• No results found

Data Mining as a Fraud Prevention Tool

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Data Mining as a Fraud Prevention Tool"

Copied!
11
0
0

Loading.... (view fulltext now)

Download now ( 11 Page )

Full text

(1)

© IDM 2006

ASIS Spring Seminar

2006

Data Mining as a

Fraud Prevention Tool

Richard Kusnierz

16

th

March 2006

© IDM 2006

Data Mining

3 key aspects:

¾ Prevention ¾ Detection ¾ Investigation © IDM 2006

Data Mining

¾

Before we start, let us

consider why we work in the

Security industry.

¾

Who or what are we trying

to prevent and detect?

© IDM 2006

First, know your enemy

¾Who is this?

© IDM 2006

First, know your enemy

¾Joti De-Laurey

¾35 year old mother

¾Stole £4.5 million

© IDM 2006

First, know your enemy

(2)

© IDM 2006

First, know your enemy

¾Kenneth Lay

¾Enron

¾Enron’s debts of

£23 billion

© IDM 2006

First, know your enemy

¾Who is this?

© IDM 2006

First, know your enemy

¾Simon Brophy ¾Lighting Director Millennium Dome ¾£4 million fraud ¾Bogus CV © IDM 2006

Company relationships

© IDM 2006

First, know your enemy

¾Who is this?

© IDM 2006

First, know your enemy

¾John Rusnak

¾Allied Irish Bank

¾Rogue trader

¾Trading losses of £540

(3)

© IDM 2006

First, know your enemy

¾Who is this?

© IDM 2006

First, know your enemy

¾James Munroe

¾£3 million Fraud

¾Chief Accountant

¾Mc-Graw Hill

© IDM 2006

First, know your enemy

¾Who is this?

© IDM 2006

First, know your enemy

¾Nick Leeson ¾Rogue trader ¾Barings Bank ¾£800 million © IDM 2006

Data Mining

Why do we

need data

mining to

detect fraud?

© IDM 2006

2005 Fraud barometer

¾72% of cases involve men

¾Over half of internal fraud

involves 2 – 5 employees

¾40% of frauds involve the finance

(4)

© IDM 2006

2005 Fraud barometer

¾Only one in four cases were

discovered by internal controls

¾ 31% of frauds were discovered

following a whistle blower

¾Weaknesses in controls were

exploited by the fraudsters

© IDM 2006

Fraud

¾ the problem with fraud is that there are no reliable statistics ¾ Only a small percentage is reported £14 Billion £72 Billion © IDM 2006

How is Fraud Identified?

Source : ACFE, Report to the Nation, 2004

© IDM 2006

ANALYSIS OF THE MAIN PERPETRATORS OF CORPORATE FRAUD 38% 11% 11% 10% 30% single insider multiple insiders

single external fraudster multiple external fraudsters collusion between internal and external

¾49% Insiders ¾79% Includes element of collusion

Why Use Data Mining

to Detect Fraud?

© IDM 2006

JMLSG

¾ UK Money Laundering Regulations

date from 1993

¾ “it is also a separate offence under the

ML regulations not to have systems and procedures in place to combat money laundering (regardless of whether or not money laundering is actually taking place).”

© IDM 2006

Combating the financing of

terrorism

(5)

© IDM 2006

Think outside the box

¾Trusted employees know the

systems

¾Trusted employees commit

fraud or steal information

¾Effective fraud detection

systems need to be unexpected and innovative

© IDM 2006

Know Your Customer

¾It is not only vital to KYC, but

¾Who are your employees?

© IDM 2006

Know your employee

¾Implementing a balanced,

considered mechanism to ensure that an organisation minimises employee fraud contains many elements, data mining can be part of that

© IDM 2006

Data Mining Employee

information

¾ Conflicts of interest audits ¾ External reference data ¾ Expenses, corporate

credit card spend

© IDM 2006

Perceived barriers

¾

Review legislation, data

protection and privacy in

using data

Personal Data P er so n n el F il e © IDM 2006

Walking a tightrope

¾ Plan to use data mining

¾ Register the purpose

¾ DP Adverse Impact Assessment

¾ Run fraud workshops and gain employee understanding

¾ Include a new clause in employment contracts

(6)

