Introduction:
We know that Big Data is an immensely popular talking point. But here we will be discussing more about Big Data and Security for enterprises. From security perspective, there are two distinct issues in the Big Data Analytics context: security concerns for the organization and security concerns of the customers’ information. We will also talk about how we can analyze, and even predict security incidents using Big Data Analytics techniques.
We know that the enormous data held by enterprises and government agencies is growing exponentially. With this, the capability to reduce fraud grows along with it. There are enterprises like banking, insurance and healthcare where frauds are committed quite often. The losses from such frauds may vary from one organization to another but the cost involved is substantial and therefore reducing frauds is necessary not only to maintain world-class standards in the ethical context but also in terms of the business aspect.
Organizations are struggling hard to find significant and effective methods to combat frauds happening internally in these enterprises. To give you a better idea, we are talking about a small fraud in an organization that has an enormously huge amount of information- a little fraud-search can be compared to searching for a needle in a haystack. It can turn out to be time and effort consuming. Traversing through such huge information is cumbersome. This type information is usually a sum of complex correlations and aggregations and as such, ‘little’ mistakes can be very crucial. With this blog, we will stress how big data analytics can help in overcoming the frauds happening within various type of organizations. Blog touch-points:
- Frauds, their types and fraud detection techniques.
- Big Data and Big Data Analytics.
- Fraud Target
- Fighting Frauds Using Big Data Visibility and Intelligence
- Big Data Analytics Solution Providers
1. Frauds:
The term ‘fraud’ is generally defined in the law as an intentional misrepresentation of material existing fact made by one person to another with knowledge of its falsity and for the purpose of inducing the other person to act, and upon which the other person relies with resulting injury or damage. The definition of ‘person’ can be extended to individuals, groups or firm or a group of companies. So fraud can contain a wide range of illicit practices and illegal acts which involves misrepresentation and intentional deception.
Ideally, frauds must be reported periodically to senior management and the board. As an essential audit activity, the frauds detection process must be undertaken with purpose, authority and responsibility. Reporting must also be supported with significant risk exposures and control issues which definitely stress on fraud risks, governance issues and other essential highlights.
As any illegal act is characterized by deceit, concealment, or violation of trust, these frauds end up impacting an organization’s psychological, operational and financial setup.
Let’s quickly get into discussing the types of fraud especially at the occupational level.
1.1 Types of Frauds:
- Corruption: Violation of duty of an employee by misusing the influence in a transaction for direct or indirect gain.
- Misuse of assets: Company resources being misused e.g. theft of company’s money, false bills and inflated expenditure reports.
- False Financial statements: Omitting the original information or adding some additional information in the financial statements thus making false financial statements.
1.2 Analytical Techniques for Fraud Detection:
The first step is getting answers to these questions:
- The areas in which fraud can occur?
- What fraudulent activity would look like in the data?
- What data sources are required to test for indicators of fraud?
Next, the techniques which auditors use as an effective method of detecting fraud are:
- Calculation of statistical parameters to identify outliers that could indicate fraud.
- Classification for finding patterns amongst data elements and identification of unusual entries.
- Identifying duplicity of transactions such as payments, claims, or expense report items.
- Identifying missing values in sequential data where there should be none.
- Validating entry dates to identify inappropriate times of postings or data entry.
To get answers for the same and completing the above task does imply ultimately that fighting fraud can be costly and complex. Large amount of capital is lost in frauds and even larger amount is invested to fight it. Above mentioned frauds are sub-categorized into more types of frauds, therefore you can very well understand that fighting frauds is a painstaking task. The auditors are following various tools and techniques for fighting such frauds, but when the data is massive, managing and detection of fraud becomes a gruesome process.
2. Big Data
2.1 What Exactly Is Big Data?
A report defines Big Data as large volumes of high velocity, complex, and variable data which requires advanced techniques and technologies to enable the capture, storage, distribution, management, and analysis of the information.
2.2 Why Big Data Analytics?
If it was that easy to detect fraud, there wouldn’t be much of it around. But sheer volume of information and data which is generated every day in an organization makes it difficult than ever to detect it. To overcome this, big data analytics provide a visible, feasible and intelligent method to fight fraud.
For many years, organizations were typically using a fragmented approach to deal with big data security and fraud risks, which left them vulnerable to even more attacks as fraudsters were quick to find and exploit on the loopholes. This resulted in dramatic increase of more security risks to prevent financial crimes. The cause for such financial crimes can be due to weak global economy, growth in organized crime or increasing sophistication of fraudulent schemes.
Furthermore unfortunately, the organizations which are following current analytics systems do not support robust analytical modeling which in turn makes the process of analyzing information more difficult. You may agree on this that different departments can have different data sources and disparate sources therefore to spot suspicious activity across the enterprise becomes trivial process.
To fight fraud before it causes financial losses, organizations look for big data analytics and intelligence tools. Big Data and Security also entails the application of Business Intelligence tools where an enterprise takes an enterprise-driven approach. This approach primarily focuses on data management and consolidation, combining data integration, data quality and master data management within a unified environment. This eventually helps in getting the cross-channel enterprise data on a single platform. It also holds the ability to maintain score and decision cards of all transactions in real time and intercept the suspected deals.
3. Fraud Targets:
Making and distributing counterfeit software and hardware by cyber criminals can lead to malicious use of corporate data or may even lead to system failures. If the trust of the software manufacturer of a company is compromised, it becomes very easy for the cyber criminals to gain physical and technical access to financial institutions.
