Eight Ways Analytics Powers Fraud Detection
Fraud is a fact of life in companies around the world. Whether you work in financial services, retail, or manufacturing, there is somebody trying to rip off your company in one way or another. Armed with the right data analytics, however, companies have a fighting chance to detect the fraud as it occurs within their own company.
The amount of fraud in the world is truly staggering. According to Forrester, global retailers rack up between $200 billion and $250 billion every year to fraud. Banks, insurance companies, and other financial service firms report another $12 billion to $15 billion each year, according to Forrester.
Fraud sucks up about 5 percent of total revenues for the average company, according to the Association of Certified Fraud Examiners. What’s more, 7 percent of fraud is detected by accident. As Jeremey Clopton, a certified forensic fraud examiner with the fraud detection firm BKD recently said, that is not acceptable.
“I would argue that most people in here are not using ‘by accident’ as one of your internal controls,” Clopton said in a YouTube video. “‘By accident’ is not an effective strategy for trying to identify fraud.” Luckily, we live in the big data era, where needles are routinely found in even the biggest haystacks. Clopton presented several ways companies can use data analytics to spot fraud as it occurs within their own company.
For starters, the whole notion of sampling should be thrown out the window. Sampling is very ineffective when it comes to finding fraud, because the percentage of fraudulent transactions under is not big enough to show up in samples. If fraud accounts for 5 percent of revenue, it’s usually broken up into smaller transactions to avoid raising red flags.
How, then, can users spot fraud? “You don’t just load data into an analytics solution, hit the ‘find fraud’ button, and the fraud appears,” Clopton says. “A lot of people have that belief, but that’s not something we’ll be able to do. However we can be creative in how we do data mining and analytics.”
What to Look For
When fraud is perpetrated by employees with access to internal systems, there are several relatively easy things you can do to spot the fraud. Here are eight recommended by Clopton:
- For starters, check the accounts payable system to see if there are any vendors without an address on file. If there are vendors without addresses, there is a possibility that accounts payable clerks are routing those checks to themselves.”If you cut checks, you definitely need an address for every single vendor on file,” Clopton says.
Tracking vendor activity can help you detect sudden upswings
- Also, analyze the activity of vendors in your system. A large company may have 50,000 vendors on file that it has done business with, but may only have done business with 10,000 of them in the last few years. Those unused vendor files are ripe for abuse by malicious employees, who may by cutting checks for bogus work, and then funneling that money to themselves.
- Take a close look at the names of the vendors on file. Malicious employees who are committing AP-related fraud may modify the names of existing vendors or create fictitious companies out of whole cloth. They may add their own initials to the front of company names, use anagrams, or use with silly names like Mick E. Mouse, Princess Ariel, George Ruth, or John Dough. “Employees are not necessarily creative when committing fraud,” Clopton says.
- Cross referencing employee addresses with vendor locations routinely turns up some employees with their hands in the cookie jar, he says. This can be done very quickly by simply matching address numbers and ZIP codes, and it also alleviates spelling issues with street names (thieves often are poor spellers, it turns out).
- In years past, fraudsters would perpetrate their theft using post office boxes, which are guaranteed anonymity by the US Postal Service. This is one of the reasons that many companies now require actual addresses to be on file. However, the rising popularity of drop boxes at UPS Stores and other similar stores is giving fraudsters newfound cover. You can flush out the little rascals by cross-checking the physical addresses of the UPS Stores and other similar stores with employee and vendor addresses.
- In some cases, it may be useful to use visual tools to analyze street addresses in more
Visualizations can help you correlate activity that would otherwise be tough to spot
detail. For example, a malicious employee who lives on 5th Street may be funneling checks to a fictitious vendor’s location on Oak Ave. Without a way to visually check the physical location, it may be impossible to determine that the two locations are the same place at the corner of Oak Ave. and 5th.
- Many businesses close on the weekends, so if checks are routinely issued on Saturday or Sunday, that would be a giant red flag of fraud. Similarly, if there’s a break in the check sequence, or if checks were not recorded in the GL but cleared the bank, that could indicate fraud.
- Fraud fighters can use Benford’s Law (also called the First-Digit Law) to identify suspicious patterns in checks. If the company requires a senior manager to sign off on checks over $25,000, and there is a big disproportionate increase in the number of checks written just below that number, that would be a strong indicator of fraud.
There are sophisticated fraud detection tools sold by some of the biggest IT firms, including SAS, FICO (formerly Fair, Isaac), Fidelity Infuriation Services, CA Technologies, and others. Those products are useful for dealing with fraud at high levels. But fraud can be found with tools as simple as Excel and Access, provided you know what to look for.