Forensic Analytics: Adapting to a growing pandemic
By Priti Ravi
Corporate fraud has manifested itself in diverse forms repeatedly around the world. From identify thefts and insider trading to more sophisticated e-crimes and misrepresentation of financial information, the spectrum of fraudulent activities is huge and hence a tough challenge to overcome. Today, even as corporations ramp up fraud-detection efforts, the incidence of various frauds has been on the rise.
Consider these recent instances:
- Medicare made about $35 million worth of payouts to an organized group of more than 50 people who allegedly stole personal information, including Social Security numbers of 2,900 Medicare patients and billed Medicare for unperformed medical services using phantom clinics.
- Epsilon, the world’s largest provider of permission-based e-mail marketing, announced that millions of individual e-mail addresses were exposed in an attack on its servers affecting a large number of brands on whose behalf Epsilon sends marketing e-mails to customers.
- CC Avenue, an Indian firm that validates payments made over certain e-commerce websites, faced charge-backs from a number of customers for e-transactions that they apparently did not make when a Web service provider posed as both the seller and the buyer by using credit card information he had pilfered to make purchases from his own website.
While such experiences may have induced a sense of urgency in many organizations to establish a basic framework for fraud management, without a sophisticated and intelligent monitoring and fraud detection system in place, most corporations are still struggling to cope with fraud detection as a discipline.
Corporate fraud is a multi-industry global phenomenon. One in five companies in Western Europe highlighted a significant increase in fraud in 2010. A similar pattern was observed in Latin America and the Middle East and Africa . On the other side of the world, Asia is reported to have the highest number of employees who do not know what to classify as misconduct , clearly deterring the expansion plans of Western firms into the emerging markets. Further, the 2010 annual report of the Reserve Bank of India indicates a near doubling in the two yearly average of the cost of fraud incurred between 2007-2008 and 2009-2010 (Figure 1).
Figure 1: Frauds in the Indian Banking sector.
Source: RBI Annual report 2010
Fraud detection techniques need to evolve
With corporate frauds estimated to cost 5 percent of global revenue every year , fraud detection has been on the radar of companies over the last few years. However, certain myths regarding fraud detection have also become pervasive, and they are often cited as grounds for not deviating from traditional fraud detection. The first step toward managing frauds is to debunk such myths.
Myth 1: Fraud detection needs investments only in risk-prone disciplines such as financial accounting.
Some of the biggest scams that shook the world – the Enron scandal, WorldCom bankruptcy and the Barings PLC collapse – are certainly financial in nature. However, the incidence of some lesser-known, non-financial schemes such as supply chain frauds and e-crimes have subjected various firms to huge financial losses, making them equally grave concern areas.
Myth 2: Internal audits and whistleblower policies are adequate fraud detection techniques.
Approximately 50 percent of firms surveyed by KPMG in 2010 indicate that they rely on internal audits to detect fraud while about 25 percent indicate that they rely on tips/whistleblowers. However, the use of more sophisticated techniques such as data analytics can help detect frauds faster. For instance, the use of Link Analysis, a technique that identifies the connections and network of a fraudster, could have helped detect the 50-person Medicare fraud described earlier. Similarly, a Web server survey  could have helped brands minimize their losses from Epsilon data theft, while an anomaly based machine-learning system could have helped detect the credit card fraud faced by CC Avenue.
Myth 3: Fraud prevention through efficient security measures renders fraud detection unnecessary.
Although prevention techniques such as holographs on banknotes, Internet security systems for credit card transactions and subscriber identity module cards for mobile phones or predictive analytic techniques (such as profiling potential fraudsters) are leading methods used to contain fraud, fraudsters are increasingly adaptive. Analytics-based fraud detection techniques can identify frauds that have passed through the prevention system.
Figure 2: Corporate fraud is widespread.
Source: Kroll Global Fraud report 2010
Using forensic analytics to detect corporate crimes
The process of fraud management goes beyond fraud detection as illustrated in Figure 3.
Figure 3: Process of fraud management.
In a typical fraud management system, once a fraud is detected, suitable alarms are raised that are then scrutinized to confirm the incidence of a fraud before any further action for resolution is warranted.
Forensic analytics, on the other hand, encapsulates a diverse set of techniques used to identify data-based anomalies and to use such outlier trends to detect/predict the occurrence of frauds. Although a subset of the analytics discipline, forensic analytics differs from general analytics in the following ways:
- Forensic analytics is extremely data heavy – it needs to learn from every fraudulent and regular (non-fraudulent) activity and hence cannot use a sample of data as general analytics does.
- Forensic analytics requires human intervention – the cost of a misclassified fraud and the investigation therein is extremely high in most industries, and hence an alarm raised by forensic analytics is usually subjected to further human scrutiny and resolution.
Forensic analytic techniques
Although statistical techniques for forensic analytics are varied, they have a common theme: comparing the observed values with expected values. The expected values, in turn, could be derived using multiple techniques – starting from simple numerical summaries (graphical summaries) to more sophisticated behavior profiling or anomaly based modeling techniques to obtain suspicion scores.
Statistical tools for fraud detection can either be supervised or unsupervised. Supervised methods use both fraudulent and non-fraudulent data records to construct models, while unsupervised methods use only outlier (potentially fraudulent) records that could be further analyzed closely.
With an increase in the number of fraudulent activities in the recent past, a robust fraud management system is increasingly being seen as a must-have across the globe and across industries. Forensic analytics offers a collective set of techniques to make data-driven decisions to combat fraud. Ranging from simple rule-based techniques to complex self-learning and predictive algorithms such as neural networks, forensic analytics can be used for both prevention and detection of various types of frauds. It is a complex and adaptive approach, which could well become the norm in fraud management in the coming decade.
Priti Ravi is a senior manager with Mu Sigma, specializing in providing analytics-driven advisory services to some of the largest retail, pharmaceutical and technology clients spread across the United States. She has more than eight years of experience in the corporate sector. Ravi completed the Post Graduate Programme in Management from the Indian School of Business, specializing in marketing and finance.
- Ernst and Young 11th Global fraud survey, 2009-10.
- CEB’s Compliance and Ethics Leadership Council, 2009.
- ACFE 2010 Global Fraud Survey.
- a service provided by vendors with access to host names, domain names and first page content of websites that can check for the occurrence of the brand’s trademarks or commonly used phrases.
- RBI Annual Report, 2010.
- Kroll Global Fraud Report, 2010.
- Deloitte Airline Fraud Report, 2010.