© IDM 2006

DPA Registration

¾Can often be done online

¾Is not a barrier to data mining,

but

¾ Needs legal advice as each

EU member state has interpreted the Data Protection Directive in its own way

© IDM 2006

Perceived barriers

HR may object to the use of personnel data because:

Employment contracts are inadequate

They don’t understand

Human Resources

© IDM 2006

Perceived barriers

Data mining seen as an erosion of their

responsibilities IT “own” data Use of non standard, therefore not approved, software

Not a priority

IT

Department

© IDM 2006

External Reference Data

¾Internet sources

¾Download for

free

¾Different formats

¾May not be valid

© IDM 2006

Insolvency Register

http://www.insolvency.gov.uk/bankruptcy/bankruptcysearch.htm

© IDM 2006

(7)

© IDM 2006

Prohibited Individuals

http://www.fsa.gov.uk/register-res/html/prof_proh_indiv_fram.html © IDM 2006

Disqualified Directors

http://www.companieshouse.co.uk/ddir/ © IDM 2006

Fraud profiles

¾Key red flags

¾ Duplicate data

¾ Inaccurate and misleading

information ¾ Unusual relationships ¾ Unusual or contrived transactions © IDM 2006

Fraud profiles

© IDM 2006

Benchmarking

Risk Exposure (Static Profiles) - VAT tests on

22%

74%

3% 1%

>= 9 (High Risk) > 3 and < 9 (Medium Risk) <= 3 (Low Risk) No Score The number of suppliers in each risk category expressed as a percentage of all suppliers

Case Study plc

© IDM 2006

Comparisons

Company 1 - Risk Exposure

11% 9% 34%

46% >= 9 (High Risk) > 3 and < 9 (Medium Risk) <= 3 (Low Risk) No Score The number of suppliers in each risk category expressed as a percentage of all suppliers

Risk Exposure (Static Profiles) - VAT test on

7% 7%

45%

41% >= 9 (High Risk)

> 3 and < 9 (Medium Risk) <= 3 (Low Risk) No Score

Risk Exposure (Static Profiles) - VAT test on

4% 5% 35% 56%

>= 9 (High Risk) > 3 and < 9 (Medium Risk) <= 3 (Low Risk) No Score

Company 1

Company 2

Company 3

Risk Exposure (Static Profiles) - VAT test on

2% 13% 39% 46% >= 9 (High Risk)

> 3 and < 9 (Medium Risk) <= 3 (Low Risk) No Score The number of suppliers in each risk category expressed as a percentage of all suppliers

(8)

© IDM 2006

Past Example (1)

Internal focus

¾1,500 unverifiable supplier

addresses, £300 million spend in three years

¾1,000 suppliers with no bank

details

¾1,500 suppliers with no VAT

numbers

© IDM 2006

Past Examples (2)

Publishing company

¾ $1.0 million advance paid into suspense account

¾ subsequently transferred to Luxembourg

¾ employee responsible for transfers “didn’t come back from holiday”

© IDM 2006

Past Examples (3)

Printing company

¾ different addresses and post codes

¾ different telephone numbers

¾ same fax number

¾ printers had over charged and

withheld rebates ¾ Contract renegotiated, £1,000,000 recovered © IDM 2006

Past Examples (4)

Maintenance group

¾ 3 companies linked by common

addresses

¾ 2 non trading

¾ heading for liquidation

¾ contracts in excess of £360,000 awarded in 1 year © IDM 2006

Past Examples (5)

Venture capital

¾ out sourced IT

¾ collusive relationship between

supplier and employee

¾ by passed central purchasing

¾ billed in excess of £150,000

© IDM 2006

Past Example (6)

Facilities payment (bribe)

¾ Single round value £70,000

¾ Company in Malta

¾ No record of organisation or

person in Google, research etc.

