Like any business, the business of fraud has a founding moment, a growth story, and sometimes an ending. We hope none of those are "happily ever after."
Every large fraud scheme with tens of millions or more started with their first dollar. Whether it is a single dollar or over hundreds of million dollars, insurance companies don't hand out cash money, they issue checks.
While the form of money dispersed nowadays may include all manner of e-payments, credits, drawdowns, gift cards even, or other mechanisms, typically our follow-the-money gumshoeing types go from account to account to follow the flow. But in a world where any business can have multiple accounts, and any business can have multiple business names with multiple accounts, isn't it time to resolve "who is the who" we are making payments to?
Some of these shards of identity are our own fault and not fraud at all – let's presume that is the case for most of our unconnected data.
Let's just put that in the story book bucket of honest mistakes and rotten data control. That is the state of data entry into free text fields across multiple systems and applications. We know we don't know "who is who" just by watching our daily data work and all the errors and uncertainty of our work processes. (See, "What Would You Do With $1 Trillion?")
We are starting to get a handle on run of the mill missing and misspent money with entity resolution breakthroughs. These breakthroughs come on a use case basis. Government programs, healthcare, life insurance, property and casualty insurance are trillions upon trillions of annual dollars transacting as you read this. And we are making progress.
This is happening with ending annuities being paid to the deceased, with accurately managing eligibility for assistance, with escheat funds being repatriated, with customers having all their products, services, and subscriptions beginning to connect to their own lifetime value profiles, and with marketing able to see clearly if that customer has multiple carriers, an all-in-one solution provider, or is missing a product that prudent advice would warrant. File this under "doing the right things better."
Where we struggle more, and where we are getting increasingly exploited, we will open as a new file called "stop paying the wrong things."
Sometimes, it's an overpayment no one asks to have returned, which is not really that wrong or crooked, right? Then there's paying out to the revenue maximizer padding a bill or receipt. That grows into over-treatment, unnecessary tests, excess calibrations, and perhaps prescriptions, equipment, or other services that maybe were never delivered.
Then comes the extra volume where we move from the misrepresented, wasted, and abused, into full on fabricated, fictitious, and fraudulent. (See, "Entity Resolution Transforms Risk Management.") Here the story of "look what happened when nobody could catch me once" starts to scale into webs, schemes, and networks and the theme swings to "look what is happening when nobody catches me ever…." But for every great business, legal or illegal, there's always someone wanting more.
The easiest way to make more, and make it faster, is franchising. The next is to expand territory. And after that, cook the books - but that raises the risk of getting caught.
This last hitch can be mitigated by making it seem like one business is many – just misspell the name and address often. If that seems risky in a brick-and-mortar way, then open multiple accounts and even have multiple emails, heck, multiple websites. Thus, simply taking advantage of existing weaknesses in companies not deploying effective entity resolution can mitigate the risk of getting caught while stealing.
Those willing to really reach for the stars, however, can expand even more and faster – multiple cities, multiple countries, with or without a physical presence, sometimes going all online. The likelihood of having a ghost claim from an invisible entity that receives real money is a growing reality, especially when it is so easy to not see the invisible parts of our work processes that include email, web domains, and the inscrutable IP addresses behind those. (Read up on that here, "Your Invisible Neighbors and You," and here, "Are You Fraud-Friendly?")
Making payments to invisible entities makes it impossible to connect the dots between what we really owe to whom and what we end up paying to "who knows who?"
The only way to make progress is to add digital entity resolution to our gumshoe efforts. And to really make a dent, reveal all the invisible dots on a map (See, "Uncovering Hidden Fraud Networks.")
We can predict and prevent a payment when we can tell before issuing a quote, binding a policy, entering a vendor, setting up a claim, putting up a reserve, or paying anything that the email or website we are seeing online is either suspicious or concretely a bad actor. Just look it up – that can be as easy as connecting to a "hot list," an operational graph of continuing fraud cases, or even a simple map showing bad actor rooftops, and locations around the world.
The visible web is where business happens. The dark web is for dirty business.
While we obviously should ignore anything from the dark web while we work, just like we should not work with known bad actors, there are many invisible players hiding in the visible web.
The first are the ones we just don't track because our systems don't have a place for emails and websites. The second are the ones more deeply invisible because we have no digital entity resolution process running. And the third are hiding in the subnets of the Internet where we would need a deep infrastructure level technographical trace to see "who is really who".
When your digital business intelligence uses an approach that includes the ultimate domain family tree of "who is that at my digital door" and "who am I transacting with digitally," then you can erase invisibility and connect the unconnected dots right in front of you.
An email that really comes from North Korea, simply does not belong in your run of the mill financial transactions. The same for an active network actor in a transnational criminal organization. Anyone on the "hard" sanctions list. And include the regular old fraud schemes and schemers, too, who are adding e-stealing to their repertoire.
The digital footprint capabilities that create attribution of websites, web servers, and web services linked to who we are transacting with fall under digital entity resolution.
Adding digital entity resolution to your existing framework, or even better, improving entity and digital entity simultaneously while also putting accurate mapping analytics under your investigative yarn balls and link analysis engines is what it takes to connect the unconnected dots we have today that cause us to make payment errors to fraudsters and criminals.
By painting in the invisibilities of our real-world transactions and transactors, we can enable our online and offline activities to predict, prevent, and more quickly mitigate fraud.
