SlideShare a Scribd company logo

how-hybrid-anti-fraud-approach-can-save-government-benefit-programs-billions-106036

Hans Funken
Hans Funken
1 of 16
Download to read offline
  WhitePaper How a Hybrid Anti-Fraud Approach Can Save Government Benefit Programs Billions Case Studies of Organized Crime Ring Defrauding Federal Subsidy Programs
Contents Executive Summary...........................................................1 The New Face of Fraud and Detection..............................1 Moving Beyond ‘Pay and Chase’ to Prevention...............2 The Goal: Detect Fraud Earlier..........................................2 The SAS® Fraud Framework: Connecting the Dots for You................................................3 Applying the SAS® Fraud Framework to Cases of Federal Subsidy Abuse....................................3 The Foundation: A Solid Data Repository ...................5 Data Integration......................................................................5 Data Cleansing and Quality .................................................5 Probabilistic Matching...........................................................5 Integration of Unstructured Content..................................6 Fraud Detection: A Proven, Hybrid Solution ...............6 Rules-Based Algorithms........................................................6 Anomaly Detection................................................................7 Predictive Modeling...............................................................8 Social Network Analysis (SNA).............................................8 Fraud Reporting: Business Intelligence That Provides Data to Act Upon......................................9 SAS®: Enabling a 24/7 Fraud Detection Workflow............................................................................11 Integrated Case Management Functionality................. 11 A System for Continuous Learning and Improvement........................................................................ 12 SAS: Evolving Solutions to Keep You One Step Ahead of Organized Crime...........................................13
1 Executive Summary TheNewFaceof FraudandDetection Professional criminal enterprises inflict more damage and losses on society than opportunistic individuals. Yet today, anti-fraud program managers focus primarily on detecting outliers, researching standalone fraud events and acting on tips. And why not? Most anti-fraud analytic methods are focused at the provider or claim level; very little – if any – advanced data analysis focuses on the detection of collusive behavior among multiple entities.The criminal enterprises that exploit agencies providing everything from government loans to subsidized housing to food stamps know that anti- fraud investigators struggle to connect the dots – and fraud- sters use this to their advantage. While law enforcement gets distracted with the latest fraud scheme, professional fraud organizations constantly change their tactics – finding their way back into the system after being kicked out for fraudulent behavior or always staying one step ahead of the “pay-and- chase” game. Examples abound. For instance, take the disturbing scale of fraud perpetrated against the federal food stamp program. Out of the more than 1,800 federal subsidy programs that the US government administers, the food stamp program is one of the largest, yet it has the fewest resources for fraud prevention and mitigation. As the number of food stamp recipients has soared to 44 million – up from 26 million in 2007 – and costs have more than doubled to $77 billion during this period, the 200,000 retailers approved by the US Department of Agriculture (USDA) to accept Supplemental Nutrition Assistance Program (SNAP) Electronic Benefits Transfer (EBT) are regulated by a staff of only 40 USDA inspectors. Given the limited resources for fraud prevention, a huge black market has developed whereby recipi- ents exchange their food stamp benefits for cash. Savvy criminal enterprises find that these exchanges allow them to generate easy money with very little risk. Of the more than $2 billion in fraud and abuse reported by the USDA, the greatest losses are inflicted by corrupt retail merchants who exploit food stamp recipients.They typically pay a food stamp beneficiary about fifty cents in cash for every dollar in benefits they deduct from customers’ EBT accounts. And fraud has gotten even easier now that the government uses electronic benefits cards. Mark McClutchey, Special Agent with the USDA, knows firsthand how corrupt merchant criminal networks traffic in these cards – and the importance of using technology to empower scarce anti-fraud human resources. From January-March 2011, working undercover posing as a neighborhood food stamp “go between” for homeless people who frequented a nearby shelter, he conducted 58 EBT transac- tions at two Detroit neighborhood stores for more than $31,000 in cash. On five different occasions, the suspicious owners accused McClutchey of being “a fed” even as they handed the undercover agent cash while deducting credits from his elec- tronic benefit card. Apparently, raw greed trumped their fear of arrest. On one occasion, the undercover agent handed 13 EBT cards to an owner to cash in over a 24-hour time period.The owner generously dispensed some free advice to go with the cash: “You gotta play the game, play the system.” Investigations, law enforcement undercover operations and prosecutions across the country reveal that well-organized crime networks with business fronts are responsible for a disproportionate amount of these losses.They threaten the integrity of federal subsidy programs and drain precious taxpayer dollars. Consider these recent cases: • The operators of four Albany, NY, convenience stores were charged with grand larceny for defrauding the federal food stamp program of $1.6 million in a collusive scam between recipients and USDA-approved store owners. Prosecutors said that three of the stores were connected through family relationships and a referral network. During the investigation, it was also noted that the average transaction for conve- nience stores was $5.50 versus the $107.75 per average transaction at the four stores involved in the fraud schemes. One convenience store alone reaped more than $2.5 million in the scam while another netted more than $2.1 million before being caught and prosecuted.The schemes ran for several years and involved many collusive food stamp bene- ficiaries willing to accept cash for food stamp debits charged to their electronic benefit cards.The cash was often used to procure items prohibited for purchase using food stamps, such as alcohol. • From 2003-2006, Apolinar Collado rang up more than $1.6 million in fraudulent food stamps at six different Connecticut convenience stores.This was after he was convicted in 1998 and served 18 months in prison for defrauding the federal food stamp program. An illegal alien, Collado was deported after his 1998 conviction. Not only did he manage to re-enter the US after his deportation, but he was also able to set up an even more extensive food stamp fraud operation starting in 2003 using “straw” owners and operators of several stores. Incredibly, four stores operated at the same location. Each time the store was disqualified from the federal food stamp program for suspected abuse of the food stamp program, it was “sold” to a new Collado-recruited straw owner, and the scam continued.
2 • A Dearborn, MI, man was one of eight people charged in a federal crackdown on food stamp fraud.The ringleader, Jihad “Jim” Sayed, was indicted for allegedly redeeming food stamp benefits for cash and allowing food stamp benefits to be exchanged for items not authorized under federal regulations such as tobacco, liquor, clothing, house- hold appliances and furnishings.To date, the initiative, termed the Bridge Card Enforcement Team (BCET), resulted in 125 arrests, 169 search warrants, 98 guilty pleas, about $21.1 million in court-ordered fines and restitution, and $3.2 million in forfeitures. In each of these cases, the fraudulent owners and their associ- ates used multiple businesses, family ties, an active referral network, false documentation, and brazen disregard for law enforcement and regulators to facilitate long-running fraud schemes. One particularly insidious aspect of this type of fraud was exposed by the Chief of the FBI’s Terrorist Financing and Operations Section (TFOS) when he testified before the US House of Representatives, stating, “Within the United States, Hezbollah associates and sympathizers have engaged in a wide range of criminal activities to include money laundering, credit card fraud, immigration fraud, food stamp fraud, bank fraud and narcotics trafficking.” The food stamp program is so often exploited by terrorist organizations to finance their operations that the Investigative Project on Terrorism (IPT) established by terrorism expert Steve Emerson includes food stamp fraud cases as regular components of its weekly terrorist activity report. It is not uncommon to see these same store operators offering prohibited money laundering Hawallah services – the invisible black market currency exchange system that is favored by terrorist organizations – from the same stores. MovingBeyond‘PayandChase’toPrevention Using their ingenuity and flexibility, these groups take advan- tage of the federal government’s inability to connect the dots between state and federal government databases that contain such information as beneficiary and retailer information, retail store sales taxes, wage taxes, income tax, corporation records, driver’s licenses, business licenses, criminal records and depor- tations. Connecting the dots is what’s required to identify anomalies and fraud patterns, as well as match and link the malignant social network. It is often the patterns and conduct of the recipients and their relationships with the retailers that are the earmarks of a fraudulent food stamp ecosystem. What’s even more frustrating is that without the right analytical tools and insights, similar fraud schemes by other unidentified organized crime networks are underway today, flying under the radar of law enforcement. So if traditional methods and systems used by federal agencies aren’t enough to detect this scale of fraud earlier, what is? The answer is this: hybrid analytics that empowers law enforce- ment to go on the offensive with fraud operators – and do so without disrupting the efficient and timely delivery of the benefits. Using the fraud stories described above as an example, this paper will explore how your law enforcement or government agency can use multiple analytical methods to proactively identify crime rings in their infancy – and spare federal taxpayers billions of dollars misspent on spurious benefits payouts each year. The Goal: Detect Fraud Earlier In SAS’ experience working with government agencies, it’s clear that proactively identifying complex fraud schemes (and the criminals behind them) is only possible when agencies use a multifaceted, anti-fraud detection approach that combines sophisticated data integration with a hybrid analytical approach that includes: • Rules to filter activities and transactions for fraudulent behavior. • Anomaly detection to detect individual and aggregated abnormal patterns. • Predictive models based on known fraud cases so you can look for similar characteristics in future claims. • Social network analysis to identify relationships pertinent to fraud that would normally escape notice. This combination of data integration and a hybrid analytical approach is the key to uncovering crime organizations in the first few months of operation, which greatly limits potential losses to the government and taxpayers.
3 TheSAS® FraudFramework: ConnectingtheDotsforYou The SAS Fraud Framework is designed from the ground up to support this kind of hybrid analytical approach. Working behind the scenes, integrated SAS analytical applications quickly connect the dots for you in a variety of ways. Each strand of analytically determined connections represents another way of looking at any given fraud event as part of a potentially much larger threat. In this way, the SAS Fraud Framework’s applica- tions work together to: • Provide strategic insight into threats, trends and risks. • Deliver a holistic enterprise view of fraudulent behavior. • Rapidly test, simulate and deploy models/rules without dependence on IT. • Support prepayment detection and prevention. The various analytical techniques of SAS’ hybrid approach are summarized in Figure 1 below. UsingaHybridApproachforFraudDetection Employer Data Application Data Deceased Persons List Known Bad Lists Incarcerated List Payments IRS/State Agency Third-Party Data Enterprise Data Suitable for known patterns Suitable for unknown patterns Suitable for complex patterns Suitable for associative link patterns Rules Rules to uncover known fraud behaviors Examples: • Inaccurate eligibility information. • Direct mismatch across data sources. • Benefit does not match service requested. • Reporting more benefits provided than can exist. Anomaly Detection Uncover unusual behaviors Examples: • Abnormal service volume compared to similar providers. • Reported income inconsistent with peer group demographics. • Current utilization inconsistent with prior history. Hybrid Approach Proactively applies combination of all four approaches at entity and network levels Predictive Models Identify attributes that differentiate known fraud behavior Examples: • Like patterns of claims as known fraud. • Like behavior patterns as known fraud provider. • Like network growth rate (velocity). Social Network Analysis Knowledge discovery through associative link analysis Examples: • Beneficiary associated with known fraud. • Identity manipulation across employers. • Collusive networks of recipients and store owners. USING A HYBRID APPROACH FOR FRAUD DETECTION Figure 1: Key components of the SAS® Fraud Framework. ApplyingtheSAS® FraudFramework toCasesof FederalSubsidyAbuse So exactly how could the SAS Fraud Framework have helped law enforcement identify the kinds of crime rings plaguing the USDA’s food stamp program faster and earlier? First, let’s look at this from a high-level perspective to demonstrate the various capabilities supported by the framework and their potential value – specifically through its ability to provide: • Improved data integration. • Rules-based algorithms. • Anomaly detection. • Predictive models. • Social network analysis (SNA).
4 Capability Explanation Business Cases From the Food Stamp Fraud Cases Improved data integration Enables you to bring together data from a wide variety of third-party data sources and combine it with federal agency data on a national level. SAS Data Integration also includes sophisticated matching functionality so you can quickly identify missing and nonstandard data, including unstructured data from call center and investigator notes. Identification of deceased beneficiaries. Identification of beneficiaries with known fraudulent history in other government agencies. Identification of false storefronts and inappropriate addresses (e.g., UPS stores or apartment buildings) not identified with legitimate businesses. Rules-based algorithms You can create rules to detect known types of fraud or abuse based on specific patterns of activity. Flagging a store owner versus an agency-approved list of benefit providers. Flagging a beneficiary on incarcerated or deceased persons lists. Flagging benefits provided by a store that was recently instituted or changed its place of service (e.g., a store changed location in January and benefit was provided for an old address in March). Anomaly detection Using distributional analysis, you can analyze variables to identify which applications and beneficiary patterns are extreme outliers relative to others being processed. These outliers warrant additional scrutiny. The average transaction amount by store exceeds the norm or has spikes over time. The average number of transactions exceeds the norm for a particular geographical area. The average frequency of benefits provided to a particular individual exceeds the norm. Predictive models Using insights gained from known fraudulent behavior, you can create formulas that will enable SAS software to score transactions or beneficiaries for the probability of fraud. Probability of a phony storefront, based on statistical correlation with facts present for other phony storefronts that have been shut down. Probability of a compromised beneficiary ID, based on known stolen IDs in past claims. Probability of fraudulent behavior based on profile of similar fraudulent behavior patterns. Social network analysis (SNA) Analyze social networks with link analysis, which uses statistics to assign probabilistic associations between entities. For example, by analyzing names, addresses, bank account numbers, dates of birth, SSNs and more, you can identify potential fraud rings that would otherwise appear to be disparate actors. Linkage of multiple phony storefronts owned by several individuals with similar names and shared beneficiaries and spouses. Suspicious linkage between store owners with different names but same addresses and bank account numbers. Suspicious linkage of beneficiaries to known convicted benefit program fraudsters. The following table summarizes this value.
