Chris Swecker, a former assistant director of the FBI who is currently an independent consultant on enterprise financial crime strategies, regulatory compliance and control measures for business and government, views fraud as an enterprise in general.
"I don't mean to say that all fraud is network. There is a lot of opportunist, one-off fraud that is taking place every day. But the ones that are hurting the financials the most are the networked organized groups," he said.
A lot of activity, especially on the Internet, is organized criminal activity, according to Swecker. "You've heard of sensitive credit card information being stolen and sold on the Internet in these deep, dark carding Web sites ... that's a criminal network," he said.
These groups have a type of supply chain, he explained. They steal the data, sell it to another group that repackages it and sells it to another group that uses it to steal money one way or another from a channel the financial institutions provide like an ATM or teller, he said.
Swecker suggested going after fraudsters as "a broader fraudulent network" and working with law enforcement to dig it up by the roots. "That's where the analytics part comes in -- it helps you put some context around the content of your data so you understand your data better," he said.
The best way to fight a network, according to Swecker, is to be able to see it. "Just like in good law enforcement, when you're working on an organized crime case or you're working on al-Qaeda or working on a gang or working the la Cosa Nostra, you have to understand who the participants are," he said.
"Instead of taking them off one-by-one for a traffic violation, you take them off as an organization and you take them off all at one time and the only way to do that is to have good intelligence information, good data and then run really powerful analytics against it to see the whole picture," he said.
Federal agents said the Denver-based scheme led to losses of more than $80 million and involved 700 people - mostly students in the U.S. on visas who were recruited by the criminal enterprise.
An alleged massive organized bank-fraud scheme involving 16 Russian immigrants was busted by federal agents in August 2009, with 15 raids at several locations, including an Aurora auto dealership and a Denver medical-marijuana business. Described by authorities as a "bust out" scam, the allegations involved using the identity and credit line of a business to obtain loans and goods with no intention of repaying the money or paying for the merchandise, according to the case affidavit unsealed Friday. Additionally, some of the 700 obtained credit cards to buy luxury items with no intention of paying for them, while others took out cash loans without repaying, it is alleged.
Social network analysis, or link analysis, will prove to be valuable in fraud prevention and detection, particularly in “bust out” fraud, a type of fraud that eludes most fraud tools. The usual transaction monitoring is of little benefit. Bust out fraud typically involves “bad” payments to increase the open-to-buy, so that a criminal can run up a credit card balance to many times the credit limit. Bust out fraud can also involve “sleeper fraud”, where a fraudster may make small purchases, pay them off, for several months, creating a “legitimate” history, then bust out.
Tuesday, August 10, 2010
Thursday, August 5, 2010
Does Social Network Analysis Have a Place in Fraud Detection?
Does Social Network Analysis have a place in fraud detection and prevention?
Part I
Professionals estimate that around $300 billion is lost to public assistance fraud in the US annually – and half of that is believed to be stolen by organized crime groups.
In 2007, California’s Contra Costa County’s civil grand jury estimated child-care fraud costs county taxpayers $500 million annually. County officials agreed to study “data mining” systems in 2007 after reports were published that showed chronic fraud in federal, state and local public assistance programs by criminal enterprises. The data mining system will assign a numerical score to all welfare recipients that will alert investigators about suspicious people.
The system will use activities and characteristics of past welfare cheats to create a computer model that assigns a “risk score” to help identify new cheats. The new data mining system also has an advanced option called “social network analysis” (SNA). SNA helps investigators see relationships between people and assistance providers to create a relationship picture of suspicious people, associations, groups and behaviors.
Financial institutions are also exploring the benefits of SNA. According to Ellen Joyner-Roberson, Financial Services Marketing Manager at SAS: Social network analysis, also known as link analysis, is a powerful tool in understanding the structure of social and organizational networks that are often connected to criminal behavior. SNA maps and measures relationships and flows among people, groups, organizations, computers or other information/knowledge processing entities. The nodes in the network are the people and groups, while the links show relationships or flows between the nodes. Standard rules-based systems can't unearth "first-party fraud" and "bust-out fraud" where criminals establish accounts for the sole purpose of committing fraud.
A classic example is found within the credit card industry. TowerGroup, a Needham, Mass., research and analysis firm, projects that total card credit losses for issuers of U.S.-branded cards will peak at $55.6 billion in 2009. Rules-based systems are looking at more traditional types of risk, such as poor credit. With SNA, fraud-based risk can be seen by investigators, making it easier to uncover previously unknown relationships and conduct more effective investigations.
