Buoyed by news and social media coverage of online threats and cyberattacks, cybersecurity is all the rage today. Indeed, whether we’re talking about the recent Iranian online assault on worldwide universities or the cyberattack on the city of Atlanta (which shut down Wi-Fi at the world’s busiest airport), cybersecurity is constantly and rightfully in the spotlight.Read More
Amber Mac, TV/Radio Host, Internet of Things Expert at AmberMac Media, and keynote speaker at the upcoming 2017 ACFE Fraud Conference Canada in Toronto, October 29-November 1
What do you think is the No. 1 security risk that advancing technology poses?
I think the Internet of Things (IoT) attack surface is the biggest technology threat today. As Gartner points out, there will be 20 billion devices connected to the internet by 2020. However, unlike smartphones and computers, we're seeing thousands of newly released IoT gadgets every day from a myriad of suppliers. This means that security precautions are often bypassed in order to get to market more quickly. (Hear Amber discuss this even more in depth in her podcast interview at ACFE.com/podcast.)
How do you think fraud examiners could potentially use (and conversely fraudsters abuse) AI?
When we talk about artificial intelligence (AI), fraud examiners are more regularly using this technology to detect fraud (without even knowing it). For example, machine learning software (one application of AI) can now quickly and effectively determine accounting abnormalities. However, fraud attackers are also using early stage AI to commit fraud. If fact, most worrisome to me is video fraud. Many research institutions are already experimenting with algorithms that program a video to make a politician or business leader appear to say things that they did not. One can only imagine the issues with this as the technology gets into the wrong hands.
What are you most hoping attendees of the conference will take away from your presentation?
I really want attendees to leave my presentation with a much better understanding of the future of both the Internet of Things and artificial intelligence. It’s critical to recognize what’s happening in the market today and where things are heading in the next five to 10 years, so fraud examiners can properly prepare for the inevitable risks.
You are on the front lines of the latest and greatest technology out there, but what is one thing you still hold on to that is manual or traditional?
Strangely enough, I still write my research notes on a piece of paper or in a notebook. For me, it’s not that I don’t recognize the power of digital tools to simplify this process, but I use this practice as a memory tactic. It’s only upon writing with pen to paper that I can better recall facts and stats.
You can read more about Amber and register for the 2017 ACFE Fraud Conference Canada at FraudConference.com/Canada. Be sure to register by September 29 to save CAD 100!
FROM THE RESOURCE GUIDE
Jeremy R. Clopton, CFE, CPA, ACDA, CIDA
Director, Big Data & Analytics, Digital Forensics, BKD, LLP and
H. Bryan Callahan, CFE, CPA/CFF, CVA
Director, Forensics & Valuation Services, BKD, LLP
Big data. Analytics. Machine learning. Artificial intelligence. These topics, and many others, are being used with regularity in all aspects of business — from marketing and operations to recruiting and retention. They should also be topics used regularly when discussing fraud examination techniques. According to the ACFE's 2016 Report to the Nations, proactive data monitoring and analysis were associated with the highest reduction in both median loss and median duration compared to all other anti-fraud controls.
In a recent case, analytics and machine learning were applied to the analysis of a variety of textual data sources. Much of what occurred in the scheme was off-book — not recorded in the company’s financial statements. Without transactional data to rely on, our examiners leveraged other data to use in the investigation and provided information to enhance the interview process.
A large company became aware of a potential theft scheme involving the IT director and some of his direct reports. The allegations were brought to the company’s attention by a whistleblower who had previously been terminated. The individuals involved in the scheme were taking old IT equipment that still had value and selling it on eBay. The user ID used to sell the equipment was in the company’s name, though it was not in the company’s control. Rather, the IT director linked his personal PayPal account to the “company” eBay account. All payments that came through the account deposited directly to his personal account, never remitting funds to the company.
Typically, transactional-based analytics would have been the starting point. However, without transactions to analyze, examiners turned to email and instant messages of the IT department personnel. The first approach — keyword searching — did not net much in the way of direct evidence.
The second approach — tone detection — identified a number of instant messages between the IT director and a supervisor which had a conspiratorial tone (other common tones in examinations include nervous, evasive, anxious and intimate). The topic of those communications was the eBay scheme.
In addition, tone detection also identified a couple of emails between the IT director and some female colleagues that may have been a little too “friendly” for normal professional relationships. While these were not used in this investigation, these types of results can be useful in lawsuits and investigations involving sexual harassment.
Armed with text messages, examiners interviewed the IT director who confessed to the scheme. Both machine learning — in this case specifically tone detection — and traditional analytics using keyword searching were used to successfully uncover the scheme at hand.
These topics and more are covered in the ACFE’s 2-day course, Using Data Analytics to Detect Fraud. Working through the data analysis process and assessing case studies from a data perspective, the course will help you:
- Focus on the analytics process to successfully apply analytics in your examinations.
- Learn the fundamental data analysis techniques and how to perform them in a variety of software solutions.
- Learn about advanced analytics techniques, including text analytics, visual analytics and predictive modeling.
- Strategize how to apply analytics in specific fraud schemes and develop a framework for
- that application.
Transactions, communications, technology and other assets continue to generate more data every day. The use of analytics, machine learning, artificial intelligence and other advanced analytics methods will help anti-fraud professionals evolve their methods to keep up with the complex occupational fraud landscape.
You can read more about this course and more events and seminars in our latest Resource Guide.
Jeremy Clopton, CFE, CPA, ACDA, CIDA
Director, Big Data & Analytics, Digital Forensics
BKD, LLP | Forensics & Valuation Services
“New Year, New You” can be found everywhere from email subject lines to magazine covers to marquees at local fitness center. January is the time to begin new things. With that in mind, here are a few of the new items to consider in your next fraud examination.
First, let’s talk about some new methods to consider:
- Advanced analytics: Rather than relying on sampling and rules-based queries alone, take your analytics to the next level. Incorporate correlation across disparate data sets, outlier detection based on multiple attributes and look for patterns across data sets that indicate anomalous activity.
- Text analytics: Easily one of my favorites and one of the most overlooked. There is a lot of value to be extracted from text —names, places, events, topics and even tones of communication may be extracted. These elements can help build the foundation of a case and enhance interviews and interrogations.
- Machine learning and artificial intelligence: The more cutting-edge of the recommended approaches, machine learning and artificial intelligence are increasingly valuable in complex and large-scale investigations. These are the foundations for predictive coding, which allows you to review a large set of documents, communications or transactions in a manner that is both efficient and effective. Supervised machine learning allows you to “teach” the computer what to look for and return similar results. Whereas, unsupervised machine learning allows the computer to “teach” you what trends, patterns and anomalies exist in the data set.
Last, here are some data sources you may not have considered in the past:
- Communications Data: You’re likely thinking that communications data isn’t something new to consider— you have used email, phone records, text messages and others for years. Applying text analytics and machine learning to email can help you learn about the dynamics, happenings and relationships in an organization before you interview a single individual. What’s more, leveraging tone detection may uncover the conversation about a scheme that isn’t explicitly discussed as such.
- Internet of Things: The Internet of Things is all the rage. With robots, voice recognition technology and artificial intelligence being incorporated into more and more products, there is data being captured in places we never thought possible. For example, Amazon Echo’s Alexa was recently subpoenaed in a murder case in Arkansas. This example shows just how much data we have surrounding us each and every day.
These are just a few of the new items for you to consider as you embark on your examinations in 2017. As the year progresses, I will include posts on each of these in the context of examinations, as they make news and describe how you can incorporate them into your approach. I will also discuss other emerging technologies that may reshape how a fraud examination is performed.