5 data sources – for example, by matching deceased or incar- cerated store owners, deceased beneficiaries, invalid social security numbers, and family relationships across store owners. DataCleansingandQuality The SAS Data Quality Solution provides an enterprise solution for profiling, cleansing, augmenting and integrating data to create consistent, reliable information. With the SAS Data Quality Solution, you can automatically incorporate data quality into data integration and business intelligence projects to dramatically improve returns on investigations and analyses. For example, you can profile, monitor and actively manage the quality of data being collected from various sources, as well as integrate and standardize data across multiple systems.The software also allows you to define data correction rules to reflect organizational changes and cleanse data. As a result, you can provide investigators with trustworthy information needed to make informed decisions regarding what to investigate. How would this solution have helped investigators uncover Collado’s fraud earlier? Often, when a suspect is filling out a form, certain information is intentionally left out.The intent is to have the processor fill in the information or to omit informa- tion that could link the investigator to the suspect. As the data cleansing and quality process is conducted, users can analyze the cleansing process to uncover trends in the application process. For example, a fraudulent suspect may always omit answers in boxes 7, 14 and 21 on a specific form. Knowing this trend, when an application is missing answers to 7, 14 and 21, it can be tagged as suspicious. In the case of Collado, identifying trends in the quality of the various phony convenience store applications could have tipped investigators to take a closer look at the six different storefronts that he established. ProbabilisticMatching The methods of crime rings defrauding federal subsidy programs tend to rely heavily upon the fact that it is difficult for agencies and investigators to link names and aliases between disparate data sources and match them to other data, such as Social Security numbers (SSNs).To address this fraud opportu- nity, agencies and investigators need to cleanse data and create soft links between public data and internal sources, generating matches based upon names and other identifying information – even when hard links aren’t available, as is often the case with publicly available data. For example, it would be inconceivable to publish an individual’s SSN and beneficiary information next to other information in a public data source, such as addresses and phone numbers published in local phone books, yet these linkages must be made by agencies to identify potential fraud. SAS technology can deliver these capabilities by taking a three- pronged approach that includes: • A data repository that aggregates and integrates data from many sources and creates a solid foundation for rapid, comprehensive analysis. • Sophisticated analyses for powerful fraud detection and prevention. • Fraud reporting via business intelligence visualizations that give you data you can act upon. The Foundation: A Solid Data Repository As with any analytics solution, bad data means inaccurate, incomplete insights – hardly useful for investigators of major fraud schemes. One of the reasons the criminals in these stories were able to perpetrate their crimes for so long was due, in part, to data that was fragmented across public and private data sources and systems; no one had ever looked at available data holistically and connected the dots. That’s why the SAS Fraud Framework runs on a solid data foundation enabled by SAS’ world-class data integration tech- nologies for data quality and integration. SAS Analytics can make the intelligent linkages between currently disparate data sources and use them to help you quickly identify instances of potential fraud. DataIntegration With SAS data quality and integration tools, you can merge any public and private data sources and have a complete data set to analyze and connect the dots. By melding public data – benefi- ciary and retailer information, retail store taxes, wage taxes, income tax, driver’s licenses, business licenses, criminal records, deportations – you can use analytics to integrate and then corre- late the data points to reveal the larger picture. For example, in the Apolinar Collado example mentioned in the Executive Summary, even simple public data, such as resi- dential and commercial phone directories, Google maps, or criminal conviction records, could have been integrated and used to identify those addresses and phone numbers clearly not associated with legitimate convenience stores. Analytics provided through the SAS Fraud Framework could then be used to thoroughly screen store applications at their enrollment, thus barring Collado at the point of entry into federal programs. SAS data integration tools could also automate the process of making the millions of intelligent linkages between the various
6 automate the extraction and integration of call center data (one example of unstructured text) with the claims and benefits payment data to quickly detect new patterns that indicate potential fraud. Fraud Detection: A Proven,Hybrid Solution After agencies have a solid data foundation, they can apply analytics to identify patterns, trends and other outliers that are associated with likely fraud operations. But it’s important to note that no single detection technique is capable of system- atically identifying large, collusive rings like those described in the stories discussed previously. Only through the combina- tion of multiple analytical approaches could the perpetrators of these crimes have been detected without insight from an inside informant. For example, rules and anomaly detection cast the net wide, resulting in too many false positives. But when combined with predictive modeling, which improves accuracy, you can signifi- cantly reduce the frequency of false positives to improve inves- tigator efficiency. Finally, you can layer on link analysis to ensure that all potential parties involved in a scheme are properly considered before they are determined to be an outlier or not. SAS recommends agencies take a hybrid approach, which integrates knowledge of existing schemes, powerful predic- tive analysis capabilities, and modeling of relationships among entities in the benefits system to recognize fraud earlier in the process – and even stop it before it occurs. While each method is limited when used separately, together they present a formi- dable deterrent to fraud that would have led to the detection of these crime rings much, much sooner. Rules-BasedAlgorithms Rules-based systems test each transaction against a predefined set of algorithms or business rules to detect known types of fraud or abuse based on specific patterns of activity. For example, a rules engine may have alerted or rejected the $1.6 million of food stamp claims made by Collado. At the time the fraudulent activity was committed, Collado was: 1) a known felon convicted for defrauding the federal food stamp program, and 2) an illegal alien. Rules that identified known convicted federal food stamp criminals and/or immigration violations would have detected Collado before the $1.6 million benefit payments were sent. Agencies also need to fully exploit hard linkages between data, such as SSNs and tax identification (TIN) numbers associated with businesses, to enable fast, easy connections among dispa- rate data sources. The problem is that different agencies store these hard links in different ways. An SSN could be saved as a string of numbers in one table, but in another table, contain hyphens to separate it into a string of two, three or four groups of digits. To make connections between data sources, these variations must be identified and resolved. Complicating matching efforts further are instances of incom- plete or missing information between data elements. For instance, SSNs could be used to match most of the TINs among the data sources, but if SSNs are missing from a number of benefit claims, the links among data sets will be incomplete. Alternatively, the SSN could be complete in one source, while only the last four digits are stored in another source. In both of these cases, hard linkages are not available, but there are still a number of data elements for powerful analytical tools to uncover soft matches between the data with a certain degree of confidence. The SAS Fraud Framework easily identifies each convention and standardizes these linkages based upon one convention. It also provides matching based upon international naming standards to create these linkages between even the most difficult of names. Integrationof UnstructuredContent Rich but seldom exploited data sources – call center data, oper- ative notes (such as Agent McClutchey’s notes mentioned in the Executive Summary), investigator notes and death certificates – are considered unstructured since the information they contain is not stored in a tabular format. Most organizations are inca- pable of integrating unstructured data in an automated fashion, let alone using that valuable information in analysis or investiga- tions. If agencies and investigators had been able to integrate unstructured data from a variety of sources, investigators could have uncovered the patterns of suspicious behavior in the food stamp fraud rings more easily. By using this unstructured data, the entire beneficiary population could have been transformed into potential tipsters of fraud. For example, by using the SAS Fraud Framework to analyze fraud hotline data from various states, as well as calls from the phony convenience store owners to assess or test reimburse- ment thresholds and fraud tactics, agencies could have identi- fied the Jihad “Jim” Sayed fraud ring sooner. SAS software can
7 AnomalyDetection With anomaly detection, you can normalize events and set thresholds to identify outlier behavior. Using distributional analysis, you can then analyze variables to identify claims and practice patterns that are extreme outliers relative to the rest of their respective distribution. In this manner, you can use statistical outliers to identify new patterns of fraud that are otherwise unknown. Valueasafrauddetectiontool In the case of the four Albany convenience stores, use of anomaly detection on variables such as average transaction dollar amount may have unearthed the fact that the conve- nience stores were billing for services that were not actually provided. In addition, anomaly detection may have red-flagged convenience stores submitting an unusual number of claims in a given time period or upon startup relative to their peers. Other examples of anomaly detection include a comparison across other stores in the area or detection of instances where the number or frequency of benefits to certain individuals exceeded the norm. Whyitmustbepartof ahybridapproach However, using anomaly detection alone to identify outliers presents some limitations: • Like the rules-based approach described above, too many false positives make it difficult for an investigator to distin- guish between a legitimate provider and a criminal. For example, a store located next to a homeless shelter may legitimately process a higher number of transactions than the norm, yet current anomaly detection capabilities would identify this store as a potential fraudster. • Fraud rings are well aware of threshold detection and can alter their behavior to elude anomaly detection by setting up multiple stores – each billing separately and under the radar. Collado was clearly aware of the thresholds for becoming a statistical outlier. His awareness was evidenced by the fact that he set up several straw owners and operators then “sold” the business to another recruited straw owner when the store was finally disqualified. He would then transfer the money to other bank accounts just before federal agencies had the opportunity to investigate them further. For these reasons, anomaly detection is very valuable, but it is insufficient by itself to detect all possible instances of fraud. Valueasafrauddetectiontool Business rules such as checking incarcerated lists, immigration status, deceased persons lists, known bad lists, etc., can be used to alert investigators to claims that are obviously fraudulent. Similarly, transactions can be red-flagged if the benefit provider recently changed place of business, address or provided a similar service to multiple family members within a narrow time frame – or, if a large number of claims happen immediately following a recent change in location or enrollment. Whyitmustbepartof ahybridapproach However, a rules-only approach presents multiple limitations: • Known fraud and improper payments must be specifically enumerated and added to the business rule repository. As soon as rules are created – and fraud rings “test” to verify their existence – fraudsters can vary their billing habits and behavior to elude rule detection. In other words, professional fraudsters can easily game the system by playing according to new and undetected rules. • It is next to impossible to create a rule for every type of fraud scheme known. There are simply too many permutations of potential types of fraud – and therefore types of rules – to catch every instance of fraud. • Some fraud can look legitimate if only a rules-based approach is used. In the Sayed example, the benefits were correctly redeemed. However, the correct benefits were never rendered but instead, exchanged for tobacco, liquor, clothing and household appliances. In short, it was still fraud, but rules would not have caught it. • Rules engines may uncover large numbers of suspicious claims, many of which will be false positives that create a distracting level of noise. So while a rules-only analytics approach may have ultimately identified the fraudsters in each of the examples shown here, used independently, it may have disrupted operations for legitimate providers and cost federal agencies a great deal of money to manually review unnecessary alerts. For these reasons, rules-based algorithms must be combined with other analytical methods that can cover these gaps and enable early detection of fraud.
