Taking on the fraud wars and data
By Cameron Field
When addressing police /private sector partnerships, one must always assess the battlefield in which they are engaging the enemy as the context, battleground and rules of war are constantly changing.
By Cameron Field
Furthermore, the nexus of any discussion on the 21st century fraud wars must always centre on data. Data is king and data rules. It is generally accepted that whoever has the best grasp of data, access to data and, more importantly, whoever knows how to leverage it will win the day. Note here I say, “the day” and not “all days.”
The fraud wars are about daily, monthly and yearly battles where there are good days, great days and a lot of bad days. Data breaches, sector attacks and large-scale subversion of sales/fraud prevention efforts will be the norm from here on in.
These partnerships must combine fraud, money laundering and intelligence investigations now more than ever because the modern day cybercriminal already does all this. With the emergence of Blockchain and crypto currencies, fraud preparedness will require greater partnerships, imagination and ingenuity to deal with the emerging consequences of progress.
When facing the fraud wars, any success will always come down to realistic perspectives and expectations of what constitutes success and failure. If we devote too much battle prep to being “unbreachable” or “strong,” we may be losing ground on a very agile and extremely well equipped adversary who has simply moved on. By being adaptable and constantly probing our own weaknesses, as well as those of our opponents, we are one step closer to being formidable.
Taking all this into account, the fraud wars require as much ammunition, manpower, genius and collaboration from the private sector as it does from the police. The great benefit of private sector/police partnerships — which are not new — is that the required roles are all met.
Private sector partners are generally the victims in this group and have reported fraud to the police. The police are the catalyst to move against the offending party with all the powers of search and seizure that constitutional law grants. However, the modern-day police/private sector partnership must transcend these traditional roles. The battle against fraudsters is creating natural as well as strange bedfellows who will leverage anything they can to right a wrong. Competing private sector companies are teaming up and working with police to fight a common enemy.
One of the strongest tools the private sector has is access to consortium data. These data pools are found within internal silos and shared consortium data with other companies who are usually aligned within specific industries. Detecting and chasing fraud schemes involves leveraging this data and doing painstaking linkage analysis with real time and reliable values attached.
Law enforcement agencies, by and large, do not have access to this data and has been relying on “one-off” sharing of this information and leveraging their own “criminal law protected” databases. These law enforcement databases are powerful tools and can help connect dots, but they can also be woefully inadequate without the unique and deep insights private sector consortium data linkages provide at earlier stages of investigations. The key is to share this information sooner and more often.
Twenty-first century dynamic and multimillion-dollar fraud investigations now include elite police fraud teams, government regulatory officers, financial institution corporate investigations teams, and umbrella groups who represent these industries. It is not uncommon to see bank investigators embedded in police offices, helping police fraud teams navigate their way through thousands of transactions and account data. Additionally, it is also not uncommon to see these teams work on various cases throughout a two- to three-year cycle.
Even though these partnerships are more common and enduring, there is still a lack of comparative data practices and data capture between police and private companies, and in some cases, even between the private sector companies themselves.
Bringing private consortium data closer to police officers presents concerns in terms of privacy and due process for search and seizure requirements. Private companies cannot just hand over data to police without a warrant or production order. Giving law enforcement data and linkages from private sector consortium data must still require a legal process to ensure due process. Police investigations must not only be constitutionally sound but they must also be reasonable, give-all circumstances.
Police and the private sector need to view consortium data in similar ways, with an eye to data quality, linkage analysis, predictive analytics and the increased sharing of data. Through a rigorous process of data anonymization and set processes for legal orders for the production of complete data, these partnerships can exchange data much faster than before and still meet the requirements of the law.
Such practices would almost certainly enhance the efficiency of scarce police resources in meeting the challenge of the diversification of fraud schemes. Additionally, private sector companies in the financial services industry, telecommunications, credit reporting agencies and other Fintechs could have a better barometer for what police agencies would prefer in terms of data and other consortium data clues (links and values to the objects found in these silos). Private sector companies can manage police expectations when it comes to what data can be captured and shared. Additionally, police teams need to know that to work with them requires significant resources and employee hours, which are costs borne by the company.
One thing that private sector partners need to take into consideration when collaborating with the police in Canada is the immense and unique downward pressure of the justice system. Police officers are remarkably resilient given their scarce resources and countless oversight regimes. With the recent Supreme Court of Canada decisions, the police and Crown have exceedingly high demands placed on them.
The Jordan decision now requires that the police and Crown have cases ready for court with lightning speed. In the Spencer decision, the police were criticized for asking for too much information in relation to a robbery investigation. This ruling requires them to now write search requests with greater precision amidst more complicated cases. Given the amount of data police may get from their private sector partners, the necessity of “data preparedness” has never been greater.
More working groups focused in on consortium data, linkage analysis, etc. would go a long way in the fight against fraud. A clearer eye on best practices would greatly enhance efforts. Plus, a greater consensus on more aspects of data (and linkage analysis) will ensure the communities the police protect — and the customers the private companies provide services to — are both better served. The police and private sector are in an Olympic-calibre race and all things “data” must lead the way.
Cameron Field is the manager of strategic initiatives with the Enterprise AML Team at BMO Financial Group. He served 32 years with the Toronto Police Service, five of which were spent managing the Corporate Crimes Team. He is also the chair of the Cyber Fraud Research Working Group of the Canadian Society of Evidenced Based Policing.