According to Joyner-Roberson, banks’ first concern is to know and authenticate the customer so they know with whom they are doing business. They must take a 360 degree view of their customer. Social network analysis, especially using more sophisticated analytics, can be used to find previously undetected fraud rings.
Part I
Professionals estimate that around $300 billion is lost to public assistance fraud in the US annually – and half of that is believed to be stolen by organized crime groups.
In 2007, California’s Contra Costa County’s civil grand jury estimated child-care fraud costs county taxpayers $500 million annually. County officials agreed to study “data mining” systems in 2007 after reports were published that showed chronic fraud in federal, state and local public assistance programs by criminal enterprises. The data mining system will assign a numerical score to all welfare recipients that will alert investigators about suspicious people.
The system will use activities and characteristics of past welfare cheats to create a computer model that assigns a “risk score” to help identify new cheats. The new data mining system also has an advanced option called “social network analysis” (SNA). SNA helps investigators see relationships between people and assistance providers to create a relationship picture of suspicious people, associations, groups and behaviors.
Financial institutions are also exploring the benefits of SNA. According to Ellen Joyner-Roberson, Financial Services Marketing Manager at SAS: Social network analysis, also known as link analysis, is a powerful tool in understanding the structure of social and organizational networks that are often connected to criminal behavior. SNA maps and measures relationships and flows among people, groups, organizations, computers or other information/knowledge processing entities. The nodes in the network are the people and groups, while the links show relationships or flows between the nodes. Standard rules-based systems can't unearth "first-party fraud" and "bust-out fraud" where criminals establish accounts for the sole purpose of committing fraud.
A classic example is found within the credit card industry. TowerGroup, a Needham, Mass., research and analysis firm, projects that total card credit losses for issuers of U.S.-branded cards will peak at $55.6 billion in 2009. Rules-based systems are looking at more traditional types of risk, such as poor credit. With SNA, fraud-based risk can be seen by investigators, making it easier to uncover previously unknown relationships and conduct more effective investigations.
According to Joyner-Roberson, banks’ first concern is to know and authenticate the customer so they know with whom they are doing business. They must take a 360 degree view of their customer. Social network analysis, especially using more sophisticated analytics, can be used to find previously undetected fraud rings.
Saturday, July 31, 2010
Gift Card Fraud
Gift Card Background: By their nature, gift cards are anonymous. There is no name or identity attached to them, only the brand of the card. They can be bought with different types of tender: credit or debit cards, checks, cash, money orders. Companies sell their gift cards at their stores or on their websites. Many companies also offer their gift cards through other merchants, such as kiosks or racks in grocery stores. Gift card sales have trended up, primarily due to convenience of purchase, with sales estimated at $178 billion in 2010, according to study from Boston-based Aite Group LLC. This lucrative business has drawn the interest of scammers. One major retailer experienced $250K in gift card fraud losses in 2009, and losses are trending even higher in 2010.
Gift cards were first offered in the mid-1990s as replacements for traditional gift certificates, when retailers turned to this type of offering to reduce the incidence of counterfeit gift certificates. Merchants do not have to give cash back, and consumers are more likely to pay full retail price with a gift card. Most card recipients spend more than the value on their gift card, 25% more on average. Retailers’ cards, which are good only in their stores, are called closed-loop cards. This is due to the fact that they can be redeemed only by the retailer that issued the card. In addition, most of these types of cards are not reloadable and require no information on the purchaser or the recipient.
Financial institutions entered the market to capitalize on the increasing popularity of gift cards as a consumer payment method. Instead of issuing closed loop cards that could be used only within a single merchant’s system, financial institutions offer ‘open loop’ gift cards that are branded by one of the payment networks (such as Visa, Discover, MasterCard, American Express), and can be used anywhere that those brands are accepted. Some pre-paid cards are one-time use cards, while many may be reloaded, unlike most retail gift cards. This reloadable feature has made network-branded cards popular with the unbanked or underbanked population, and it has also made the cards an easy avenue for money laundering. To combat this, financial institutions reacted by putting restrictions on load limits and requiring personal identification information to activate the reloadable features of the network-branded prepaid cards.
Closed vs. Open Loop Gift Cards
Closed Loop:
• Can be used at one store/chain
• May be single-use or reloadable
• Have multiple card designs
• Usually no fee to issue
Open Loop Cards:
• Can be used at millions of locations
• Typically reloadable
• Usually has up front/activation fees and account maintenance fees
A hybrid of the open and closed loop cards is the semi open loop card, which can be used within a set geographic location, such as a resort or a shopping mall. The card may be used at any store or restaurant within that location.
