protecting your customer against fraud: the truth is ... · largest anti-fraud organization and...
Post on 23-Jul-2020
3 Views
Preview:
TRANSCRIPT
Protecting your Customer against Fraud:
the Truth is within your Systems
Patrick Risch CFE CIA CCSA
ACFE Chapter Belgium
Board member
Past president
Outline
Introduction
Fraud Risk Management
Fraud Detection
Examples and cases
Conclusion
DISCLAIMER
The views expressed in this presentation are the views of the speaker and do not
necessarily reflect the views or policies of any organisation of which the speaker is a
member.
The purpose of this presentation is to share ideas and promote discussion. Examples are
purely for illustrational purposes, and may have been modified or simplified in order to
clarify a point.
Neither the speaker, nor the company and organisations he belongs to, accepts
responsibility for any consequence of the use of (parts of) the framework presented
today.
However, we invite you to participate in the discussion today and later on.
Patrick Risch
patrick.risch@acfe.be
About the ACFE
The ACFE is the world’s
largest anti-fraud
organization and premier
provider of anti-fraud training
and education.
Together with nearly 70,000
members in over 150
countries, the ACFE is
reducing business fraud
worldwide and inspiring
public confidence in the
integrity and objectivity within
the profession,
About the ACFE
Certified Fraud Examiners
CFEs are anti-fraud
experts who have
demonstrated knowledge
in four critical areas:
• Fraudulent Financial
Transactions
• Fraud Investigation
• Legal Elements of Fraud
• Fraud Prevention and
Deterrence
About the ACFE
Report to the Nations on Occupational Fraud and Abuse
• Association of Certified Fraud Examiners
World Headquarters • The Gregor Building
716 West Avenue • Austin, TX 78701-2727 • USA
• (800) 245-3321 (USA & Canada)
(0800) 962049 (United Kingdom)
+1 (512) 478-9000 (International)
Fax: +1 (512) 478-9297
• www.ACFE.com
Outline
Introduction
Fraud Risk Management
Fraud Detection
Examples and cases
Conclusion
Most people are honest
some of the time.
Some people are dishonest
all of the time.
Some people are honest all
of the time.
Tommie Singleton, PhD, University of Alabama
Why do people commit fraud?
Some people are honest
most of the time. HonestDishonest
Situational
Conclusion
There will always be fraud …
• Mindset of people
• Pressure
• Opportunity
So we have to manage the risk
The earlier we detect it, the better
• Reputation
• Financial
Outline
Introduction
Fraud Risk Management
Fraud Detection
Examples and cases
Conclusion
What can we detect?
Can a perfect fraud be detected?
Fraudsters
rarely have an
Invisibility Cloak
… or a Licence
to Apparate
What can we detect?
So, what can go wrong
(for the fraudster)?
• Inherent risk
• You HAVE to cross the open spot to get to the money
• Error, mistake
• You didn’t notice you left a track
• Stupidity
• You just don’t care
What is Fraud Detection?
Following the tracks of the fraudster
Can we detect everything?
Anyway …
The truth is within your systems.
• All transactions leave a trace
• Is it possible to
distinguish fraudulent transactions?
An exception …
• Parallel transactions
• And even then …
Recognising the tracks
Learn from
the past
Use your
imagination
Focus on
distinguishing
factors
Outline
Introduction
Fraud Risk Management
Fraud Detection
Examples and cases
Conclusion
Fraud Detection
The hay
• 70.000 new mortgage loans
• 450.000.000 transfers
• 3.800.000 cheques
• 600.000 physical coupon payments
• 17.000 staff members
• 1.300 branches
• …
And what about the tools ….
You need tools to
• Obtain data
• Connect to external datasources
• Import datasets, possibly from legacy applications
• Analyse data
• Statistical analysis
• Link datasets
• Report on suspect transactions
• React
Specialised solutions
And what about the tools ….
