When fraud is mentioned, our minds usually jump to a few well-known categories: identity fraud, mail fraud, credit card fraud, etc. But new kinds of fraud are emerging all the time. In this post we take a closer look at loyalty fraud.
Loyalty fraud is when programs run by organizations to encourage brand loyalty are abused or manipulated for unfair gain.
It can range from friends sharing supermarket reward cards, to insiders manipulating computer systems to reallocate air miles. Loyalty fraud is a real crime that is costing organizations, but it has been largely ignored by technology vendors.
Broadly, there are three ways loyalty fraud happens:
And here’s the real kicker: the customers most likely to be affected by loyalty fraud – either as victims, or mis-identified as offenders – are those with the most credit and the highest levels of account activity: in other words, your best and most loyal customers.
Fraud detection is a complex problem. Most transactions are genuine, so a process to find the small percentage that is fraudulent requires a robust and large-scale approach to data analysis.
That said, with the right technology and approach to data modeling, it becomes much simpler to recognize signs of loyalty fraud.
Fraud almost always involves the fabrication of a link – between an individual, a transaction, an account, etc., so it makes sense to model data in a way that emphasizes those links.
Using graph visualization, we could find indications of fraud, including:
This is especially telling if changing account details are changed or large transactions performed from a new device.
Small transactions followed by larger ones
This can be a sign of testing the waters before trying to cash in a large number of credits.
Account access from multiple locations
A tough criterion to check for a frequent flyer program (you expect customers to move around!) but if a customer is accessing their account from Mumbai and London within an hour of each other, it should raise a flag.
Buying tickets with multiple names
Or changing the name on a ticket purchased with points. Often fraudsters will sell ill-gotten airline tickets using online message boards or auction sites, changing the name afterwards.
Unusual access patterns to the customer loyalty database
If a staff member is manipulating the system, you should be able to find evidence in server logs.
Repeated unsuccessful login attempts to the rewards website
This could be individuals or phishers trying to crack an account.
Using some mock data for a Frequent Flyer program, we built an application for visualizing and detecting cases of loyalty fraud.
There are three entities we’re interested in:
Which we can map to the following data model:
When we take data from a ‘clean’ account and apply this model, this is the sort of structure we see:
The time bar here is showing two metrics: the grey histogram is the volume of transactions (both credits and debits), the red series link is the value of debits from the account.
The flow of transactions is steady, the value of debits is unsuspicious: two small debits in February and June, a larger one in December.
In the chart, we can see this account always travels from London Heathrow to busy business hub airports – Paris, New York, Frankfurt.
So far, so uneventful.
Just a quick glance shows that this account doesn’t match the norm.
Firstly, take a look at the spike of transactions in October. If we zoom in, the majority of them took place on one day in under 20 minutes, including two small transactions in quick succession followed by 6 much larger ones:
We can also see two IP addresses at play here. The first one associated with four tickets between LAX and PDX, as well as a steady stream of credits:
The second IP was used to purchase 8 tickets, mostly for journeys outside of the US:
Clearly this is just a simple example using a small amount of synthesized data, but it shows the potential.
When looking at large volumes of fraud data, and it’s often the connections that tell the story. Using graph analysis and visualization techniques, hidden details and insight can be uncovered, allowing for security and process loopholes to be detected and individuals to be prosecuted.
Despite the significant potential for financial loss and reputation damage, loyalty fraud remains an area of low priority for fraud technology vendors.
To find out more about how KeyLines can be used to help companies detect fraud and reduce financial losses, get in touch or download our white paper about fraud network visualization:
Read more blog posts about Use Cases.