Coronavirus aid is a big target for hackers, who see the funds and loans that governments pay out as potential fraud opportunities. The obstacle authorities face is that traditional IT approaches used to address these problems aren’t powerful enough to expose the fraudsters effectively, writes Amy Hodler, pictured, of Neo4j.
Criminals have been using tactics such as fake websites, phishing emails, and false statements to skim off the financial aid given out by governments to help businesses and freelancers survive the coronavirus crisis. The World Health Organisation has seen a five-fold increase in cyberattacks since the pandemic started. The Financial Times has reported on the problem emerging as particularly severe in Germany, where investigators are probing thousands of suspected fraud cases nationwide connected to the Federal Republic’s Corona-Soforthilfe-Zuschuss (coronavirus emergency aid grant). In a recent phishing attack, the Federal Republic’s North Rhine-Westphalia local government is believed to have lost tens of millions of euros after miscreants cloned official government sites. Victims applied for grants on the fake site unwittingly, enabling fraudsters to claim the money in their names.
It seems indisputable that a growing number of “malicious cyber actors and advanced persistent threat groups” are getting progressively more active, according to a recent joint warning by the UK’s National Cyber Security Centre (NCSC) and the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA).
False identities
Cyber criminals attack when you don’t have appropriate security or the infrastructure in place for adequate protection. These weaknesses are compounded by the operational challenges companies and public sector bodies have experienced during the health crisis, necessitating that their attention be directed elsewhere. This has left them especially vulnerable.
Meanwhile, the authorities issuing coronavirus funds can learn from the example of the financial services sector, which is deeply familiar with checking and comparing transactional and personal data to monitor for suspicious actions in the battle against fraud. Just like false applications for corona aid, criminals attempting to defraud institutions such as banks use false identities when creating accounts or loan applications.
Fraudsters are adept at melding various false and authentic elements (such as addresses, phone numbers, emails, employers, and more) into a new ‘synthetic’ identity, which they then adopt for fraudulent purposes. Regrettably, synthetic identities pass as genuine identities all too frequently. According to McKinsey, this fast-growing type of first-party fraud results in major losses for financial institutions, with an estimated 80 per cent of all credit card fraud losses stemming from synthetic identity fraud.
Conventional fraud detection solutions are not sufficiently robust to uncover these synthetic identities. They can only relate two to three pieces of data at any one time, such as name, home address, or bank account. Spotting those few links can be adequate for ensnaring individual bad actors, but it isn’t a sophisticated enough approach to flag fraud rings where multiple parties are collaborating.
Graphs
The main reason why conventional approaches to fraud monitoring are unsound is that the majority of fraud detection systems are based upona relational database software model. These tabular data structures, with data organised in rows and columns, are not designed for capturing the complex relationships and network structure inherent in the data. With large, unstructured datasets, queries are too complex while response times become too slow.
Enter graph database technology. In contrast to relational, graphs not only interpret individual data such as ‘person’, ‘account number’ and ‘home address’, but also their relationships with one another, eg. ‘resident in’ or ‘transacted with’. The data model can thus accurately portray these complex associations.
The great advantage of graph database technology is that any number of qualitative or quantitative properties can be assigned, showing complex interactions in a coherent and descriptive way. One of the best-known graph algorithms for potentially thwarting fraudsters is ‘PageRank’, for instance. This algorithm measures transitive influence or connectivity between nodes or objects, and can uncover objects based on their additive relationships and rank nodes with a relative score. For fraud detection in financial institutions, it can pinpoint important or influential customers who head up countless money transactions. Nodes with a high PageRank Score can also be illustrated using a visualisation tool, so that anomalies can be easily and rapidly singled out.
Mapping complex connections
Speed is critical. As business processes accelerate and become more automated, the time margins for detecting fraud become much slimmer, increasing the need for real-time detection. Another key algorithm is ‘Weakly Connected Components’, designed to reveal the hidden networks that form a fraud ring based on common identity features such as a telephone number used by more than one individual or multiple applicants that appear to live at the same address. Distinguishing links like these allow fraud teams to identify suspicious activity concerning synthetic and stolen identities, providing valuable intelligence to catch fraudsters.
An example of the power graphs offer in uncovering concealed relationships is highlighted by the Panama and Paradise Papers expose. The group behind the investigation, the International Consortium of Investigative Journalists, used graph technology to map incredibly complex financial connections and spot irregularities.
It’s not just investigative journalists using graphs to spot suspicious connections. Business technology and data company Dun and Bradstreet, uses graphs for this purpose. To more quickly check who the ultimate economic owners of a company are, Dun and Bradstreet runs ‘know-your-customer’ queries. Prior to using a graph-based procedure, this research required highly-qualified personnel. A single query can occupy an employee for up to 15 days. After switching to using graphs, the company can now perform customer reviews rapidly and more accurately. This enables Dun and Bradstreet to uncover fraud and other crimes faster.
It’s not hard to draw parallels with banking fraud to conclude that graph technology’s distinguishing capabilities can be applied in the fight against coronavirus aid fraud. Cyber fraud rings are becoming increasingly sophisticated at evading discovery, but a richer way of representing information on your system is key to uncovering scams with a high level of accuracy. Because fraud is costly and the scale of the problem so large, even a fractional percentage increase in accuracy drives millions of pounds in savings.
Fraud is a connected data problem, and as fraud attempts become increasingly complex, graph technology is a vital part of your investigation teams’ security approach.
The author is Director, Analytics and AI at Neo4j, a graph database company. She is co-author of O’Reilly Media’s Graph Algorithms: Practical Examples in Apache Spark & Neo4j.