Some dedicated data mining tools
• Generic
• Audit tools
- Increased complexity- Connections with external data warehouses- Audit trail- Need for security
- High degree of complexity- Interactions with core systems- Real time
All of you have a minimum set of data mining tools on your PC’s
Fraud Detection: Block Leave
HR policy: 1 period of 2 weeks consecutive leave is mandatory
• Existing control by HR
• Based on holiday request forms
• Is this control effective?
• Does it take into account deception?
Fraud detection
• Databases
• Holiday requests
• Transactions (including userID)
• Customer database
• Did anyone execute a transaction
while he was supposed to be on leave?
• If so: is this a high risk transaction?
ID Entity Date Type App AmtEur Age Risk Sleeping Begin End NbrOfDaysAbsence ReasonAbsence
733993 branch 1 9/09/2013 transfer UH 30.350,00 79 N 20/08/2013 13/09/2013 19 holiday
733993 branch 1 9/09/2013 transfer UH 30.500,00 79 N 20/08/2013 13/09/2013 19 holiday
650742 branch 2 23/09/2013 transfer UH 4.950,00 85 Y N 16/09/2013 27/09/2013 10 holiday
695010 branch 3 4/09/2013 transfer UH 20.757,32 82 N 21/08/2013 4/09/2013 11 holiday
730340 branch 4 3/09/2013 transfer UH 375,50 90 Y N 2/09/2013 12/09/2013 9 holiday
640192 branch 5 9/09/2013 transfer UH 18,38 79 Y N 26/08/2013 9/09/2013 11 holiday
699041 branch 6 3/09/2013 deposit cheque UH 446,44 81 Y N 2/09/2013 6/09/2013 10 holiday
698082 branch 7 17/09/2013 transfer UH 363,00 97 Y N 17/09/2013 6/10/2013 14 illness
701737 branch 8 14/09/2013 transfer UH 12,71 84 Y N 11/09/2013 20/09/2013 9 holiday
752440 branch 9 6/09/2013 cash withdrawal UH 300,00 85 Y N 19/08/2013 9/09/2013 16 holiday
718194 branch 10 2/09/2013 transfer UH 13.954,00 41 N 21/08/2013 6/09/2013 13 holiday
785484 branch 11 11/09/2013 transfer UH 20.000,00 61 N 11/09/2013 24/09/2013 10 holiday
782394 branch 12 2/09/2013 transfer UH 1.000,00 86 N 2/09/2013 20/09/2013 15 holiday
765952 branch 13 3/09/2013 transfer UH 12.500,00 N 3/09/2013 18/09/2013 12 illness
826560 branch 14 10/09/2013 transfer UH 50.000,00 67 N 4/09/2013 13/09/2013 9 holiday
783118 branch 15 23/09/2013 transfer UH 12.272,70 58 N 23/09/2013 27/09/2013 10 holiday
738130 branch 17 23/09/2013 deposit cheque UH 160.000,00 N 23/09/2013 6/10/2013 11 illness
738130 branch 17 23/09/2013 transfer UH 95.680,18 66 N 23/09/2013 6/10/2013 11 illness
738130 branch 17 23/09/2013 transfer UH 3.500,00 79 N 23/09/2013 6/10/2013 11 illness
785342 branch 18 17/09/2013 transfer UH 1.229,17 86 N 17/09/2013 6/10/2013 14 illness
785342 branch 18 17/09/2013 deposit cheque UH 10.050,00 N 17/09/2013 6/10/2013 14 illness
Employee Transaction Absence
Fraud Detection: block leave
Fraud Detection: Transfer Fraud
Fraudulent payment order
• Falsified paper form
• Virus
• Social Engineering
Determining Risk Criteria
• “unusual transaction”
• Non domestic
• Other channel
• Amount
• Communication
Fraud Detection: Transfer Fraud
Home-made detection
• Ex-post screening (D+1)
It’s better than nothing
• Too little, too late
• Rule based
Fraud Detection: Transfer Fraud
Looking for an alternative
• Online or real-time
• More complex algorithms
• More easily adaptable to changing patterns
• Risk based
Fraud Detection: Transfer Fraud
Development and implementation
Some issues
• Connection to legacy systems required to make
choices
• Incomplete phase I
• Data quality and availability
• Project management
• The danger of shortcuts
• Translating business requirements
Fraud Detection: Transfer Fraud
50% detectionrate
30.000 alerts for1 true positive
LegacyTool
90% detectionrate
100 alerts for1 true positive
Next Gen
Performance comparison: back testing on identical 3-month sample
Conclusion
• The truth is within your data
• Learn to recognise the footprints of the fraudster
• A lot can be done with “simple” tools
• When complexity and need for speed
increases, you may want to go
looking for dedicated, specialised tools
• But even then ….
