Data Analysis Techniques for Fraud Detection
Fraud is a million dollar business and it is increasing every year. The PwC global economic crime survey of 2009 suggests that close to 30% of companies worldwide reported fallen victim to fraud in the past year
Fraud involves one or more persons who intentionally act secretly to deprive another of something of value, for their own benefit. Fraud is as old as humanity itself and can take an unlimited variety of different forms. However, in recent years, the development of new technologies has also provided further ways in which criminals may commit fraud (Bolton and Hand 2002). In addition to that, business reengineering, reorganization or downsizing may weaken or eliminate control, while new information systems may present additional opportunities to commit fraud.
Traditional ways of data analysis have been in use since long time as a method of detecting fraud. They require complex and time-consuming investigations that deal with different domains of knowledge like financial, economics, business practices and law. Fraud often consists of many instances or incidents involving repeated transgressions using the same method. Fraud instances can be similar in content and appearance but usually are not identical (Palshikar 2002).
The first industries to use data analysis techniques to prevent fraud were the telephony companies, the insurance companies and the banks (Decker 1998). One early example of successful implementation of data analysis techniques in the banking industry is the Falcon fraud assessment system, which is based on a neural network shell (Brachman et al. 1996).
Retail industries also suffer from fraud at POS. Some supermarkets have started to make use of digitized closed-circuit television (CCTV) together with POS data of most susceptible transactions to fraud (Weir 2001).
Internet transactions have recently raised big concerns. Kerr (2002) shown that internet transaction fraud is 12 times higher than in-store fraud.
Fraud that involves cell phones, insurance claims, tax return claims, credit card transactions etc represent significant problems for governments and businesses, but yet detecting and preventing fraud is not a simple task. Fraud is an adaptive crime, so it needs special methods of intelligent data analysis to detect and prevent it. These methods exists in the areas of Knowledge Discovery in Databases (KDD), Data Mining, Machine Learning and Statistics. They offer applicable and successful solutions in different areas of fraud crimes.
Techniques used for fraud detection fall into two primary classes: statistical techniques and artificial intelligence (Palshikar 2002). Examples of statistical data analysis techniques are:
- Data preprocessing techniques for detection, validation, error correction, and filling up of missing or incorrect data.
- Calculation of various statistical parameters such as averages, quantiles, performance metrics, probability distributions, and so on. For example, the averages may include average length of call, average number of calls per month and average delays in bill payment.
- Models and probability distributions of various business activities either in terms of various parameters or probability distributions.
- Computing user profiles.
- Time-series analysis of time-dependent data.
- Clustering and classification to find patterns and associations among groups of data.
- Matching algorithms to detect anomalies in the behavior of transactions or users as compared to previously known models and profiles. Techniques are also needed to eliminate false alarms, estimate risks, and predict future of current transactions or users.
Some forensic accountants (forensic accountant) specialize in forensic analytics which is the procurement and analysis of electronic data to reconstruct, detect, or otherwise support a claim of financial fraud. The main steps in forensic analytics are (a) data collection, (b) data preparation, (c) data analysis, and (d) reporting. For example, forensic analytics may be used to review an employee's purchasing card activity to assess whether any of the purchases were diverted or divertible for personal use. Forensic analytics might be used to review the invoicing activity for a vendor to identify fictitious vendors, and these techniques might also be used by a franchisor to detect fraudulent or erroneous sales reports by the franchisee in a franchising environment.
Fraud management is a knowledge-intensive activity. The main AI techniques used for fraud management include:
- Data mining to classify, cluster, and segment the data and automatically find associations and rules in the data that may signify interesting patterns, including those related to fraud.
- Expert systems to encode expertise for detecting fraud in the form of rules.
- Pattern recognition to detect approximate classes, clusters, or patterns of suspicious behavior either automatically (unsupervised) or to match given inputs.
- Machine learning techniques to automatically identify characteristics of fraud.
