sunz 2011 - suren de silva - sas fraud
Post on 19-Oct-2014
1.015 Views
Preview:
DESCRIPTION
TRANSCRIPT
Copyright © 2010 SAS Institute Inc. All rights reserved.
Fraud, Waste & AbuseThe value of a “hybrid approach” Suren De Silva – Solutions Manager Financial Crimes
2
Copyright © 2010, SAS Institute Inc. All rights reserved.
Fraud – A Constantly Evolving Threat 'Greatest threat to human health' SMH - February 16, 2011
Bacterial strains have mutated and are now resistant to the most powerful antibiotics
The increasing ineffectiveness of antibiotics is putting complex medical treatments at risk
Fraud like “resistant” bacteria a complex, evolving threat Traditional approaches are increasingly ineffective A more holistic, hybrid approach is required !!!
3
Copyright © 2010, SAS Institute Inc. All rights reserved.
Three best practice approaches
1. Reframing the “Fraud” business problem2. Adopting a “hybrid” approach to detection3. Utilising analytics across the business
process
4
Copyright © 2010, SAS Institute Inc. All rights reserved.
So what ? More fraud identified
50% plus lift in accurate detection over traditional methods
Reduction in false positive rates A leading bank in Australia reduced false positive rates in its cheque
fraud rates by 95% while increasing detection by 400%
Improved investigation efficiency Each referral taking 1/2 – 1/3 the time to investigate
Significant increase in ROI per investigator Combining effects of lower false positives with prioritization of higher
value referrals and faster more accurate investigation of referrals
5
Copyright © 2010, SAS Institute Inc. All rights reserved.
Agenda
Fraud – “An evolving threat” Ineffectiveness of traditional approachesBest practice approachesQuestions
Copyright © 2010 SAS Institute Inc. All rights reserved.
Fraud - “An evolving threat”
7
Copyright © 2010, SAS Institute Inc. All rights reserved.
The evolving nature of fraud Fraudsters
Far more sophisticated – organized crime, patient, sharing High velocity of attacks – Fraudsters disappear after 2-3 claims Hitting multiple channels and products at the same time Leveraging knowledge of detection systems and recruiting insiders Continuously evolving fraud strategies More organised – local and global – Web 2.0 and beyond allow virtual
syndicates – collaboration on the shadow net Mediums’ Expanding
Exploding with Computers and the Digital Age Faster systems – payment, loan, etc. – more real time
Phishing, skimming, synthetic identities, social engineering, etc. Landscape Changes
Global Economy – External and unknown – hard to prosecute Economic changes – white collar, financial distress
8
Copyright © 2010, SAS Institute Inc. All rights reserved.
inetOrgPerson
inetOrgPerson
inetOrgPerson
inetOrgPerson
inetOrgPerson
Person 1
Person 1
Person 1
Work Visa
Migrant
Tourist 1
Tourist 2
Risks assessed along narrow lines
Organisation staff and siloed systemsOffenders
Bus. Migrant
Risk Management – Traditional Approach
9
Copyright © 2010, SAS Institute Inc. All rights reserved.
inetOrgPerson
inetOrgPerson
inetOrgPerson
inetOrgPerson
inetOrgPerson
Organizational Person
Organizational Person
Reality Today !
Organised crime is taking advantage and freely moves across the silos using counter intelligence, mules, technology and resources
Bank / Insurance Co / Government Agency
Offenders
Copyright © 2010 SAS Institute Inc. All rights reserved.
Ineffectiveness of traditional approaches
11
Copyright © 2010, SAS Institute Inc. All rights reserved.
1. Provide a skewed picture of risk
Consider this… A process identifies non-state individuals conspiring
against the government based on: The contents of their communications Their communication methods of choice The frequency of their interactions
If the individuals are conspiring, 99% of the time the test will be positive
If the individuals are not conspiring, 99% of the time the test will be negative
12
Copyright © 2010, SAS Institute Inc. All rights reserved.
So we execute!
The test is put into production A collection of individuals are identified as conspiring
against the government The test is known to be 99% accurate, so enforcement is
mobilised and set into action
Pretty conclusive, right?
It may be wrong as high as 99.99% of the time, despite being 99% accurate (Huh?!?)
13
Copyright © 2010, SAS Institute Inc. All rights reserved.
