1 / 60

Threat and Fraud Intelligence IBM’s Entity Analytics Solutions

Threat and Fraud Intelligence IBM’s Entity Analytics Solutions. John McBride, IBM Solutions Executive. Threat & Fraud Intelligence A High Impact Business Opportunity Is Emerging.

zaza
Download Presentation

Threat and Fraud Intelligence IBM’s Entity Analytics Solutions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Threat and Fraud Intelligence IBM’s Entity Analytics Solutions John McBride, IBM Solutions Executive

  2. Threat & Fraud IntelligenceA High Impact Business Opportunity Is Emerging Heightened regulatory pressures and an intensifying threat environment demand a new level of Threat & Fraud Intelligence Identity Theft $8.0 bn lost annually AML $590bn to $1.5tr, PY 2%–5% of GGDP Patriot Act KYC $10.9 billion Health Insurance $100bn lost annually Telecom Fraud $55bn lost annually Home Land Security Safe Borders Law Enforcement OFAC Hits Criminal Networks Risk & Compliance EntitlementFraud Account Verification National Security BankAtlantic committed ‘serious and systemic’ BSA violations April 27, 2006 - Moneylaundering.com. BankAtlantic provided clients something better than 7-day service – one branch manager opened its doors to drug traffickers and professional money launderers and helped commit their crimes.BankAtlantic Bancorp signed a deferred prosecution agreement and forfeited $10 million to the U.S. Department of Justice for criminally violating the Bank Secrecy Act (BSA)..

  3. Why Now?Threat & Fraud Pressures Are Intensifying Today’s intensifying challenges mandate a fresh approach to managing threat information Current Approaches have become obsolete. Multiplication of threat types, and frequency Threats are increasingly asymmetrical Explosion in complexity of threat identification Frequency of transaction/interactions Transparency is clouding Regulatory pressures are increasing Intensifying profit and business pressures Information is compartmentalized – lack of full integration is obscuring visibility Query State limits ability to address complexity of threats Untimely – threats identified ex-post facto. Inaccurate – Broadscale false positives and false negatives Out of context – lack of decision support/guidance once threat is identified Information Must Become a Strategic Asset

  4. Threat & Fraud Challenges Are IntensifyingMultiplying Threat Types with Increased Frequency FEMA Lost $1Billion to Fraud, Errors Report lists problems with hurricane relief USA Today, June 14, 2006 Sloppy mistakes and con artists cost FEMA at least $1Billion in disaster relief claims in the six months after last year’s devastating Gulf Coast hurricanes, according to a report by government investigators due out today. The government sent checks to thousands of people who registered with FEMA using information belonging to prison inmates, or who provided only a post office box for the their damaged home. The investigation found that FEMA lacked basic mechanisms to detect and discourage rampant fraud. One person received 26 FEMA payments totaling $139,000, using 13 different social security numbers, and 13 addresses. U.S. Government Plans to Overhaul Disaster Aid The New York Times, July 23 2006 The Department of Homeland Security, responding to months of criticism and ridicule, is revamping several of its core disaster relief programs…Most important, officials said, emergency cash assistance will be granted only after FEMA officials have used computer records to ensure applicants are not repeatedly signing up for aid, or using false Social Security numbers or fabricated addresses.

  5. Fraud &Threat Pressures Are IntensifyingThreats Are Increasingly Asymmetrical Two Elderly Women Jailed In Deadly Insurance Scam Washington Post, Tuesday, May 23, 2006; Page A03 LOS ANGELES, May 22 -- Two elderly women devised a complex plot in which they befriended homeless men, took out life insurance policies on them, and then killed the men in hit-and-run accidents in alleys around Los Angeles to collect $2.2 million in payments, police said Monday. California law allows an insurance company to contest a new policy for two years, Vernon said. "Between the first and second incident, there's a six-year span," Vernon said. "It's very naive to think there haven't been any victims in those six years, especially when you consider they're using these men as certificates of deposit, with a maturity date of two years." 2 Arrested in Homeless Life Insurance Scam LA Times Staff Writers, May 19, 2006 Two women in their 70s were arrested Thursday after they allegedly befriended two homeless men, took out 19 life insurance policies on them and filed claims worth more than $2.2 million after the transients mysteriously died in hit-and-run pedestrian accidents in Los Angeles. Detectives said they connected the two cases several months ago during a chance meeting between two investigators in the LAPD's West Traffic Bureau squad room. A detective handling the death of Kenneth McDavid, 50, was talking about the peculiarity of the case when another detective interrupted him to say he had worked on a similar-sounding, unsolved hit-and-run six years ago.

