Security is a Holistic Proposition

Gorka Sadowski

Subscribe to Gorka Sadowski: eMailAlertsEmail Alerts
Get Gorka Sadowski: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Blog Post

Fraud Detection, Financial Industry and E-Commerce | Part 4

Layered model for fraud prevention, Entity Link analysis - solutions for a $150K per person fraud

Catching fraud rings and stopping them before they cause damage is a challenge. One reason for the challenge is that traditional methods of fraud detection are either not geared to look for the right thing: in this case, the rings created by shared identifiers. Standard instruments-such as a deviation from normal purchasing patterns- use discrete data and not connections. Discrete methods are useful for catching fraudsters acting alone, but they fall short in their ability to detect rings. Further, many such methods are prone to false positives, which creates undesired side effects in customer satisfaction and lost revenue opportunity.

Gartner proposes a layered model for fraud prevention (5), which can be seen below:

Diagram 2: Gartner's Layered Fraud Prevention Approach

Diagram 2: Gartner's Layered Fraud Prevention Approach

It starts with simple discrete methods (at the left), and progresses to more elaborate "big picture" types of analysis. The rightmost layer, "Entity Link Analysis", leverages connected data in order to detect organized fraud. As will be shown in the following sections, collusions of the type described above can be very easily uncovered-with a very high probability of accuracy-using a graph database to carry out entity link analysis at key points in the customer lifecycle.

Entity Link Analysis
We discussed earlier how fraudsters use multiple identities to increase the overall size of their criminal takings. It's not just the dollar value of the impact that increases as the fraud ring grows, it's also the computational complexity required to catch the ring. The full magnitude of this problem becomes clear as one considers the combinatorial explosion that occurs as the ring grows. In the diagram below, one can see how adding a third person to the ring expands the number of synthetic identities to nine:

Diagram 3: 3 people each sharing 2 valid identifiers results in 9 interconnected synthetic identities

Diagram 3: 3 people each sharing 2 valid identifiers results in 9 interconnected synthetic identities

Likewise, four people can control 16 identities, and so on. The potential loss in a ten-person fraud bust-out is $1.5M, assuming 100 false identities and 3 financial instruments per identity, each with a $5K credit limit.

(5):  Gartner at

Next, we'll look at how easy it is to catch these using Graph Databases...

More Stories By Gorka Sadowski

Gorka is a natural born entrepreneur with a deep understanding of Technology, IT Security and how these create value in the Marketplace. He is today offering innovative European startups the opportunity to benefit from the Silicon Valley ecosystem accelerators. Gorka spent the last 20 years initiating, building and growing businesses that provide technology solutions to the Industry. From General Manager Spain, Italy and Portugal for LogLogic, defining Next Generation Log Management and Security Forensics, to Director Unisys France, bringing Cloud Security service offerings to the market, from Director of Emerging Technologies at NetScreen, defining Next Generation Firewall, to Director of Performance Engineering at INS, removing WAN and Internet bottlenecks, Gorka has always been involved in innovative Technology and IT Security solutions, creating successful Business Units within established Groups and helping launch breakthrough startups such as KOLA Kids OnLine America, a social network for safe computing for children, SourceFire, a leading network security solution provider, or Ibixis, a boutique European business accelerator.