Here’s why …
Few people actually conspire against the government: Assume 1 / 500,000 people actually conspire Assume Australia’s population is 22 million
General formula: Population * (Incidence rate / Sample Population) * Test Efficiency
A positive result will be wrong in 99.99% of cases, despite the test being 99% accurate
Conspiring Not ConspiringPredicted Conspiring 44 220,000 Not Predicted Conspiring 0 21,779,956
14
Copyright © 2010, SAS Institute Inc. All rights reserved.
The Lessons
All approaches have strengths and weakness
If you rely too heavily on a single detection method, you will be wrong, catastrophically so at times.
15
Copyright © 2010, SAS Institute Inc. All rights reserved.
2. Static approaches in a dynamic environment
Consider this…
• To detect counterfeit credit card activity a bank through data mining creates a set of rules and red flags that indicate that the a card may have been “swiped” and counterfeited.
• These rules are to:• Address all customers• Across all states / provinces
16
Copyright © 2010, SAS Institute Inc. All rights reserved.
Result: 300% faster, 1000% difference
# Transactions
0 1 2 3 4 5 6
Analytic RulesStatic Rules
1000 % Difference in Loss
17
Copyright © 2010, SAS Institute Inc. All rights reserved.
The Lessons
Rules don’t work well with ‘context’, but they do provide a false sense of security.
Rule-based detection works great when your subjects maintain their behaviour and are happy to be observed. How often does that happen?
18
Copyright © 2010, SAS Institute Inc. All rights reserved.
3. Reactive – Focused on the past
“Past events predict future events”
2000
2011
19
Copyright © 2010, SAS Institute Inc. All rights reserved.
…Not Always !!
A completely reactive focus leaves you open to nasty surprises !
20
Copyright © 2010, SAS Institute Inc. All rights reserved.
Summary
Traditional detection approaches: Rely too heavily on a single or a few detection approaches Highly reliant on static rules or models Too often focused on the past
Potential outcomes include: High false positives Detection blindness = Increased risk of a catastrophic surprise Increasing costs to maintain and respond to dynamic fraud
threats
Copyright © 2010 SAS Institute Inc. All rights reserved.
Best practices in fraud management
22
Copyright © 2010, SAS Institute Inc. All rights reserved.
Three best practice approaches
1. Reframing the “Fraud” business problem2. Adopting a “hybrid” approach to detection3. Utilising analytics across the business
process
23
Copyright © 2010, SAS Institute Inc. All rights reserved.
Video (1 Minute)
http://www.youtube.com/watch?v=GiPe1OiKQuk&feature=related
…. We have known knowns, known unknowns, and unknown unknowns…. The same can be said about Fraud
24
Copyright © 2010, SAS Institute Inc. All rights reserved.
1. Framing the fraud problem
Best practice approach: “Detecting known risks as well as unknown risks”
25
Copyright © 2010, SAS Institute Inc. All rights reserved.
Look more broadly as well as deeply
Customer / Claimant / Passenger
Conduit
Collusion
Transactional
(Risk at a point in time)
Historical Profile
(Risk over time)
(Past behaviour)
Peer Group Profile
(In relation to others)
26
Copyright © 2010, SAS Institute Inc. All rights reserved.
Result: 32 times increase in fraud detected
SAS Approach
SAS subjected 6 years of historical data from 5 different source systems (including claims, payments, application, 3rd party, and fraud case data) to the predictive capabilities of the SAS Fraud Framework. Client investigators evaluated the solution results during a 3 week validation period against 3 main categories of cost avoidance: investigative efficiency, earlier detection of fraudulent providers & participants, and incremental detection of fraudulent providers & participants.
Business ProblemThe Department of Social Services of a large US County was being hit by fraud, waste, and abuse across their public assistance programs. The County engaged SAS to pilot the SAS Fraud Framework to determine if the data analytics and visualization solution could assist in proactively detecting both opportunistic and organized fraud in the Childcare program.
Results• 32 times increase in # of fraud rings detected
annually• Incremental estimated saving of $31.1M annually
27
Copyright © 2010, SAS Institute Inc. All rights reserved.
“Understanding and Framing the Fraud Problem”Entity or Network
Is the transaction or relationship focused at an entity level (1-1 relationship) or are multiple parties involved (network level)?
If it is entity focused, is there a collusive element to the fraud risk you are trying to manage?
Time scale Is the fraud likely to happen in a point in time (e.g. one off
bounced cheque) or likely to occur over time? (internal fraud) If over time do we expect changes gradual or sudden
changes over time?
