Fraud Detection and Prevention

data analysis • data mining • quality improvement • web-based analytics

Business White Paper

Fraud Detection and Prevention

Edited by Danny Stout Based on an article originally written by our Czech office, published in the Czech Magazine IT Fraud

Headquarters: StatSoft, Inc. • 2300 E 14 St • Tulsa, OK 74104 • USA • +1 (918) 749-1119 • [email protected] • www.statsoft.com Australia: StatSoft Pacific Pty Ltd. Brazil: StatSoft South America Ltda. Bulgaria: StatSoft Bulgaria Ltd. Chile: StatSoft South America Ltda. China: StatSoft China

Czech Rep.: StatSoft Czech Rep. s.r.o. Egypt: StatSoft Middle East France: StatSoft France Germany: StatSoft GmbH Hungary: StatSoft Hungary Ltd.

India: StatSoft India Pvt. Ltd. Israel: StatSoft Israel Ltd. Italy: StatSoft Italia srl Japan: StatSoft Japan Inc. Netherlands: StatSoft Benelux

Norway: StatSoft Norway AS Poland: StatSoft Polska Sp. z o.o. Portugal: StatSoft Iberica Lda Russia: StatSoft Russia S. Africa: StatSoft S. Africa (Pty) Ltd.

Spain: StatSoft Iberica Lda Sweden: StatSoft Scandinavia AB Taiwan: StatSoft Taiwan United Kingdom: StatSoft Ltd. USA: StatSoft, Inc.


Page 2 of 4 August 1, 2012

Fraud The Association of Certified Fraud Examiners reports that organizations lose on average 5% of total revenue as a result of fraud each year, which translates to roughly $3.5 trillion globally (2012). The total cost of insurance fraud alone is estimated to be more than $40 billion per year and includes premium diversion, fee churning, asset diversion, and workers’ compensation fraud (Federal Bureau of Investigation). As reported by the United States Federal Bureau of Investigation, other common types of fraud include credit card fraud, reverse mortgage scams, and Internet fraud (2012). Fraud occurs on the individual level as well as on the organizational level in the areas of accounting, operations, sales, executive/upper management, customer service, and purchasing. With this level of loss of revenue, the wide variety of ways in which fraud is committed, and the many people who can perpetrate fraud, it is not surprising that considerable effort is applied in reducing risk related to fraud. Fraud is essentially deception that is intentional in nature with the objective of personal gain or the intention to damage another person. Fraud is often committed through the utilization of computers. When using a computer to commit fraud, an unauthorized person illegally enters a computer system and performs unauthorized transactions. Perpetrators of fraud by computer are trying to move money to their own bank accounts or are trying to obtain personal or sensitive data from institutional databases. Designing and overseeing security measures related to fraud risk management activities include drafting rules and developing reactionary and precautionary measures. These activities typically fall within the scope of the operational risk management department. Additional security measures are implemented through the electronic security infrastructure, which is under the purview of the Information Technology (IT) department. Two goals of risk management within these departments are detection of fraud that has occurred in the past and identification of possible fraudulent activity that has a high probability of occurring in the future. Through the analysis of data in which known instances of fraud has occurred, patterns can be identified that will enable a company to look back at historical data and identify previous instances of fraud that may have occurred but remained unidentified. More importantly, these known patterns of behavior can be integrated into monitoring activities that can help identify behavior that has a high probability of resulting in fraud. In this instance, precautionary measures can be taken that will prevent fraud from occurring. This is the ideal solution to preventing fraud and is the industry best practice, preventing fraud and loss of revenue. The actual management of risk always carries significant cost with investment in time and resources. Generally, the more fraud there is to identify, the higher the cost. Efficient fraud management consists of developing the most powerful fraud management measures at the lowest possible cost. The cost of prevention of fraud should be lower than the financial loss as a result of fraud. Incidence of fraud can be split into classes, with classes being defined according to significance of financial loss and possibility that a specific type of fraud actually occurs. Headquarters: StatSoft, Inc. • 2300 E 14 St • Tulsa, OK 74104 • USA • +1 (918) 749-1119 • [email protected] • www.statsoft.com Australia: StatSoft Pacific Pty Ltd. Brazil: StatSoft South America Ltda. Bulgaria: StatSoft Bulgaria Ltd. Chile: StatSoft South America Ltda. China: StatSoft China







Resources of time and money can then be dedicated to developing preventive measures for those fraud classes with possible higher loss, as well as those with a relatively high probability of occurrence. These two classes will logically become a higher priority.

