Social Network Analysis Approaches for Fraud Analytics

Social Network Analysis
Approaches for Fraud Analytics
Dr. Archisman Majumdar
Senior Manager, Mphasis NEXTlabs
NEXT labs

2
Introduction
The impact of fraud on organizations is becoming
increasingly costly. Every year financial institutions
lose millions of dollars in revenue to systematic
fraud. The emergence of new technologies and
forms of payments, as well as sophistications in
fraud, complicate the challenges faced by
organizations in creating effective fraud detection
strategies. Many of the existing techniques rely
solely on the business rules developed by experts,
which require great amount of user inputs, and
need to be constantly updated.
However, the ability to link multiple data sources,
analyze large volumes of data, and apply newer
algorithms on the transactions, provide
organizations an opportunity to capture, and
sometimes predict, fraud in a more efficient
manner. More recent analytics based approaches
include the use of descriptive & predictive
analytics, machine learning, and social network
analysis methods for fraud detection. This paper
discusses some of the key approaches and
developments in the use of social network
analysis in fraud detection and prevention.
FRAUD AND FRAUD ANALYTICS
Transactions
External
Sources
Social Data
Pattern Based Fraud
Detection - Train -
Predict - Feedback
Expert User
Feedback
Figure 1 Fraud Analytics System
Reports,
Scores, and
Alerts
Fraud is “an uncommon, imperceptibly
concealed, time-evolving and often carefully
organized crime which appears in many types of
forms” (Baesens, Van Vlasselaer, and Verbeke
2015). The definition highlights some of the key
elements of fraud and also points out some of
the major identification methods.
The classical approach to fraud identification relies
on creation of explicit rules (IF-THEN-ELSEIF-…)
based on the recommendation of experts. These
rules are developed and modified through their
collective field experiences. Nevertheless, over
time, due to the dynamic and sophisticated nature
of the frauds, the rules become complex and
difficult to maintain and implement (unless they
are very regularly updated). This is also a very
labor intensive approach requiring human
intervention at every stage of evaluation,
identification, and monitoring.
The availability of data from multiple sources,
and the ability of present systems to process
and analyze this data have provided new
opportunities for identifying fraud. As is apparent
from Figure 1 Fraud Analytics System, the use of
multiple data sources to identify patterns is one
of the cornerstones of a data mining approach to
fraud detection. Fraud analytics also provide a
potential to automate multiple stages of the
fraud detection, monitoring, and intervention
stages of a typical cycle.
HyperGraf combines data from multiple
sources, including credit scores, enterprise
transactional data, and social media to identify
and analyze fraud. One of the key methods used
in HyperGraf is network analysis for fraud
detection and the following section highlights
some of its key aspects.
NEXT labs

3
Network Introduction
Analytics in Fraud
Detection
Cognitive intelligence enables insurance Developing analytics - driven and people -
Visually explore
Represent
Store network the database and
companies Two key trends to in analyse the insurance data industry about are instructions
driven For an mechanisms auto
appropriate
insurance for claim,
relationships
application for
to
example, of th
Social
interactions Network Analysis,
in real one of
time the emergent as a network
database
identity and
the use of Big Data multi-structured to predict analytics, insights policyholder’s to business data decision processed
classify networks
scenarios at First Notic
data mining methods in fraud analytics, is a
propensity
technique and which an represents emphasis for fraud
the on based
entities omnichannel on voice, video,
as nodes customer This of Loss includes (FNOL) the facilitation and damage of real-time assessment
and relationships
and interaction. chat sessions,
between The transformation the
and
entities
by correlating
as of links. raw this data to correlation carried out. Suppliers for continuous are instructed insights, to carr
Apply social
Classify and
Present the
Representing data with the fraudulent relationships customer reveals a behaviour. lot more
network
information to knowledge to insights — and closed-loop out vehicle seperate repairs; learning these for information could risk in further an analysis, includ
algorithms to between routine easy to consume
information than simply listing out the properties identify fraud
ultimately insights-based decisions — has been self-service the involvement users interactive and of an Assessor.
