Enterprise Fraud Management: Investigation v Detection

Enterprise fraud management is a complex, data-intensive challenge. We’ve written about fraud detection as a connected data problem before. We’ve shown how the key to fraud insight lies in relationships between people, accounts, transactions and events.

Fraud analysts present these relationships using link analysis techniques to help them interpret huge volumes of data much faster. In this way, finding fraud becomes a simpler visual task.

link analysis transforms complex and lengthy spreadsheet data into interactive and intuitive diagrams, handy for enterprise fraud management
Link analysis techniques transform complex and lengthy spreadsheet data into interactive and intuitive diagrams

In this blog post I’ll discuss how link analysis fits into two core enterprise fraud management tasks: fraud investigation and fraud detection.

Managing fraud white paper
FREE: Managing fraud

The ultimate guide to fraud detection, investigation and prevention using data visualization

GET YOUR FREE GUIDE


Enterprise fraud management – known vs unknown fraud

In a recent webinar this webinar, I talked about two types of enterprise fraud: known fraud and unknown fraud. Understanding the difference is key to enterprise fraud management.

Known fraud is fraudulent activity we have encountered before. We can define the behavior patterns involved, which means we can use rule scoring and pattern matching to find it. Most of the work is automated and only outliers and edge-cases require further effort. When looking for known fraud, link analysis is used as a investigation tool.

Unknown fraud is the opposite. We have not previously encountered the behavior, so our automated processes will not find it. It requires analysts with experience of fraud management who can understand and spot potential fraud MOs and patterns. Link analysis is a detection tool used by analysts to uncover fraud that would otherwise go unnoticed.

As unknown fraud becomes known fraud, new parameters are added to the automated rule-scoring process. This improves fraud detection and helps analysts keep up with fraudsters’ methods.

enterprise fraud management: Fraud investigation and detection
Fraud investigation and detection techniques are used to uncover known and unknown fraud, with a feedback loop to improve automated rule-based fraud management

Investigating known fraud with link analysis

There are two priorities when you work with known fraud: 1) speed and 2) accuracy.

Analysts looking for known fraud must process their cases quickly. An analyst receives a case and needs to approve or deny it in minutes, or sometimes seconds. Taking fast decisions with confidence is essential. Link analysis is the ideal tool for this kind of review. At a glance, a fraud analyst sees the information they need to make a decision, with full context.

For example, here’s an insurance claim one of our customers investigated with their KeyLines component (the data is redacted):

An insurance claim, visualized using a link analysis chart built with KeyLines
An insurance claim link analysis chart

Here the customer uses a red glyph for claims that have already been dismissed as fraudulent. People, vehicles and addresses connected to that claim are highlighted with an orange halo.

We can see the Policyholder on the right-hand side shares an email address and residential address with the known fraudster. Their latest claim should be investigated further before payments are approved.

Here’s another example from the same link analysis tool. This time, we’re looking at unusual connections between third parties:

This visualization shows unusual third party behavior
This visualization shows unusual third party behavior

There are two third parties, on the left-hand side of the chart, with two Claim Reference Numbers. These may be legitimate claims, but we should analyze them further. KeyLines has useful features to make this analysis easier and more intuitive:

  • Automated graph layouts – in both examples we’ve used the standard layout, which spreads out nodes and reduces link overlap. The sequential layout is also useful in these cases.
  • Smart node and link grouping (combos) – allows the user to combine nodes, reducing clutter and making multiple connections more explicit.
  • An interactive time Bar – can help the analyst understand the evolution of events, or see peaks or troughs in activity.
The sequential layout, with combos, can help remove some chart clutter and make unusual connections easier to see.
The sequential layout, with combos, can help remove some chart clutter and make unusual connections easier to see.

Detecting unknown fraud with KeyLines

Analysts need a different set of skills to uncover unknown fraud. They must use domain knowledge and experience to think like a fraudster. They need to anticipate new tactics to commit fraud and conceal it from authorities.

Link analysis helps with this.

Investigation of known fraud takes a case-centric approach – sometimes called the local approach – starting from a small point and working outwards. Detection of unknown fraud takes a global approach – taking an overview of a large amount of data to find anomalies.

This is another example taken from an insurance fraud use case that shows the insurance claims made in a single day. Just displaying this data using a link analysis chart reveals patterns:

Insurance claims made in a 24-hour period
Insurance claims made in a 24-hour period

The majority of our data shows a business as usual scenario. A standard claim has a star shape – with a central case with a small number of policies, individuals and other identifiers.

However, we can also see areas (in the top left) that show unusual connectivity. An analyst would explore this in more detail, using investigative techniques to understand the behaviors involved and whether or not it conceals fraud.

link analysis chart showing unusual behavior

Try it for yourself

These two techniques – investigation and detection – are used in all enterprise fraud management functions. In combination with powerful link analysis tools they help build a robust fraud process.

The examples in this blog post have been simplified and anonymized, but you’re welcome to try KeyLines with your own data. Request a trial account or get in touch for more information.

How can we help you?

Request trial

Ready to start?

Request a free trial

Learn more

Want to learn more?

Read our white papers

“case

Looking for success stories?

Read our case studies

Registered in England and Wales with Company Number 07625370 | VAT Number 113 1740 61
6-8 Hills Road, Cambridge, CB2 1JP. All material © Cambridge Intelligence 2023.
Read our Privacy Policy.