Businesses lose millions of dollars to fraud every year. According to PwC, nearly half of all organisations have experienced corruption, fraud, or other economic crimes since 2020. It’s highest in the technology, media, and telecoms sectors, where two-thirds of companies experienced some kind of fraud.
Cybercrime is a major issue in Southeast Asia where 25% of respondents experienced an increased risk in cybercrime as a result of COVID-19. The UN Office on Drugs and Crime has noted a 600% rise in cybercrimes in the region. A report by AppsFlyer found that Southeast Asia’s losses accounted for 40% of the total estimated fraud losses in Asia-Pacific, totalling US$650 million. Meanwhile, bot attacks are one of the leading methods of fraud, with Singapore suffering the second highest prevalence after Vietnam.
Digital platforms have created new opportunities for fraud, enabling complex webs of transactions using sophisticated layering techniques to mask parties. Numerous small transactions are moved through a maze of agents, companies, and financial institutions, making it immensely challenging for investigators to follow the money trail.
With the pandemic-driven rush to digital, many existing checks and balances haven’t been updated in time. Systems and processes that worked offline no longer work in the online world. The internet’s borderless nature gives entities easy access to other countries, but puts them out of reach of those countries’ jurisdiction and law enforcement capabilities.
The need for speed
Speed is critical for detecting fraud and preventing its spread, but current fraud detection tools can’t cope with the millions of transactions and parties now involved. Some organisations have turned to automation, artificial intelligence, machine learning, and natural language processing, but these are only as effective as the data they are fed.
The problem is that with existing forensic methods, data is stored in traditional relational database systems that use a basic spreadsheet format of cells, columns, and rows. Only two pieces of data can be correlated. This means that critical patterns and connections that could indicate irregular behaviour aren’t detected.
With business processes becoming much faster and more automated, the time margins for detecting fraud are narrowing. This makes having a real-time solution critical.
Identifying suspicious links
One such solution, which investigators are increasingly adopting, is graph data science. This is an entirely different way of storing and managing data, using a graph of nodes and links to represent the relationships between them. This adds critical context such as “transacted with” or “registered at”. Cybersecurity and antivirus provider Kaspersky Lab has identified advanced scams and social engineering as a key threat for Southeast Asia in 2022, making tracing connected people critical.
With a knowledge graph, chains and rings of people can be visually identified. “Guilty by association” scores are generated, based on the quality, quantity, and distance of someone’s relationship with suspicious entities. The graphs also become more useful over time. Once the pattern of a fraud ring is generated, a similarity algorithm can use the pattern to detect other potential rings and their participants.
Prediction and prevention
The insurance industry is one of the most susceptible to fraud, the cost of which is estimated to be US$100 billion per annum in the United States alone. In Singapore, insurance fraud tripled between 2018 and 2020. Deloitte has cautioned that the Southeast Asian insurance sector is seeing increased cyber risk since the pandemic due to digitalisation of the insurance business model. Traditionally insurers have used rule-based software to analyse hundreds of thousands of claims, of which up to 10% may be fabricated or inflated depending on category.
Zurich Switzerland, part of Zurich Insurance Group, originally had a team of 25 field investigators examining potential fraud cases. However, the volume of automated reports was too large to deal with. To triage more efficiently, Zurich moved to a graph data platform. Investigators have now shifted from the rule-based risk tool to the graph-based application, which stores around 20 million nodes and 35 million relationships. They can then sift through and rapidly identify any issues in the flood of information received. The graph can instantly reveal if the different parties in a dispute are connected, potentially indicating a staged “crash for cash” traffic accident.
Securing supply chains
Supply chains, being vast and wide-ranging with deep supplier networks and the sheer number of transactions involved, are vulnerable to fraud. One example is food scandals, where cheaper, inferior, or counterfeit products are substituted. As KPMG observes, “In today’s global market, collusive kickback arrangements, bribery and corruption, and bid rigging are increasingly common and becoming harder to detect.”
Sourcing platform Transparency-One tried developing a visibility platform based on a traditional database of columns and rows that used SQL (Structured Query Language) to query the data. The aim was to ensure traceability and enable users to search for any product affected by specific raw materials or issues with facilities. For example, if a product contains cocoa powder, a brand needs to know its origin. If a crisis occurs, such as the 2011 Ivory Coast civil war, the brand can quickly evaluate the impact on production and supply capacity, as well as the risk of price increases.
But the volume and structure of information was too much for the platform to process at speed. Instead, Transparency-One moved to a graph data platform, where it was able to analyse several thousand different products and generate results within seconds. Manufacturers and brand owners can learn about, monitor, analyse, and search their supply chain, and share significant data about production sites and products.
Traditional technologies are not designed to detect elaborate fraud rings or high volumes of suspicious activity, compared to graph data science which has the capacity to store much richer and deeper data, enabling real-time analysis and fraud prevention that could save organisations millions.