manner dashboard-based
for the
links, cliques
possible fraud security analyst
of the Creating entities. a digital The analysis Customer of 360 links view and and partrers
configurable sources
facilitated by advances in the data sciences.
analytics, heat maps, KPI Grid
relationships enables the application of various
Insurers can create a customer footprint Figure 2 End-to-end
graph mining For insurers, algorithms competitive on the data source. advantage will be and From Views, fraud this analytics point, ad approach hoc the using customer analysis, social is Agile no longer Risk i
network analysis methods
correlation determined engine by their that ability takes to slivers adopt of and Reporting, the control and of the Intelligent insurer; the Discovery baton is hande
Traditional customer data mining data from techniques multiple rely interaction the Some
Exploration.
of
exploit advanced analytics techniques, and over
the
to the
popular
supplier
network
to manage
analytics
the remainde
statistical
channels
patterns
and
used
builds
for
an
identifying
accurate
fraud. methods used and their typical business use
their decision to institutionalise insights-based
customer of the repair process — and, therefore, th
Yet, given the uncommon, time-evolving, and cases for fraud detection are listed in the
profile for channel-specific product On-demand data transformation,
carefully decision concealed making nature as part of of fraud, their organisational customer experience. Other processes coul
these following figure –
methods recommendations. fabric. are often unable to The detect driver various for types this is on-demand be in play — data for instance, cleansing, fraud investigation
content
Networks visualization and ego-centric analysis
of frauds. integration Application of of a multiple number of graph customer analysis, self-service interface across the
• Displays relationship between selected alert and any other related alerts
algorithms touch-points can help in identifying throughout such the patterns
through link and nodes
Insights-driven decisions can claims transform enterprise, If the incident personalised was the customer’s interfaces, fault, and th
• Identify links with known (blacklisted) entities
by utilizing
process.
relationship
This
information
involves
in
complex
addition to
insurance enterprises by event providing user-assembled insurer might try solutions to entice facilitate an innocent easier Thir
Entity link analysis / entity resolution
the user level attribute information.
processing comprehensive, that accurate, correlates real-time, data actionable about • Detecting adoption rings Party in two mode (TP) networks of insurer insight-driven of people and into attributestheir decisions network and in a
• Identify rings in first party fraud collusions
In fraud customer insights detection, demographics about the people, interactions and transactions,
machines, and and significantly effort to reduce costs. learning If this time. fails, yet anothe
exchanges call centre can be data, viewed data as from heterogeneous
processes from interactions Web across browsing
Graph walking
multiple team
to identify
could
rings
be handling incoming claims from
networks with multiple participants. The number • Walk through the graph to identify rings
behaviour and online chat sessions, e-mail Natural Language Processing, emotion
of participants
channels.
are generally
Technology
huge, but the
today
kind of
enables • Identify paper rings
TP
of fraudulent
for damages.
collusions
Conversely, if the inciden
campaign data, data from display detection, microsensor analytics, Automatic
interactions enterprises among to the correlate individuals insights is generally from multiple was not the customer’s fault, subrogation o
Centrality measures
limited advertising, channels and known. and and Graph more. create analysis a single techniques view of the Content recovery Recognition, processes kick advanced in to establish decision a
• Ranking nodes based on various graph centrality parameters
• Identify leaders in fraud networks
can be customer. used further to identify suspicious
tree-based acceptance of visualisation, liability from the lifecycle TP befor
individuals, Developing groups, an enterprise-level relationships, strategy unusual that Snowball simulation, seeking method recompense and for Massively the cost of Parallel repair.
changes over time/geography, and anomalous • Identify suspects and recursively expand their connections using snowball method
aligns analytics programmes with key Processing (MPP) appliances such as
networks
Issues
within the
in
overall
the
graph
Insurance
structure.
