A key component of fraud investigations in every sector is query-based anomaly detection, a technique where analysts subset data in particular ways to identify potentially suspicious activities.
Query-based methods for flagging likely instances of fraud are intuitive but succeed at catching only the most flagrant types of abuse. For example, excessive overtime logged the same day every week, or exact matches between employee identification numbers and social security numbers, are not especially well-disguised frauds.
Relying on sets of rules to filter out fraudulent activities risks two types of errors: false positives, where an abnormally large but benign one-time transaction is incorrectly flagged as fraud; and false negatives, where each small transaction in a series appears harmless in isolation, but the transfers together constitute an illegal scheme. This latter type of fraud is especially difficult to spot without a more holistic view of the underlying data at fraud analysts’ disposal, at which point link analysis becomes essential.
Link analysis tools like Visallo allow researchers to go beyond the deductive analysis of structured data, towards a more inductive synthesis of many pieces of related information.
Interested Link Analysis for your Fraud Investigations? Sign Up for a Demo or Q&A Session with the Visallo team.
The need to inductively investigate anomalies becomes clear when we remember that the structure of real-world fraud schemes is often complex and highly-networked, so that investigations often start from an insight about one aspect of a larger phenomenon.
For example, the same group of three vendors may consistently be winning contracts but colluding to do so; one employee’s sick days might regularly coincide with the overtime of two other ghost employees in different departments; or the ratio of several inventory inputs deviates from what is needed to produce a given amount of final product. Each of these cases would be nearly impossible to identify by applying simple rule-based queries to tabular data alone.
Investigations also often require connecting different pieces of evidence in a variety of formats from varied sources. To spot workplace fraud, images of timesheets with missing or forged signatures must be linked to associated employees; identifying campaign finance violations requires connecting suspected perpetrators to improperly completed financial disclosure forms; and understanding networks of human traffickers requires identifying newspaper advertisements used to lure unsuspecting victims and synthesizing their testimony after the fact, should it be available.
Fraud investigations also entail linking supplemental ad-hoc information from third parties to specific entities or relationships.
For example, to identify procurement fraud, bidders’ reported costs must be compared with various independent cost estimates from government agencies or other sources. This means that the ability to easily connect text files, images, webpages, audio, video and analysts’ notes to the traditional information housed in relational databases is critical.
Finally, link analysis software facilitates the responsible stewardship of data, which is critical for fraud investigations involving sensitive personal or corporate data.
Particularly when legal limits are placed on what data is available and to whom, the ability to set granular access controls over data is imperative. Visallo enables analysts to control the visibility of data in each work product shared with colleagues, down to the property level, which streamlines collaboration without compromising data security.
While querying data for anomalies is a logical starting point for fraud detection, separating instances of fraud from normal activities also requires connecting different types of data from many sources, visualizing networks of bad actors, and collaborating in ways consistent with data security requirements.
For all of these reasons, investigative software has become an essential part of fraud analysts’ toolkits.