Category Archives: Link Analysis

Using Link Analysis to untangle fraud webs

Posted by Douglas Wood, Editor.
NOTE: This article originally appeared HERE by Jane Antonio. I think it’s a great read…
Link analysis has become an important technique for discovering hidden relationships involved in healthcare fraud. An excellent online source, FierceHealthPayer:AntiFraud, recently spoke to Vincent Boyd Bryant about the value of this tool for payer special investigations units.
A former biometric scientist for the U.S. Department of Defense, Bryant has 30 years of experience in law enforcement and intelligence analysis. He’s an internationally-experienced investigations and forensics expert who’s worked for a leading health insurer on government business fraud and abuse cases.
How does interactive link analysis help insurers prevent healthcare fraud? Can you share an example of how the tool works?

Boyd Bryant: Link analysis is most often used to piece together different kinds of data from multiple sources–to identify key players, connections between those players and patterns of behavior frequently missed. It can simplify an understanding of the level of involvement of individuals and criminal organizational hierarchies and can greatly simplify visualizing and communicating the operations of complex criminal enterprises.

One thing criminals do best is hide pots of money in different places. As a small criminal operation becomes successful, it will often expand its revenue streams through associated businesses. Link analysis is about trying to figure out where all those different baskets of revenue may be. Insurers are drowning in a sea of theft. Here’s where link analysis becomes beneficial. Once insurers discover a small basket of money lost to a criminal enterprise, then serious research needs to go into finding out who owns the company, who they’re associated with, what kinds of business they’re doing and if there are claims associated with it.
You may find a clinic, for example, connected to and working near a pharmacy, a medical equipment supplier, a home healthcare services provider and a construction company. Diving into those companies and what they do, you find that they’re serving older patients for whom multiple claims from many providers exist. The construction company may be building wheelchair ramps on homes. And you may find that the providers are claiming payment for dead people. Overall, using this tool requires significant curiosity and a willingness to look beyond the obvious.
Any investigation consists of aggregating facts, generating impressions and creating a theory about what happened. Then you work to confirm or disconfirm your theory. It’s important to have tools that let you take large masses of facts and visualize them in ways that cue you to look closer.
Let’s say you investigate a large medical practice and interview “Doctor Jones.” The day after the interview, you learn through link analysis that he transferred $11 million from his primary bank account to the Cayman Islands. And in looking at Dr. Jones’ phone records, you see he called six people, each of whom was the head of another individual practice on whose board Dr. Jones sits. Now the investigation expands, since the timing of those phone calls was contemporaneous to the money taking flight.
Why are tight clusters of similar entities possible indicators of fraud, waste or abuse?
Bryant: When you find a business engaged in dishonest practices and see its different relationships with providers working out of the same building, this gives rise to reasonable suspicion. The case merits a closer look. Examining claims and talking to members served by those companies will give you an indication of how legitimate the operation is.
What are the advantages of link analysis to payer special investigation units, and how are SIUs using its results?
Bryant:  Link analysis can define relationships through data insurers haven’t always had, data that traditionally belonged to law enforcement.
Link analysis results in a visual reference that can take many forms: It can look like a family tree, an organizational chart or a time line. This reference helps investigators assess large masses of data for clustering and helps them arrive at a conclusion more rapidly.

Using link analysis, an investigator can dump in large amounts of data–such as patient lists from multiple practices–and see who’s serving the same patient. This can identify those who doctor shop for pain medication, for example. Link analysis can chart where this person was and when, showing the total amount of medication prescribed and giving you an idea of how the person is operating.
What types of data does link analysis integrate?
Bryant: Any type of data that can be sorted and tied together can be loaded into the tool. Examples include telephone records, addresses, vehicle information, corporate records that list individuals serving on boards and banking and financial information. Larger supporting documents can be loaded and linked to the charts, making cases easier to present to a jury.
Linked analysis can pull in data from state government agencies, county tax records or police records from state departments of correction and make those available in one bucket. In most cases, this is more efficient than the hours of labor needed to dig up these types of public records through site visits.
Is there anything else payers should know about link analysis that wasn’t covered in the above questions?
Bryant: The critical thing is remembering that you don’t know what you don’t know. If a provider or member is stealing from the plan in what looks like dribs and drabs, insurers may never discover the true extent of the losses. But if–as a part of any fraud allegation that arises–you look at what and who is associated with the subject of the complaint, what started as a $100,000 questionable claims allegation can expose millions of dollars in inappropriate billings spread across different entities.