Claims • Identify linkages to known (blacklisted) entities
business Process drivers
NoSQL Most insurers and Hadoop still operate need to a be dual explored signator
Peer group analysis
An The enterprise-wide typical claims process strategy in for the using case • of This technique for process, detects applicability abnormal so behavior that of a to target a business payment by comparing it with scenarios. input its by one The agen
peer group and measuring the deviation of its behavior from that of its peers
multi-structured personal insurance analytics is a complex is set key of to • Abnormal
events technical changes must when be compared challenges authorised to the peer group— by such a senior as managing colleague
generating that are disconnected value network and insights.
Network
distributed within large Specialist topologies datasets, - cliques Investigation and stars integrating Units with (SIUs) existing operat
• Any quantitative or qualitative features of a user behavior in online social
networks that
the insurance organisation. The problem is independently are inconsistent with the rest of to users cover can be considered fraud, anomalies theft, injury, an
• Anomaly Detection - Identify outliers in networks
compounded by the inclusion of numerous so on. For commercial or High Net Wort
Page-rank
internal and external partners who potentially claims, there is often the added complicatio
• The Page-Rank algorithm can be used to discover the critical accounts of the groups
• Collusive fraud
operate on different systems or platforms, of groups dealing with a broker or agent.
generating data in many formats.
Combining user level and network level features
• Combine user level attributes with network level attributes
• Identify conspired groups
NEXT labs

4
Challenges Introduction
to Network Analytics in
Fraud Detection
infrastructures, using systems effectively,
and Two so on key — trends need to in be the addressed; insurance so industry do are
people-related Network analysis the use of Big challenges
opens new
Data multi-structured such
avenues
as
for
skill
fraud
analytics,
detection. These can augment the existing
gaps
rule-based, and and emphasis the
and data-mining on management omnichannel of
approaches customer in the
cross-functional
organization. interaction. The teams.
While transformation network of raw analytics data to
techniques information promise to knowledge key breakthroughs to insights fraud — and
Designing detection,
ultimately governance there
insights-based
are certain structures decisions
key challenges
— for has been
analytics which make implementing network analysis in
facilitated groups by advances and policies in the to data ensure sciences.
Fraud detection difficult. These include -
data For security insurers, and privacy competitive advantage will be
The
• Emergent body of knowledge leading to
determined building by of their an ability insights-driven to adopt and
difficulties in identifying the correct methods,
organisation exploit their applications advanced mandates
and analytics the setting
interpretations. techniques, up of and
robust their policies decision and to institutionalise practices to ensure insights-based
• Requirements for novel data storage and
data decision security
ware house making and
methods. as part privacy
Traditional of their through organisational
databases
role-based fabric. are not security optimized integration, or designed for access network
control analysis policies, and operations. data masking New NoSQL and and
encryption, graph databases are often more suitable for
Insights-driven and Single decisions Sign-On. can transform
these operations.
insurance enterprises by providing
• High volume and variety of data which needs
comprehensive, accurate, real-time, actionable
to be processed.
insights about people, machines, and
• Many graph algorithms are ‘computationally
processes from interactions across multiple
intractable’, i.e., even though the problems
channels.
can be solved
Technology
in finite time,
today
the amount
enables
of
enterprises processing to required correlate make insights them infeasible. from multiple
•
channels
Retro-active
and
nature
create
of
a single
social
view
network
of the
customer. analysis which makes them less suitable for
prediction compared to other methods, such
as machine learning based approaches.
Issues in the Insurance Claims
Process
• Lack of automation in network analytics in
The
fraud
typical
detection
claims
and
process
the need
in
for
the
expert
case of
analysis and interpretations.
personal insurance is a complex set of events
that are disconnected and distributed within
the insurance organisation. The problem is
compounded by the inclusion of numerous
internal and external partners who potentially
operate on different systems or platforms,
generating data in many formats.