  6. Threat & Fraud Challenges Are IntensifyingMultiplying Threat Types with Increased Frequency Last Updated: Tuesday, 6 June 2006, 17:01 GMT 18:01 UK IBM’s Threat & Fraud Intelligence platform, utilizing the Name Recognition capability, would have detected the name variations, and helped prevent the fraud Mackenzie created new customer identification numbers

  7. ? Ambiguous, Misrepresented, Blurry IdentityThe Challenges Go Beyond Date Silos Data Islands/Silos/Transposition Errors Multiple Name Variants Online & Remote Clients Multiple Titles, Dr., Rev, Haj, Sri., Col Multiple Prefixes, Abdul, Fitz, O', De La, Maiden Names, Deaths, Moves, New Accounts NefariousUn-IdentifiedThird Parties Phonetic Transposition Errors, Lester - Leicester Name Order, “Maria del Carmen Bustamante de la Fuente” Name / Address / DOB Deception Nicknames, Hammed, Mogs Data Degradation / Data Drift Intermediators, Introducers, Beneficiaries, Pooled Accounts

  8. What’s Needed?Early adopters beginning to recognize requirements Current State Future State Full pattern & identity resolution Pattern linked to name, identity & relationship Complete & Self Improving Utilizing all sources of information within the enterprise and beyond Active & Dynamic Persistent & Autonomic Analysis On-Line, On Demand & Timely Respond to threats in real time In Context Full decision support and guidance Limited Discovery & Analysis Incomplete View Passive & Query Based Threat and Fraud Statistics & Reporting Information Overload The capability now exists. Integrated Software Platform Business Know How

  9. Conquering Enterprise AmnesiaNext Generation Business Intelligence

  10. Employee Database Fraud Database Prospect Database Hiring employees who had previously been arrested for stealing from you! Consequences of Enterprise Amnesia Human Resources Department Marketing Department Corporate Security Department

  11. Consequences of Enterprise Amnesia Human Resources Department Marketing Department Corporate Security Department Employee Database Investigations Database Prospect Database Marketing department is mailing offers to a person currently in jail for stealing from you!

  12. Amnesia is Embarrassing Amnesia is Expensive

  13. The Brain! Enterprise Intelligence Requires Persistent Context

  14. Observations Events Sensors Identities Mark Randy Smith DOB: 06/07/74 123 Main Street 713 731 5577 Job Application Employee Database Record #A-701 Non-Observable M. Randal Smith DOB: 06/07/74 713 731 5577 FEATURES: Mark Randal Smith 123 Main Street 713 731 5577 DOB 06/07/74 Arrest Fraud Database Record #B-9103 Problem: Non-Observables and Isolated Perceptions

  15. Consequence of Perception Isolation Observations Sensors Mark Randy Smith 123 Main Street DOB: 06/07/74 713 731 5577 Marc R Smith 123 Main St 713 730 5769 Employee Database Record #A-701 The Query M. Randal Smith DOB: 06/07/74 713 731 5577 Fraud Database Record #B-9103

  16. Some Observations … are Discoverable Observations Sensors Mark Randy Smith 123 Main Street DOB: 06/07/74 713 731 5577 Marc R Smith 123 Main St 713 730 5769 Employee Database Record #A-701 The Query M. Randal Smith DOB: 06/07/74 713 731 5577 Fraud Database Record #B-9103

  17. Some Observations … are Undiscoverable Observations Sensors Mark Randy Smith 123 Main Street DOB: 06/07/74 713 731 5577 Marc R Smith 123 Main St 713 730 5769 Employee Database Record #A-701 The Query M. Randal Smith DOB: 06/07/74 713 731 5577 Fraud Database Record #B-9103

  18. Constructed Context FEATURES: Mark Randy Smith, M. Randal Smith 123 Main Street, 713 731 5577 DOB 06/07/74 • EVENTS: • Job Application • Arrest First: Context is Pre-Constructed (Features and Events) Observations Sensors Mark Randy Smith 123 Main Street DOB: 06/07/74 713 731 5577 Employee Database Record #A-701 M. Randal Smith DOB: 06/07/74 713 731 5577 Fraud Database Record #B-9103

