Welcome


Welcome to Understanding Link Analysis. The purpose of my site is to discuss the methods behind leveraging visual analytics to discover answers and patterns buried within data sets.

Visual analytics provides a proactive response to threats and risks by holistically examining information. As opposed to traditional data mining, by visualizing information, patterns of activity that run contrary to normal activity surface within very few occurances.

We can dive into thousands of insurance fraud claims to discover clusters of interrelated parties involved in a staged accident ring.

We can examine months of burglary reports to find a pattern leading back to a suspect.

With the new generation of visualization software our team is developing, we can dive into massive data sets and visually find new trends, patterns and threats that would take hours or days using conventional data mining.

The eye processes information much more rapidly when information is presented as images, this has been true since children started learning to read. As our instinct develops over time so does our ability to process complex concepts through visual identification. This is the power of visual analysis that I focus on in my site.

All information and data used in articles on this site is randomly generated with no relation to actual individuals or companies.

Leveraging Visual Analysis to Combat Remittance and Online Transaction Fraud

Online financial transactions pose a number of real fraud and compliance risks. The fraud rate for eCommerce driven transactions for traditional retailers is 5% but remittance and financial companies deal with much higher risk threat from both a compliance standpoint and an elevated fraud threat when dealing with actual currency as opposed to goods and services.

As remittance companies have moved online and to mobile based peer to peer financial transfers, the time required to identify emerging fraud and compliance issues has decreased significantly making proactive analysis more important then ever. With the bar being set lower everyday to expedite transactions, transferring money from sender to receiver in ever shorter periods of time, remittance and financial companies need new ways to proactively identify fraud and compliance threats to mitigate risk.

In this article we are going to examine ways to leverage visual analysis to detect patterns and trends in remittance transaction fraud and compliance issues from internet, eCommerce and mobile based financial transactions. We are going to explore ways to utilize visual analytics for proactive fraud and compliance mitigation as well as improved "know your customer" (KYC) response and analysis from network captured attributes.


Fraud and Compliance Threat Identification

While the current trend in mobile and internet based remittance and financial related transactions lacks in person verification, network driven transactions do contain attributes which can be utilized for proactive fraud and compliance identification. By utilizing the attributes captured during network based transactions within a visualization, we can detect clusters, velocities and relationships existing within the data that are abnormal from the regular production flow within your financial framework.

To begin we are going to import six months of remittance transactions destined for a specific geography. As fraud and compliance trends and regulations are very geo specific, it is important to analyze the data as it pertains the geography that the transaction is destined to.

There are a number of attributes captured from our mobile and internet based remittance flow that can help us establish unique identities and hierarchies of both the sender and the recipient within our visualization.

Within our visualization I have established a hierarchy for the sender of the transaction based on the account country, state and city and the originating IP address utilized for the transaction. For mobile based transactions we would utilize the latitude and longitude of the mobile device and the IMEI or SIM serial numbers from the transaction along with any relevant linked account information from the subscriber if it were available.

For the recipient, I am going to use a combination of attributes obtained from transaction that identifies the recipient, but I am also going to utilize some of the attributes captured from the sender's mobile device or computer to help rationalize the relationships between sender and recipient. While this might sound counter intuitive, there is a good reason to utilize this relationship when performing fraud and compliance analysis. The recipient of remittance transactions has the lowest verification threshold, the information regarding the recipient is always provided by the sender themselves.

It stands to reason that in fraudulent transactions, the device being used to generate the transaction is actually being utilized by the recipient or a group associated with the recipient. Second, as the recipient's information is being supplied by the sender, from a compliance standpoint, it is important to know how many unique devices are sending to a single recipient to detect patterns in compliance related illegal or prohibited activity.

Lets take a compliance example of the funding of online gaming. Within our visualization we would want to look for large numbers of independent devices sending funds to a single or related group of individuals with large dollar amounts at increased velocities from normal remittance flow. By understanding through visualization what the normal pattern of remittance activity appears as, we can quickly and intuitively discern adverse patterns which are indicative of fraud or compliance threats.