Asking data questions

Posted by Douglas Wood, Editor.  http://www.linkedin.com/in/dougwood.
A brief read and good perspective from my friend Chris Westphal of Raytheon. The article is by Anna Forrester of ExecutiveGov.com.
Federal managers should invest in technology that would help them extract insights from data and base their investment decision on the specific problems and information they want to learn and solve, Federal Times reported Friday.
Rutrell Yasin writes that the above managers should follow three steps as they seek to compress the high volume of data their agencies encounter in daily tasks and to derive value from them.
According to Shawn Kingsberry, chief information officer for the Recovery Accountability and Transparency Board, federal managers should first determine the questions they need to ask of data then create a profile for the customer or target audience.
Next, they should locate the data and their sources then correspond with those sources to determine quality of data, the report said. “Managers need to know if the data is in a federal system of records that gives the agency terms of use or is it public data,” writes Yasin.
Finally, they should consider the potential impact of the data, the insights and resulting technology investments on the agency.
Yasin reports that the Recovery Accountability and Transparency Board uses data analytics tools from Microsoft, SAP and SAS and link analysis tools from Palantir Technologies.
According to Chris Westphal, director of analytics technology at Raytheon, organizations should invest in a platform that gathers data from separate sources into a single data repository with analytics tools.
Yasin adds that agencies should also appoint a chief data officer and data scientists or architects to assist the CIO and CISO on these areas.

Part 2: Investigating the Investigations – X Marks the Spot

Posted by Douglas Wood, Editor.  http://www.linkedin.com/in/dougwood
Part One of this series is HERE.
Most of the financial crimes investigators I know live in a world where they dream of moving things from their Inbox to their Outbox. Oh, like everyone else, they also dream about winning the lottery, flying without wings, and being naked in public. But in terms of the important roles they perform within both public and private sectors, there is simply Investigating (Inbox) and Adjudication (Outbox). Getting there requires a unique blend of their own capabilities, the availability of data, and the technology that allows them to operate. In the diagram below, ‘X‘ marks the spot where crimes are moved from the Inbox to the Outbox. Without any of those three components, an investigation becomes exponentially more difficult to conclude.
Presentation1
In part one of this article two weeks ago, I wrote about the Investigation Management & Adjudication (IMA) side of financial crimes investigations. I coined that term to call out what is arguably the most integral component of any enterprise fraud management (EFM) ecosystem. The original EFM overview is here.

   “The job is almost unrecognizable to those who once used rotary phones in smoke filled offices…

Twenty years ago, IMA was based primarily upon human eyes. Yes, there were technology tools available such as Wordperfect charts and Lotus 1-2-3 spreadsheets, but ultimately it was the investigator who was tasked with finding interesting connections across an array of data elements including handwritten briefs, telephone bills, lists of suspect information, and discussions with other investigators. The job got done, though. Things moved from the Inbox to the Outbox, arrests were made and prosecutions were successful. Kudos, therefore, to all of the investigators who worked in this environment.
Fast forward to today, and the investigator’s world is dramatically different. The job is the same, of course, but the tools and mass availability of data has made the job almost unrecognizable to those who once used rotary phones in smoke filled offices. Organizations began building enterprise data warehouses designed to provide a single version of the truth. Identity Resolution technology was implemented to help investigators recognize similarities between entities in that data warehouse. And today, powerful new IMA tools are allowing easy ingestion of that data, improved methods for securely sharing across jurisdictions, automated link discovery, non-obvious relationship detection, and interactive visualization tools, and -importantly – packaged e-briefs which can be understood and used by law enforcement, prosecutors, or adjudication experts.

     “Without any of these components, everything risks falling to the outhouse…

With all these new technologies, surely the job of the Investigator is becoming easier? Not so fast.
IMA tools – and other EFM tools – do nothing by themselves. The data – big data – does nothing by itself. It just sits there. The best investigators – without tools or data – are rendered impotent.  Only the combination of skilled, trained investigators using the best IMA tools to analyze the most useful data available results in moving things from the Inbox to the Outbox. Without any of these components… everything eventually risks falling to the Outhouse.
Kudos again, Mr. and Mrs. Investigator. You’ll always be at the heart of every investigation. Here’s hoping you solve for X every day.

Lottery Fraud – How lucky can you get?

