"Financial fraud is the dominant crime of this millennium"

1

Several weeks ago, South Carolina was the victim of what some experts believe to be the largest cyber-attack against a state tax department in history. Approximately 3.6 million personal South Carolina income tax returns were exposed, and nearly 657,000 businesses compromised, in an international hacking attack.

Coincidentally, SAS and the SC State Treasurer had planned a fraud detection and prevention symposium for Nov. 13. SAS has similar events all over the country. Attendance numbers vary, but never have we seen turnout like this. Nearly 300 people attended, including a substantial media presence. It’s understandable. Citizens are naturally concerned when something like this happens.

The media coverage of the breach and the SAS event, including stories in USA Today and broadcast coverage on ABC Columbia, WSPA (CBS) and WLTX, seeks to explain how this could happen and what can now be done to detect and prevent future attacks.

The hard truth? The attackers are likely highly-organized criminal operations. Their schemes and technology are very sophisticated, and always evolving. Chris Swecker, the former No. 3 official at the FBI, joined me, State Treasurer Curtis Loftis and State Inspector General Patrick Maley at the event. From the GreenvilleOnline story that ran on USA Today.com:

“Swecker said financial fraud is the dominant crime of this millennium.

Much of the fraud, he said, is being committed by sophisticated professionals who are technically savvy and operate out of Eastern Europe and Russia.

Those organizations, he said, ‘make the Cosa Nostra look like Boy Scouts.’

The professionals are systematically looting organizations, including governments, because there is low risk at being caught or prosecuted and there are high rewards, he said.

Financial fraud is a $220 billion annual business, Swecker said, including an estimated $37 billion in damages from identity theft.”1

Analytics can help detect and prevent these sorts of attacks, as well as help detect future attempts to use the information stolen during the attack for financial gain. Traditional controls use business rules and basic anomaly detection. As fast as we plug the gaps, the criminals exploit new ones. Using advanced anomaly detection and predictive modeling, we can more rapidly identify aberrant behaviors. Social Network Analysis can identify connections between individuals to uncover organized crime rings.

Thwarting these criminals requires an enterprise approach where departments and agencies share a common technology layer with common investigative capabilities. So, if I’m investigating someone from tax fraud who happens to be a Medicaid provider, the investigation can be coordinated between the two departments. For example, one customer I talked to manually cross matched tax fraud investigation info with Medicaid investigations and found an 85% overlap. The fact is, bad people do bad things across the spectrum.

Traditionally, each program has its own fraud unit and data. The criminals do not look at state governments that way. They take a holistic view and attack across departments and programs. Our efforts to thwart them should follow suit.

1. "Lack of security policy cited in S.C breach", by Tim Smith, Greenville Online, Nov. 14

 

Share

About Author

Greg Henderson

Government Solutions Architect

Greg Henderson is a Government Solutions Architect in the Fraud and Financial Crimes Global Practice at SAS. In his current role, Greg is in charge of field support and product direction in applying SAS’ fraud detection and prevention capabilities within the government market. During his 13 years at SAS, Greg has worked in various sales, marketing and technical roles applying SAS’s data integration and analytical capabilities to solve real-world business problems. He led the development of SAS’ market leading anti-money laundering solution, and for the past 6 years has focused exclusively on applying his knowledge and skills in the government space. He has authored several papers and presented at industry events on these topics. Greg holds a degree from Bowling Green State University, and resides in Raleigh, NC.

Back to Top