8 • Probability of a compromised beneficiary ID: Again, with rules and anomaly detection alone, federal agencies would be uncertain about how to differentiate between legitimate services that beneficiaries actually received versus services that were never rendered but were ultimately paid for. In many cases, an individual beneficiary could be receiving legitimate services from honest providers while at the same time, a criminal ring could be billing for services that were never rendered to that person, as in the Sayed example.To distinguish between them, a predictive model could be used at the beneficiary level (to indicate normal and likely behavior patterns) or at the provider level (by modeling other fraud rings that operated with stolen beneficiary IDs). Whyitmustbepartof ahybridapproach However, using predictive modeling alone has limitations as well. Predictive modeling only profiles known behaviors. Although models can adapt quickly to new schemes as they emerge and can be used to detect abnormal behavior, they identify individuals (e.g., providers or beneficiaries) and do not connect high-scoring individuals with low-scoring individuals who may be part of a fraud ring. SocialNetworkAnalysis(SNA) Social network analysis, also known as linkage analysis, combines the connections established between disparate source data and groups of potentially fraudulent actors into a single, malignant social network. Entities may include locations, service providers, beneficiaries, family members of fraudsters, addresses or telephone numbers, to name a few. In the past, constructing networks manually has been quite labor-intensive, and only highly skilled investigators working with manual tools, push pins and string used over long time periods have been able to identify enterprise-level activity. However, social network analysis can be fully automated, with the system continuously updating the interrelated networks and rescoring for fraud. As such, identification of a single suspicious activity or entity in the ring can expose an entire network of highly collusive behavior. Valueasafrauddetectiontool Social network analysis establishes frequencies among the various linkages of entities in the network and then runs those linkages back through anomaly detection and predictive modeling to identify collusive networks that are statistically unusual.This is a powerful tool to facilitate early identification of collaborative fraudulent networks, as it enables program PredictiveModeling Predictive modeling tends to be more accurate and reliable than other analytical methods for fraud scheme discovery. Predictive modeling looks at past behavior (fraud incidents) and determines which variables (frequency of claims, dollar value patterns, region, etc.) have the most impact on the outcome (the fraud incident).You can combine the strongest variables into an algorithm that can be applied to current data to determine where otherwise undetectable patterns are occurring. By doing so, you can calculate a score or likelihood, making it possible to determine where fraud is more likely to be occurring. Valueasafrauddetectiontool With predictive modeling, you can detect even slight varia- tions between fraud schemes, enabling investigators to better understand how fraud morphs over time and across geographic areas. Predictive modeling is also superior to a rules-only approach in that the investigator need not define specific criteria that can easily be evaded. Rather, predictive modeling lets the data drive the identification, combination and weighting of the parameters that contributed to fraudulent activity. As a result, fraud schemes can be discovered based not only on front-end assumptions on the part of the investigators, but also on what the data and models score as potentially fraudulent. In addition, beneficiaries, stores, store owners, etc., scored by the predictive models can be prioritized in terms of likelihood of fraud or the dollar amounts associated with the scheme, thus reducing false positives and letting investigators focus on only the most important fraud cases first. The following are examples of predictive models that may have been employed to identify the fraud schemes mentioned in the Executive Summary: • Alerting investigators to a potentially fictitious/phantom storefront: With rules and anomaly detection alone, federal agencies could not – with a high degree of certainty – differ- entiate between new stores that are legitimate and those that are phantom storefronts established for fraud. Using predic- tive modeling, federal agencies could analyze patterns in the data from past phony storefronts that were opened for a short period of time, experienced high utilization and were then promptly shut down. Agencies could then overlay that formula on new stores to predict which ones are most likely to be fraudulent (and later shut down).
9 analysis with rules, anomaly detection and predictive modeling, investigators can go beyond the typical view of fraud to see a bigger picture, including related perpetrators, and to gain a clearer understanding of all the activities and relationships at a network level. The hybrid approach also gives investigators a better understanding of emerging threats so they can take action to prevent substantial losses before they happen. Fraud Reporting: Business Intelligence That Provides Data to Act Upon The final element of a successful fraud detection and preven- tion solution is business intelligence software, which generates reports that turn analytical results into real and useful insight. Consider the power of providing investigators with social network analysis that is presented in a graphical manner, as illustrated in Figure 2. These graphics show how SAS Business Intelligence software instantly displays the relationships of an entire network. The red background of certain icons immedi- ately focuses the viewer’s attention on those individuals whose activities and circumstances have been flagged as suspicious. Time sliders show the development of the network over time. And investigators can easily peel back the investigation to uncover previously unknown suspects related to the network. managers to act early to limit losses, prioritize their efforts and aggregate losses to enable high-impact prosecutions. Social network analysis could have been employed to identify the fraud schemes described in the Executive Summary in the following ways: • The Albany crime ring was created using multiple store- fronts, not only to maximize illicit revenue, but also to mask fraudulent behavior on the part of any one store. Social network analysis would have identified that multiple stores were owned by several individuals with similar names and that they shared in a large percentage of similar customers who (not coincidentally) all were paid unusually high average transaction amounts at the four stores. • Using link analysis on the address of each store, social network analysis would have also uncovered that four of the stores in the Collado crime ring were at the same location. • Had it been available, social network analysis could have identified the unusual connections and relation- ships between the 125 individuals arrested in the Sayed crime ring. Whyitmustbepartof ahybridapproach Social network analysis provides a holistic view of fraud. Typically, organizations only look at individuals and account views to analyze activities. By combining the social network Figure 2: Example of SAS® Social Network Analysis. SocialNetworkAnalysis
10 Figure 3 provides an example of a typical alert queue – some- thing familiar to most fraud investigators.This investigation tool displays the results of the SAS advanced analytics and hybrid approach, as discussed above.The tool is highly customizable – in this instance, it displays the most pertinent information to the fraud investigator to facilitate decision making or alert triaging. The software also provides capabilities for scoring, de-duping, prioritizing and routing pertinent alerts to appropriate resources, as well as a description that gives more detail on why the alert was generated. Note that the graphics show what the average transaction looks like (what’s shown in blue) compared to the transaction in question (what’s in red). Color coding helps investigators immediately focus on the attributes of a transac- tion that is likely fraudulent. Figure 3: Example of analytically generated fraud alerts. AlertDetailPage SAS® SolutionsTailoredtoIdentifyFraudin DiverseGovernmentAgencies To maximize the effectiveness of any fraud detection and elimination workflow,the SAS Fraud Framework is customized to meet the needs of different government agencies. These tailored solutions,which use what has already been done for different industries, address fraud in the following areas: • Insurance. • Welfare and social services. • Medicare and Medicaid. • Tax. • Unemployment and workers’ compensation. • Grants and purchasing.
11 IntegratedCaseManagementFunctionality The workflow powered by the SAS Fraud Framework can be integrated with SAS Enterprise Case Management, which empowers investigators to make full and effective use of the analytical data and insights. As you know, case management is the backbone of documenting investigation processes, expo- sures and losses regarding any type of financial crime that may pose a risk to an organization. It is also relied on to provide information for financial reporting (e.g., fraud losses) and is the primary resource for filing regulatory reports to government agencies. In addition, the disposition of cases under investiga- tion is critical to enhancing an organization’s future monitoring and overall operational efficiencies. SAS Enterprise Case Management enforces best practices and proper gathering of evidence and can greatly reduce the cost of investigations. It provides a structured environment for managing investigation workflows, for attaching comments or documentation, and for recording financial information, such as exposures and losses.The solution also provides advanced dashboards that go beyond providing traditional operational performance metrics to enable management oversight and analytical reporting. And dashboards also let users track the performance of investigative functions and trends related to financial crime exposure. SAS®: Enabling a 24/7 Fraud Detection Workflow As illustrated below in Figure 4, the SAS Fraud Framework leverages all of the capabilities described above to support an integrated workflow for analyzing data as it comes into the inte- grated data source and for detecting potential fraud in near-real time. Data from a wide variety of operational data sources is aggregated to create a single, clean data source that’s opti- mized for analytics: • On the left, data from a wide variety of sources is integrated, centralized and cleansed. • Data is then dumped into the SAS Analytics engine for analysis and alert generation (as illustrated in the blue box). • Results of analytics are then detailed in business intelligence reports and alerts (as shown in the lower right-hand box). • The framework also allows you to package the results into a case management system. The most important step in the process is the learn-and-improve cycle: Results are fed back into the system to tweak the models and rules for improved results and reduced false positives. Figure 4: Workflow powered by the SAS Fraud Framework. Alert Generation Process Business Rules Learn and Improve Cycle Analytics Anomaly Detection Predictive Modeling Network Rules Network Analytics Alert Management & BI / Reporting Case Management Alert Administration Fraud Data Staging Exploratory Data Analysis & Transformation Transactions Entities Internal Data External Data Intelligent Fraud Repository Operational Data Sources SAS® Social Network Analysis PROCESS FLOW SAS® FraudFramework Process Flow
12 ASystemforContinuousLearning andImprovement The SAS Fraud Framework is also a system for continuous learning and improvement, which is essential. Since fraud schemes evolve and morph over time, prevention and detec- tion software must evolve and morph with them. Each time an alert is triggered or a vendor eligibility referral is passed, the results are stored within the Intelligent Fraud Repository as known outcomes. The predictive models used in the framework access this repository of known outcomes as they apply analytic approaches used in the hybrid approach discussed previously. By registering and leveraging known outcomes in the reposi- tory, you can turn this into knowledge to stop future payments. Specifically, this feedback loop allows the SAS Fraud Framework to continue to learn and be more precise with risk scoring by raising more alerts on entities and networks that have attributes similar to confirmed, known bad actors. If this feedback loop is in place, the SAS Fraud Framework and associated analytical approaches never stop learning and evolving. As new schemes are detected and uncovered, this knowledge becomes part of the SAS Fraud Framework and is automatically and instantly applied in the future. In addition, the SAS Fraud Framework’s model management features an easy-to-use, graphical user interface that guides fraud analysts through a repeatable process for registering, testing and validating models. Model management function- ality also supports “champion versus challenger” capabilities so they can confirm best-fit models. Analysts can also analyze how models perform over time using a series of lift charts repre- senting result deviation and response stability. This analysis allows analysts to continuously monitor fraud model perfor- mance and determine when to reconfigure models. SAS® EnterpriseCaseManagementgives investigatorsmorepower,flexibilityand taskautomation,withouthavingtorelyon ITforsupport. The solution enables investigators to: • Receive alerts requiring investigation from multiple monitoring systems. • Review incoming items prior to creating or linking an incident to a case. • Customize activities and automate work- flows (can develop different workflows for different case types). • Assign activities in the workflow to individuals or groups of users. • Import existing records and historical information by custom ETLto prepopu- late customer fields and prevent rekeying errors. • Create,edit and view a case based on user permissions. • Classify cases by type,category and subcategory. • Attach documents,video files and other digital media to a case. • Set default fields and values on screens based on case type. • Create audit records containing user identification,a time stamp and date when actions are performed. • Generate batch files for regulatory reporting via e-filing.
13 SAS: Evolving Solutions to KeepYou One Step Ahead of Organized Crime Federal agencies providing subsidies to citizens and legal aliens must place themselves on the offensive by incorporating strate- gies and tools that make the commission of fraud a risky under- taking. SAS is uniquely positioned to team with federal agencies to make this happen. The SAS Fraud Framework provides an end-to-end framework for detecting, preventing and managing all types of abuse of federal subsidies and loan programs. Only SAS combines all of the approaches outlined in this paper in a single, integrated, commercial-off-the-shelf (COTS) software offering, providing improved efficiency and decreased total cost of ownership in implementing these capabilities. Furthermore, SAS is universally recognized as the worldwide leader of advanced analytics. SAS’ market share in predic- tive modeling alone is more than double its closest competi- tor’s. Only SAS can provide federal payers with an open, high-performance and scalable solution for implementing analytics throughout your fraud detection strategy at the point of provider and beneficiary eligibility screening, prepayment within the benefit payment system, or in post-payment review.
To contact your local SAS office, please visit: sas.com/offices SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of SAS Institute Inc. in the USA and other countries. ® indicates USA registration. Other brand and product names are trademarks of their respective companies. Copyright © 2014, SAS Institute Inc. All rights reserved. 106036_S129353.1014

