How Fraud Examiners Can Use and How Fraudsters Can Abuse Artificial Intelligence

/

SPEAKER INTERVIEW

Amber Mac, TV/Radio Host, Internet of Things Expert at AmberMac Media, and keynote speaker at the upcoming 2017 ACFE Fraud Conference Canada in Toronto, October 29-November 1

What do you think is the No. 1 security risk that advancing technology poses?

I think the Internet of Things (IoT) attack surface is the biggest technology threat today. As Gartner points out, there will be 20 billion devices connected to the internet by 2020. However, unlike smartphones and computers, we're seeing thousands of newly released IoT gadgets every day from a myriad of suppliers. This means that security precautions are often bypassed in order to get to market more quickly. (Hear Amber discuss this even more in depth in her podcast interview at ACFE.com/podcast.)

How do you think fraud examiners could potentially use (and conversely fraudsters abuse) AI?

When we talk about artificial intelligence (AI), fraud examiners are more regularly using this technology to detect fraud (without even knowing it). For example, machine learning software (one application of AI) can now quickly and effectively determine accounting abnormalities. However, fraud attackers are also using early stage AI to commit fraud. If fact, most worrisome to me is video fraud. Many research institutions are already experimenting with algorithms that program a video to make a politician or business leader appear to say things that they did not. One can only imagine the issues with this as the technology gets into the wrong hands.

What are you most hoping attendees of the conference will take away from your presentation?

I really want attendees to leave my presentation with a much better understanding of the future of both the Internet of Things and artificial intelligence. It’s critical to recognize what’s happening in the market today and where things are heading in the next five to 10 years, so fraud examiners can properly prepare for the inevitable risks.

You are on the front lines of the latest and greatest technology out there, but what is one thing you still hold on to that is manual or traditional?

Strangely enough, I still write my research notes on a piece of paper or in a notebook. For me, it’s not that I don’t recognize the power of digital tools to simplify this process, but I use this practice as a memory tactic. It’s only upon writing with pen to paper that I can better recall facts and stats.

You can read more about Amber and register for the 2017 ACFE Fraud Conference Canada at FraudConference.com/Canada. Be sure to register by September 29 to save CAD 100!

Wearables Strike Again: Deceased Woman’s FitBit Used to Solve Her Murder

/

GUEST BLOGGER

Jeremy Clopton, CFE, CPA, ACDA
Director, Forensics and Valuation Services
BKD, LLP

In what seems to be a pattern in investigations, a deceased woman’s FitBit was used to help solve her alleged murder. In this situation, the data from the FitBit, as well as social media activity, was used to disprove an account of events provided by her husband.

This story illustrates how data beyond the obvious can be used in investigations of all types. The same mentality can be beneficial to fraud examiners as well. The key is to consider all the potential data points available to help in an examination. 

Let’s consider a financial statement manipulation scheme. While you may know the user ID that posted the entry, it is important you look even further for evidence of who actually posted it. Other relevant data points may include:

  • Date/time the entry was posted
  • Workstation from which the entry was posted
  • User ID typically associated with that workstation, compared to the user ID posting the entry
  • Was the user signed in remotely or in the office?
  • Who was in the office on the date/time the entry was posted (badge access records)?
  • Was there email activity or other digital activity on the workstation?
  • Who actually logged in to the workstation from which the entry was posted?

Clearly there is a lot more information than just the date, debit/credit, account number and amount. As you approach your next examination, consider the following:

  • What is the alleged scheme?
  • What other data can help me determine what happened or who was involved?
  • Are there data sources to help corroborate or refute the allegations?
  • Do the patterns of activity match our expectations?

I’m not saying a FitBit and social media will help solve your next investigation, though I am confident there is quite a bit more data out there you may find useful to your case.

You can hear Jeremy speak on how to effectively communicate complex data next week at the 28th Annual ACFE Global Fraud Conference, June 18-13 in Nashville.

8 Underrated Critical Types of Evidence in Email Reviews

/

GUEST BLOGGER

Sundaraparipurnan Narayanan
Associate Director of Forensic Services, SKP Business Consulting

In the current electronic age, e-discovery is considered one of the key approaches for gathering evidence in litigation and investigations into misconduct. With new tools being created to help uncover and understand electronic data, the industry is evolving to new heights. When there is a large amount of data to review, the process requires a purpose-led approach to ensure the evidence is compiled objectively and accurately.

E-discovery reviews are based on keywords, timelines and communication patterns relevant to a purpose or defined objective. Amidst multiple aspects — like the nature of email threading, parent-child linkages, text analytics and communication patterns considered for review — the following eight elements are essential types of email evidence to not overlook in your examinations:

  • Calendar: A potential subject may schedule meetings that are contextually important to a case.
    Example: In a Foreign Corrupt Practices Act investigation, a calendar appointment with an individual at a posh restaurant a few days prior to the approval for a regulatory license may be relevant if the individual’s name in the appointment and the name of the public official providing the license are the same or similar.
  • Automatic email: Dates mentioned in an automated out of office response may be important for connecting a chain of events associated with a concerned individual.
    Example: If the dates of out of office responses sent during a vacation conflict with contract negotiation dates with a third party it may be a red flag to look into.
  • Travel and hotel information: Travel and hotel booking information can contain vital evidence.
    Example: In a kickback investigation, payment details as part of a travel or hotel booking voucher that contain the name of a payee/credit card holder may be relevant to correlate an employee’s relations with a suspected vendor/third party.
  • E-commerce purchases/email alerts: Alerts from e-commerce sites or courier agencies can play key roles in examinations.
    Example: A dispatch intimation from a shipper from a suspected third party to an employee’s personal address may be relevant for further enquiry in a conflict of interest or kickback investigation. Similarly, banks and financial institutions send alerts (on cash deposits, exceeding limits, swipe of card in unusual locations, etc.) as email alerts. These email alerts may be relevant in a chain of events to correlate and corroborate with the available information in the context of a review.
  • Group/other registrations: Email IDs registered with certain sites (gambling, pornographic or dating) and emails received from such sites may be relevant during investigations into misconduct.
  • Task classification (flagging): Task classification and completion are used for the convenience of tracking key activities/communications. Such tagging may highlight certain patterns.
    Example: A pattern of prioritizing the approval of third party invoices over others along with task classification by a user department representative, who is using the services of the concerned third party, may show possible indications of favoritism by the employee.
  • Self-emails, notes/task listing: Many individuals send emails to themselves as a reminder, notification, to-do list, etc.
    Example: A self-email by an accountant containing the phrase ”change estimations” may be relevant in a financial statement fraud. It is necessary to understand that some of the content mentioned in self-emails may not necessarily have the keywords identified as relevant for the case. Similarly, subjects may update their tasks/notes as part of their email service, which may contain messages of evidentiary value.
  • Folder structures: Every individual has a way of organizing their email communications. This includes the way the individual has classified their folders within their email service or the archival methodology they had adopted. These aspects provide necessary insights in understanding which folders contain relevant information.

Reviewing digital data for evidence requires objective-driven searches in order to understand and interpret a given circumstance. Awareness of possible alternative evidence provides the ability to anticipate and look for some of the above categories of communications in search of evidence. While not all these categories may be relevant in every case, these are vital ways to find the evidence needed to detect fraud.

New Data Tools for Your 2017 Fraud Examinations

/

GUEST BLOGGER

Jeremy Clopton, CFE, CPA, ACDA, CIDA
Director, Big Data & Analytics, Digital Forensics
BKD, LLP | Forensics & Valuation Services

“New Year, New You” can be found everywhere from email subject lines to magazine covers to marquees at local fitness center. January is the time to begin new things. With that in mind, here are a few of the new items to consider in your next fraud examination.