Conclusion
Addressing For an auto these insurance challenges claim, for example, require the
organizations policyholder’s to continually data is processed innovate at and First use Notice
new of systems Loss (FNOL) with specific and damage capabilities. assessments Some
solutions, carried like out. HyperGraf, Suppliers are provide instructed a platform to carry
for out guided vehicle analytics repairs; these in fraud could further detection. include
Nevertheless,
the involvement
the role
of
of
an
domain
Assessor.
experts and
data scientists in applying these methods are
often the key factors in the successful
From this point, the customer is no longer in
implementation of a fraud detection strategy.
the control of the insurer; the baton is handed
Reference
over to the supplier to manage the remainder
Baesens, of the Bart, repair Véronique process Van — and, Vlasselaer, therefore, and the
Wouter customer Verbeke. experience. 2015. “Fraud Other Analytics processes Using could
Descriptive, be in play Predictive — for instance, & Social Network fraud investigation.
Techniques.”
https://lirias.kuleuven.be/handle/123456789/500346
If the incident was the customer’s fault, the
insurer might try to entice an innocent Third
Party (TP) insurer into their network in an
effort to reduce costs. If this fails, yet another
team could be handling incoming claims from
the TP for damages. Conversely, if the incident
was not the customer’s fault, subrogation or
recovery processes kick in to establish an
acceptance of liability from the TP before
seeking recompense for the cost of repair.
Most insurers still operate a dual signatory
process, so that a payment input by one agent
must be authorised by a senior colleague.
Specialist Investigation Units (SIUs) operate
independently to cover fraud, theft, injury, and
so on. For commercial or High Net Worth
claims, there is often the added complication
of dealing with a broker or agent.
NEXT labs

5
Cognitive intelligence enables insurance Developing analytics - driven and people -
companies to analyse data about driven mechanisms for application of
interactions in real time to predict insights to business decision scenarios
propensity for fraud based on voice, video, This includes the facilitation of real-time
and chat sessions, and by correlating this correlation for continuous insights,
data with fraudulent customer behaviour. closed-loop learning for risk analysis,
self-service interactive dashboard-based
Creating a digital Customer 360 view
Insurers can create a customer footprint
correlation engine that takes slivers of
configurable analytics, heat maps, KPI Grid
and Views, ad hoc analysis, Agile Risk
Reporting, and Intelligent Discovery and
customer data from multiple Archisman interaction is a Senior Exploration. Manager at Mphasis NEXTlabs. At Mphasis,
channels and builds an accurate
he conceptualizes,
customer
develops, and leads multiple products in the analytics
R&D space. He has extensive experience in the IT industry at various
profile for channel-specific project product management, On-demand research, and engineering data roles. transformation,
recommendations. The driver for this is on-demand data cleansing, content
He holds a PhD from the Indian Institute of Management Bangalore
integration of multiple (IIMB) customer in the Quantitative analysis, Methods self-service and Information interface Systems across area, the and
touch-points throughout the was a claims visiting researcher enterprise, at the IT personalised University of Copenhagen interfaces, during and his
PhD. His areas of expertise are business analytics, social media, product
process. This involves complex event user-assembled solutions facilitate easier
management, and information systems research.
processing that correlates data about adoption of insight-driven decisions and
customer demographics and transactions, significantly reduce learning time.
Dr. Archisman Majumdar
call Senior centre Manager, data, Mphasis data NEXTlabs from Web browsing
behaviour and online chat sessions, e-mail Natural Language Processing, emotion
campaign data, data from display detection, microsensor analytics, Automatic
advertising, and more.
Content Recognition, advanced decision
tree-based visualisation, lifecycle
Developing an enterprise-level strategy that simulation, and Massively Parallel
aligns analytics programmes with key Processing (MPP) appliances such as
business drivers
An enterprise-wide strategy for using
NoSQL and Hadoop need to be explored
for applicability to business scenarios. The
multi-structured analytics is key to technical challenges — such as managing
generating value network insights.
large datasets, integrating with existing
About Mphasis
Mphasis is a global technology services and solutions company specializing in the areas of Digital and Governance,
Risk & Compliance. Our solution focus and superior human capital propels our partnership with large enterprise
customers in their Digital Transformation journeys and with global financial institutions in the conception and
execution of their Governance, Risk and Compliance Strategies. We focus on next generation technologies for
differentiated solutions delivering optimized operations for clients.
For more information, contact: Nextlabs@mphasis.com
NEXT labs