- Neural networks that can learn suspicious patterns from samples and used later to detect them.
Other techniques such as link analysis, Bayesian networks, decision theory, land sequence matching are also used for fraud detection (Palshikar 2002).
Machine Learning and Data Mining
Early data analysis techniques were oriented toward extracting quantitative and statistical data characteristics. These techniques facilitate useful data interpretations and can help to get better insights into the processes behind the data. Although the traditional data analysis techniques can indirectly lead us to knowledge, it is still created by human analysts (Michalski et al. 1998).
To go beyond, a data analysis system has to be equipped with a substantial amount of background knowledge, and be able to perform reasoning tasks involving that knowledge and the data provided (Michalski et al. 1998). In effort to meet this goal, researchers have turned to ideas from the machine learning field. This is a natural source of ideas, since the machine learning task can be described as turning background knowledge and examples (input) into knowledge (output).
If data mining results in discovering meaningful patterns, data turns into information. Information or patterns that are novel, valid and potentially useful are not merely information, but knowledge. One speaks of discovering knowledge, before hidden in the huge amount of data, but now revealed.
Supervised and Unsupervised Learning
The machine learning and artificial intelligence solutions may be classified into two categories: 'supervised' and 'unsupervised' learning. In supervised learning, samples of both fraudulent and non-fraudulent records are used. This means that all the records available are labelled as 'fraudulent' or 'non-fraudulent'. After building a model using these training data, new cases can be classified as fraudulent or legal (Jans et al.).
Furthermore, this method is only able to detect frauds of a type which has previously occurred. In contrast, unsupervised methods don't make use of labelled records. These methods seek for accounts, customers, suppliers, etc. that behave 'unusual' in order to output suspicion scores, rules or visual anomalies, depending on the method (Bolton and Hand 2002).
Whether supervised or unsupervised methods are used, note that the output gives us only an indication of fraud likelihood. No stand alone statistical analysis can assure that a particular object is a fraudulent one. It can only indicate that this object is more likely to be fraudulent than other objects (Jans et al.).
Some Research Contributions
The field of neural networks has been extensively explored as a supervised method. Jans et al. mention the studies of Barson, Field, Davey, McAskie, and Frank (Barson et al.) and Green and Choi (1997) all use neural network technology for detecting respectively fraud in mobile phone networks (Barson et al.) and financial statement fraud. Lin et al. (2003) apply a fuzzy neural net, also in the domain of fraudulent financial reporting. Both Brause et al. (1999) and Estevez et al. (2006) use a combination of neural nets and rules.
Bayesian learning neural network is implemented for credit card fraud detection by Maes et al. (2002) for telecommunications fraud by Ezawa and Norton (1996) and for auto claim fraud detection by Viaene et al. (2005). In the same field as Viaene et al. (2005), insurance fraud, Major and Riedinger (2002) presented a tool for the detection of medical insurance fraud. They proposed a hybrid knowledge/statistical-based system, where expert knowledge is integrated with statistical power.
Another example of combining different techniques can be found in Fawcett and Provost (1997). A series of data mining techniques for the purpose of detecting cellular clone fraud is used. Specifically, a rule-learning program to uncover indicators of fraudulent behaviour from a large database of customer transactions is implemented.
Fawcett and Provost (1999) the Activity Monitoring is introduced as a separate problem class within data mining with a unique framework.
Stolfo et al. and Lee et al. delivered some interesting work on intrusion detection. They provided a framework, MADAM ID, for Mining Audit Data for Automated models for Intrusion Detection. Next to this, the results of the JAM project are discussed.
Cahill et al. (2000) design a fraud signature, based on data of fraudulent calls, to detect telecommunications fraud. For scoring a call for fraud its probability under the account signature is compared to its probability under a fraud signature. The fraud signature is updated sequentially, enabling event-driven fraud detection.
Link analysis comprehends a different approach. It relates known fraudsters to other individuals, using record linkage and social network methods (Wasserman and Faust 1998). Cortes et al. (2002) proposed a solution to fraud detection in this field (Phua, 2005).
