Loading...

How to Detect and Prevent Fraud Rings

Published: July 1, 2020 by Jeramie Driessen

Every few months we hear in the news about a fraud ring that has been busted here in the U.S. or in another part of the world. In May, I read about a fraud ring based in Georgia and Louisiana that bought 13,000 stolen identities of children who were on the Louisiana Medicaid program and billed the government for services not rendered. This group defrauded the Medicaid program of more than $500,000.

This is just one of many stories that we hear about fraud rings, and given the rapidly changing economic environment, now is the time for businesses to think about how to protect against fraud rings. There are a number of challenges that organizations may have when it comes to sharing trends and collaborations, understanding the ways to tie fraud rings together, creating treatments for identifying fraud rings and ways to store and catalogue fraud ring experiences so they can be easily recognized.

The trouble with identifying fraud rings

It’s important to understand the challenges that organizations have because they see the fraud rings through their own internal lens. Here are a few of the top things businesses should work on:

  • Think like a fraudster. This will help businesses become more creative in their approach to fraud prevention.
  • Facilitate internal collaboration. Share with in-organization partners. Sometimes this can be difficult due to organizational structure.
  • Promote external collaboration. Intel-sharing groups are a great way for businesses to network within their industries and learn about the fraud that others are seeing. An organization that I’ve worked with in the past is the National Cyber Forensic and Training Alliance (NCFTA).

Putting the pieces together

How do businesses identify a fraud ring? There are three steps to get started. The first is reviewing and understanding the data. Fraudsters are lazy and want to replicate the process over and over again, and because of this there is always some piece of information that is repeated. It could be a name, an email address, device fingerprint, or similar.

The second step is tying the fraud ring together. This is done by creating rules to help identify the trends. Having rules in place to identify fraud rings allows businesses to easily pull stats together for their leadership.

Lastly, applying an acronym or name to the particular fraud ring and adding comments to the cases associated with a particular ring will help with post-investigation analysis.

Learning from the past

Before I became a consultant, I remember identifying a fraud ring that was submitting events with the same language pack and where the device fingerprint was staying consistent. Those events were being referred out for review and marked with the same note. At a post-mortem review, I was able to talk to the fraud ring we had seen, and it was easy to pull all events associated with this fraud ring because my team had marked the events with the same comments.

Another fraud ring example happened a few years ago. A client called me and said that they were under a fraud attack and this fraud ring was rotating the email handle. I reviewed the data and came up with a rule to catch this activity. Fraud rings will use email handle rotation to help them keep track of accounts that are opened or what emails they used in the past. By coupling the email handle rotation with an email verification service like Emailage, this insight could be very telling. I would assume that when fraud rings use email handle rotation these emails are new and have just been created.

These are just a few of the many fraud rings that I’ve encountered over the course of my career and I’m sure there will be a lot more in the years to come. The best advice I can give to anyone that reads this post is to understand the data that you are reviewing, look for anomalies within the data, ask questions and test your theories by running queries on the data that you’re reviewing. I would love to hear about the different fraud rings that you’ve encountered over your career.

Stay safe.

Contact us

Related Posts

...

Published: June 6, 2023 by admin

According to Experian data analysis and a recent study on unemployment insurance fraud, at least 25% of new claims are a result of identity theft.

Published: April 15, 2021 by Eric Thompson

It’s critical for credit unions to understand the specific threats presented by life online and be prepared with a fraud detection and prevention plan

Published: April 13, 2021 by Alison Kray

Subscription title for insights blog

Description for the insights blog here

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Categories title

Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book.

Subscription title 2

Description here
Subscribe Now

Text legacy

Contrary to popular belief, Lorem Ipsum is not simply random text. It has roots in a piece of classical Latin literature from 45 BC, making it over 2000 years old. Richard McClintock, a Latin professor at Hampden-Sydney College in Virginia, looked up one of the more obscure Latin words, consectetur, from a Lorem Ipsum passage, and going through the cites of the word in classical literature, discovered the undoubtable source.

recent post

Learn More Image