Channels for Gift Card Fraud: Gift cards can be purchased with stolen or counterfeit credit or debit cards. The fraudster may do this to turn the gift cards into quick cash. He can offer a $200 card for $100, and it is all clear profit. He may want to hit the stolen debit/credit card hard and fast before it is shut down; by purchasing gift cards, he can take his time “shopping”. In other cases, the gift card is purchased legitimately, and the fraud takes place after the point of purchase. The second type of fraud is discussed in this paper.
One type of gift card fraud is related to virtual gift cards. In this instance, a legitimate customer logs onto a company’s website and purchases an electronic gift card. Then, a fraudster, using email sniffers, Trojan horses, or some other hacking method, accesses the virtual gift card information. Before the intended recipient can use the gift card, the fraudster uses it to purchase another gift card, or several gift cards, uses those cards to purchase more gift cards. The result is an electronic trail that takes days to untangle. In the meantime, the fraudster has purchased big-ticket items with his gift cards, or he has sold them for cash on an online auction site. The legitimate card recipient tries to use the card and finds that it is worthless.
In a second scenario, the fraudster goes into the local grocery store and grabs 20 or 30 gift cards for a national department store. He scans them with a portable card reader or he takes them to the restroom or home, writes down the card numbers, uncovers the security codes on the backs and makes note of them. Then he returns the cards to the store display for some unsuspecting person to purchase. He monitors the department store’s website for the cards to be purchased, or he calls the gift card phone number, enters the code to find out if the card has been loaded. He then activates them, and purchases new gift cards, and more gift cards with those gift cards, again creating a long electronic trail. Both types of fraud are called “tumble and swap.”
In both instances, legitimate customers purchased the cards, but the cards were intercepted by fraudsters before the customers could use them. By the time the gift card issuer tracks the card purchases, the funds are gone.
Fighting Gift Card Fraud: Traditional methods of fraud prevention do not work with gift card fraud. There is no customer information to verify, no address, no social security number, no date of birth. In the case of online purchases for the “tumbled and swapped” cards, the gift card issuer may look at IP address for known suspicious activity. The issuer may also want to look at type of purchase or velocity, queue the transaction for manual review if another gift card is purchased with the original card within a certain amount of time of activation. Products that identify IP addresses, suspicious geolocations can alert the merchant to possible fraudulent behavior. To complicate matters, fraud rings may find it easier to cover their tracks by emailing gift cards back and forth among email addresses.
Another product alerts retailers to particularly prolific users (say, 10 calls in 30 days or inquiries on five cards from the same computer) in "exception reports," which can be used to block access.
At the point of sale, merchants can assist in the fight against fraud. By keeping the cards in a secure location, they can limit the likelihood that a fraudster will access card information. Cashiers can also inspect the cards and packaging for tampering.
What Consumers Can Do: Consumers can guard against gift card fraud by doing the following:
• Ask the cashier for a gift card that is kept behind the counter to reduce the possibility of tampering.
• Select gift cards with tamper-resistant packaging and look them over carefully.
• Immediately after purchase, ask the cashier to check the balance on the card.
• Save the receipt or give it to the recipient. Some merchants will replace lost or drained gift cards.
• Register the card on the retailer’s website; this can help in the case of fraud.
• Be wary of purchasing gift cards from online auction websites. They may be of little or no value.
Summary: While many merchants claim there will be no refunds if gift cards are lost or stolen, most will reimburse victims of this type of fraud. This leaves the retailer to bear the cost of the fraud, as well as the expense involved in investigation and resolution. To protect their brand, they will take the loss.
Gift cards were first offered in the mid-1990s as replacements for traditional gift certificates, when retailers turned to this type of offering to reduce the incidence of counterfeit gift certificates. Merchants do not have to give cash back, and consumers are more likely to pay full retail price with a gift card. Most card recipients spend more than the value on their gift card, 25% more on average. Retailers’ cards, which are good only in their stores, are called closed-loop cards. This is due to the fact that they can be redeemed only by the retailer that issued the card. In addition, most of these types of cards are not reloadable and require no information on the purchaser or the recipient.