Some important studies with unsupervised learning with respect to fraud detection should be mentioned. For example, Bolton and Hand use Peer Group Analysis and Break Point Analysis applied on spending bevaviour in credit card accounts. Peer Group Analysis detects individual objects that begin to behave in a way different from objects to which they had previously been similar. Another tool Bolton and Hand develop for behavioural fraud detection is Break Point Analysis. Unlike Peer Group Analysis, Break Point Analysis operates on the account level. A break point is an observation where anomalous behaviour for a particular account is detected. Both the tools are applied on spending behaviour in credit card accounts.
Also Murad and Pinkas (1999) focus on behavioural changes for the purpose of fraud detection and present three-level-profiling. As the Break Point Analysis from Bolton and Hand, the three-level-profiling method operates at the account level and it points any significant deviation from an account's normal behaviour as a potential fraud. In order to do this, 'normal' profiles are created based on data without fraudulent records (semi supervised). To test the method, the three-level-profiling is applied in the area of telecommunication fraud. In the same field, also Burge and Shawe-Taylor (2001) use behaviour profiling for the purpose of fraud detection. However, using a recurrent neural network for prototyping calling behaviour, unsupervised learning is applied. ] Cox et al. (1997) combines human pattern recognition skills with automated data algorithms. In their work, information is presented visually by domain-specific interfaces, combining human pattern recognition skills with automated data algorythms (Jans et al.).
- ^ PricewaterhouseCoopers LLP (2009). "2009 Global Economic Crime Survey". http://www.pwc.com/gx/en/economic-crime-survey. Retrieved June 29, 2011.
- ^ Nigrini, Mark (June, 2011). "Forensic Analytics: Methods and Techniques for Forensic Accounting Investigations". Hoboken, NJ: John Wiley & Sons Inc.. ISBN 978-0-470-89046-2. http://www.wiley.com/WileyCDA/WileyTitle/productCd-0470890460.html.
Bolton, R. & Hand, D. (2002). Statistical Fraud Detection: A Review (With Discussion). Statistical Science 17(3): 235-255.
Bolton, R. & Hand, D. (2001). Unsupervised Profiling Methods for Fraud Detection. Credit Scoring and Credit Control VII. Behaviour Mining for Fraud Detection Xu, Jianyun, Sung, Andrew H, Liu, Qingzhong, Journal of Research and Practice in Information Technology. Vol. 39, no. 1, pp. 3–18. Feb. 2007
Burge, P. & Shawe-Taylor, J. (2001). An Unsupervised Neural, Network Approach to Profiling the Behaviour of Mobile Phone, Users for Use in Fraud Detection. Journal of Parallel and Distributed Computing 61: 915-925.
Chan, P., Fan, W., Prodromidis, A. & Stolfo, S. (1999). Distributed Data Mining in Credit Card Fraud Detection. IEEE, Intelligent Systems 14: 67-74.
Cortes, C. & Pregibon, D. (2001). Signature-Based Methods for Data Streams. Data Mining and Knowledge Discovery 5: 167-182.
Cox, K., Eick, S. & Wills, G. (1997). Visual Data Mining: Recognising Telephone Calling Fraud. Data Mining and Knowledge Discovery 1: 225-231.
Cox, E. (1995). A Fuzzy System for Detecting Anomalous Behaviors in Healthcare Provider Claims. In Goonatilake, S. & Treleaven, P. (eds.) Intelligent Systems for Finance and Business, 111-134. John Wiley and Sons Ltd.]
Estevez, P., C. Held, and C. Perez (2006). Subscription fraud prevention in telecommunications using fuzzy rules and neural networks. Expert Systems with Applications 31, 337-344.
Fan, W., Miller, M., Stolfo, S., Lee, W. & Chan, P. (2001). Using Artificial Anomalies to Detect Unknown and Known Network Intrusions. Proc. of ICDM01, 123-248.