Recommended

2011 organized retail crime survey final
2011 organized retail crime survey final2011 organized retail crime survey final
2011 organized retail crime survey finalHumberto Galasso
 
Why Oppose Slots In Maryland
Why Oppose Slots In MarylandWhy Oppose Slots In Maryland
Why Oppose Slots In MarylandAaronBalto
 
Special Report for Retail Businesses on IDENTITY THEFT - ca
Special Report for Retail Businesses on IDENTITY THEFT - caSpecial Report for Retail Businesses on IDENTITY THEFT - ca
Special Report for Retail Businesses on IDENTITY THEFT - ca- Mark - Fullbright
 
Safeguarding Consumers’ Financial Data 2014
Safeguarding Consumers’ Financial Data 2014Safeguarding Consumers’ Financial Data 2014
Safeguarding Consumers’ Financial Data 2014- Mark - Fullbright
 
PREVENTING IDENTITY THEFT: A GUIDE for CONSUMERS
PREVENTING IDENTITY THEFT: A GUIDE for CONSUMERSPREVENTING IDENTITY THEFT: A GUIDE for CONSUMERS
PREVENTING IDENTITY THEFT: A GUIDE for CONSUMERS- Mark - Fullbright
 
National Consumers League 2013 State of ID Theft Report
National Consumers League 2013 State of ID Theft ReportNational Consumers League 2013 State of ID Theft Report
National Consumers League 2013 State of ID Theft Reportnationalconsumersleague
 
The State of Identity Theft in 2013
The State of Identity Theft in 2013The State of Identity Theft in 2013
The State of Identity Theft in 2013nationalconsumersleague
 
ASIS Phoenix February Presentation
ASIS Phoenix February PresentationASIS Phoenix February Presentation
ASIS Phoenix February PresentationJohn Hamilton, DAHC,EHC,CFDAI, CPP, PSPO
 

Recommended

2011 organized retail crime survey final
2011 organized retail crime survey final2011 organized retail crime survey final
2011 organized retail crime survey finalHumberto Galasso
 
Why Oppose Slots In Maryland
Why Oppose Slots In MarylandWhy Oppose Slots In Maryland
Why Oppose Slots In MarylandAaronBalto
 
Special Report for Retail Businesses on IDENTITY THEFT - ca
Special Report for Retail Businesses on IDENTITY THEFT - caSpecial Report for Retail Businesses on IDENTITY THEFT - ca
Special Report for Retail Businesses on IDENTITY THEFT - ca- Mark - Fullbright
 
Safeguarding Consumers’ Financial Data 2014
Safeguarding Consumers’ Financial Data 2014Safeguarding Consumers’ Financial Data 2014
Safeguarding Consumers’ Financial Data 2014- Mark - Fullbright
 
PREVENTING IDENTITY THEFT: A GUIDE for CONSUMERS
PREVENTING IDENTITY THEFT: A GUIDE for CONSUMERSPREVENTING IDENTITY THEFT: A GUIDE for CONSUMERS
PREVENTING IDENTITY THEFT: A GUIDE for CONSUMERS- Mark - Fullbright
 
National Consumers League 2013 State of ID Theft Report
National Consumers League 2013 State of ID Theft ReportNational Consumers League 2013 State of ID Theft Report
National Consumers League 2013 State of ID Theft Reportnationalconsumersleague
 
The State of Identity Theft in 2013
The State of Identity Theft in 2013The State of Identity Theft in 2013
The State of Identity Theft in 2013nationalconsumersleague
 
ASIS Phoenix February Presentation
ASIS Phoenix February PresentationASIS Phoenix February Presentation
ASIS Phoenix February PresentationJohn Hamilton, DAHC,EHC,CFDAI, CPP, PSPO
 
Financial transaction-tax-old-solution-new-problem-2015-report
Financial transaction-tax-old-solution-new-problem-2015-reportFinancial transaction-tax-old-solution-new-problem-2015-report
Financial transaction-tax-old-solution-new-problem-2015-reportDeusto Business School
 
Social Equity Applicants Score Big in Illinois
Social Equity Applicants Score Big in IllinoisSocial Equity Applicants Score Big in Illinois
Social Equity Applicants Score Big in IllinoisEvergreen Buzz
 
IDT Red Flags White Paper By Wrf
IDT Red Flags White Paper By WrfIDT Red Flags White Paper By Wrf
IDT Red Flags White Paper By WrfBucacci Business Solutions
 
Us markets braced for trading tax grab from democrats
Us markets braced for trading tax grab from democratsUs markets braced for trading tax grab from democrats
Us markets braced for trading tax grab from democratsManfredNolte
 
Right Care Alliance Presentation
Right Care Alliance PresentationRight Care Alliance Presentation
Right Care Alliance Presentationsstrumello
 
Jul 16 Trends Monitor
Jul 16 Trends MonitorJul 16 Trends Monitor
Jul 16 Trends MonitorMspark
 
The economics of legalized recreational marijuana
The economics of legalized recreational marijuanaThe economics of legalized recreational marijuana
The economics of legalized recreational marijuanaJeffrey Walker, MBA
 
Information Compromise and the Risk of Identity Theft Guidance for your Business
Information Compromise and the Risk of Identity Theft Guidance for your BusinessInformation Compromise and the Risk of Identity Theft Guidance for your Business
Information Compromise and the Risk of Identity Theft Guidance for your Business- Mark - Fullbright
 
Identity theft fraud laws how the legal system can protect you
Identity theft fraud laws how the legal system can protect youIdentity theft fraud laws how the legal system can protect you
Identity theft fraud laws how the legal system can protect youIdentity Theft Protection
 
Market Structure and Extortion: Evidence from 50,000 Extortion Payments
Market Structure and Extortion: Evidence from 50,000 Extortion PaymentsMarket Structure and Extortion: Evidence from 50,000 Extortion Payments
Market Structure and Extortion: Evidence from 50,000 Extortion PaymentsStockholm Institute of Transition Economics
 
Identity Theft: Trends and Issues January 16, 2014
Identity Theft: Trends and Issues January 16, 2014Identity Theft: Trends and Issues January 16, 2014
Identity Theft: Trends and Issues January 16, 2014- Mark - Fullbright
 
Identity Theft:Trends and Issues
Identity Theft:Trends and IssuesIdentity Theft:Trends and Issues
Identity Theft:Trends and Issues- Mark - Fullbright
 
PREVENTING ID THEFT GUIDE FOR CONSUMERS
PREVENTING ID THEFT GUIDE FOR CONSUMERSPREVENTING ID THEFT GUIDE FOR CONSUMERS
PREVENTING ID THEFT GUIDE FOR CONSUMERSGreg Ewers
 
Investigating Nonprofits by Chris Roush
Investigating Nonprofits by Chris RoushInvestigating Nonprofits by Chris Roush
Investigating Nonprofits by Chris RoushReynolds Center for Business Journalism
 
Has Marijuana Money Fallen Short?
Has Marijuana Money Fallen Short?Has Marijuana Money Fallen Short?
Has Marijuana Money Fallen Short?Evergreen Buzz
 
Identity Theft and Strategies for Crime Prevention
Identity Theft and Strategies for Crime PreventionIdentity Theft and Strategies for Crime Prevention
Identity Theft and Strategies for Crime Prevention- Mark - Fullbright
 
交點高雄Vol.1 - 阜益
交點高雄Vol.1 - 阜益交點高雄Vol.1 - 阜益
交點高雄Vol.1 - 阜益交點
 
Convite
ConviteConvite
ConviteKenia Schmitz
 
Upaya pemanfaatan brain drain indonesia (by taruna ikrar) koran tempo 15 mare...
Upaya pemanfaatan brain drain indonesia (by taruna ikrar) koran tempo 15 mare...Upaya pemanfaatan brain drain indonesia (by taruna ikrar) koran tempo 15 mare...
Upaya pemanfaatan brain drain indonesia (by taruna ikrar) koran tempo 15 mare...Taruna Ikrar
 
Porla Paz(Con Audio)
Porla Paz(Con Audio)Porla Paz(Con Audio)
Porla Paz(Con Audio)pilarma15
 
D E S E R T
D E S E R TD E S E R T
D E S E R TRodica Madan
 
Internet vida.pastoral_304
Internet vida.pastoral_304Internet vida.pastoral_304
Internet vida.pastoral_304Sergio Souza
 

More Related Content

What's hot

Financial transaction-tax-old-solution-new-problem-2015-report
Financial transaction-tax-old-solution-new-problem-2015-reportFinancial transaction-tax-old-solution-new-problem-2015-report
Financial transaction-tax-old-solution-new-problem-2015-reportDeusto Business School
 
Social Equity Applicants Score Big in Illinois
Social Equity Applicants Score Big in IllinoisSocial Equity Applicants Score Big in Illinois
Social Equity Applicants Score Big in IllinoisEvergreen Buzz
 
Us markets braced for trading tax grab from democrats
Us markets braced for trading tax grab from democratsUs markets braced for trading tax grab from democrats
Us markets braced for trading tax grab from democratsManfredNolte
 
Right Care Alliance Presentation
Right Care Alliance PresentationRight Care Alliance Presentation
Right Care Alliance Presentationsstrumello
 
Jul 16 Trends Monitor
Jul 16 Trends MonitorJul 16 Trends Monitor
Jul 16 Trends MonitorMspark
 
The economics of legalized recreational marijuana
The economics of legalized recreational marijuanaThe economics of legalized recreational marijuana
The economics of legalized recreational marijuanaJeffrey Walker, MBA
 
Information Compromise and the Risk of Identity Theft Guidance for your Business
Information Compromise and the Risk of Identity Theft Guidance for your BusinessInformation Compromise and the Risk of Identity Theft Guidance for your Business
Information Compromise and the Risk of Identity Theft Guidance for your Business- Mark - Fullbright
 
Identity theft fraud laws how the legal system can protect you
Identity theft fraud laws how the legal system can protect youIdentity theft fraud laws how the legal system can protect you
Identity theft fraud laws how the legal system can protect youIdentity Theft Protection
 
Identity Theft: Trends and Issues January 16, 2014
Identity Theft: Trends and Issues January 16, 2014Identity Theft: Trends and Issues January 16, 2014
Identity Theft: Trends and Issues January 16, 2014- Mark - Fullbright
 
Identity Theft:Trends and Issues
Identity Theft:Trends and IssuesIdentity Theft:Trends and Issues
Identity Theft:Trends and Issues- Mark - Fullbright
 
PREVENTING ID THEFT GUIDE FOR CONSUMERS
PREVENTING ID THEFT GUIDE FOR CONSUMERSPREVENTING ID THEFT GUIDE FOR CONSUMERS
PREVENTING ID THEFT GUIDE FOR CONSUMERSGreg Ewers
 
Has Marijuana Money Fallen Short?
Has Marijuana Money Fallen Short?Has Marijuana Money Fallen Short?
Has Marijuana Money Fallen Short?Evergreen Buzz
 
Identity Theft and Strategies for Crime Prevention
Identity Theft and Strategies for Crime PreventionIdentity Theft and Strategies for Crime Prevention
Identity Theft and Strategies for Crime Prevention- Mark - Fullbright
 

What's hot (16)

Financial transaction-tax-old-solution-new-problem-2015-report
Financial transaction-tax-old-solution-new-problem-2015-reportFinancial transaction-tax-old-solution-new-problem-2015-report
Financial transaction-tax-old-solution-new-problem-2015-report
 
Social Equity Applicants Score Big in Illinois
Social Equity Applicants Score Big in IllinoisSocial Equity Applicants Score Big in Illinois
Social Equity Applicants Score Big in Illinois
 
IDT Red Flags White Paper By Wrf
IDT Red Flags White Paper By WrfIDT Red Flags White Paper By Wrf
IDT Red Flags White Paper By Wrf
 