¾ Invoice was for consultancy in

West Africa

(9)

© IDM 2006

Past Example (7)

Art gallery donation

¾ round value £20,000

¾ six months in advance of art

exhibition

¾ exhibition cancelled, money never

returned

¾ art gallery was under major

refurbishment

© IDM 2006

Past Examples (8)

¾

20 sequential invoices

¾

average invoice value of about

£3,500

¾

hand-written invoices

¾

started mid year, no prior

trading history

¾

no one accepted responsibility

© IDM 2006

Past Examples (9)

Multiple applications to a Charity ¾ same charity different locations ¾ different charity same locations ¾ collusion between charity and

applicants

¾ use of accommodation addresses

© IDM 2006

Practical Considerations

¾There is no magic bullet to identify

all fraud

¾Frauds, and consequently profiles,

vary

© IDM 2006

Data Mining- in practice

1. Importation

8. Final reports 2. Pre-processing

3. Testing and analysis of initial reports 4. Visualisation 5. Initial investigation 6. Refinement 7. Additional data © IDM 2006

Case Study One:

FSA Compliance

¾ Mutual Insurance company

¾ Authorised by FSA

¾ Electronic payment verification

¾ Spot problems before they

(10)

© IDM 2006

Case Study One

¾Perform daily verification

¾Satisfy bank in USA that controls

are in place

¾Create blacklists and whitelists

¾Satisfy FSA that money laundering

processes are in place

¾Prevent problems

© IDM 2006

Internet Blacklists

¾ Bank of England Sanctions List

¾ OFAC Specially Designated

Names List

¾ World Bank Debarred List

¾ Companies House Disqualified

Directors List © IDM 2006 BANK OF ENGLAND SANCTIONS LIST

Blacklists: Bank of

England

© IDM 2006 OFAC SDN LIST

Blacklists: OFAC

© IDM 2006

Blacklists: World Bank

© IDM 2006

(11)

© IDM 2006

Conclusion

¾

Data Mining is a very

productive and valuable tool

¾

It can be used proactively

and reactively depending on

circumstances

© IDM 2006

¾41 Madeley Road, Ealing, W5 2LS

Tel: +44-208-997 1933

Fax: +44-208-810 7340

E-Mail: richardkusnierz@idmfraud.com ¾1 Coates Place, Edinburgh, EH3 7AA

Tel: +44-131-225 7707

Fax: +44-131-225 7708

E-Mail: alan.livesey@IDS.gb.com

References

Download now ( PDF - 11 Page - 1.09 MB )

Related documents

Investigation of Thermal Conversion Process Technology Using Biomass Waste and Bio-Product Applications

performance of specific capacitance using non-aqueous electrolyte was obtained as 124 F/g at 0.1 A/g. Besides the discussed the studies, the common specific capacitance of

Learning to like vegetables: the importance of exposure in the food preference development of preschool children

Further investigation revealed that while intake of the two snack types did not differ at any of the time points for the variety condition, intake of the single vegetable snack

The Portability of New Immigrants' Human Capital: Language, Education and Occupational Matching

We looked at several sub-samples in simple regressions not including interactions: university educated, Skilled Worker Principal Applicants, high-skilled occupation in the

Numerical Investigation of Roughness Effects on Transition on Spherical Capsules

To investigate the effect of micron-sized roughness on the capsule boundary layer, direct numerical simulations (DNS) of the supersonic flow around the HLB capsule and the

1 Building, Deploying and Testing DPES application

Finally from Eclipse, choose export and select type as WAR file and then type file name folder location to save the DPES web application file as shown in Error. Reference source

Impact of Information and Communication Technology (ICT) on the Study Habits of Students of Iganmode Grammar School, Ota, Ogun State of Nigeria

Impact of Information and Communication Technology (ICT) on the Study Habits of Students of Iganmode Grammar School, Ota, Ogun State of Nigeria.. ILO,

Newsletter Autumn/Winter 2020

Streetspace Programme and other traffic calming schemes in West Chiswick/ Gunnersbury Recent traffic measures undertaken as part of the Council’s Streetspace programme have become

Pengaruh Jenis Insektisida Terhadap Hama Polong Riptortus Linearis F. (Hemiptera: Alydidae) Dan Etiella Zinckenella Treit. (Lepidoptera: Pyralidae) Pada Tanaman Kedelai (Glycine Max L.)

Hal ini sesuai dengan Venugopal dkk (2012) yang menyatakan bahwa klorpirifos ini cukup beracun dan paparan kronis telah dikaitkan dengan efek neurologis, gangguan