Banking, insurance, government, healthcare and retail are the favorite targets for fraudsters. The famous challenges faced are that of identifying theft and account takeover. Another problem is to be able to take an informed yet critical decision in real time at the point of sale which completes the analytical approach.
Financial firms are becoming the most popular targets of the supply chain attacks. For example malware installed ATM’s have been delivered revealing users’ private information to the criminal. Fake endpoints and criminals posing as ATM maintenance workers are some of the other frauds committed. Vendors who supply software to the financial and banking sector are also very much vulnerable to cyber-attacks.
4. Fraud and Predictive Analytics
Using Predictive Analytics the Aberdeen Group analyzed the responses of 29 companies for the detection and prevention of fraud. The results of the analysis showed that companies which were using predictive analytics were investing more as compared to the other companies. However the increased investments lead to a decrease in the fraud risks and fraud costs by a substantial amount.
According to Aberdeen the average percentage of loss in annual revenue due to fraud was 1.5%. As we will discuss later about HCFAC, it is observed that how huge investments for fighting fraud will lead to satisfactory results. As a matter of fact one thing should be very clear- lack of analyzable data is not a problem. In fact the analysts get overwhelmed by the amount of data available for predictive analytics. It is just that the available data is not easily accessible nor is it properly managed that it may be used for the purpose of analytics. This research also states that almost an average of 730 terabyte of active data is available with each organization and this number is growing quickly.
The active data or Big Data refers to the increasing growth in business data not only in terms of volume but also in terms of variety of formats and the pace at which it needs to be managed and analyzed.
“About 26% of the data is currently being accessed by the companies whereas the average requirement to get appreciable results is of 52%- just about double.”
A different issue with predictive analysis is the integration of data. About 26% of the data is currently being accessed by the companies whereas the average requirement to get appreciable results is of 52%- just about double. Similarly the performance of predictive analytics is not really up to the mark. Almost 25% of the data queries and dashboard refreshes take more time than required. By simple inspection the acceptable analysis response time is somewhat near to 1 minute.
Data analysis technology enables auditors and fraud examiners to:
- Analyze an organization’s business data in order to gain an insight into how well internal controls are operating and therefore helps in identifying the transactions which indicate fraudulent activity or the heightened risk of fraud.
- Provide an effective way to be more proactive in the fight against fraud.
- Effectively test for fraud, all relevant transactions which must be furthermore tested across all applicable business systems and applications.
- Analyze business transactions at the source level which helps auditors provide better insight and a more complete view as to the likelihood of fraud occurring. This helps in focusing on investigative action of those transactions that are suspicious.
Once an organization gets started with data analysis, they can easily decide if they would like to go deeper. Ad hoc analysis, thorough approach, repeatable automated procedures, continuous monitoring and auditing are some essentials. Big data tools and techniques also help in providing insights to the integrity of financial and business operations through transactional analysis. Therefore, technology provides more accurate auditing reports and better insights into the internal control framework. This helps organizations to improve the ability to access and manage business risk.
We know that many organizations are using whistleblower hotlines which is a common mean for people to report suspected fraudulent behavior but these alone are not enough to get rid of fraudulent activities. Instead of relying only on whistleblower hotlines, why not be more aggressive, be proactive? Why not seek out indicators of fraud in the data? This way organizations can detect fraudulent activity indicators and stop them BEFORE the ‘black seeds’ find roots, establish grounds, materialize their attack and do the damage?
5. Big Data Analytics Solution Providers
Solution providers for the Big Data Analytics range from small companies to billion dollar firms. Some of the popular solution providers in the world are IBM, KXEN, SAS, Rapid Insight, Think Analytics, and Siemens etc.
5.1 Solution Selection Criteria
The factors identified by the companies that provide solutions in the context of Big Data for the detection and prevention of the fraud are:
- Data integration using automatic machines.
- Ease of use of tools required for analytics.
- No special expertise should be required for using tools.
- Ease of data integration.
- Satisfactory performance by the machines.
- Scales to accommodate future growth.
6. Findings and Inferences
According to Health Care Fraud and Abuse Control(HCFAC) program fighting fraud should be like slicing through butter with a hot knife- a swift and planned multi-faceted initiative. It should be taking care of all the aspects of people, technology and processes. An initiative under HCFAC includes the following points:
- Processes to develop risk assessment
- Program vulnerabilities should be identified
- Compliance and fraud audits should be conducted
- Analysis and studies to be conducted focusing on selected geographical areas.
- Enlightening users on how they can protect themselves from thefts.
- Working with various organizations and law enforcement groups to make some standardized rules to protect users.
- Proper management of the complaints regarding frauds and thefts.
- Using new methods and innovative techniques to monitor information to identify any potential threats.
Organizations are well prepared for frauds that occur quite frequently whereas they are under-prepared for those kinds of frauds which do not occur frequently such as phishing, pharming smishing, vishing etc. Phishing refers to the use of social engineering techniques where the user ends up giving his private information by ‘falling into a trap already setup by the deceiver’. Pharming is the action of installing malicious code on the target’s machine by the hacker obviously without your consent. Smishing is about achieving phishing with the use of short messages while vishing is achieving phishing with the use of voice calls.
The inescapable conclusion is that it is quite difficult for companies to maintain a satisfactory amount of preparedness at all the levels. Rapid changes in the IT sector calls for new and enhanced methods to fight fraud.