Us markets braced for trading tax grab from democrats
Us markets braced for trading tax grab from democratsUs markets braced for trading tax grab from democrats
Us markets braced for trading tax grab from democrats
 
Right Care Alliance Presentation
Right Care Alliance PresentationRight Care Alliance Presentation
Right Care Alliance Presentation
 
Jul 16 Trends Monitor
Jul 16 Trends MonitorJul 16 Trends Monitor
Jul 16 Trends Monitor
 
The economics of legalized recreational marijuana
The economics of legalized recreational marijuanaThe economics of legalized recreational marijuana
The economics of legalized recreational marijuana
 
Information Compromise and the Risk of Identity Theft Guidance for your Business
Information Compromise and the Risk of Identity Theft Guidance for your BusinessInformation Compromise and the Risk of Identity Theft Guidance for your Business
Information Compromise and the Risk of Identity Theft Guidance for your Business
 
Identity theft fraud laws how the legal system can protect you
Identity theft fraud laws how the legal system can protect youIdentity theft fraud laws how the legal system can protect you
Identity theft fraud laws how the legal system can protect you
 
Market Structure and Extortion: Evidence from 50,000 Extortion Payments
Market Structure and Extortion: Evidence from 50,000 Extortion PaymentsMarket Structure and Extortion: Evidence from 50,000 Extortion Payments
Market Structure and Extortion: Evidence from 50,000 Extortion Payments
 
Identity Theft: Trends and Issues January 16, 2014
Identity Theft: Trends and Issues January 16, 2014Identity Theft: Trends and Issues January 16, 2014
Identity Theft: Trends and Issues January 16, 2014
 
Identity Theft:Trends and Issues
Identity Theft:Trends and IssuesIdentity Theft:Trends and Issues
Identity Theft:Trends and Issues
 
PREVENTING ID THEFT GUIDE FOR CONSUMERS
PREVENTING ID THEFT GUIDE FOR CONSUMERSPREVENTING ID THEFT GUIDE FOR CONSUMERS
PREVENTING ID THEFT GUIDE FOR CONSUMERS
 
Investigating Nonprofits by Chris Roush
Investigating Nonprofits by Chris RoushInvestigating Nonprofits by Chris Roush
Investigating Nonprofits by Chris Roush
 
Has Marijuana Money Fallen Short?
Has Marijuana Money Fallen Short?Has Marijuana Money Fallen Short?
Has Marijuana Money Fallen Short?
 
Identity Theft and Strategies for Crime Prevention
Identity Theft and Strategies for Crime PreventionIdentity Theft and Strategies for Crime Prevention
Identity Theft and Strategies for Crime Prevention
 

Viewers also liked

交點高雄Vol.1 - 阜益
交點高雄Vol.1 - 阜益交點高雄Vol.1 - 阜益
交點高雄Vol.1 - 阜益交點
 
Upaya pemanfaatan brain drain indonesia (by taruna ikrar) koran tempo 15 mare...
Upaya pemanfaatan brain drain indonesia (by taruna ikrar) koran tempo 15 mare...Upaya pemanfaatan brain drain indonesia (by taruna ikrar) koran tempo 15 mare...
Upaya pemanfaatan brain drain indonesia (by taruna ikrar) koran tempo 15 mare...Taruna Ikrar
 
Porla Paz(Con Audio)
Porla Paz(Con Audio)Porla Paz(Con Audio)
Porla Paz(Con Audio)pilarma15
 
Internet vida.pastoral_304
Internet vida.pastoral_304Internet vida.pastoral_304
Internet vida.pastoral_304Sergio Souza
 
4033 neira tomas_tp9
4033 neira tomas_tp94033 neira tomas_tp9
4033 neira tomas_tp9Tommy Gunn
 
Milagres
MilagresMilagres
Milagresjmpcard
 
интеллектуальное развитие детей
интеллектуальное развитие детейинтеллектуальное развитие детей
интеллектуальное развитие детейИрина Кленова
 
Taormina sicilia13
Taormina sicilia13Taormina sicilia13
Taormina sicilia13jmpcard
 
Tugas 4 (individu) rekayasa web 0316
Tugas 4 (individu) rekayasa web 0316Tugas 4 (individu) rekayasa web 0316
Tugas 4 (individu) rekayasa web 0316Rizki Wahyu
 
ST Exclusive - Lone Syrian Fencer
ST Exclusive - Lone Syrian FencerST Exclusive - Lone Syrian Fencer
ST Exclusive - Lone Syrian FencerLok Weng Seng
 
Alat optik
Alat optikAlat optik
Alat optik16071989
 
குறில் நெடில் An explanation in English
குறில் நெடில் An explanation in Englishகுறில் நெடில் An explanation in English
குறில் நெடில் An explanation in EnglishSuganthi Nadar
 

Viewers also liked (20)

交點高雄Vol.1 - 阜益
交點高雄Vol.1 - 阜益交點高雄Vol.1 - 阜益
交點高雄Vol.1 - 阜益
 
Convite
ConviteConvite
Convite
 
Upaya pemanfaatan brain drain indonesia (by taruna ikrar) koran tempo 15 mare...
Upaya pemanfaatan brain drain indonesia (by taruna ikrar) koran tempo 15 mare...Upaya pemanfaatan brain drain indonesia (by taruna ikrar) koran tempo 15 mare...
Upaya pemanfaatan brain drain indonesia (by taruna ikrar) koran tempo 15 mare...
 
Porla Paz(Con Audio)
Porla Paz(Con Audio)Porla Paz(Con Audio)
Porla Paz(Con Audio)
 
D E S E R T
D E S E R TD E S E R T
D E S E R T
 
Internet vida.pastoral_304
Internet vida.pastoral_304Internet vida.pastoral_304
Internet vida.pastoral_304
 
4033 neira tomas_tp9
4033 neira tomas_tp94033 neira tomas_tp9
4033 neira tomas_tp9
 
Milagres
MilagresMilagres
Milagres
 
Contraste
ContrasteContraste
Contraste
 
интеллектуальное развитие детей
интеллектуальное развитие детейинтеллектуальное развитие детей
интеллектуальное развитие детей
 
Taormina sicilia13
Taormina sicilia13Taormina sicilia13
Taormina sicilia13
 
Banksifsccode
Banksifsccode Banksifsccode
Banksifsccode
 
Tugas 4 (individu) rekayasa web 0316
Tugas 4 (individu) rekayasa web 0316Tugas 4 (individu) rekayasa web 0316
Tugas 4 (individu) rekayasa web 0316
 
ST Exclusive - Lone Syrian Fencer
ST Exclusive - Lone Syrian FencerST Exclusive - Lone Syrian Fencer
ST Exclusive - Lone Syrian Fencer
 
Alat optik
Alat optikAlat optik
Alat optik
 
குறில் நெடில் An explanation in English
குறில் நெடில் An explanation in Englishகுறில் நெடில் An explanation in English
குறில் நெடில் An explanation in English
 
Tepekent Konutları
Tepekent KonutlarıTepekent Konutları
Tepekent Konutları
 
Tim Apartments
Tim ApartmentsTim Apartments
Tim Apartments
 
Hidrokarbon dan Minyak Bumi
Hidrokarbon dan Minyak BumiHidrokarbon dan Minyak Bumi
Hidrokarbon dan Minyak Bumi
 
Perspective ppt
Perspective pptPerspective ppt
Perspective ppt
 

Similar to how-hybrid-anti-fraud-approach-can-save-government-benefit-programs-billions-106036

National Money Laundering Risk Assessment – 06-12-2015
National Money Laundering Risk Assessment – 06-12-2015National Money Laundering Risk Assessment – 06-12-2015
National Money Laundering Risk Assessment – 06-12-2015Edmond Martin
 
Employer 0409
Employer 0409Employer 0409
Employer 0409dgade
 
Writing Sample - Tax Identity Theft Note
Writing Sample - Tax Identity Theft NoteWriting Sample - Tax Identity Theft Note
Writing Sample - Tax Identity Theft NoteChris Sleeper
 
Fraud And Abuse In The U.S. Healthcare System
Fraud And Abuse In The U.S. Healthcare SystemFraud And Abuse In The U.S. Healthcare System
Fraud And Abuse In The U.S. Healthcare SystemKendra Cote
 
FHRBOC Preventing NFP Banking Fraud
FHRBOC Preventing NFP Banking FraudFHRBOC Preventing NFP Banking Fraud
FHRBOC Preventing NFP Banking Fraudtomciolkosz
 
Preventing Nonprofit Banking Fraud and the Tools You Can Use!
Preventing Nonprofit Banking Fraud and the Tools You Can Use!Preventing Nonprofit Banking Fraud and the Tools You Can Use!
Preventing Nonprofit Banking Fraud and the Tools You Can Use!tomciolkosz
 
Money Laundering in the Art, Collectibles, and Luxury Goods Industry
Money Laundering in the Art, Collectibles, and Luxury Goods IndustryMoney Laundering in the Art, Collectibles, and Luxury Goods Industry
Money Laundering in the Art, Collectibles, and Luxury Goods IndustryBrandonRuse1
 
Paul Kay MoneyLaundering.com Interview
Paul Kay MoneyLaundering.com InterviewPaul Kay MoneyLaundering.com Interview
Paul Kay MoneyLaundering.com Interviewpaulmkay
 
Sas wp enterrprise fraud management
Sas wp enterrprise fraud managementSas wp enterrprise fraud management
Sas wp enterrprise fraud managementrkappear
 

Similar to how-hybrid-anti-fraud-approach-can-save-government-benefit-programs-billions-106036 (13)

National Money Laundering Risk Assessment – 06-12-2015
National Money Laundering Risk Assessment – 06-12-2015National Money Laundering Risk Assessment – 06-12-2015
National Money Laundering Risk Assessment – 06-12-2015
 
Employer 0409
Employer 0409Employer 0409
Employer 0409
 
Writing Sample - Tax Identity Theft Note
Writing Sample - Tax Identity Theft NoteWriting Sample - Tax Identity Theft Note
Writing Sample - Tax Identity Theft Note
 
Fraud And Abuse In The U.S. Healthcare System
Fraud And Abuse In The U.S. Healthcare SystemFraud And Abuse In The U.S. Healthcare System
Fraud And Abuse In The U.S. Healthcare System
 
FHRBOC Preventing NFP Banking Fraud
FHRBOC Preventing NFP Banking FraudFHRBOC Preventing NFP Banking Fraud
FHRBOC Preventing NFP Banking Fraud
 
Preventing Nonprofit Banking Fraud and the Tools You Can Use!
Preventing Nonprofit Banking Fraud and the Tools You Can Use!Preventing Nonprofit Banking Fraud and the Tools You Can Use!
Preventing Nonprofit Banking Fraud and the Tools You Can Use!
 
