Enterprise Fraud Management: Investigation v Detection

21st June, 2017 Estimated reading time 5–8 minutes

We’ve written about fraud as a connected data problem before. We’ve shown how the key to fraud insight lies in relationships between people, accounts, transactions and events.

Fraud analysts present these relationships as network visualizations to help them interpret huge volumes of data much faster. In this way, finding fraud becomes a simpler visual task.

Network visualization transforms complex and lengthy spreadsheet data into interactive and intuitive diagrams
Network visualization transforms complex and lengthy spreadsheet data into interactive and intuitive diagrams

In this blog post I’ll discuss how network visualization fits into two core anti-fraud tasks: fraud investigation and fraud detection.

Known v Unknown fraud

In this webinar, I talked about two types of enterprise fraud: known fraud and unknown fraud. Understanding the difference is key to fraud management.

Known fraud is fraudulent activity we have encountered before. We can define the behavior patterns involved, which means we can use rule scoring and pattern matching to find it. Most of the work is automated and only outliers and edge-cases require further effort. When looking for known fraud, network visualization is used as a investigation tool.

Unknown fraud is the opposite. We have not previously encountered the behavior, so our automated processes will not find it. It requires analysts with experience of fraud management who can understand and spot potential fraud MOs and patterns. Network visualization is a detection tool used by analysts to uncover fraud that would otherwise go unnoticed.

As unknown fraud becomes known fraud, new parameters are added to the automated rule-scoring process. This improves fraud detection and helps analysts keep up with fraudsters’ methods.

Fraud investigation and detection techniques are used to uncover known and unknown fraud, with a feedback loop to improve automated rule-based fraud management
Fraud investigation and detection techniques are used to uncover known and unknown fraud, with a feedback loop to improve automated rule-based fraud management

Investigating known fraud with KeyLines

There are two priorities when you work with known fraud: 1) speed and 2) accuracy.

Analysts looking for known fraud must process their cases quickly. An analyst receives a case and needs to approve or deny it in minutes, or sometimes seconds. Taking fast decisions with confidence is essential. Network visualization is the ideal tool for this kind of a review. At a glance, a fraud analyst sees the information they need to take a decision, with full context.

For example, here’s an insurance claim one of our customers investigated with their KeyLines component (the data is redacted):

An insurance claim, visualized as a network in KeyLines
An insurance claim, visualized as a network in KeyLines

Here the customer uses a red glyph for claims that have already been dismissed as fraudulent. People, vehicles and addresses connected to that claim are highlighted with an orange halo.

We can see the Policyholder on the right-hand side shares an email address and residential address with the known fraudster. Their latest claim should be investigated further before payments are approved.

Here’s another example from the same KeyLines deployment. This time, we’re looking at unusual connections between third parties:

This visualization shows unusual third party behavior
This visualization shows unusual third party behavior

There are two third parties, on the left-hand side of the chart, with two Claim Reference Numbers. These may be legitimate claims, but we should analyze them further. KeyLines has useful features to make this analysis easier and more intuitive:

  • Layouts – in both examples we’ve used the standard layout, which spreads out nodes and reduces link overlap. The hierarchy layout is also useful in these cases.
  • Combos – allows the user to combine nodes, reducing clutter and making multiple connections more explicit.
  • Time Bar – can help the analyst understand the evolution of events, or see peaks or troughs in activity.
The hierarchy layout, with combos, can help remove some chart clutter and make unusual connections easier to see.
The hierarchy layout, with combos, can help remove some chart clutter and make unusual connections easier to see.

Detecting unknown fraud with KeyLines

Analysts need a different set of skills to uncover unknown fraud. They must use domain knowledge and experience to think like a fraudster. They need to anticipate new tactics to commit fraud and conceal it from authorities.

Graph visualization can help with this.

Investigation of known fraud takes a case-centric approach – sometimes called the local approach – starting from a small point and working outwards. Detection of unknown fraud takes a global approach – taking an overview of a large amount of data to find anomalies.

This is another example taken from an insurance fraud use case that shows the insurance claims made in a single day. Just displaying this data as a graph reveals patterns:

Insurance claims made in a 24-hour period
Insurance claims made in a 24-hour period

The majority of our data shows business as usual. A standard claim has a star shape – with a central case with a small number of policies, individuals and other identifiers.

However, we can also see areas (in the top left) that show unusual connectivity. An analyst would explore this in more detail, using investigative techniques to understand the behaviors involved and whether or not it conceals fraud.


Try it for yourself

These two techniques – investigation and detection – are used in all fraud management functions. In combination with powerful graph visualization tools they help build a robust fraud process.

The examples in this blog post have been simplified and anonymized, but you’re welcome to try KeyLines with your own data. Request a trial account or get in touch for more information.

| |

Subscribe to our newsletter

Get occasional data visualization updates, stories and best practice tips by email