the truth is in YOUR data
Appendix
Fraud Detection: Expense notes
Staff asks reimbursement of professional expenses
• Are all expenses reclaimed work-related?
• Are they justified?
Fraud detection
• Database
• Expenses
• Staff members + functions
• Looking for outliers
• Expense category – function
• Amount - function
Function Branch Manager
Sum of Amount Column Labels
Row Labels 01 02 03 04 05 06 07 08 09 Grand Total
578575 514,2 497,1 285,2 242,4 202,3 437,7 73,4 549,85 830,15 3632,3
Commercial 270 270
Hotel 43,8 113,5 199,6 73,4 183,5 483,15 1096,95
Km allowance 27,9 6,8 24,4 64,5 2,7 30,1 156,4
Meal 442,5 490,3 260,8 64,4 407,6 351,75 77 2094,35
Transport 14,6 14,6
661284 80,5 387,5 334,1 225,1 547,97 335,1 497,1 571,05 452 3430,42
Commercial 154 154
Hotel 75 172 66,3 497,1 207,05 1017,45
Meal 215,5 248 218,5 367 335,1 89,5 452 1925,6
Other 22,02 22,02
People Mgt, Incentive 5,5 4,95 263,5 273,95
Transport 19,8 6,6 11 37,4
655425 326,26 434,37 223,86 466,64 163,16 24,11 685,14 369,3 237,42 2930,26
Commercial 73,23 135 208,23
Hotel 58,8 54,6 68,6 204,5 386,5
Km allowance 194,23 233,27 211,4 200,44 89,05 928,39
Meal 201,1 211,6 149,2 160 234,3 956,2
Other 314,96 314,96
People Mgt, Incentive 12,46 13,96 24,11 52,53 21,42 124,48
Transport 11,5 11,5
656150 527,12 453,81 200,47 313,96 196,22 225,76 230,71 193,92 324,18 2666,15
Km allowance 434,42 284,08 195,27 292,36 178,32 186,96 226,71 189,92 189,68 2177,72
Meal 82,4 169,73 8,1 10,2 4 134,5 408,93
Transport 10,3 5,2 21,6 9,8 28,6 4 79,5
571158 174,15 346,61 245,07 248,72 500,45 437,72 93,56 199,56 300,32 2546,16
Commercial 1,54 1,54
Hotel 13,2 22,9 36,1
Km allowance 86,4 13,34 52,88 18,66 31,79 40,43 9,35 252,85
Meal 4,25 98,7 98,8 162,4 221,5 368,75 70 175,8 213,4 1413,6
People Mgt, Incentive 60,1 166,55 39,3 204,84 17,16 53,8 541,75
Transport 10,2 45,12 54,09 67,66 42,32 27 14,21 6,6 33,12 300,32
590282 240,18 249,59 135,46 311,2 197,47 358,36 216,06 41,51 53 1802,83
Commercial 7 7
Hotel 97,8 54 151,8
Km allowance 115,38 134,79 135,46 188 137,87 143,76 23,53 878,79
Meal 124,8 48,2 58,9 200 122,5 53 607,4
Other 69,03 41,51 110,54
Transport 17 21 0,7 7,6 1 47,3
550220 264,12 154,39 213,51 183,73 204,25 183,24 156,8 197,26 153,75 1711,05
Km allowance 260,92 152,39 191,11 114,73 196,65 177,64 156,8 197,26 151,25 1598,75
Meal 67 67
Transport 3,2 2 22,4 2 7,6 5,6 2,5 45,3
574231 276,4 19,9 188,81 241,94 238,23 156,52 341,75 241,17 1704,72
Commercial 19,9 19,9
Hotel 217,5 123,17 340,67
Km allowance 114,4 143,41 216,34 60,82 109,25 644,22
Meal 162 45,4 238,23 81,7 116 643,33
Transport 25,6 14 15 2 56,6
564613 423,8 171,1 205,25 258,5 312,95 23,32 90 211,8 7,4 1704,12
Commercial 20 20
Hotel 77,5 99,5 79 256
Meal 238,5 171,1 127,75 159 186,85 90 211,8 1185