Understanding the “Unknowns” What can I do to monitor the development of distinct
behaviour or network clusters? What can I do to monitor changes in the frequency and
nature of my “known” risks?
28
Copyright © 2010, SAS Institute Inc. All rights reserved.
2. Hybrid Detection – Use multiple methods
29
Copyright © 2010, SAS Institute Inc. All rights reserved.
Result: 57% lift over models used in isolation
SAS ApproachSAS subjected 4 years of historical data to the predictive capabilities of the SAS Fraud Framework. Client investigators evaluated the solution results during a 3 week validation period to identify incremental fraud detection at the claim and network levels, reduction in false positives, and enhancements to investigative efficiency.
Highlights• Advanced analytics drove 35%
better results than competition
• 57% lift over current process• Incremental estimated save of
$10.3M annually (for same # of annual investigations)
• 45% correct hit rate on claims
• 67% correct hit rate on provider networks
• 100% of WC and GL claims processed (~$16B claims)
Business ProblemA large US commercial insurer was incurring significant fraud losses across their lines of business. The insurer engaged 3 vendors in a competitive pilot to determine the solution that would provide the most lift over their current rules and models and enhance effectiveness of the triage and fraud investigation teams.
ResultsThe key client decisioning factors for vendor selection include:
• Incremental Detection: $10.3M annually (for same number of investigations)• ADVANCED ANALYTICS, allowing the appropriate prioritization of
investigator time and extraction of maximum value. Using SAS advanced analytics, SAS performed 35% better than all other vendors.
• OPEN ARCHITECTURE, allowing client to become self sufficient vs. other black box + services based approaches (self sufficiency can result in significant annual savings on services costs.).
30
Copyright © 2010, SAS Institute Inc. All rights reserved.
Utilising a hybrid approach
Selection of detection approach What are the strengths and weaknesses of the methods
chosen? What techniques / tools can I use to build in validation /
confirmation steps to improve detection accuracy?
Understanding “Unknown knowns” How can I use data mining and outcome data to uncover
currently “unknown knowns”? How can I use any insights to strengthen current detection
approaches?
Improving the value of monitoring “Unknowns” What methods / techniques can I use to enhance “anomaly”
detection analytics?
31
Copyright © 2010, SAS Institute Inc. All rights reserved.
Utilising analytics across fraud management process
Data
Data
Data
Data
Alert Manageme
nt
Case Manageme
ntData Access & Integration
Data Analysis
& Detection
3. Utilise Analytics Holistically
32
Copyright © 2010, SAS Institute Inc. All rights reserved.
Result: 75% reduction in false positives
SAS ApproachSAS applied a hybrid approach to analyze BB&T’s past investigations during the prior 6 months. Business rules were applied to normalize the database between relevant work items and irrelevant work items. A number of models were deployed with varying business objectives ranging from workload reduction to SAR retention.
Highlights• $1M savings in 1st year• Reduced work items by
75% with 97% SAR Capture
• Ability to auto-triage work items in objective and repeatable manner
Business ProblemBB&T wanted to apply advanced analytic techniques to learn from past investigations and SAR filings in order to improve the quality of SARs, improve the relevancy of work items to analysts, reduce false positives, and reduce staffing costs.
Results• Estimate savings of $1 million in first year based upon 25 investigators.• Deployed an operational process that is transparent, auditable, and explainable to
regulators.• Adopted a methodology that will scale as the institution acquires other banks.• Significant reduction of workload.• Improvement in SAR quality.• Reallocation of resources to high risk events.
33
Copyright © 2010, SAS Institute Inc. All rights reserved.
Identifying other points of value addFraud Management Stage
Specific Analytic Approaches
Primary Benefit(s)
1. Data ingestion 1. Name / entity resolution2. Text mining analytics3. Data quality4. Social Network
Analytics
1. Identifies anomalies earlier which drives incremental detection of fraud
2. Detection 1. Hybrid Analytics 1. More accurate detection
2. Earlier detection of unknown events
3. Alert management 1. Scoring models 1. Improved prioritisation
4. Case management 1. Scoring 2. SNA
1. Improved ability to detect complex fraud
5. Refinement 1. Data mining / model management
1. Lower false positives
34
Copyright © 2010, SAS Institute Inc. All rights reserved.
Key Points
Build a program around detecting both known risks but also monitoring environment for unknown risks
Build a process that uses a wide range of validating / confirming techniques
Consider using analytics more holistically in your operational process
Measure success by business outcomes, not models developed
top related