Identity Theft * Canada
Identity Theft * CanadaIdentity Theft * Canada
Identity Theft * Canada
 
Money Laundering in the Art, Collectibles, and Luxury Goods Industry
Money Laundering in the Art, Collectibles, and Luxury Goods IndustryMoney Laundering in the Art, Collectibles, and Luxury Goods Industry
Money Laundering in the Art, Collectibles, and Luxury Goods Industry
 
Paul Kay MoneyLaundering.com Interview
Paul Kay MoneyLaundering.com InterviewPaul Kay MoneyLaundering.com Interview
Paul Kay MoneyLaundering.com Interview
 
Money laundering
Money launderingMoney laundering
Money laundering
 
Sas wp enterrprise fraud management
Sas wp enterrprise fraud managementSas wp enterrprise fraud management
Sas wp enterrprise fraud management
 
Looking the other way report
Looking the other way reportLooking the other way report
Looking the other way report
 
Money Laundering
Money Laundering Money Laundering
Money Laundering
 

how-hybrid-anti-fraud-approach-can-save-government-benefit-programs-billions-106036

  • 1.   WhitePaper How a Hybrid Anti-Fraud Approach Can Save Government Benefit Programs Billions Case Studies of Organized Crime Ring Defrauding Federal Subsidy Programs
  • 2. Contents Executive Summary...........................................................1 The New Face of Fraud and Detection..............................1 Moving Beyond ‘Pay and Chase’ to Prevention...............2 The Goal: Detect Fraud Earlier..........................................2 The SAS® Fraud Framework: Connecting the Dots for You................................................3 Applying the SAS® Fraud Framework to Cases of Federal Subsidy Abuse....................................3 The Foundation: A Solid Data Repository ...................5 Data Integration......................................................................5 Data Cleansing and Quality .................................................5 Probabilistic Matching...........................................................5 Integration of Unstructured Content..................................6 Fraud Detection: A Proven, Hybrid Solution ...............6 Rules-Based Algorithms........................................................6 Anomaly Detection................................................................7 Predictive Modeling...............................................................8 Social Network Analysis (SNA).............................................8 Fraud Reporting: Business Intelligence That Provides Data to Act Upon......................................9 SAS®: Enabling a 24/7 Fraud Detection Workflow............................................................................11 Integrated Case Management Functionality................. 11 A System for Continuous Learning and Improvement........................................................................ 12 SAS: Evolving Solutions to Keep You One Step Ahead of Organized Crime...........................................13
  • 3. 1 Executive Summary TheNewFaceof FraudandDetection Professional criminal enterprises inflict more damage and losses on society than opportunistic individuals. Yet today, anti-fraud program managers focus primarily on detecting outliers, researching standalone fraud events and acting on tips. And why not? Most anti-fraud analytic methods are focused at the provider or claim level; very little – if any – advanced data analysis focuses on the detection of collusive behavior among multiple entities.The criminal enterprises that exploit agencies providing everything from government loans to subsidized housing to food stamps know that anti- fraud investigators struggle to connect the dots – and fraud- sters use this to their advantage. While law enforcement gets distracted with the latest fraud scheme, professional fraud organizations constantly change their tactics – finding their way back into the system after being kicked out for fraudulent behavior or always staying one step ahead of the “pay-and- chase” game. Examples abound. For instance, take the disturbing scale of fraud perpetrated against the federal food stamp program. Out of the more than 1,800 federal subsidy programs that the US government administers, the food stamp program is one of the largest, yet it has the fewest resources for fraud prevention and mitigation. As the number of food stamp recipients has soared to 44 million – up from 26 million in 2007 – and costs have more than doubled to $77 billion during this period, the 200,000 retailers approved by the US Department of Agriculture (USDA) to accept Supplemental Nutrition Assistance Program (SNAP) Electronic Benefits Transfer (EBT) are regulated by a staff of only 40 USDA inspectors. Given the limited resources for fraud prevention, a huge black market has developed whereby recipi- ents exchange their food stamp benefits for cash. Savvy criminal enterprises find that these exchanges allow them to generate easy money with very little risk. Of the more than $2 billion in fraud and abuse reported by the USDA, the greatest losses are inflicted by corrupt retail merchants who exploit food stamp recipients.They typically pay a food stamp beneficiary about fifty cents in cash for every dollar in benefits they deduct from customers’ EBT accounts. And fraud has gotten even easier now that the government uses electronic benefits cards. Mark McClutchey, Special Agent with the USDA, knows firsthand how corrupt merchant criminal networks traffic in these cards – and the importance of using technology to empower scarce anti-fraud human resources. From January-March 2011, working undercover posing as a neighborhood food stamp “go between” for homeless people who frequented a nearby shelter, he conducted 58 EBT transac- tions at two Detroit neighborhood stores for more than $31,000 in cash. On five different occasions, the suspicious owners accused McClutchey of being “a fed” even as they handed the undercover agent cash while deducting credits from his elec- tronic benefit card. Apparently, raw greed trumped their fear of arrest. On one occasion, the undercover agent handed 13 EBT cards to an owner to cash in over a 24-hour time period.The owner generously dispensed some free advice to go with the cash: “You gotta play the game, play the system.” Investigations, law enforcement undercover operations and prosecutions across the country reveal that well-organized crime networks with business fronts are responsible for a disproportionate amount of these losses.They threaten the integrity of federal subsidy programs and drain precious taxpayer dollars. Consider these recent cases: • The operators of four Albany, NY, convenience stores were charged with grand larceny for defrauding the federal food stamp program of $1.6 million in a collusive scam between recipients and USDA-approved store owners. Prosecutors said that three of the stores were connected through family relationships and a referral network. During the investigation, it was also noted that the average transaction for conve- nience stores was $5.50 versus the $107.75 per average transaction at the four stores involved in the fraud schemes. One convenience store alone reaped more than $2.5 million in the scam while another netted more than $2.1 million before being caught and prosecuted.The schemes ran for several years and involved many collusive food stamp bene- ficiaries willing to accept cash for food stamp debits charged to their electronic benefit cards.The cash was often used to procure items prohibited for purchase using food stamps, such as alcohol. • From 2003-2006, Apolinar Collado rang up more than $1.6 million in fraudulent food stamps at six different Connecticut convenience stores.This was after he was convicted in 1998 and served 18 months in prison for defrauding the federal food stamp program. An illegal alien, Collado was deported after his 1998 conviction. Not only did he manage to re-enter the US after his deportation, but he was also able to set up an even more extensive food stamp fraud operation starting in 2003 using “straw” owners and operators of several stores. Incredibly, four stores operated at the same location. Each time the store was disqualified from the federal food stamp program for suspected abuse of the food stamp program, it was “sold” to a new Collado-recruited straw owner, and the scam continued.
  • 4. 2 • A Dearborn, MI, man was one of eight people charged in a federal crackdown on food stamp fraud.The ringleader, Jihad “Jim” Sayed, was indicted for allegedly redeeming food stamp benefits for cash and allowing food stamp benefits to be exchanged for items not authorized under federal regulations such as tobacco, liquor, clothing, house- hold appliances and furnishings.To date, the initiative, termed the Bridge Card Enforcement Team (BCET), resulted in 125 arrests, 169 search warrants, 98 guilty pleas, about $21.1 million in court-ordered fines and restitution, and $3.2 million in forfeitures. In each of these cases, the fraudulent owners and their associ- ates used multiple businesses, family ties, an active referral network, false documentation, and brazen disregard for law enforcement and regulators to facilitate long-running fraud schemes. One particularly insidious aspect of this type of fraud was exposed by the Chief of the FBI’s Terrorist Financing and Operations Section (TFOS) when he testified before the US House of Representatives, stating, “Within the United States, Hezbollah associates and sympathizers have engaged in a wide range of criminal activities to include money laundering, credit card fraud, immigration fraud, food stamp fraud, bank fraud and narcotics trafficking.” The food stamp program is so often exploited by terrorist organizations to finance their operations that the Investigative Project on Terrorism (IPT) established by terrorism expert Steve Emerson includes food stamp fraud cases as regular components of its weekly terrorist activity report. It is not uncommon to see these same store operators offering prohibited money laundering Hawallah services – the invisible black market currency exchange system that is favored by terrorist organizations – from the same stores. MovingBeyond‘PayandChase’toPrevention Using their ingenuity and flexibility, these groups take advan- tage of the federal government’s inability to connect the dots between state and federal government databases that contain such information as beneficiary and retailer information, retail store sales taxes, wage taxes, income tax, corporation records, driver’s licenses, business licenses, criminal records and depor- tations. Connecting the dots is what’s required to identify anomalies and fraud patterns, as well as match and link the malignant social network. It is often the patterns and conduct of the recipients and their relationships with the retailers that are the earmarks of a fraudulent food stamp ecosystem. What’s even more frustrating is that without the right analytical tools and insights, similar fraud schemes by other unidentified organized crime networks are underway today, flying under the radar of law enforcement. So if traditional methods and systems used by federal agencies aren’t enough to detect this scale of fraud earlier, what is? The answer is this: hybrid analytics that empowers law enforce- ment to go on the offensive with fraud operators – and do so without disrupting the efficient and timely delivery of the benefits. Using the fraud stories described above as an example, this paper will explore how your law enforcement or government agency can use multiple analytical methods to proactively identify crime rings in their infancy – and spare federal taxpayers billions of dollars misspent on spurious benefits payouts each year. The Goal: Detect Fraud Earlier In SAS’ experience working with government agencies, it’s clear that proactively identifying complex fraud schemes (and the criminals behind them) is only possible when agencies use a multifaceted, anti-fraud detection approach that combines sophisticated data integration with a hybrid analytical approach that includes: • Rules to filter activities and transactions for fraudulent behavior. • Anomaly detection to detect individual and aggregated abnormal patterns. • Predictive models based on known fraud cases so you can look for similar characteristics in future claims. • Social network analysis to identify relationships pertinent to fraud that would normally escape notice. This combination of data integration and a hybrid analytical approach is the key to uncovering crime organizations in the first few months of operation, which greatly limits potential losses to the government and taxpayers.
  • 5. 3 TheSAS® FraudFramework: ConnectingtheDotsforYou The SAS Fraud Framework is designed from the ground up to support this kind of hybrid analytical approach. Working behind the scenes, integrated SAS analytical applications quickly connect the dots for you in a variety of ways. Each strand of analytically determined connections represents another way of looking at any given fraud event as part of a potentially much larger threat. In this way, the SAS Fraud Framework’s applica- tions work together to: • Provide strategic insight into threats, trends and risks. • Deliver a holistic enterprise view of fraudulent behavior. • Rapidly test, simulate and deploy models/rules without dependence on IT. • Support prepayment detection and prevention. The various analytical techniques of SAS’ hybrid approach are summarized in Figure 1 below. UsingaHybridApproachforFraudDetection Employer Data Application Data Deceased Persons List Known Bad Lists Incarcerated List Payments IRS/State Agency Third-Party Data Enterprise Data Suitable for known patterns Suitable for unknown patterns Suitable for complex patterns Suitable for associative link patterns Rules Rules to uncover known fraud behaviors Examples: • Inaccurate eligibility information. • Direct mismatch across data sources. • Benefit does not match service requested. • Reporting more benefits provided than can exist. Anomaly Detection Uncover unusual behaviors Examples: • Abnormal service volume compared to similar providers. • Reported income inconsistent with peer group demographics. • Current utilization inconsistent with prior history. Hybrid Approach Proactively applies combination of all four approaches at entity and network levels Predictive Models Identify attributes that differentiate known fraud behavior Examples: • Like patterns of claims as known fraud. • Like behavior patterns as known fraud provider. • Like network growth rate (velocity). Social Network Analysis Knowledge discovery through associative link analysis Examples: • Beneficiary associated with known fraud. • Identity manipulation across employers. • Collusive networks of recipients and store owners. USING A HYBRID APPROACH FOR FRAUD DETECTION Figure 1: Key components of the SAS® Fraud Framework. ApplyingtheSAS® FraudFramework toCasesof FederalSubsidyAbuse So exactly how could the SAS Fraud Framework have helped law enforcement identify the kinds of crime rings plaguing the USDA’s food stamp program faster and earlier? First, let’s look at this from a high-level perspective to demonstrate the various capabilities supported by the framework and their potential value – specifically through its ability to provide: • Improved data integration. • Rules-based algorithms. • Anomaly detection. • Predictive models. • Social network analysis (SNA).