Posted by Douglas Wood, Editor.
Two weeks ago, I wrote in this space about some interesting experiences I’d had working through Workers Compensation Premium Fraud at a government run program. This week, I received a fraud alert about a retailer being banned from ever selling lottery tickets, and it reminded me of a great exercise I underwent with a government run Lottery corporation several years ago.
Lottery retailer fraud is simple and widespread.  NBC Dateline ran a two hour episode several years ago, outlining the problem and going undercover to catch some bad guys in action.
In a nutshell, there are many unscrupulous retailers who outright lie to patrons when asked to check their numbers.  Joe the customer hands the ticket over to the clerk and asks her to see if it’s a winner. She scans the barcode and says “Sorry, Joe… you didn’t win“. Then, as Joe heads out the door, she picks the ticket up from the trash bin knowing full well that it’s a big winner. Here’s a real life example.
How bad is the problem? According to Dateline NBC, a Philadelphia retailer cashed eighteen lottery tickets in three months for a total of $45,000.  In New Jersey, a retailer cashed 105 lottery tickets for more than $236,000. In Illinois, it found one store where four employees and five of their relatives cashed a total of 556 winning tickets, for more than $1,600,000. In California, lottery investigators were seeing the same thing. In fact, in 2007, the five most frequent winners in California were retailers. One store owner in Los Angeles allegedly cashed 121 tickets for more than $160,000.
As a result of shrinking public trust and outrage, many lottery corporations have taken to more tightly scrutinize ‘winning’ ticket claims from lottery retailers. What, though, if the lottery clerk has her husband cash the ticket? Or her next door neighbor? How can you scrutinize large winning ticket claims without grinding the process to a halt?
That’s precisely where my customer was when they called me.
As with any fraud prevention program, the availability of data was of utmost importance as we scoped out the technology solution. The lottery corporation obviously knew who their retailers were (XYZ Groceries, ABC Petroleum, etc) but how did that help point to a specific Suzie Employee within that retailer? After all, companies weren’t cashing in winning tickets.  People were.
Well, we helped them realize that they had employee names as a result of the mandatory training they offered retailers for handling sales of lottery tickets. Each employee of a retailer was required to take a brief online course for certification purposes, and entered some of their personal data (name, date of birth) in order to begin the training.
That got us through step one – the employees. In order to get to the next level of culprit  (the family or neighbors of employees), we incorporated publicly available data into the mix.
Through a defined process of business discovery and problem resolution, we designed a process where individuals redeeming winning tickets above a certain value would be compared to the data of retail employees. If it was determined that a winner closely resembled a retail employee, an alert was automatically generated for investigators.
If a winner was determined to be closely acquainted to a retail employee via relationship-detection technology and public data, an alert was again generated. The specifics of how relationships were determined and analyzed won’t be disclosed for obvious reasons, but one example would be a shared address or telephone number.
This particularly lottery corporation was fortunate that they had a mechanism by which to collect employee data. In meeting with dozens of other Lotteries in the years since, I’ve learned that not enough of them have a similar process in place. Unfortunately, without that initial data set, it’s more difficult to detect this type of fraud.
In the case of my client, however, they began immediately seeing benefits in the new process and several fraudulent retailers were exposed. It was some very interesting work, and a cool exercise in problem solving for complex fraud.
Posted by Douglas G. Wood. Check out my site at www.crimetechsolutions.com

Premium Fraud – Piano Tuners and Window Washers?

Posted by Douglas Wood, Editor.
I came across a news article earlier this week regarding a business owner convicted of fraudulently avoiding worker’s compensation premiums. The link to that news article is below.
It brought to mind some fascinating work I was involved with a few years ago to help a state run Worker’s Compensation Bureau more effectively detect this kind of fraud.  Their biggest concern was recovering monies owed by companies who illegally misrepresent themselves for the purpose of reducing or avoiding the payment of premiums. Here’s how these scams work…
Intentional Misclassification: A crooked business claims that employees work safer jobs than they really do. Perhaps a high-rise window washer is falsely classified as a piano tuner. Much lower premiums, obviously.
Employee Misrepresentation: A business says it has fewer employees or a lower payroll than it actually does.
Coverage Avoidance/Experience Modification: A business simply doesn’t buy the required insurance, hoping state officials won’t notice. If the state learns of the avoidance, the company will simply close, then re-emerge as a ‘new’ company’ in order to avoid the payments.
So the state bureau I worked with needed to understand when, for example, a ‘piano tuner’ was requesting a permit for high rise window washing. Red flag, right?  Or when an five separate claims were filed by employees of a company who stated they had only 3 employees. Another red flag.
Oh, and what about a new company registrant whose owners, address, telephone number, and line of business are all suspiciously similar to those of a recently closed business who owed thousands of dollars in back premiums. BIG red flag.
The state itself had all of the data it needed to detect this fraud. The problem, as is often the case, is that the data sat in different jurisdictions. Working with our client, we helped those other jurisdictions – Business Registrations, Building Permits, Tax Departments, etc. – understand the value of sharing that data. That’s the key to this success story – data sharing. Without it, problems are much more difficult to solve.
Ultimately, we delivered a system that included business rules, anomaly detection, and social network analysis.  It provided the bureau with the ability to flag those anomalies using their existing data infrastructure and fraud alert output from those other state agencies.
With the tools in place to trigger those red flags, the agency immediately began recovering lost premiums, prosecuting offenders, and ultimately adding much needed revenue to the state coffers.
Fraudsters who choose to commit financial crimes are always coming up with new scams. Those of us committed to delivering true technology innovations through data sharing are starting to put a real dent in their chosen profession, though.
Maybe they can tune pianos instead. Do they need a building permit for that?
http://www.workerscompensation.com/compnewsnetwork/mobile/news/17511-investigation-leads-to-conviction-of-ca-business-owner-for-insurance-fraud.htmlgus
Posted by Douglas G. Wood. Click on ABOUT for more information and follow Financial Crimes Weekly on Twitter @FightFinCrime