Financial institutions entered the market to capitalize on the increasing popularity of gift cards as a consumer payment method. Instead of issuing closed loop cards that could be used only within a single merchant’s system, financial institutions offer ‘open loop’ gift cards that are branded by one of the payment networks (such as Visa, Discover, MasterCard, American Express), and can be used anywhere that those brands are accepted. Some pre-paid cards are one-time use cards, while many may be reloaded, unlike most retail gift cards. This reloadable feature has made network-branded cards popular with the unbanked or underbanked population, and it has also made the cards an easy avenue for money laundering. To combat this, financial institutions reacted by putting restrictions on load limits and requiring personal identification information to activate the reloadable features of the network-branded prepaid cards.
Closed vs. Open Loop Gift Cards
Closed Loop:
• Can be used at one store/chain
• May be single-use or reloadable
• Have multiple card designs
• Usually no fee to issue
Open Loop Cards:
• Can be used at millions of locations
• Typically reloadable
• Usually has up front/activation fees and account maintenance fees
A hybrid of the open and closed loop cards is the semi open loop card, which can be used within a set geographic location, such as a resort or a shopping mall. The card may be used at any store or restaurant within that location.
Channels for Gift Card Fraud: Gift cards can be purchased with stolen or counterfeit credit or debit cards. The fraudster may do this to turn the gift cards into quick cash. He can offer a $200 card for $100, and it is all clear profit. He may want to hit the stolen debit/credit card hard and fast before it is shut down; by purchasing gift cards, he can take his time “shopping”. In other cases, the gift card is purchased legitimately, and the fraud takes place after the point of purchase. The second type of fraud is discussed in this paper.
One type of gift card fraud is related to virtual gift cards. In this instance, a legitimate customer logs onto a company’s website and purchases an electronic gift card. Then, a fraudster, using email sniffers, Trojan horses, or some other hacking method, accesses the virtual gift card information. Before the intended recipient can use the gift card, the fraudster uses it to purchase another gift card, or several gift cards, uses those cards to purchase more gift cards. The result is an electronic trail that takes days to untangle. In the meantime, the fraudster has purchased big-ticket items with his gift cards, or he has sold them for cash on an online auction site. The legitimate card recipient tries to use the card and finds that it is worthless.
In a second scenario, the fraudster goes into the local grocery store and grabs 20 or 30 gift cards for a national department store. He scans them with a portable card reader or he takes them to the restroom or home, writes down the card numbers, uncovers the security codes on the backs and makes note of them. Then he returns the cards to the store display for some unsuspecting person to purchase. He monitors the department store’s website for the cards to be purchased, or he calls the gift card phone number, enters the code to find out if the card has been loaded. He then activates them, and purchases new gift cards, and more gift cards with those gift cards, again creating a long electronic trail. Both types of fraud are called “tumble and swap.”
 |
| Store GIft Card Kiosk |
In both instances, legitimate customers purchased the cards, but the cards were intercepted by fraudsters before the customers could use them. By the time the gift card issuer tracks the card purchases, the funds are gone.
Fighting Gift Card Fraud: Traditional methods of fraud prevention do not work with gift card fraud. There is no customer information to verify, no address, no social security number, no date of birth. In the case of online purchases for the “tumbled and swapped” cards, the gift card issuer may look at IP address for known suspicious activity. The issuer may also want to look at type of purchase or velocity, queue the transaction for manual review if another gift card is purchased with the original card within a certain amount of time of activation. Products that identify IP addresses, suspicious geolocations can alert the merchant to possible fraudulent behavior. To complicate matters, fraud rings may find it easier to cover their tracks by emailing gift cards back and forth among email addresses.
Another product alerts retailers to particularly prolific users (say, 10 calls in 30 days or inquiries on five cards from the same computer) in "exception reports," which can be used to block access.
At the point of sale, merchants can assist in the fight against fraud. By keeping the cards in a secure location, they can limit the likelihood that a fraudster will access card information. Cashiers can also inspect the cards and packaging for tampering.
What Consumers Can Do: Consumers can guard against gift card fraud by doing the following:
• Ask the cashier for a gift card that is kept behind the counter to reduce the possibility of tampering.
• Select gift cards with tamper-resistant packaging and look them over carefully.
• Immediately after purchase, ask the cashier to check the balance on the card.
• Save the receipt or give it to the recipient. Some merchants will replace lost or drained gift cards.
• Register the card on the retailer’s website; this can help in the case of fraud.
• Be wary of purchasing gift cards from online auction websites. They may be of little or no value.
Summary: While many merchants claim there will be no refunds if gift cards are lost or stolen, most will reimburse victims of this type of fraud. This leaves the retailer to bear the cost of the fraud, as well as the expense involved in investigation and resolution. To protect their brand, they will take the loss.
Subscribe to:
Posts (Atom)