  • 6. 4 Capability Explanation Business Cases From the Food Stamp Fraud Cases Improved data integration Enables you to bring together data from a wide variety of third-party data sources and combine it with federal agency data on a national level. SAS Data Integration also includes sophisticated matching functionality so you can quickly identify missing and nonstandard data, including unstructured data from call center and investigator notes. Identification of deceased beneficiaries. Identification of beneficiaries with known fraudulent history in other government agencies. Identification of false storefronts and inappropriate addresses (e.g., UPS stores or apartment buildings) not identified with legitimate businesses. Rules-based algorithms You can create rules to detect known types of fraud or abuse based on specific patterns of activity. Flagging a store owner versus an agency-approved list of benefit providers. Flagging a beneficiary on incarcerated or deceased persons lists. Flagging benefits provided by a store that was recently instituted or changed its place of service (e.g., a store changed location in January and benefit was provided for an old address in March). Anomaly detection Using distributional analysis, you can analyze variables to identify which applications and beneficiary patterns are extreme outliers relative to others being processed. These outliers warrant additional scrutiny. The average transaction amount by store exceeds the norm or has spikes over time. The average number of transactions exceeds the norm for a particular geographical area. The average frequency of benefits provided to a particular individual exceeds the norm. Predictive models Using insights gained from known fraudulent behavior, you can create formulas that will enable SAS software to score transactions or beneficiaries for the probability of fraud. Probability of a phony storefront, based on statistical correlation with facts present for other phony storefronts that have been shut down. Probability of a compromised beneficiary ID, based on known stolen IDs in past claims. Probability of fraudulent behavior based on profile of similar fraudulent behavior patterns. Social network analysis (SNA) Analyze social networks with link analysis, which uses statistics to assign probabilistic associations between entities. For example, by analyzing names, addresses, bank account numbers, dates of birth, SSNs and more, you can identify potential fraud rings that would otherwise appear to be disparate actors. Linkage of multiple phony storefronts owned by several individuals with similar names and shared beneficiaries and spouses. Suspicious linkage between store owners with different names but same addresses and bank account numbers. Suspicious linkage of beneficiaries to known convicted benefit program fraudsters. The following table summarizes this value.
  • 7. 5 data sources – for example, by matching deceased or incar- cerated store owners, deceased beneficiaries, invalid social security numbers, and family relationships across store owners. DataCleansingandQuality The SAS Data Quality Solution provides an enterprise solution for profiling, cleansing, augmenting and integrating data to create consistent, reliable information. With the SAS Data Quality Solution, you can automatically incorporate data quality into data integration and business intelligence projects to dramatically improve returns on investigations and analyses. For example, you can profile, monitor and actively manage the quality of data being collected from various sources, as well as integrate and standardize data across multiple systems.The software also allows you to define data correction rules to reflect organizational changes and cleanse data. As a result, you can provide investigators with trustworthy information needed to make informed decisions regarding what to investigate. How would this solution have helped investigators uncover Collado’s fraud earlier? Often, when a suspect is filling out a form, certain information is intentionally left out.The intent is to have the processor fill in the information or to omit informa- tion that could link the investigator to the suspect. As the data cleansing and quality process is conducted, users can analyze the cleansing process to uncover trends in the application process. For example, a fraudulent suspect may always omit answers in boxes 7, 14 and 21 on a specific form. Knowing this trend, when an application is missing answers to 7, 14 and 21, it can be tagged as suspicious. In the case of Collado, identifying trends in the quality of the various phony convenience store applications could have tipped investigators to take a closer look at the six different storefronts that he established. ProbabilisticMatching The methods of crime rings defrauding federal subsidy programs tend to rely heavily upon the fact that it is difficult for agencies and investigators to link names and aliases between disparate data sources and match them to other data, such as Social Security numbers (SSNs).To address this fraud opportu- nity, agencies and investigators need to cleanse data and create soft links between public data and internal sources, generating matches based upon names and other identifying information – even when hard links aren’t available, as is often the case with publicly available data. For example, it would be inconceivable to publish an individual’s SSN and beneficiary information next to other information in a public data source, such as addresses and phone numbers published in local phone books, yet these linkages must be made by agencies to identify potential fraud. SAS technology can deliver these capabilities by taking a three- pronged approach that includes: • A data repository that aggregates and integrates data from many sources and creates a solid foundation for rapid, comprehensive analysis. • Sophisticated analyses for powerful fraud detection and prevention. • Fraud reporting via business intelligence visualizations that give you data you can act upon. The Foundation: A Solid Data Repository As with any analytics solution, bad data means inaccurate, incomplete insights – hardly useful for investigators of major fraud schemes. One of the reasons the criminals in these stories were able to perpetrate their crimes for so long was due, in part, to data that was fragmented across public and private data sources and systems; no one had ever looked at available data holistically and connected the dots. That’s why the SAS Fraud Framework runs on a solid data foundation enabled by SAS’ world-class data integration tech- nologies for data quality and integration. SAS Analytics can make the intelligent linkages between currently disparate data sources and use them to help you quickly identify instances of potential fraud. DataIntegration With SAS data quality and integration tools, you can merge any public and private data sources and have a complete data set to analyze and connect the dots. By melding public data – benefi- ciary and retailer information, retail store taxes, wage taxes, income tax, driver’s licenses, business licenses, criminal records, deportations – you can use analytics to integrate and then corre- late the data points to reveal the larger picture. For example, in the Apolinar Collado example mentioned in the Executive Summary, even simple public data, such as resi- dential and commercial phone directories, Google maps, or criminal conviction records, could have been integrated and used to identify those addresses and phone numbers clearly not associated with legitimate convenience stores. Analytics provided through the SAS Fraud Framework could then be used to thoroughly screen store applications at their enrollment, thus barring Collado at the point of entry into federal programs. SAS data integration tools could also automate the process of making the millions of intelligent linkages between the various
  • 8. 6 automate the extraction and integration of call center data (one example of unstructured text) with the claims and benefits payment data to quickly detect new patterns that indicate potential fraud. Fraud Detection: A Proven,Hybrid Solution After agencies have a solid data foundation, they can apply analytics to identify patterns, trends and other outliers that are associated with likely fraud operations. But it’s important to note that no single detection technique is capable of system- atically identifying large, collusive rings like those described in the stories discussed previously. Only through the combina- tion of multiple analytical approaches could the perpetrators of these crimes have been detected without insight from an inside informant. For example, rules and anomaly detection cast the net wide, resulting in too many false positives. But when combined with predictive modeling, which improves accuracy, you can signifi- cantly reduce the frequency of false positives to improve inves- tigator efficiency. Finally, you can layer on link analysis to ensure that all potential parties involved in a scheme are properly considered before they are determined to be an outlier or not. SAS recommends agencies take a hybrid approach, which integrates knowledge of existing schemes, powerful predic- tive analysis capabilities, and modeling of relationships among entities in the benefits system to recognize fraud earlier in the process – and even stop it before it occurs. While each method is limited when used separately, together they present a formi- dable deterrent to fraud that would have led to the detection of these crime rings much, much sooner. Rules-BasedAlgorithms Rules-based systems test each transaction against a predefined set of algorithms or business rules to detect known types of fraud or abuse based on specific patterns of activity. For example, a rules engine may have alerted or rejected the $1.6 million of food stamp claims made by Collado. At the time the fraudulent activity was committed, Collado was: 1) a known felon convicted for defrauding the federal food stamp program, and 2) an illegal alien. Rules that identified known convicted federal food stamp criminals and/or immigration violations would have detected Collado before the $1.6 million benefit payments were sent. Agencies also need to fully exploit hard linkages between data, such as SSNs and tax identification (TIN) numbers associated with businesses, to enable fast, easy connections among dispa- rate data sources. The problem is that different agencies store these hard links in different ways. An SSN could be saved as a string of numbers in one table, but in another table, contain hyphens to separate it into a string of two, three or four groups of digits. To make connections between data sources, these variations must be identified and resolved. Complicating matching efforts further are instances of incom- plete or missing information between data elements. For instance, SSNs could be used to match most of the TINs among the data sources, but if SSNs are missing from a number of benefit claims, the links among data sets will be incomplete. Alternatively, the SSN could be complete in one source, while only the last four digits are stored in another source. In both of these cases, hard linkages are not available, but there are still a number of data elements for powerful analytical tools to uncover soft matches between the data with a certain degree of confidence. The SAS Fraud Framework easily identifies each convention and standardizes these linkages based upon one convention. It also provides matching based upon international naming standards to create these linkages between even the most difficult of names. Integrationof UnstructuredContent Rich but seldom exploited data sources – call center data, oper- ative notes (such as Agent McClutchey’s notes mentioned in the Executive Summary), investigator notes and death certificates – are considered unstructured since the information they contain is not stored in a tabular format. Most organizations are inca- pable of integrating unstructured data in an automated fashion, let alone using that valuable information in analysis or investiga- tions. If agencies and investigators had been able to integrate unstructured data from a variety of sources, investigators could have uncovered the patterns of suspicious behavior in the food stamp fraud rings more easily. By using this unstructured data, the entire beneficiary population could have been transformed into potential tipsters of fraud. For example, by using the SAS Fraud Framework to analyze fraud hotline data from various states, as well as calls from the phony convenience store owners to assess or test reimburse- ment thresholds and fraud tactics, agencies could have identi- fied the Jihad “Jim” Sayed fraud ring sooner. SAS software can
  • 9. 7 AnomalyDetection With anomaly detection, you can normalize events and set thresholds to identify outlier behavior. Using distributional analysis, you can then analyze variables to identify claims and practice patterns that are extreme outliers relative to the rest of their respective distribution. In this manner, you can use statistical outliers to identify new patterns of fraud that are otherwise unknown. Valueasafrauddetectiontool In the case of the four Albany convenience stores, use of anomaly detection on variables such as average transaction dollar amount may have unearthed the fact that the conve- nience stores were billing for services that were not actually provided. In addition, anomaly detection may have red-flagged convenience stores submitting an unusual number of claims in a given time period or upon startup relative to their peers. Other examples of anomaly detection include a comparison across other stores in the area or detection of instances where the number or frequency of benefits to certain individuals exceeded the norm. Whyitmustbepartof ahybridapproach However, using anomaly detection alone to identify outliers presents some limitations: • Like the rules-based approach described above, too many false positives make it difficult for an investigator to distin- guish between a legitimate provider and a criminal. For example, a store located next to a homeless shelter may legitimately process a higher number of transactions than the norm, yet current anomaly detection capabilities would identify this store as a potential fraudster. • Fraud rings are well aware of threshold detection and can alter their behavior to elude anomaly detection by setting up multiple stores – each billing separately and under the radar. Collado was clearly aware of the thresholds for becoming a statistical outlier. His awareness was evidenced by the fact that he set up several straw owners and operators then “sold” the business to another recruited straw owner when the store was finally disqualified. He would then transfer the money to other bank accounts just before federal agencies had the opportunity to investigate them further. For these reasons, anomaly detection is very valuable, but it is insufficient by itself to detect all possible instances of fraud. Valueasafrauddetectiontool Business rules such as checking incarcerated lists, immigration status, deceased persons lists, known bad lists, etc., can be used to alert investigators to claims that are obviously fraudulent. Similarly, transactions can be red-flagged if the benefit provider recently changed place of business, address or provided a similar service to multiple family members within a narrow time frame – or, if a large number of claims happen immediately following a recent change in location or enrollment. Whyitmustbepartof ahybridapproach However, a rules-only approach presents multiple limitations: • Known fraud and improper payments must be specifically enumerated and added to the business rule repository. As soon as rules are created – and fraud rings “test” to verify their existence – fraudsters can vary their billing habits and behavior to elude rule detection. In other words, professional fraudsters can easily game the system by playing according to new and undetected rules. • It is next to impossible to create a rule for every type of fraud scheme known. There are simply too many permutations of potential types of fraud – and therefore types of rules – to catch every instance of fraud. • Some fraud can look legitimate if only a rules-based approach is used. In the Sayed example, the benefits were correctly redeemed. However, the correct benefits were never rendered but instead, exchanged for tobacco, liquor, clothing and household appliances. In short, it was still fraud, but rules would not have caught it. • Rules engines may uncover large numbers of suspicious claims, many of which will be false positives that create a distracting level of noise. So while a rules-only analytics approach may have ultimately identified the fraudsters in each of the examples shown here, used independently, it may have disrupted operations for legitimate providers and cost federal agencies a great deal of money to manually review unnecessary alerts. For these reasons, rules-based algorithms must be combined with other analytical methods that can cover these gaps and enable early detection of fraud.