  19. Context is Persisted Observations Sensors Persistent Context Mark Randy Smith 123 Main Street DOB: 06/07/74 713 731 5577 Employee Database Record #A-701 M. Randal Smith DOB: 06/07/74 713 731 5577 FEATURES: Mark Randy Smith, M. Randal Smith 123 Main Street 713 731 5577 DOB 06/07/74 Fraud Database Record #B-9103 Mark

  20. Mark Randy Smith DOB: 06/07/74 123 Main Street 713 731 5577 Record #A-701 M. Randal Smith DOB: 06/07/74 713 731 5577 Record #B-9103 Now the Un-discoverable … Queries Marc R Smith 123 Main St 713 730 5769

  21. Mark Randy Smith DOB: 06/07/74 123 Main Street 713 731 5577 Record #A-701 M. Randal Smith DOB: 06/07/74 713 731 5577 FEATURES: Mark Randy Smith, M. Randal Smith 123 Main Street 713 731 5577 DOB 06/07/74 Record #B-9103 Using Persistent Context Observations Persistent Context Queries Marc R Smith 123 Main St 713 730 5769

  22. Mark Randy Smith DOB: 06/07/74 123 Main Street 713 731 5577 Record #A-701 M. Randal Smith DOB: 06/07/74 713 731 5577 Record #B-9103 Enterprise Discovery is Possible Observations Persistent Context Queries Marc R Smith 123 Main St 713 730 5769 FEATURES: Mark Randy Smith, M. Randal Smith 123 Main Street 713 731 5577 DOB 06/07/74

  23. Mark Randy Smith DOB: 06/07/74 123 Main Street 713 731 5577 Record #A-701 M. Randal Smith DOB: 06/07/74 713 731 5577 Record #B-9103 Enterprise Discovery is Possible Observations Persistent Context Queries Marc R Smith 123 Main St 713 730 5769 FEATURES: Mark Randy Smith, M. Randal Smith 123 Main Street 713 731 5577 DOB 06/07/74

  24. New Think: Treat Data as a Query! Queries The query could be: - A user with a question Or, also could be data: - An account opening - A new watch list entry - A background check - An address change - A vendor application - A customer inquiry Marc R Smith 123 Main St 713 730 5769

  25. 1st principleIf you do not process every new piece of key data (perception) first like a query … then you will not know if it matters … until someone asks.

  26. Mark Randy Smith DOB: 06/07/74 123 Main Street 713 731 5577 Record #A-701 ? M. Randal Smith DOB: 06/07/74 713 731 5577 Record #B-9103 New Think: Treat Queries as Data Observations Persistent Context Queries Emile Swelter Toronto 12/03/72

  27. Mark Randy Smith DOB: 06/07/74 123 Main Street 713 731 5577 Record #A-701 M. Randal Smith DOB: 06/07/74 713 731 5577 Record #B-9103 In Which Case … Queries can Persist Observations Persistent Context Queries Emile Swelter Toronto 12/03/72

  28. Notably, in the Same Data Space Persistent Context

  29. New Observation Queries Emile Swelter Toronto 12/03/72 Emilee Swelter 321 Ovington Place Toronto 03/12/72 Question answered when it becomes true! New Observations Answer Persistent Queries Persistent Context

  30. 2nd principle Treat queries like data to avoid having to ask every question every day.

  31. Intelligent Systems Queries find queries! New Think: Data and Query Equality Traditional Queries find data Data finds queries Data finds data

  32. This is Context Construction (Identity Resolution) Observations Sensors Persistent Context Mark Randy Smith DOB: 06/07/74 123 Main Street 713 731 5577 Employee Database Record #A-701 M. Randal Smith DOB: 06/07/74 713 731 5577 FEATURES: Mark Randy Smith, M. Randal Smith 123 Main Street 713 731 5577 DOB 06/07/74 Fraud Database Record #B-9103 Mark

  33. More Observations (data) = Better Context 2 Observations 6 Observations More Observations More FEATURES: Mark Randy Smith, M. Randal Smith 123 Main Street 713 731 5577 DOB 06/07/74 FEATURES: Mark Randy Smith, M. Randal Smith, Randy Smith 123 Main Street, Flat 6 20 Lennox Gardens 713 731 5577, 796 064 03 04 DOB 06/07/74, Passport: 001003429002

  34. ! The Ideal Moment for Enterprise Awareness Observations Sensors Persistent Context Mark Randy Smith DOB: 06/07/74 123 Main Street 713 731 5577 Employee Database Record #A-701 M. Randal Smith DOB: 06/07/74 713 731 5577 FEATURES: Mark Randy Smith, M. Randal Smith 123 Main Street 713 731 5577 DOB 06/07/74 Fraud Database Record #B-9103 Mark

  35. 3rd principle Enterprise awareness is computationally most efficient when performed at the moment the observation is perceived.

