Combatting Fraud (and other Security Concerns) with Automation and Machine Learning

Fraud investigations are inherently complex, requiring knowledge, skill, and most importantly, timeliness. Analysts sort through and analyze dozens, if not hundreds, of unique data sources during an investigation – as has been the method for decades, if not longer.

While this system is (in most instances) tried and tested, it is antiquated. Investigators are spending most of their time compiling data as opposed to analyzing it.[1]

While no organization would argue that timeliness in identifying fraud is paramount (after all, in this case, time literally is money), it is no longer necessary to assume that having analysts spend much of their time performing routine activities is just the nature of the business (and the losses that come from such inefficiencies as a cost of doing business).

So, how should organizations address this issue and free up their investigators to focus on identifying and stopping instances of fraud, while simultaneously addressing the underlying risks to their organizations?

The Case for Automation

Consider automation; a series of solutions aimed at leveraging technology to assume the everyday process-related tasks previously requiring significant amounts of human involvement, such as processing transactions, manipulating data, and/or actioning tasks as part of workflows.[2]

While automation is said to have considerable return on investment,[3] it is particularly useful in the context of fraud (and other security) investigations. By minimizing the need for human involvement with systemic, repeatable, scalable solutions which can perform the same repetitive, rudimentary tasks longer, quicker, and more efficiently, this ‘virtual’ workforce can improve the operational efficiency of your investigative team.

Some examples of activities that can be assisted via automation include:[4]

Case file creation
Routine evidence gathering
Data normalization/aggregation
Web scraping
Link analysis/profile generation
Internal and customer communications
Prioritization activities
Reporting activities

In each case, it is important to note that the goal of automation is not to replace the investigator. Automation is a tool that can be leveraged to ensure that your investigators are doing what you pay them to do: applying a highly developed and refined skill set to help protect your organization, your customers, and, increasingly, provide you with a competitive advantage.[5]

According to the Association of Certified Fraud Examiners, organizations that have leveraged data analytics as part of their fraud programs report nearly half as many fraud losses as their competitors.

The Case for Machine Learning

While automating the collection of routine tasks associated with investigations is an important step, it is equally important for organizations to implement solutions to assist in prioritizing which events are investigated, as analysts can be inundated with hundreds or thousands of events daily (depending on the size of the organization).

Enter machine learning, a method of data analysis that automates analytical model building. It is a branch of artificial intelligence based on the idea that systems can learn from data, identify patterns, and make decisions.[6] With its ability to analyze terabytes of complex data sets faster and more efficiently than a human could, machine learning is vital to the efficacy of a fraud monitoring and prevention program. According to the Association of Certified Fraud Examiners, organizations that have leveraged data analytics as part of their fraud programs report nearly half as many fraud losses as their competitors.[7]

Machine learning can help:[8]

Draw connections between otherwise disparate systems and data sets
Minimize false positives
Manage risk thresholds
Predict future fraud schemes
Forecast future trends
Hunt for future threats

Like automation, the intent of machine learning is not to remove the need for analysts. The goal of machine learning is to remove the heavy lifting when it comes to data analytics. Furthermore, it has the benefit of being able to identify patterns with the speed that analysts cannot (or have not seen before).[9]

Bringing Automation and Machine Learning Together – The Case for SIEM

Currently, most frauds are identified via tips or whistleblowers, with very few identified by developed surveillance or monitoring systems.[10] While this is somewhat expected (particularly in the case of internal fraud), it does not preclude that an organization should disregard surveillance systems entirely. In fact, in order to leverage both of the strategies outlined above, it is highly recommended that such systems be put in place.

While implementations can vary, it is perhaps easiest to consider this system as part of a larger Security Information and Event Management (SIEM) solution. SIEM solutions are designed to collect, analyze, and report on data to support threat monitoring, event correlation, and incident response capabilities.[11] Utilizing both automation and machine learning, a SIEM solution can provide your organization with the following capabilities to support investigative teams:[12]

Use Case implementation
Event of Interest detection
Alert ranking and prioritization
Alert triage automation
Incident response automation
Threat Hunting automation
Case management
Reporting automation
System health checks

SIEM has the potential to bring your fraud management program to the next level, enhancing it with the capabilities of automation and machine learning. At the same time, a SIEM solution can perform a similar function for your automation and machine learning technologies, collecting logs from these devices to ensure they are operating effectively and performing as expected.

How can Richter help?

While the focus of this article has been on leveraging automation and machine learning to address the inefficiencies in the current fraud management process many organizations undertake, it does not preclude anyone from leveraging these same ideas to address other security concerns (such as data breaches) in their organizations.

Richter’s Risk Management team can assist in implementing state-of-the-art technological solutions to revolutionize IT infrastructures. Richter’s team of experts can provide advisory services in the following areas related to automation, machine learning, and SIEM solutions: