New Data Tools for Your 2017 Fraud Examinations

/

GUEST BLOGGER

Jeremy Clopton, CFE, CPA, ACDA, CIDA
Director, Big Data & Analytics, Digital Forensics
BKD, LLP | Forensics & Valuation Services

“New Year, New You” can be found everywhere from email subject lines to magazine covers to marquees at local fitness center. January is the time to begin new things. With that in mind, here are a few of the new items to consider in your next fraud examination.

First, let’s talk about some new methods to consider:

  • Advanced analytics: Rather than relying on sampling and rules-based queries alone, take your analytics to the next level. Incorporate correlation across disparate data sets, outlier detection based on multiple attributes and look for patterns across data sets that indicate anomalous activity. 
  • Text analytics: Easily one of my favorites and one of the most overlooked. There is a lot of value to be extracted from text —names, places, events, topics and even tones of communication may be extracted. These elements can help build the foundation of a case and enhance interviews and interrogations.
  • Machine learning and artificial intelligence: The more cutting-edge of the recommended approaches, machine learning and artificial intelligence are increasingly valuable in complex and large-scale investigations. These are the foundations for predictive coding, which allows you to review a large set of documents, communications or transactions in a manner that is both efficient and effective. Supervised machine learning allows you to “teach” the computer what to look for and return similar results. Whereas, unsupervised machine learning allows the computer to “teach” you what trends, patterns and anomalies exist in the data set. 

Last, here are some data sources you may not have considered in the past:

  • Communications Data: You’re likely thinking that communications data isn’t something new to consider—  you have used email, phone records, text messages and others for years. Applying text analytics and machine learning to email can help you learn about the dynamics, happenings and relationships in an organization before you interview a single individual. What’s more, leveraging tone detection may uncover the conversation about a scheme that isn’t explicitly discussed as such.
  • Internet of Things: The Internet of Things is all the rage. With robots, voice recognition technology and artificial intelligence being incorporated into more and more products, there is data being captured in places we never thought possible. For example, Amazon Echo’s Alexa was recently subpoenaed in a murder case  in Arkansas. This example shows just how much data we have surrounding us each and every day.

These are just a few of the new items for you to consider as you embark on your examinations in 2017. As the year progresses, I will include posts on each of these in the context of examinations, as they make news and describe how you can incorporate them into your approach. I will also discuss other emerging technologies that may reshape how a fraud examination is performed.

Health Care Analytics: The latest weapon in fighting the opioid abuse epidemic

/

FRAUD MAGAZINE ONLINE EXCLUSIVE

Rena Bielinski, Pharm.D., A.H.F.I.

According to the Institute of Medicine of the National Academies, 100 million Americans, or nearly one out of every three people, suffer each day with chronic pain. That's roughly quadruple the number of Americans with diabetes (25.8 million), and nearly 10 times as many as the number of cancer patients (11.9 million).

Fortunately, we live in an era when modern medicine offers effective and readily available treatment for pain in the form of prescription medications. Prescription painkillers help improve daily function, and therefore the quality of life, for millions of Americans and even more people across the globe.

These benefits, however, come at a cost. According to the Centers for Disease Control and Prevention, the U.S. is now in the midst of an opioid abuse epidemic. In 2010, 5.1 million Americans abused painkillers to some degree, which made them the most abused prescription medications by far, according to the National Institute on Drug Abuse. In addition, the 2012 National Survey on Drug Use and Health stated that 2.1 million Americans were addicted to opioid pain relievers. And in 2013, opioid analgesics caused more than 16,000 deaths, far more than any other drug class.

The problem hasn't gone unnoticed: As of May 2015, the U.S. government had 540 pending complaints and cases involving fraud, waste and abuse (FWA) in prescription drug billing related to Medicare and Medicaid. These cases account for 60 percent of the FWA total, and don't take into account instances with commercial insurance.

Why is it such a challenge to control opioid abuse? It's a combination of the sheer number of pharmacy claims and the woefully outdated manual methods used to review them. The slow, labor-intensive process of manually inspecting spreadsheets, even those generated from a database, can lead to false positives. It also uses time and resources that should be spent tracking down those who are actually committing FWA. The sheer size of data can cause processing time and infrastructure issues, and overwhelm the system.

Next-generation analytics overcome these challenges by using multiple data points — more than humans can process at one time — to identify and uncover purchasing and prescribing patterns that indicate a high probability of abuse. Experts can then focus their time evaluating actionable insights rather than sifting through data to determine those members or prescribers to target.

Here's how analytics can help in two key areas.

Member drug-seeking behavior

Analytics make it easier to find behaviors that are unusual. Rather than paging through spreadsheets, color-coded dashboards can assign scores based on risk factors and bring the most likely cases of FWA to the top of the list based on pre-set thresholds, such as health plan members who are seeing more than 10 physicians or filling prescriptions at more than 10 pharmacies. These thresholds can be set based on industry benchmarks or adjusted to the preferences of the payer or pharmacy benefit manager (PBM).

One of the challenges of uncovering FWA among members is that on the surface, the patterns that could indicate it might also reflect legitimate (non-FWA) behavior. For example, a common indicator of potential fraud is when a patient receives an opioid and/or other prescription from multiple providers and fills them at different pharmacies. Yet an oncology patient who receives multiple prescriptions from several different specialists might have a legitimate reason for this behavior.

This is where next-generation analytics brings in additional data, such as displaying the locations of prescribers and pharmacies on a map relative to the member's home. If several prescriptions are being filled at different locations far from the member's home, it's a strong indicator of possible FWA.

The intelligent application of analytics will help automate the process of revealing the most likely FWA perpetrators while minimizing false positives, which ensures that the payer's or PBM's resources are being used most effectively to reduce costs while not alienating members in good standing.

Read the full article and discover the other area where analytics can help on Fraud-Magazine.com.

Erased, but Not Gone: Mitigating Anti-Forensic Activities

/

GUEST BLOGGER

Lindsay H. Gill, CFE, Director of Forensic Technology
Forensic Strategic Solutions

News stories would lead you to believe that once an email or file is deleted, all hope is lost. Take heart — deleted data will not leave your investigation DOA. The mere absence of the information combined with other artifacts left behind can prove valuable to your investigation.

One of the latest challenges facing forensic analysts is the use of anti-forensic tools. While most frauds leave behind a digital footprint, the more technologically savvy fraudsters are now using anti-forensic tools to encrypt, delete or destroy data. Their goal, of course, is to make it more difficult to uncover the footprints of fraud.

Luckily, there are a few prevalent anti-forensic tools that can help you overcome them:

Hiding data through encryption
The encryption of data encodes it, leaving it unreadable without authorization. While organizations often deploy encryption for security measures, a fraudster may use encryption to obfuscate nefarious activity. Some encryption tools leave a signature on the digital media indicating the presence of an encrypted volume. The challenge created by encrypted data is the need for the encryption key to access the information — without it you are left with few options. But fear not, the mere existence of encryption software may be the smoking gun you need to show concealment.

Deletion of data
Deleted data is possibly the easiest form of anti-forensic activity to address. The delete key on a keyboard would be more accurate if it simply read, “hide.” When data is “deleted” the location where the data resides is merely marked as available — leaving the original data intact until it is overwritten by new data. There are many forensic analysis tools that can identify and recover deleted files or fragments of deleted files not fully overwritten. Information about the deleted files, such as the date of deletion, often proves to be a valuable artifact in an investigation.

Destruction of data
The use of data wiping software is one method a fraudster can use to make it more difficult to restore deleted data. Data wiping will overwrite the free space marked as available when the file was deleted, likely leaving it unrecoverable. The wipe can be performed on an entire disc or a specific area. The good news is that wiping software leaves a footprint that can be useful to your investigation. Review the computer’s program list for wiping tools and document the steps you take in an attempt to recover the “wiped” files. The existence of a wiping program and your efforts to recover the data may serve as evidence of the lengths a suspect went to in an attempt to conceal wrongdoing.

As fraudsters become savvier, investigators will see more sophisticated anti-forensic activity to cover the suspect’s tracks, but remember, even anti-forensic activity leaves valuable evidence.

What’s in a Name? How to Reconcile Linguistic Differences in Identity Matching

/

LIVE FROM THE ACFE GLOBAL FRAUD CONFERENCE

Sarah Hofmann
ACFE Public Relations Specialst

For most people, your name is one of the purest, and easiest, summations of your identity. For those in the business of screening identity data against compliance intelligence information, a name may be the best tool you have to track and prosecute fraudsters around the globe. However, things get complex when you consider the multitude of countries and organizations developing sanction lists using their language’s translations of names.

When dealing with names, anti-fraud professionals must think both about the source language and the language it is being transcribed into. Would a name that originally is written in Russian Cyrillic characters and placed on an Egyptian watch list have the same sound and root name if then translated into English or French? Victoria Meyer, CFE, ACCA, Director of the Swiss Business Academy, discussed this potential problem during her session, “Linguistic Identity Matching” at the 27th Annual ACFE Global Fraud Conference.

“These are all different things you need to take into account to see ‘is this name a match or not?’” she said. “The pronunciation in the different countries is different, so you get different end translations.”

Showing the example of the name, عبد الرحمن حسين , she explained that it has more than five different potential English translations depending on what nationality the Arabic characters are first being translated into Latin characters from. If that name was translated from Yemeni Arabic into English, the translation would be “Abdirahman Hussein (Cabdiraxmaan Xuseen).” If translated from Pakastani Arabic into English, the name would be “Abdur Rehman Hussain.” While these might not be entirely dissimilar, a software program designed to match lists would likely not be able to match them.

Similarly, the same root name in a specific language could translate to different outputs in different languages. Former President of the Russian Federation Boris Yeltsin’s full name is originally written Борис Николаевич Ельцин. However, in French it is translated to Boris Nikolaïevitch Eltsine. In Spanish, it is Boris Nicoláievitch Iéltsin.

The largest takeaway that professionals operating in the multinational sanctions realm need to realize is that to perfect their linguistic identity matching software and processes they must educate themselves on the linguistic patterns and customs of all countries they deal with. For counterterrorism experts, French and German translations of names are starting to come into play more as many refugees have been moving to areas in those countries, and the law enforcement and terrorism authorities are creating watch lists in their language.  

When practicing linguistic identity matching, the onus falls on the fraud examiner to ensure the accuracy of any type of matching software their organization might be using. “This is your risk tolerance you’re setting. It’s not fair to delegate it to someone in IT,” said Meyer. She said that someone well-versed in code and computer patterns, but not familiar with many nuances of international linguistics, would not be able to effectively create a software matching system unless given the patterns and specific triggers to look for from a linguistic professional.

Ultimately, anti-fraud professionals need to be the ones leading the charge in reforming and perfecting multinational linguistics identity matching. Meyer explained that currently, the vendors touting identity matching systems have said, “We know our searches are rubbish, but no one expects any better, so it’s fine.” With the fight against fraud becoming undeniably global in nature, it is more important than ever for fraud examiners to look outside of their own language borders. 

Find conference articles, photos and videos at FraudConferenceNews.com.