Is fraud 'hiding in plain sight' in your organisation?

“I can’t see you, so you can’t see me!” Do you remember that childhood misconception? The idea that if you close your eyes then you’re invisible. Unfortunately, fraudsters are not that naïve and nor are you. So when it comes to fraud just because you can’t see it, doesn’t mean it’s not there. In a data rich environment with millions of transactions a day, it’s all too easy for criminals to hide in plain sight.

The hidden cost of fraud

The immediate financial loss of fraud is obvious. However, there are also a multitude of related effects on your business. Recovering the loss might be near to impossible or too costly to pursue. It takes time (another unseen expense) and dedicated personnel. In e-commerce there could be lost inventory, shipping costs and chargebacks involved. Unlike refunds, a high number of chargebacks can result in increased restrictions or transaction costs on your merchant account. Of course, you could up the verification steps at checkout but then you risk an increase in abandoned carts. Online shoppers expect a seamless customer experience or they will simply choose to shop elsewhere.

Also, if your traditional fraud parameters are too stringent it could create friction at checkout, false positives (declined orders) or the cancellation of manually reviewed orders. In a 2016 Mastercard press release about their artificial intelligence rollout, Javelin Strategy & Research estimated that “the value of false declines [in the US alone] is more than 13 times the total amount lost to actual card fraud. Applying machine learning to decision-scoring is a new way of creating a positive consumer experience, while also minimizing fraud.”

However, for the first time, customer fraud (South Africa: 47%; Global: 35%) has been cited as the most prominent economic crime. So you can’t be too easy on them either.

Then there’s the hit to your reputation, which not only impacts consumer trust, and therefore your bottom line, but can unsettle your internal culture too. That’s a double punch right there – and whilst intangible, it will certainly cost you dearly.

So who’s hiding?

Approximately 5% of a company’s revenue is lost to occupational fraud, which is when an employee deliberately abuses your company, and includes costs from the misappropriation of resources and assets as well as obvious financial loss. Yet, according to PwC’s Global Economic Crime and Fraud Survey 2020, 39% of fraud results from external sources and 20% from collusion between the two. So your 5% loss is potentially more than double that.

Fraud can be external to your organisation as well as internal, if the perpetrators are colluding together

How do they hide?

Most people understand the concept of identity theft and whilst it is extremely damaging on a personal level, it can be relatively quick to notice when unfamiliar activity happens on your account. Innovative fraudsters use multiple synthetic identities constructed from two or more verifiable users, e.g. an ID number from one user blended with an address from another. These are far more difficult to spot because, as with a lie, those closer to the truth are harder to detect. They also operate under the radar – no unusual or excessive transactions – to hide their activities amongst acceptable user behaviour and avoid detection by legacy systems. These regular smaller transactions can go undetected for months, even years, which creates a “seeping wound” that can cripple your organisation over time, but can also expose you to more sinister risk.

Are fraudsters targeting your organisation and transaction stream and have they found a weakness which they can loop?
The Global Economic Crime and Fraud Survey 2020 found that one in five crimes perpetrated by external parties in South Africa were committed by hackers.

Then there’s looping, whereby gaps in your system are found, tested and then aggressively exploited by determined fraudsters (often with the help of ‘bots’) over and over again on an automatic loop. This type of fraud can take a business down before you even realise it’s happening.

Usually, sophisticated digital fraud requires some level of insider knowledge, perhaps from a former or disgruntled employee. This knowhow helps syndicates to gain access, manipulate and then abuse the system. If your business operates in siloes or you don’t have cross-channel visibility your capacity to detect these subtler approaches is greatly reduced.

Are your eyes wide open?

Only about half of South African respondents in the global survey are “dedicating resources to risk assessment, governance and third-party management”. Meanwhile, 30% of participants are using artificial intelligence. However, barriers to its use are cited as limited resources, cost and a lack of expertise. But we can help you with these.