Fraudsters within Their Own Ranks A sad fact is that attempts to scam an institution do not always arise from external clients, but also from employees of those institutions. The size of the institution relates to the chance of fraud by its own employees, with larger institutions incurring more risk of fraud. Fraud departments work to implement risk management strategies in order to reduce the incidence of fraud occurring within their respective organizations and institutions. These departments seek to create a safe environment and provide employee training on instituted security policies. Further, through this positive corporate culture, some companies develop a system where employees can report suspicious events using an internal reporting process, whether the suspected offender is within the institution or external to the organization.

The Long-Term Process of Fraud Prevention A common goal is to share best practices in detecting fraudulent activities and to share the success of these preventive measures with other institutions. For this purpose, a wide range of seminars and conferences are available on a national and international level for specific industries including those of insurance and banking. The subjects of these conferences are often not only a discussion of preventive programs, but also the existing legislation relating to fraud and the use of modern analytical methods, which are used in combination with expert business rules. In fact, there are many companies whose main business is consulting and support in the area of fraud management.

IT and Fraud Management The current pace of business is very fast, and this places corresponding demands on services related to risk and fraud management. With the availability of the Internet and mobile devices, committing fraud is easier, and there are new requirements for on-line services to prevent fraud. Today’s clients now have the choice as to whether they want to travel to branches of banks and insurance companies or speak with mobile operators. If they prefer, they can conduct their business virtually through electronic forms and web self-service. Conducting business either virtually or off-site is aided by the prevalence of big data whereby it is easier to find and share needed information with customers or coworkers that is stored in corporate databases. With modern computer technology and statistical data mining procedures, financial institutions and mobile operators can develop good predictive models based on enormous amounts of historical data to aid in the identification and prevention of fraud. In addition, these models can be immediately applied for the purposes of risk assessment to identify the client or fraudulent activity both retroactively and proactively.








Computer simulations can be applied to model the impact of a proposed fraud management strategy and can be compared with currently utilized procedures. Effective risk management also includes the ability to forecast the maximum potential loss due to fraudulent activity for a specified future time period, as well as a period of time that has already elapsed. The difference between the predicted loss and a loss that has actually occurred is compared when monitoring time periods. When these powerful techniques are utilized in conjunction with the emerging field of text mining, institutions and organizations achieve models with even higher efficiency. These models utilize both numerical and categorical data as inputs for the fraud detection model, identifying and analyzing the often hidden and uncovered information encoded in the form of unstructured text. Currently, text mining is used mostly in the insurance industry. Modern technologies are demanding on both hardware and on the efficiency and options of analytical software. The latest algorithms can be applied through experience, knowledge, and analytical capabilities by fraud management specialists. The financial cost of quality fraud management may appear significant at first glance. However, the required initial financial investment in modern technology, software, and educated analysts is rewarded with reliable security measures and rules that prevent future losses and result in reduced risk and much higher profits.

References Federal Bureau of Investigation (N.D.) Common fraud schemes. Retrieved July 24, 2012 from http://www.fbi.gov/scams-safety/fraud. Federal Bureau of Investigation (N.D.) Insurance fraud. Retrieved July 24, 2012 from http://www.fbi.gov/stats-services/publications/insurance-fraud. Association of Certified Fraud Examiners (2012). 2012 report to the nations on occupational fraud and abuse. Retrieved July 24, 2012 from http://www.acfe.com/rttn.aspx.




