Combatting Fraud (and other Security Concerns) with Automation and Machine Learning
Fraud investigations are inherently complex, requiring knowledge, skill, and most importantly, timeliness. Analysts sort through and analyze dozens, if not hundreds, of unique data sources during an investigation – as has been the method for decades, if not longer. While this system is (in most instances) tried and tested, it is antiquated. Investigators are spending most of their time compiling data as opposed to analyzing it.
While no organization would argue that timeliness in identifying fraud is paramount (after all, in this case, time literally is money), it is no longer necessary to assume that having analysts spend much of their time performing routine activities is just the nature of the business (and the losses that come from such inefficiencies as a cost of doing business).
So, how should organizations address this issue and free up their investigators to focus on identifying and stopping instances of fraud, while simultaneously addressing the underlying risks to their organizations?
The Case for Automation
Consider automation; a series of solutions aimed at leveraging technology to assume the everyday process-related tasks previously requiring significant amounts of human involvement, such as processing transactions, manipulating data, and/or actioning tasks as part of workflows.
While automation is said to have considerable return on investment, it is particularly useful in the context of fraud (and other security) investigations. By minimizing the need for human involvement with systemic, repeatable, scalable solutions which can perform the same repetitive, rudimentary tasks longer, quicker, and more efficiently, this ‘virtual’ workforce can improve the operational efficiency of your investigative team.
Some examples of activities that can be assisted via automation include:
- Case file creation
- Routine evidence gathering
- Data normalization/aggregation
- Web scraping
- Link analysis/profile generation
- Internal and customer communications
- Prioritization activities
- Reporting activities
In each case, it is important to note that the goal of automation is not to replace the investigator. Automation is a tool that can be leveraged to ensure that your investigators are doing what you pay them to do: applying a highly developed and refined skill set to help protect your organization, your customers, and, increasingly, provide you with a competitive advantage.
According to the Association of Certified Fraud Examiners, organizations that have leveraged data analytics as part of their fraud programs report nearly half as many fraud losses as their competitors.
The Case for Machine Learning
While automating the collection of routine tasks associated with investigations is an important step, it is equally important for organizations to implement solutions to assist in prioritizing which events are investigated, as analysts can be inundated with hundreds or thousands of events daily (depending on the size of the organization).
Enter machine learning, a method of data analysis that automates analytical model building. It is a branch of artificial intelligence based on the idea that systems can learn from data, identify patterns, and make decisions. With its ability to analyze terabytes of complex data sets faster and more efficiently than a human could, machine learning is vital to the efficacy of a fraud monitoring and prevention program. According to the Association of Certified Fraud Examiners, organizations that have leveraged data analytics as part of their fraud programs report nearly half as many fraud losses as their competitors.
Machine learning can help:
- Draw connections between otherwise disparate systems and data sets
- Minimize false positives
- Manage risk thresholds
- Predict future fraud schemes
- Forecast future trends
- Hunt for future threats
Like automation, the intent of machine learning is not to remove the need for analysts. The goal of machine learning is to remove the heavy lifting when it comes to data analytics. Furthermore, it has the benefit of being able to identify patterns with the speed that analysts cannot (or have not seen before).
Bringing Automation and Machine Learning Together – The Case for SIEM
Currently, most frauds are identified via tips or whistleblowers, with very few identified by developed surveillance or monitoring systems. While this is somewhat expected (particularly in the case of internal fraud), it does not preclude that an organization should disregard surveillance systems entirely. In fact, in order to leverage both of the strategies outlined above, it is highly recommended that such systems be put in place.
While implementations can vary, it is perhaps easiest to consider this system as part of a larger Security Information and Event Management (SIEM) solution. SIEM solutions are designed to collect, analyze, and report on data to support threat monitoring, event correlation, and incident response capabilities. Utilizing both automation and machine learning, a SIEM solution can provide your organization with the following capabilities to support investigative teams:
- Use Case implementation
- Event of Interest detection
- Alert ranking and prioritization
- Alert triage automation
- Incident response automation
- Threat Hunting automation
- Case management
- Reporting automation
- System health checks
SIEM has the potential to bring your fraud management program to the next level, enhancing it with the capabilities of automation and machine learning. At the same time, a SIEM solution can perform a similar function for your automation and machine learning technologies, collecting logs from these devices to ensure they are operating effectively and performing as expected.
How can Richter help?
While the focus of this article has been on leveraging automation and machine learning to address the inefficiencies in the current fraud management process many organizations undertake, it does not preclude anyone from leveraging these same ideas to address other security concerns (such as data breaches) in their organizations.
Richter’s Risk Management team can assist in implementing state-of-the-art technological solutions to revolutionize IT infrastructures. Richter’s team of experts can provide advisory services in the following areas related to automation, machine learning, and SIEM solutions:
- Process harmonization
- Process optimization
- Roadmaps/Strategy development
- Policy development
- Vendor selection/Lifecycle Management services
- Program governance services
- Use Case development & lifecycle management
- Managed services
- Implementation support
Founded in 1926, Richter is one of the largest independent accounting and consulting firms in Canada, with 60 partners and 500 team members. Richter assists clients from its offices in Toronto, Montreal, and Chicago and offers services in the areas of audit, tax, consulting, and wealth management.
Our Risk, Performance, and Technology Advisory Services group is composed of over 30 professionals in Montreal and Toronto who offer expertise in areas such as cybersecurity and information security, governance, internal control, IT and performance improvement advisory, fraud risk management, and finance.
Our multi-disciplinary, highly-skilled team offers skills and expertise that consistently exceeds our clients’ expectations. Our professionals have both IT and business capabilities, which means that we have the capacity to:
- Understand information systems and business processes
- Identify critical business and IT risks using a risk-based approach
- Make practical recommendations about controls and risk mitigation strategies
- Provide insights with industry good practices in mind