First, let’s talk about some new methods to consider:

  • Advanced analytics: Rather than relying on sampling and rules-based queries alone, take your analytics to the next level. Incorporate correlation across disparate data sets, outlier detection based on multiple attributes and look for patterns across data sets that indicate anomalous activity. 
  • Text analytics: Easily one of my favorites and one of the most overlooked. There is a lot of value to be extracted from text —names, places, events, topics and even tones of communication may be extracted. These elements can help build the foundation of a case and enhance interviews and interrogations.
  • Machine learning and artificial intelligence: The more cutting-edge of the recommended approaches, machine learning and artificial intelligence are increasingly valuable in complex and large-scale investigations. These are the foundations for predictive coding, which allows you to review a large set of documents, communications or transactions in a manner that is both efficient and effective. Supervised machine learning allows you to “teach” the computer what to look for and return similar results. Whereas, unsupervised machine learning allows the computer to “teach” you what trends, patterns and anomalies exist in the data set. 

Last, here are some data sources you may not have considered in the past:

  • Communications Data: You’re likely thinking that communications data isn’t something new to consider—  you have used email, phone records, text messages and others for years. Applying text analytics and machine learning to email can help you learn about the dynamics, happenings and relationships in an organization before you interview a single individual. What’s more, leveraging tone detection may uncover the conversation about a scheme that isn’t explicitly discussed as such.
  • Internet of Things: The Internet of Things is all the rage. With robots, voice recognition technology and artificial intelligence being incorporated into more and more products, there is data being captured in places we never thought possible. For example, Amazon Echo’s Alexa was recently subpoenaed in a murder case  in Arkansas. This example shows just how much data we have surrounding us each and every day.

These are just a few of the new items for you to consider as you embark on your examinations in 2017. As the year progresses, I will include posts on each of these in the context of examinations, as they make news and describe how you can incorporate them into your approach. I will also discuss other emerging technologies that may reshape how a fraud examination is performed.

How are Your Organizations Deterring the Fraudulent Flow of Intellectual Property Out the Door?

/

LETTER FROM THE PRESIDENT

James D. Ratley, CFE

I bet your organization works extremely hard to find good employees. Weeks of intensive searching, vetting of qualifications and background checks hopefully yield hardworking, loyal colleagues. Of course, you know all that cultivation still can yield some rotten apples.

Ryan Duquette, CFE, CFCE, author of the latest Fraud Magazine cover article, "Insider threats! Using digital forensics to prevent intellectual property theft," quotes studies that show that half of all departing employees leave with confidential company information — either deliberately or unintentionally. That's sobering. How are your organizations deterring the fraudulent flow of intellectual property out the door?

Because most fraud examinations focus on establishing if, and how, someone did what they're suspected of doing, the author writes, they must learn fraudsters' common methods to remove sensitive information. These include the obvious means, such as personal webmail accounts, portable storage media and personal devices. But they also include accessing corporate systems via remote sessions and cloud storage.

Duquette emphasizes that fraud examiners should be part of the everyday work routines to examine new and leaving employees. "Your input and expertise is vital because you might see different patterns and suggest other methods, which could help examine broader fraud matters in your organization,” he writes.

Fraud examiners can use their skills at observing behaviors to help their organizations, he explains, such as looking for those who take proprietary information home via thumb drives or email without authorization, and inappropriately seek or obtain proprietary or classified information on subjects not related to their work duties.

Duquette also says we can help by looking for those who disregard the organization's computer policies on installing personal software or hardware, access restricted websites, conduct unauthorized searches or download confidential information.

As always, we have to review local, regional and national privacy laws and regulations on examining employees, which seem to change daily around the world.

"If the employee’s role grants them privileged access to highly confidential data such as payment card numbers, personally identifiable information or financial information, there's a risk that your activities might result in compliance issues," Duquette writes. "For example, you might locate payment card and transactional data and duplicate it to present as evidence. That action, while well intended, might be in a contravention of a policy or control that you've agreed to adhere to because you're moving the data outside of a controlled environment."

As Duquette implores, don't let departing employees leave with valuable intellectual property. Use digital forensics in daily workflows before they resign and in exit interviews to prevent IP theft rather than potentially be involved in litigation after they're gone.

Read more about the cover article and more at Fraud-Magazine.com.