  • 10. 8 • Probability of a compromised beneficiary ID: Again, with rules and anomaly detection alone, federal agencies would be uncertain about how to differentiate between legitimate services that beneficiaries actually received versus services that were never rendered but were ultimately paid for. In many cases, an individual beneficiary could be receiving legitimate services from honest providers while at the same time, a criminal ring could be billing for services that were never rendered to that person, as in the Sayed example.To distinguish between them, a predictive model could be used at the beneficiary level (to indicate normal and likely behavior patterns) or at the provider level (by modeling other fraud rings that operated with stolen beneficiary IDs). Whyitmustbepartof ahybridapproach However, using predictive modeling alone has limitations as well. Predictive modeling only profiles known behaviors. Although models can adapt quickly to new schemes as they emerge and can be used to detect abnormal behavior, they identify individuals (e.g., providers or beneficiaries) and do not connect high-scoring individuals with low-scoring individuals who may be part of a fraud ring. SocialNetworkAnalysis(SNA) Social network analysis, also known as linkage analysis, combines the connections established between disparate source data and groups of potentially fraudulent actors into a single, malignant social network. Entities may include locations, service providers, beneficiaries, family members of fraudsters, addresses or telephone numbers, to name a few. In the past, constructing networks manually has been quite labor-intensive, and only highly skilled investigators working with manual tools, push pins and string used over long time periods have been able to identify enterprise-level activity. However, social network analysis can be fully automated, with the system continuously updating the interrelated networks and rescoring for fraud. As such, identification of a single suspicious activity or entity in the ring can expose an entire network of highly collusive behavior. Valueasafrauddetectiontool Social network analysis establishes frequencies among the various linkages of entities in the network and then runs those linkages back through anomaly detection and predictive modeling to identify collusive networks that are statistically unusual.This is a powerful tool to facilitate early identification of collaborative fraudulent networks, as it enables program PredictiveModeling Predictive modeling tends to be more accurate and reliable than other analytical methods for fraud scheme discovery. Predictive modeling looks at past behavior (fraud incidents) and determines which variables (frequency of claims, dollar value patterns, region, etc.) have the most impact on the outcome (the fraud incident).You can combine the strongest variables into an algorithm that can be applied to current data to determine where otherwise undetectable patterns are occurring. By doing so, you can calculate a score or likelihood, making it possible to determine where fraud is more likely to be occurring. Valueasafrauddetectiontool With predictive modeling, you can detect even slight varia- tions between fraud schemes, enabling investigators to better understand how fraud morphs over time and across geographic areas. Predictive modeling is also superior to a rules-only approach in that the investigator need not define specific criteria that can easily be evaded. Rather, predictive modeling lets the data drive the identification, combination and weighting of the parameters that contributed to fraudulent activity. As a result, fraud schemes can be discovered based not only on front-end assumptions on the part of the investigators, but also on what the data and models score as potentially fraudulent. In addition, beneficiaries, stores, store owners, etc., scored by the predictive models can be prioritized in terms of likelihood of fraud or the dollar amounts associated with the scheme, thus reducing false positives and letting investigators focus on only the most important fraud cases first. The following are examples of predictive models that may have been employed to identify the fraud schemes mentioned in the Executive Summary: • Alerting investigators to a potentially fictitious/phantom storefront: With rules and anomaly detection alone, federal agencies could not – with a high degree of certainty – differ- entiate between new stores that are legitimate and those that are phantom storefronts established for fraud. Using predic- tive modeling, federal agencies could analyze patterns in the data from past phony storefronts that were opened for a short period of time, experienced high utilization and were then promptly shut down. Agencies could then overlay that formula on new stores to predict which ones are most likely to be fraudulent (and later shut down).
  • 11. 9 analysis with rules, anomaly detection and predictive modeling, investigators can go beyond the typical view of fraud to see a bigger picture, including related perpetrators, and to gain a clearer understanding of all the activities and relationships at a network level. The hybrid approach also gives investigators a better understanding of emerging threats so they can take action to prevent substantial losses before they happen. Fraud Reporting: Business Intelligence That Provides Data to Act Upon The final element of a successful fraud detection and preven- tion solution is business intelligence software, which generates reports that turn analytical results into real and useful insight. Consider the power of providing investigators with social network analysis that is presented in a graphical manner, as illustrated in Figure 2. These graphics show how SAS Business Intelligence software instantly displays the relationships of an entire network. The red background of certain icons immedi- ately focuses the viewer’s attention on those individuals whose activities and circumstances have been flagged as suspicious. Time sliders show the development of the network over time. And investigators can easily peel back the investigation to uncover previously unknown suspects related to the network. managers to act early to limit losses, prioritize their efforts and aggregate losses to enable high-impact prosecutions. Social network analysis could have been employed to identify the fraud schemes described in the Executive Summary in the following ways: • The Albany crime ring was created using multiple store- fronts, not only to maximize illicit revenue, but also to mask fraudulent behavior on the part of any one store. Social network analysis would have identified that multiple stores were owned by several individuals with similar names and that they shared in a large percentage of similar customers who (not coincidentally) all were paid unusually high average transaction amounts at the four stores. • Using link analysis on the address of each store, social network analysis would have also uncovered that four of the stores in the Collado crime ring were at the same location. • Had it been available, social network analysis could have identified the unusual connections and relation- ships between the 125 individuals arrested in the Sayed crime ring. Whyitmustbepartof ahybridapproach Social network analysis provides a holistic view of fraud. Typically, organizations only look at individuals and account views to analyze activities. By combining the social network Figure 2: Example of SAS® Social Network Analysis. SocialNetworkAnalysis
  • 12. 10 Figure 3 provides an example of a typical alert queue – some- thing familiar to most fraud investigators.This investigation tool displays the results of the SAS advanced analytics and hybrid approach, as discussed above.The tool is highly customizable – in this instance, it displays the most pertinent information to the fraud investigator to facilitate decision making or alert triaging. The software also provides capabilities for scoring, de-duping, prioritizing and routing pertinent alerts to appropriate resources, as well as a description that gives more detail on why the alert was generated. Note that the graphics show what the average transaction looks like (what’s shown in blue) compared to the transaction in question (what’s in red). Color coding helps investigators immediately focus on the attributes of a transac- tion that is likely fraudulent. Figure 3: Example of analytically generated fraud alerts. AlertDetailPage SAS® SolutionsTailoredtoIdentifyFraudin DiverseGovernmentAgencies To maximize the effectiveness of any fraud detection and elimination workflow,the SAS Fraud Framework is customized to meet the needs of different government agencies. These tailored solutions,which use what has already been done for different industries, address fraud in the following areas: • Insurance. • Welfare and social services. • Medicare and Medicaid. • Tax. • Unemployment and workers’ compensation. • Grants and purchasing.
  • 13. 11 IntegratedCaseManagementFunctionality The workflow powered by the SAS Fraud Framework can be integrated with SAS Enterprise Case Management, which empowers investigators to make full and effective use of the analytical data and insights. As you know, case management is the backbone of documenting investigation processes, expo- sures and losses regarding any type of financial crime that may pose a risk to an organization. It is also relied on to provide information for financial reporting (e.g., fraud losses) and is the primary resource for filing regulatory reports to government agencies. In addition, the disposition of cases under investiga- tion is critical to enhancing an organization’s future monitoring and overall operational efficiencies. SAS Enterprise Case Management enforces best practices and proper gathering of evidence and can greatly reduce the cost of investigations. It provides a structured environment for managing investigation workflows, for attaching comments or documentation, and for recording financial information, such as exposures and losses.The solution also provides advanced dashboards that go beyond providing traditional operational performance metrics to enable management oversight and analytical reporting. And dashboards also let users track the performance of investigative functions and trends related to financial crime exposure. SAS®: Enabling a 24/7 Fraud Detection Workflow As illustrated below in Figure 4, the SAS Fraud Framework leverages all of the capabilities described above to support an integrated workflow for analyzing data as it comes into the inte- grated data source and for detecting potential fraud in near-real time. Data from a wide variety of operational data sources is aggregated to create a single, clean data source that’s opti- mized for analytics: • On the left, data from a wide variety of sources is integrated, centralized and cleansed. • Data is then dumped into the SAS Analytics engine for analysis and alert generation (as illustrated in the blue box). • Results of analytics are then detailed in business intelligence reports and alerts (as shown in the lower right-hand box). • The framework also allows you to package the results into a case management system. The most important step in the process is the learn-and-improve cycle: Results are fed back into the system to tweak the models and rules for improved results and reduced false positives. Figure 4: Workflow powered by the SAS Fraud Framework. Alert Generation Process Business Rules Learn and Improve Cycle Analytics Anomaly Detection Predictive Modeling Network Rules Network Analytics Alert Management & BI / Reporting Case Management Alert Administration Fraud Data Staging Exploratory Data Analysis & Transformation Transactions Entities Internal Data External Data Intelligent Fraud Repository Operational Data Sources SAS® Social Network Analysis PROCESS FLOW SAS® FraudFramework Process Flow
  • 14. 12 ASystemforContinuousLearning andImprovement The SAS Fraud Framework is also a system for continuous learning and improvement, which is essential. Since fraud schemes evolve and morph over time, prevention and detec- tion software must evolve and morph with them. Each time an alert is triggered or a vendor eligibility referral is passed, the results are stored within the Intelligent Fraud Repository as known outcomes. The predictive models used in the framework access this repository of known outcomes as they apply analytic approaches used in the hybrid approach discussed previously. By registering and leveraging known outcomes in the reposi- tory, you can turn this into knowledge to stop future payments. Specifically, this feedback loop allows the SAS Fraud Framework to continue to learn and be more precise with risk scoring by raising more alerts on entities and networks that have attributes similar to confirmed, known bad actors. If this feedback loop is in place, the SAS Fraud Framework and associated analytical approaches never stop learning and evolving. As new schemes are detected and uncovered, this knowledge becomes part of the SAS Fraud Framework and is automatically and instantly applied in the future. In addition, the SAS Fraud Framework’s model management features an easy-to-use, graphical user interface that guides fraud analysts through a repeatable process for registering, testing and validating models. Model management function- ality also supports “champion versus challenger” capabilities so they can confirm best-fit models. Analysts can also analyze how models perform over time using a series of lift charts repre- senting result deviation and response stability. This analysis allows analysts to continuously monitor fraud model perfor- mance and determine when to reconfigure models. SAS® EnterpriseCaseManagementgives investigatorsmorepower,flexibilityand taskautomation,withouthavingtorelyon ITforsupport. The solution enables investigators to: • Receive alerts requiring investigation from multiple monitoring systems. • Review incoming items prior to creating or linking an incident to a case. • Customize activities and automate work- flows (can develop different workflows for different case types). • Assign activities in the workflow to individuals or groups of users. • Import existing records and historical information by custom ETLto prepopu- late customer fields and prevent rekeying errors. • Create,edit and view a case based on user permissions. • Classify cases by type,category and subcategory. • Attach documents,video files and other digital media to a case. • Set default fields and values on screens based on case type. • Create audit records containing user identification,a time stamp and date when actions are performed. • Generate batch files for regulatory reporting via e-filing.
  • 15. 13 SAS: Evolving Solutions to KeepYou One Step Ahead of Organized Crime Federal agencies providing subsidies to citizens and legal aliens must place themselves on the offensive by incorporating strate- gies and tools that make the commission of fraud a risky under- taking. SAS is uniquely positioned to team with federal agencies to make this happen. The SAS Fraud Framework provides an end-to-end framework for detecting, preventing and managing all types of abuse of federal subsidies and loan programs. Only SAS combines all of the approaches outlined in this paper in a single, integrated, commercial-off-the-shelf (COTS) software offering, providing improved efficiency and decreased total cost of ownership in implementing these capabilities. Furthermore, SAS is universally recognized as the worldwide leader of advanced analytics. SAS’ market share in predic- tive modeling alone is more than double its closest competi- tor’s. Only SAS can provide federal payers with an open, high-performance and scalable solution for implementing analytics throughout your fraud detection strategy at the point of provider and beneficiary eligibility screening, prepayment within the benefit payment system, or in post-payment review.
  • 16. To contact your local SAS office, please visit: sas.com/offices SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of SAS Institute Inc. in the USA and other countries. ® indicates USA registration. Other brand and product names are trademarks of their respective companies. Copyright © 2014, SAS Institute Inc. All rights reserved. 106036_S129353.1014