People Mgt, Incentive 165,3 47,1 23,32 235,72
Transport 7,4 7,4
643627 13,59 294,79 145,16 8,8 365,78 413,35 430,2 1671,67
Km allowance 294,79 145,16 340,08 413,35 430,2 1623,58
Meal 13,59 13,59
Transport 8,8 25,7 34,5
550450 58,15 248,2 202,03 54 260,21 276,9 173,65 198,29 137,93 1609,36
Hotel 95 95
Km allowance 78,43 250,21 156,9 98,29 130,83 714,66
Meal 50,95 248,2 114 49 172,4 16,75 100 751,3
Transport 7,2 9,6 5 10 9,5 7,1 48,4
0
5
10
15
20
25
30
35
40
Meals – Branch managers
Fraud Detection: Accounts payable
Suppliers have to be paid
• Looking for double payments, screen companies, …
Fraud detection
• Database
• Invoices
• Payments
• Payroll
• Double payments
• Amount
• Reference (Invoice #)
• Supplier
• Link staff-supplier
• Link supplier-supplier
refSAP refSAP2 VendorId VendorName Reference Account1 Account2 Date Date2 Amount
553477 556962 100383 STAR 5320 account A account A 12/08/2008 8/08/2008 25.200,00
505564 507066 100383 STAR 4802 account A account A 17/01/2008 16/05/2008 14.000,00
507065 505567 100383 STAR 4803 account A account A 29/04/2008 17/01/2008 10.500,00
568767 569446 108031 NEPTUNE Ltd 2008035 account B account B 1/10/2008 7/10/2008 9.528,75
505558 507051 100383 STAR 4841 account A account A 17/01/2008 18/03/2008 8.750,00
505569 507059 100383 STAR 4804 account A account A 17/01/2008 30/04/2008 7.000,00
560860 560863 937 AAR Ltd 71572279480308 account C account C 22/08/2008 22/08/2008 4.102,21
543414 543411 24550 E.N.G. 71572279480411 account D account D 17/06/2008 17/06/2008 2.662,20
543406 544307 23887 MES LTD 71572279480411 account E account E 17/06/2008 19/06/2008 1.543,62
Bookings in SAP with same amount, same reference, same vendor
refSAP refSAP2 VendorId VendorId2 VendorName VendorName2 Reference Account1 Account2 Date Date2 Amount529381 570367 105324 2005 BLACK COW (Use vendor
2005)
BLACKCOW BVBA 70738 account A account A 15/05/2008 13/10/2008 18.951,63
512669 543429 6193 3691 BETASCRIPT sa BLOCKED USe 11309
DOEN COMPU
907625004610 account B account F 15/02/2008 17/06/2008 15.120,16
519854 526719 103394 4452 Tetra Print SPRL TETRA 20080282 account C account G 25/03/2008 15/04/2008 8.103,37
566177 579099 77476 77286 ShowMe Benelux SA -SPSS FAI SOLUTIONS NV 2008GEO00174 account D account H 22/09/2008 1/12/2008 7.986,00
553467 559964 109089 95822 Upside IT LION TECHNOLOGIES
NV
VFUPT081752 account E account I 12/08/2008 10/09/2008 6.264,78
Bookings in SAP with same amount, same reference, different vendor
Fraud Detection: Accounts payable
Fraud Detection: Mortgage Fraud
Modus operandi
Risk factors• New customers
• Increase sales
• Renovation
• Distance between the branch and the residence
Fraud detection
• Databases
• Production data mortgage loans
• Drive time matrix
Fraud Detection
top related