There has been a lot of discussion recently about the advantages of technology when it comes to fighting fraud in general and insurance fraud in particular. The analysis of large amounts of digital information in a relatively short time can lead to better, more informed, decisions by businesses large and small, and provide a better means to ascertain, and prevent, fraudulent behavior. The increased use of digital information leaves a bigger trail. Social media, emails, digital photos, all leave noticeable footprints with more information than the creator may know, or may have intended. It can be used to track fraud, but it also can be used to track the tracker.
There were two recently published articles that relate to this problem; one from a business, and one from a scientific, point of view.
The first article, published in the June 1-2 Weekend Edition of the Wall Street Journal and written by Justin Baer, William Launder, and Matthias Rieker, concerned the dispute Goldman Sachs Group Inc. and J.P. Morgan Chase & Co., have had with Bloomberg LP over the sharing of customer data. Both Goldman Sachs and J.P. Morgan Chase subscribe to Bloomberg’s financial terminals, found on trading floors, which provide real-time financial data and analytical tools, as well as news and a messaging function that allows traders to chat in real-time with other traders logged onto the terminals. According to the article, Bloomberg allowed reporters in its news division to access the subscriber usage data for the terminals, which let them see which individual subscribers were logged on at any given time, when a subscriber was last logged on, and how often he accessed certain functions. The Bloomberg reporters used this customer data as a basis to question Goldman Sachs and J.P. Morgan Chase on major news events regarding each. For example, in 2012, J.P. Morgan Chase suffered big trading losses in its London office. Bloomberg reporters used the fact that some employees involved in the losses had not logged on to the Bloomberg terminals, as a basis to question J.P. Morgan about whether those employees had left the company. Similarly, a Bloomberg reporter called Goldman Sachs’ Hong Kong Office this past April to ask about a partner at the firm that had not recently logged on to the Bloomberg Terminal. As a result of the disputes, J.P. Morgan reportedly removed some of the data terminals from its trading floors, though Goldman Sachs has not done so.
The second article, published on May 30, 2013 by the University of Pittsburgh, entitled “When Friends Create Enemies,” concerned a study led by James Joshi, an associate professor of information security and assurance in University of Pittsburgh’s School of Information Sciences, which was published in the journal Computers and Security. It showed that, for users of social networking sites such as Facebook, information they intend to keep private, can still be accessed through other, publicly available information. Even when a user has tried to protect certain information from public view, such as by making the identities of her friends private, a hacker still can obtain that information; all that is needed is the ability to identify mutual friends. Common to social networks such as Facebook or Linked In, the mutual-friends feature encourages, and facilitates, a user to expand her network of friends by allowing her to search for mutual friends among those she already is connected to. Using just the mutual-friends feature, the study’s authors were able to identify 60% of a user’s private friends. Being able to see a user’s mutual friends, according to the authors, could allow someone to determine the user’s political affiliation or obtain socially embarrassing information; when combined with other background information, it could allow someone to create a fake identity that is, in many ways, more realistic than the person whose identity was stolen. Importantly, the study’s authors used a Facebook data set, of more than 63,000 users with more than one million friends, that was publicly available.
Whether you are a multinational financial institution, a Facebook user, or an insurance company, it is hard to ensure that all of your information is truly as safe as you think. Data breaches are hard to guard against. There are privacy laws, laws against hacking, and even laws against hacking-back, but they are not always enough. Businesses and individuals have to be aware of the digital footprint we all leave behind and remember that, to a very large extent, they are responsible for ensuring the privacy of their information; if they do not want to make information public then they should take reasonable steps to make, and keep, that information private. Once public, the information will always be there, to be seen, and used, by any and all who just think to look for it. It is hard to un-ring a bell.
The amount of readily available public information is large enough, in both scope and quantity, to aid fraud investigations if used in the right way. Simple pieces of information can answer important questions. Look at what usage data allowed the Bloomberg reporters to surmise and then confirm. Look at the information the researchers in the Facebook study were able to determine; and always remember that they used publicly available information to conduct their study. Public information can tell you much about whether and how fraud was committed and technology does make this public information more accessible. Technology will prove more beneficial than not to fraud investigators as long as they remember this and the limits on such investigations.