Chapter 9: Criminal Patterns: Detection Techniques

9.1 Patterns and Outliers

In this chapter, we will explore some of the criminal patterns in several areas, such as financial crimes (fraud), as well as those in the insurance industry involving medical scams, and, most importantly, those being perpetrated in the telecommunications industry. The telecommunications carriers, as is the case with e-commerce, represent the type of business entities of the future, where identity theft through the combination of available credit and the absence of a physical presence can lead to financial losses in the millions of dollars. Some of these crimes may apply to other industries, but we will concentrate on these three sectors as they are by far the most common. The data mining investigative methodology remains the same across different industrial crimes.

Fraud is defined as "an act of deceiving illegally in order to make money or obtain goods" by the Oxford Dictionary. It is also known as "scams" or, more elegantly, as "economic offenses." By any definition, it is a crime, which in our networked environment can cost businesses billions of dollars a year. Fraud detection involves an assortment of deterrence activities: pattern recognition, profiling of perpetrators, early warning systems, prevention schemes, avoidance organization, minimizing false alarms, estimating losses, risk analysis, surveillance and monitoring, enhanced security, forensic analysis, evidence collection, prosecution of criminals, and notification of law enforcement officials.

We will first discuss some of the known MOs and some known indicators of these crimes, then move on to present a general methodology that can be applied to detect them via data mining. Every data mining project will be different because every database is slightly different for every company, Web site, and government agency. There are, of course, some processes that remain the same, such as the random sampling of records or the cleaning, enhancing, and preparation of the data prior to analysis. These steps are fairly standard and required of every project, and we will cite them in this chapter.

There is no single template for detecting fraud, just as there is no one methodology for data mining. Criminal perpetrators, whether hackers or thieves, are creative and opportunistic individuals, and attempts to catch them cannot be based solely on how they have behaved in the past. An investigative data miner must look for old patterns, as well as new ones that may signal a new type of criminal behavior or hack attack. For this reason, two typical analyses will be needed, one involving classification of known patterns and the other involving a clustering analysis in search of anomalies or outliers in the data. Additionally, link analysis might assist in detecting perpetrators and, in fact, is used in the detection of fraud in the insurance and telecommunications industries. The objective is fast and accurate fraud detection without undue burden on business operations, minimizing false positives, invasions of privacy, and discrimination.