Traditional fraud detection systems are predominantly rules-based, often using legacy technology. SQL back-ends struggle to process high volumes of data at the speed required for detection and prevention and the processing power required impacts operations. It doesn’t help to discover fraud after your business has been sunk.

In a rules-centric system for example, if a threshold is reached – a transaction amount is too high or too frequent (i.e. multiple similar transactions) – it breaks a rule and triggers an alert. Tech savvy fraudsters already know this and have figured out how to avoid detection. Whilst a robust, agile rules-engine is essential, it is only one aspect of a multi-layered defence needed to counter digital fraud. Its potential is truly realised when it operates in collaboration with other fundamental capabilities to ensure a comprehensive anti-fraud system.

Then there is Machine Learning (ML) which detects hidden and implicit correlations in data and can determine possible fraud scenarios and process high volumes of data in real-time. However, applying a generic behaviour model will only prevent some fraudulent activity as each business and transactional environment is unique. So it is crucial to generate a highly contextual behaviour model using feature engineering.

Is your current risk detection system like looking for a needle in a haystack?
With millions of transactions a day, you’re not just looking for a needle in a hay stack, you’re looking for it in many hay stacks!

Many watchful eyes: Locstat’s multi-layered fraud prevention approach

Locstat’s unified data analytics platform covers all layers of Gartner’s fraud detection capability model for cross channel fraud prevention, focusing mainly on layers two (rule based risk assessment), four (entity relationship graph) and five (behaviour analysis).

In the digital transaction space everything is connected, creating a network. Using graph database technology, each component (e.g. customer, merchant, bank account) is a node with specific properties (e.g. name, transaction number, account number). The edges, or relationships, are the connections between nodes. This graph of nodes and edges creates your relationship network. These are monitored for connectivity and communality between entities (entity link analysis) from a network perspective, making it easier to spot fraud patterns and trends. Authentic networks tend to remain static with slow growth, whereas fraudulent networks show higher connectivity and expand rapidly.

Can your existing Fraud detection system show you anomalous network connectivity which could be fraudulent behaviour?
The light blue circle shows an authentic network. The pink circle shows high connectivity and rapid growth indicating fraudulent behaviour.

It is also easier to find “black holes” (where the graph pattern only has in-links to the rest of the nodes) and “volcanos” (where the pattern only has out-links to the rest of the nodes) in the graph, alerting you to potential fraudulent activity.

ML algorithms draw on historical and real-time information to optimise performance, automate at scale and process millions of transactions in real-time. Of course, context is a vital aspect when applying ML and GraphML is perfectly suited to this.

The final aspect of our fraud solution is incorporating human intelligence (yours and ours) to generate a behaviour model with feature engineering that is highly contextual to your transactional business environment. This personalisation ensures that you cast a wide and effective net to catch fraudulent activities.

Locstat’s unique, cost effective and quick to implement system supports high risk clients in e-commerce, financial services, Fintech and insurance. As a ‘light-touch’ it carries minimal operational risk and enables detection, prevention and investigation of fraudulent behaviour. Our graph visualisation provides the ability to monitor and examine dubious events, before you act, to assess their validity or determine their true extent. This investigative capacity means you can break down syndicates and harden your environment against future attacks.

Trevor White, PwC Forensic Partner and Global Economic Crime and Fraud Survey Leader for South Africa, says: “No business can claim to be immune to the scourge of economic crime and fraud. Rather than waiting for an incident to take place, businesses need to take a proactive stance and increase their levels of insight and awareness – including increasing awareness from a board oversight perspective as well.”

Locstat’s robust fraud prevention solution provides a holistic, multi-layered capability to maintain control of your environment and mitigate risk.

Digital fraud is advancing at an alarming rate!

Are your systems up to the task?

Fraud is an uncommon, well-considered, imperceptibly concealed, time-evolving and often carefully organized crime which appears in many types of forms. (Baesens et al: 2015)