Fraud experts Chris Swecker and Joe Pendleton discussed strategies for detecting and preventing fraud at a recent event in Toronto on Best Practices in Government Fraud Detection hosted by SAS Institute Inc.
Chris Swecker, former assistant director of the FBI and head of corporate security at Bank of America Corp., focused on why and how government agencies can become “the predator in instead of the prey.”
“Rather than sit back and wait to be attacked, it’s much better to go on the offensive,” said Swecker, currently an independent consultant at Swecker Enterprises.
One offensive strategy government agencies can take is to consolidate their databases, he suggested. Contrary to what you see on television, there is no one database out there that stores every piece of information, he said.
“These law enforcement shows, they’ll say, ‘Go check the computer’ and some super analyst runs off and checks the computer and runs back with all the information they need … that doesn’t exist,” he said.
Another strategy is having a good case management system with electronic handoffs that prioritize the most important cases instead of simply taking the next case out of a cue, he noted.
“One of the things I struggled with at the Bank and at the FBI was prioritization,” he said. When you don’t have enough resources to get the job done, you need to have a system that will prioritize your cases for you, he pointed out.
The most powerful strategy, according to Swecker, is business analytics software. “To me … the crown jewel of a comprehensive strategy is powerful analytics,” he said.
One challenge that makes it difficult for the public and private sector alike to connect the dots is a silod environment that is “patchwork quilt of technology,” according to Swecker, who attributed part of the problem to how technology came into play.
“In the bank, we had about 200 databases, we had dozens of applications and all this fraud detection was running in silos,” he said.
Drained resources and high thresholds are other challenges to fighting financial fraud, noted Swecker. Post-911, law enforcement had to divert many of their resources from criminal investigations over to terrorism, he said.
Exceptions aside, investigators in the U.S. cannot begin an investigation unless the investigative threshold hits between one half to one million dollars, he explained. Meanwhile, local jurisdictions cannot pick up the cases that are multi-jurisdictional, which is usually the case for Internet crimes. There is a good chance that fraud under $500,000 will not get prosecuted and the criminals know that, he said.
What needs to happen is the first-line investigators, such as the government benefit programs, have to assume a greater burden, make the links, connect the dots, aggregate the losses and reach the point where law enforcement can justify taking the investigation, he suggested.
The Internet has created organized criminal networks that represent a greater threat to government programs than one-off crimes, according to Swecker, but organizations are still addressing fraud by putting up a force field and trying to detect fraudulent behaviour one incident at a time. “There’s a better way to go about it,” he said.
Government programs in the U.S. see anywhere between 3 to 15 per cent fraud and healthcare fraud in particular contributes to some of the greatest losses, according to Swecker. The worst case scenarios occur when criminal proceeds find their way into the terrorist funding stream, he noted.
Crime in general is tremendously underreported in North America and fraud in particular is one of the most underreported of crimes, said Joe Pendleton, former fraud detective and director of the Special Investigations Unit of the Government of Alberta.
“To say I’m suspicious about fraud statistics would be an understatement,” said Pendleton. “I don’t believe they represent the tip of the iceberg. I don’t believe that they represent the ripple on top of the water.”
Fraud is difficult to investigate because there is no crime scene from which to process or gather forensic evidence, he pointed out. You are looking for patterns and anomalies so you have to collect everything and the fraud investigators become overwhelmed with the data, he said.
Anti-fraud initiatives such as audits, inventory controls, firewalls and password protection don’t necessarily work because fraud is often confused with theft, according to Pendleton. “To be able to have anti-fraud programs, you have to be able to detect deceit. If you can’t find the deceit, you can’t find the fraud. If you can find loss, all you have is theft,” he said.
SAS’s fraud framework – which includes business rules, anomaly detection, predictive models and social network analysis (SNA) – differs from the competition because of its hybrid approach, explained Stu Bradley, principal of fraud strategy at SAS.
“We’ll see organizations that will do one pillar and maybe two pillars, but not all four pillars in unison, which is very important when you start thinking about detecting activity and looking for homogenous behaviours across different entities that allows you to not only do a better job of detection but lowering your false positives as well,” said Bradley.
The SNA tool, also known as link analysis, is the most recent addition to SAS’s fraud framework
. SNA is not about going to Facebook to find fraudsters, pointed out Dan McKenzie, fraud analytics specialist at SAS. People hear “social network” and think Facebook, but it is a complex linking exercise, he said.