9.3 Financial Crime MOs

Previous page
Table of content
Next page

9.3 Financial Crime MOs

9.3.1 Credit-Card Fraud

Credit-card fraud detection is especially challenging because the analyst needs to identify both the physical theft of a card, as well as an individual's identity; this means stolen cards, as well as cloned and personal identification number (PIN) thefts. This type of fraud can also be the result of the theft of an individual's identification, such as his or her Social Security number and home address, for the creation of new accounts under false or stolen identities.

MO: Credit-card theft will defraud the credit-card issuer or merchant. It has a profile of many small amounts, and an out-of-character purchasing pattern. The fraud activity is time-constrained. The card will be reported as stolen at some point and identity theft will be detected, at least by the next statement date. This time constraint forces perpetrators to use the card rapidly and for amounts normally out of pattern—this is the signature of this financial crime and a method to its detection. It is a crime where, inevitably, some loss will occur before detection. This crime is both highly organized and opportunistic.

Detection Technique: Look for lead indicators. Loss will inevitably occur before detection. Sequencing of purchases will change; the merchant mix will be out of character compared to previous consumer transactions. Frequency, monetary, and recency (FMR) techniques can be examined and employed. Time-sequence accumulated-risk scores may be used as an input to aggregated risk exposure. A change in location may indicate a ring operation. There are a number of leads that relate specifically to credit-card and debit-card fraud. They are common points-of-purchase (CPP) detection, particularly with regard to new merchant agents. The main method of detection is to look for outliers and changes in the normal patterns of usage. A SOM neural network can be used to perform an autonomous clustering of patterns in the data.

9.3.2 Card-Not-Present Fraud

Internet and phone-order transactions are the classic card-not-present (CNP) sales and, as we saw in the preceding chapter, are subject to higher than average dollar amounts and big-ticket items. They are also time-sensitive crimes, where the thieves are racing to beat the credit-card monthly statement mailing date.

MO: Internet credit-card thieves do leave characteristic footprints. For example, many businesses see fraud rates increase at certain times of the day, and orders coming in from certain countries exhibit a higher percentage of fraud. Thieves also gravitate to certain types of products, such as electronics, which are easy to sell via Web auction sites. Other clues to these perpetrators are the use of Web-based e-mail addresses and different shipping and billing addresses.

Detection Technique: This subject was covered in detail in Chapter 8; however, other indicators include looking for repeated attempts with slight variations of card numbers or the use of different names and addresses. Another possible indication of trouble is an IP address at variance with other data. If demographics are available, a model may be developed, as was demonstrated in the preceding chapter. The absence of certain data, such as activity in a credit report, are also signals of possible identify theft and fraud.

9.3.3 Loan Default

This type of financial crime involves the manipulation and inflation of an individual credit rating prior to performing a "sting," leading to a loan default and a loss for the financial service provider.

MO: This financial crime relies on creating a false identity and takes time to develop. Once an account has been created with a stolen or false identity, the marketing initiatives employed by the bank or credit-card issuer assist the perpetrator in building a portfolio of credit-cards, loan accounts, and a viable credit-rating and history—before defaulting on them.

Detection Technique: There are many lead indicators available. There is often only one "pot" of money that is cycled through the various accounts—a pattern of cash withdrawals from credit cards, and then at the end of the credit cycle, a similar amount repaid, usually using a cash withdrawal from another credit card. Lead indicators include credit cards that are rarely used to make actual merchant purchases and have small outstanding credit balances. Another pattern to look for is a loan account that is left unused. These techniques inflate a centrally controlled credit rating, providing a false impression that the account is deemed responsible. Detection has to occur before the "sting," which is a use of the credit and loan accounts very rapidly within a credit cycle. This financial crime can result in high losses. Detection must occur before the loss, because the sting has a short execution time.

9.3.4 Bank Fraud

This financial crime involves the creation of fictitious bank accounts for the conduit of money and the siphoning of other legitimate accounts. It may also be for fictitious account purchases, particularly in association with investment accounts and bond and bearer bond transactions.

MO: Many of the methods of executing internal fraud are similar to money laundering, except there is an obvious attempt to defraud the bank, whereas in money laundering the objective is simply to hide the funds. In addition, this fraud often works in conjunction with the establishment of creditworthy accounts, lines of credit, and fictitious accounts. The sting is often a single or small number of large-volume transactions, often related to real estate purchases, business investments, and the like.

Detection Technique: The method of detection relies on out-of-pattern transactions or anomalous account use. As with other financial crimes, detection must occur before any loss is sustained. There are lead indicators like the "manipulation of credit" described above and in the lack of references, high associations of matching attributes, and dubious acceptance criteria.

The critical factors for detecting all of these financial fraud crimes is knowing the behavior of credit, bank, and loan accounts and developing an understanding of the categories of customers. Data mining can be used to spot outliers or account usages that are normal and out of character. Sometimes the account seems "too good to be true," and it often is. The absence of telephone numbers or other contact information may indicate a "ring." These rings enable fraudulent activities to be distanced from their sources and add complexity to criminal detection. Another clue is the multiple use of the same address or phone number for different accounts.



Previous page
Table of content
Next page
Investigative Data Mining for Security and Criminal Detection
Investigative Data Mining for Security and Criminal Detection
ISBN: 0750676132
EAN: 2147483647
Year: 2005
Pages: 232
Authors: Jesus Mena
BUY ON AMAZON
Absolute Beginner[ap]s Guide to Project Management
C & Data Structures (Charles River Media Computer Engineering)
An Introduction to Design Patterns in C++ with Qt 4
Pocket Guide to the National Electrical Code(R), 2005 Edition (8th Edition)
Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
VBScript in a Nutshell, 2nd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy