverse engineering your defenses. Success is rarely a one-shot deal and requires depth, persistence, creativity, and agility—all of which are heavily dependent on the building blocks described here.
5. Use data analytics and visualization to gain actionable intelligence.
Now that you’ve done the four activities above,the next critical step is to detect and visualize the patterns between people, places, systems, and events. Data analytics are an easy way to ask complicated questions of your data and make these connections. They give you more context and better information, enabling more accurate data segmentation and data labeling, which further improves investigative efficiency.
A fraud detection analytics solution turns your data into an asset, letting you visually interact with your data in more dynamic ways than ever before.
Data analytics and visualization leave the heavy lifting of data processing, fusion, and correlation to the computers (things they do very well), freeing you to do what you do best: using your experience, instincts, and investigative creativity to develop and follow those leads to track down the bad guys and make your case.
Combined with the other building blocks described here, this is a powerful formula for success. In my next piece, I’ll look at how investigators can establish the right data analytics solution combining targeted queries, machine learning models, link analysis, and graph-pattern matching.
Lynxeon Fraud Visualization:
About the Author
Ross Worden, CFE, directs Analysis & Investigations for the Fraud Intelligence Unit at 21CT. He has helped dramatically grow the company’s fraud detection business and is an expert in developing the LYNXeon fraud analytics solution. He leads a team of analysts and investigators helping 21CT users hunt down fraud using investigative analytics and graph pattern matching.