  36. Towards Enterprise Intelligence New Paradigm: Perpetual Analytics The “data finds the data” … and “relevance finds the user.”

  37. New Information Growing Amnesia Index? Growth of Computing Power Sensemaking Algorithms Time Faster Computing is Producing Greater Amnesia!

  38. Technical Overview

  39. XML XML C++ Code SQL DBMS Basic Architecture IBM Entity Analytics Technologies Data Sources Discovery Analytics Engine Queries Persistent Context Database

  40. Service Oriented Architecture (SOA) Employees And Applicants Customer Acquisition Credit Applications Vendors Enterprise Service Bus Entity Analytics Transactional Activity Investigations Arrests

  41. Real World Enterprise Amnesia

  42. Case Study: Las Vegas Casino Detected Relationships • 24 active players were known cheaters • 23 players had relationships to prior arrests/incidents • 12 employees were themselves the player • 192 employees had possible vendor relationships • 7 employees were the vendor Data Sources • 20,000 plus employees • All vendors • All slot club & table games-related players • In-house arrests/incidents • Known cheaters

  43. Case Study: Retail Detected Relationships • 2 out of every 1000 employees had been arrested for shoplifting • 8 out of every 1000 employees were related to known shoplifters • 9 vendors on the internal security file • 1 executive related to a vendor (a charity). Possible case of embezzlement. Data Sources • 40,000 plus employees • 10,000 plus vendors • 26,000 international security/arrest records (shoplifters, etc.)

  44. Case Study: US Federal Agency Detected Relationships • 140 employee relationships to vendors • 1451 potential vendor relationships to security risks • 253 employee relationships to security risk entities • 2 vendors were the security risk • “n” employees were the security risk/vendor Data Sources • 20,000 plus employees • 75,000 plus vendors • 200,000 plus Type 1 security risk entities • 200,000 plus Type 2 security risk entities

  45. Katrina Reunification Project Statistics • Total data sources 15 • Usable identity records 1,570,000 • Unique persons 36,815 • Families Reunited >100

  46. Analytics in the Anonymized Data Space Responsible Innovation in Support of Privacy and Civil Liberties

  47. Persistent Context Mark Randy Smith DOB: 06/07/74 123 Main Street 713 731 5577 M. Randal Smith DOB: 06/07/74 713 731 5577 FEATURES: Mark Randy Smith, M. Randal Smith 123 Main Street 713 731 5577 DOB 06/07/74 Observations Are Anonymized Observations Sensors Employee Database Record #A-701 Fraud Database Record #B-9103

  48. Persistent Context FEATURES: Mark Randy Smith, M. Randal Smith 123 Main Street 713 731 5577 DOB 06/07/74 Observations Are Anonymized Observations Sensors Cd5dced41028cb … 00c9782a552a2 … 7f2b6e48ea7d0 … … Employee Database Record #A-701 0d06b31faa7c… B5e341a4b0c… 00c9782a552… … Fraud Database Record #B-9103

  49. Persistent Context FEATURES: Mark Randy Smith, M. Randal Smith 123 Main Street 713 731 5577 DOB 06/07/74 Observations Are Anonymized Observations Sensors Cd5dced41028cb … 00c9782a552a2 … 7f2b6e48ea7d0 … … Employee Database Record #A-701 0d06b31faa7c… B5e341a4b0c… 00c9782a552… … Fraud Database Record #B-9103

  50. Risk of Unintended Disclosure Vastly Reduced Observations Sensors Persistent Context Cd5dced41028cb … 00c9782a552a2 … 7f2b6e48ea7d0 … … Employee Database Record #A-701 0d06b31faa7c… B5e341a4b0c… 00c9782a552… … FEATURES: Cd5dced41028cb7ea51… 00c9782a552a2d09b1b… 7f2b6e48ea7d042bbe8… … Fraud Database Record #B-9103

More Related