Fawcett, T. (1997). AI Approaches to Fraud Detection and Risk Management: Papers from the 1997 AAAI Workshop. Technical Report WS-97-07. AAAI Press.
Fawcett, T. & Provost, F. (1999). Activity monitoring: Noticing Interesting Changes in Behavior. Proc. of SIGKDD99, 53-62.
G.K. Palshikar, The Hidden Truth - Frauds and Their Control: A Critical Application for Business Intelligence, Intelligent Enterprise, vol. 5, no. 9, 28-May-2002, pp. 46–51.
Green, B. & Choi, J. (1997). Assessing the Risk of Management Fraud through Neural Network Technology. Auditing 16(1): 14-28.
Michalski, R. S., I. Bratko, and M. Kubat (1998). Machine Learning and Data Mining - Methods and Applications. John Wiley & Sons Ltd.
Murad, U. & Pinkas, G. (1999). Unsupervised Profiling for Identifying Superimposed Fraud. Proc. of PKDD99.
Phua, C., Lee, V., Smith-Miles, K. and Gayler, R. (2005). A Comprehensive Survey of Data Mining-based Fraud Detection Research. Clayton School of Information Technology, Monash University.
Rosset, S., Murad, U., Neumann, E., Idan, Y. & Pinkas, G. (1999). Discovery of Fraud Rules for Telecommunications - Challenges and Solutions. Proc. of SIGKDD99, 409-413.
PricewaterhouseCoopers' Global economic crime survey 2007 finds at http://www.pwc.com/crimesurvey
Marane, A., (2011) Utilizing Visual Analysis for Fraud Detection, Understanding Link Analysis, http://linkanalysisnow.com/2011/09/leveraging-visual-analytics-for.html
Wikimedia Foundation. 2010.
Look at other dictionaries:
Click fraud — is a type of Internet crime that occurs in pay per click online advertising when a person, automated script or computer program imitates a legitimate user of a web browser clicking on an ad, for the purpose of generating a charge per click… … Wikipedia
Anti-spam techniques — To prevent e mail spam (aka unsolicited bulk email), both end users and administrators of e mail systems use various anti spam techniques. Some of these techniques have been embedded in products, services and software to ease the burden on users… … Wikipedia
Insurance fraud — Criminal law Part … Wikipedia
Anomaly detection — Anomaly detection, also referred to as outlier detection refers to detecting patterns in a given data set that do not conform to an established normal behavior. The patterns thus detected are called anomalies and often translate to critical … Wikipedia
United Nations Relief and Works Agency for Palestine Refugees in the Near East — (UNRWA) is a relief and human development agency, providing education, health care, social services and emergency aid to over four million Palestinian refugees living in Jordan, Lebanon and Syria, as well as in the West Bank and the Gaza Strip.It … Wikipedia
Business and Industry Review — ▪ 1999 Introduction Overview Annual Average Rates of Growth of Manufacturing Output, 1980 97, Table Pattern of Output, 1994 97, Table Index Numbers of Production, Employment, and Productivity in Manufacturing Industries, Table (For Annual… … Universalium
ACL (software) — Infobox Company company name = Audit Command Language company company type = Private foundation = 1987 location city = Vancouver, British Columbia location country = Canada Slogan: Data you can trust. Results you can see. key people = , President … Wikipedia
Neural network — For other uses, see Neural network (disambiguation). Simplified view of a feedforward artificial neural network The term neural network was traditionally used to refer to a network or circuit of biological neurons. The modern usage of the term … Wikipedia
Cybercrime and Countermeasures — Cyber crime, or computer crime, refers to any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Netcrime refers, more precisely, to criminal exploitation of the … Wikipedia
Predictive analytics — encompasses a variety of techniques from statistics and data mining that analyze current and historical data to make predictions about future events. Such predictions rarely take the form of absolute statements, and are more likely to be… … Wikipedia