From a high level view of my remittance transaction activity within the SynerScope visualization, I can begin identifying those entities with much higher then normal velocities. From what I call 'low hanging fruit", even from the highest level of visualization I can begin identifying targets of investigation based on unusual patterns in their relationship and velocity of transactions over time. This is made significantly easier within SynerScope as a visualization of relationship and a visualization of sequence of events is displayed within one user interface that is completely interactive with each other.

Lets start by examining the entities with the highest velocities of interrelationships within our visualization. This is identified within the tool by adjusting the weight given to specific entities that have the most interrelation and velocity, or in social networking terms, centrality and betweeness.

From our high level view we can see large velocities on the sender side emanating from two specific IP addresses from Phoenix Arizona and a corresponding velocity from a specific device utilizing a specific OS located in Chihuahua Mexico that is outside the average velocity from the normal flow of remittance transactions present.

By hovering over the connecting bundle from the recipient I can determine if these two entities are related to one and another, or determine which relationships exist. Additionally because SynerScope provides an interactive sequence view I can also rationalize when the transactions are taking place and at what velocity. As it turns out, these two entities are related, engaged in P2P remittance flow between one of the enlarged IP addresses in Phoenix AZ and the suspect recipient in Mexico. The transactions are also occurring in great velocity over very short time spans which is indicative of fraudulent activity as represented within the sequence view.

By hovering over the connecting bundle from the IP's within Arizona I can see that the secondary IP is associated with multiple remittance transactions destined for several different locations within Mexico. To gain a better understanding of the relationship between that specific IP and the transactions being generated I can right click on the highlighted bundle to examine the underlying production data from the transaction.

What we can see from the underlying data is that we have a large volume of remittance transactions being generated from a specific IP within Arizona to multiple OS and device ID's located in and around Chihuahua Mexico, all destined for recipients with the same last name. In some cases multiple transactions are being performed within seconds of each other. The pattern of remittance transactions is highly suspect and an activity that I am going to want to mitigate as quickly as possible to minimize fraud exposure.

Drilling down into time, I can begin exploring for smaller fraud and compliance trends that be emerging over time. I will select a period of time within SynerScope's sequential event viewer and explore remittance transactions that have occurred within the past day.

From this visualization I can see that there is an emerging velocity in transactions coming from a specific IP address within California that seems to have a velocity greater then the normal flow of transactions. By hovering over the connecting bundle, I can see that the IP within California is connected to a recipient in Michoacan Mexico associated with a specific OS and device ID.

By right clicking on the highlighted bundle and examining the underlying remittance information, I can determine that all of the transactions are destined for a recipient with the same last name and that the transactions are occurring over very short time spans, a red flag for fraudulent activity.





From a compliance standpoint, in my visualization I want to identify those recipients who have a large velocity of transactions coming from multiple unrelated senders in multiple geographies. Within my SynerScope visualization, I can examine and drill down into recipients who have large number of connections to multiple unrelated senders with a large velocity of remittance transactions destined for a single recipient.

In this sample visualization we see a single recipient who is receiving remittance transactions from senders and IP's located in nine different states. By examining the underlying data, I see that the transactions are all for $50 and that the recipients location is one known to operate underage web cam shows. As an analyst familiar with this type of activity, I know that the rate often charged by these individuals is between $50 and $100 dollars. By visualizing and understanding that multiple people are sending to this same recipient with consistent transaction amounts, and having information on the activity which occurs in this area, I can closely examine these transactions for patterns for adverse compliance violations.

Conclusion

By leveraging the power of visual analytics, remittance and financial transactions from mobile and web based systems can be holistically analyzed for patterns in fraud and compliance issues. Most of the issues that we examined within our visualization may not have surfaced within normal data mining as the volume of the transactions themselves in comparison to the overall transaction volume, may have made them statistically irrelevant.

Through visual analysis within SynerScope, mobile and web based remittance transactions can be examined more intuitively. By knowing the visual pattern represented by normal transaction flow, even small numbers of transactions which may go unnoticed in traditional data mining and fraud modeling efforts, surface easily when represented visually both through relationship and through sequence in time.

To gain a better perspective of leveraging visual analytics for mobile and web based remittance and financial transactions please view the attached video.



**Note: All Data Used In This Example Is Random With No Association To Actual Events**