SEC taking stock of analytics (and a cool use case for stock exchanges)

Image Posted by Douglas Wood, Editor.
I read with interest today an article about the SEC’s use of analytics in the ongoing fight against financial crimes. The link to that article is below. It reminded me of some work I once did with a major stock exchange around insider trading.
As a passionate anti-fraud technologist, I was thrilled with the challenge of helping the stock exchange better recognize cases of illegal insider trading. The results of the work we did was pretty cool.
The stock exchange – as do all exchanges – had a great deal of data at their disposal. They knew, for example, the names of each and every ‘insider’ within every company listed on their exchange. Insiders include senior executives, board members, legal counsel, auditors, and so on.  Basically, everyone who knew – or ought to have known – about an upcoming event that would likely cause a significant change in stock price.
They also knew, of course, the identity of investors who traded profitably prior to the public release of that information. The problem was exposing the hidden relationships that might exist between Insiders and investors.
Here is an actual example… Joe Blow was an associate partner at the independent accounting firm responsible for auditing the quarterly financial results of publicly traded Company A. By definition, Joe is an insider. He knows Company A’s financials. Jane Doe dumped her entire position in Company A mere days ahead of what turned out to be very poor results. The stock plummeted, and Jane was saved from significant losses.  She was seemingly a complete outsider. So, did she somehow know Joe Blow (or any other insider)? Or was she just one lucky gal.
Using link analysis, crime mapping, and behavioral analytics, we set about the challenge of finding out. Here’s what the analytics exposed:
Joe Blow, the insider by way of being employed at Company A’s auditing firm, shared an address with… oh, let’s call him “Rich Quick”. Rich held no positions with Company A whatsoever.  He did, however, own a pet food store with a lovely young lady.  Can you guess her name?  Yep.. Jane Doe. So, the analytics exposed that Company A had an insider relationship with Joe Blow. Joe lived with Rich Quick. Rich owned a business with Jane Doe. Coincidence? Not likely.
Without the ability to draw out hidden links between individuals and organizations, this case may never have been discovered.  It’s like Six Degrees of Kevin Bacon, only with much higher stakes. All of the suspects were investigated and prosecuted.
(Note: All the names in this example are fictitious, but the case is not. If your name happens to be Jane Doe, Joe Blow, Rich Quick… or if you work for an organization called Company A, rest assured that I’m not talking about you.)
Here is the link to the SEC article.  http://fcw.com/articles/2013/09/18/sec-taps-analytics-to-predict-risk.aspx?s=fcwdaily_190913 .

Prayers, Caregivers, and Breaking Bad – Selected Financial Crimes Snapshot 9/18/2013

Posted by Douglas Wood, Editor.  http://www.linkedin.com/in/dougwood
Does KYC mean Know Your Caregiver?
http://onlineathens.com/breaking-news/2013-09-18/savannah-woman-sentenced-51-months-federal-prison-embezzling-71k-elderly
Another great example of the need for systematic 314(b) programs?
http://www.chicagotribune.com/news/local/suburbs/joliet_romeoville/ct-tl-0926-sw-joliet-financial-crime-20130918,0,464668.story
Breaking Bad?  Financial Crimes Investigator indicted for fraud.
http://www.timesofisrael.com/senior-financial-crimes-investigator-indicted-for-fraud-theft/
Holy Fraud Scheme!  Better say their prayers.
http://greece.greekreporter.com/2013/09/16/sdoe-reveals-monastery-fraud/
Posted by Douglas G. Wood. Click on ABOUT for more information.