Identity Resolution Daily

By Doug Wood, Infoglide Senior VP

That is the question.  Or is it?

We all know that financial institutions compete with each other at every turn.  They are all in the business of earning our business, so to speak.  One thing they share, however, is the need to be compliant across many different governmental requirements as they do so. 

Privacy, Disclosure, Fraud Prevention, and Anti-Money Laundering (AML) efforts require financial institutions to assist government agencies to detect and prevent terrorist financing.  Fines for non-compliance are heavy, and damage to reputation for penalized institutions directly affects top line revenues.  As a result, banks have implemented a variety of technology ‘point’ solutions across compliance efforts. 

Individuals looking to launder money, however, are typically well-informed and patient.  Their ability to test institutional alert thresholds, modify identifying attributes and seamlessly move from institution to institution is well documented.  As a result, when one bank works through the AML investigation triage process, the others remain completely unaware and are ‘sitting ducks’ for the terrorists’ next move.  Since it’s not feasible - and often unlawful due to data privacy laws - for banks to openly share their data with each other, fraudsters and terrorists easily move on to the next target bank.

Yet the U.S. Patriot act specifically addresses data sharing as an element of AML.  Specifically, sections 314(a) and 314(b) provide guidelines and a ‘safe harbor’ mechanism for organizations to share sensitive data with The U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN), and with other financial institutions.

Section 314(b) specifically addresses voluntary data sharing between financial institutions. The section permits and encourages financial institutions, upon providing notice to the US Department of Treasury, to share information with one another in order to identify and report activities that may involve money laundering or terrorist activity.  In fact, a financial institution or association that shares information pursuant to this section is protected from liability under the safe harbor.

Many financial institutions, however, are reluctant to share information because of the complexity involved in determining the specific activities or transactions that may be considered money laundering or the fear that confidential information will somehow be inappropriately disclosed by a downstream recipient.  Throw in the reality that the voluntary process is largely manual - with large gaps in efficiencies - and it becomes clear that the system is in need of a technology infusion such as that provided by a new program called Inter-Bank Intelligent Risk Data Search (I-BIRDS).

I-BIRDS is a collaborative, member-based AML technology framework created by Infoglide Software Corporation (ISC) of Austin, TX.  In consultation with leading financial institutions and industry experts, ISC has developed a secure method for banks to perform AML due diligence by searching into each member’s known ‘bad guy’ data.  Unlike traditional search capabilities, I-BIRDS searches the data en situ (behind the secure firewalls of each member) and accounts for spelling and cultural variations of attributes and data quality. 

The key to maintaining this inter-bank framework is Infoglide’s flagship Identity Resolution Engine™ (IRE) software. With IRE at the core, I-BIRDS provides unique, patented capabilities to search into member data stores, and return only a mathematical probability that a match or relevant social link to the source data was found.  No defining attributes are ever returned to the requestor; only the probability that the search criteria exists in other members’ risk data.  To help banks become more compliant,  I-BIRDS delivers an accurate view of whether or not an entity is likely to have committed fraudulent acts upon a competitor bank.  Armed with this information, the querying bank can make decisions as to what - if any - additional due diligence might be required before approving or disapproving a transaction with that entity.

Even though no identifying attributes are returned, the search is productive as the enquiring bank knows that the person of interest was found in the AML data from other participating institutions.   So, if the question is whether or not to improve compliance efforts and keep terrorists out of our financial institutions via 314(b)… perhaps the answer is I-BIRDS.

Share This

Over the past few months, Infoglide Software Corporation - the leading provider of identity resolution and entity analytics technology for fraud and investigations - commissioned a survey to discover the biggest technology challenges facing banks in preventing and investigating fraud.

The survey was conducted with US-based banking institutions having over $4BN in assets.  Of note is that 30% of the respondents had international operations outside of the US.  The respondents included VPs of Compliance and Risk Management, directors of AML, Risk Applications/Fraud Control and managers of Fraud Investigation, Security, BSA and Loss Prevention.

The results of the survey are currently being compiled for general release, but it was extremely interesting to learn that the key challenges of fraud investigations include:

1.       the inability to access data due to privacy concerns

2.       a lack of real-time high performance data searching engine

3.       and an inability to cross-reference and discover relationships between suspicious entities in different databases.  

For regular readers of this blog, it comes as no surprise that identity resolution and entity analytics technology provides a solution to those challenges.  An identity resolution engine glides across the different data within (or perhaps even external to) a bank’s infrastructure, delivering a view of possible identity matches and non-obvious relationships or hidden links between those identities… despite variations in attributes and/or deliberate attempts to deceive.

Large banks need to know who’s who… and who’s working with who.  A true identity resolution engine is the right way for them to find out.

Share This

By Mike Betron, Infoglide Software Director of Marketing

The Aite Group recently authored a report entitled “Internal Fraud: The Devil Within.” After surveying 35 fraud and product executives at financial institutions across the U.S. and Canada, they concluded that internal fraud is a severe and growing problem that often goes undetected and almost always flies under the radar of public scrutiny.

On the customer relationship side of the business, many financial institutions have increased what they know about external actors by making their systems smarter, e.g. enhancing existing software with identity resolution:

“By incorporating identity resolution technology, they enhance existing historical data systems with information drawn from a wide variety of dynamic data sources (e.g., social media). Providing a real-time ‘360 view’ of an individual and his/her associations is improving daily business decisions at many leading companies.”

However, most have not yet incorporated the same technology to catch fraud. This survey suggests that insider collusion and individual fraudulent acts are on the upswing, representing a significant and growing percentage of monetary fraud losses. Furthermore, the report suggests that fraud problems are often swept under the rug:

“Most financial services firms are not keen to discuss the issue; institutions that build their brands on trust and reliability do not want it widely known that insider fraud is a problem. As a result, 35% of survey respondents reported prosecuting 10% or less of their confirmed internal fraud cases.”

Effective solutions (e.g., Infoglide’s Anti-Fraud Solution Suite) are proven and available. By not actively identifying internal fraud problems and pursuing effective solutions, financial services firms open themselves up to huge financial and public relations risk. Equally important, they enable competitors who move proactively to gain competitive advantage.

As report co-author Julie Conroy McNelley says, “Financial services firms must examine their current internal fraud prevention environment and determine how to bolster it. As competitors develop more robust defenses, fraudsters will migrate to the path of least resistance.”

Share This

By Mike Shultz, Infoglide Software CEO

We have a new Congress and a new House majority leader as of this week’s swearing in ceremony. The current House majority party (R) plans to pass a bill to repeal the “Obamacare” bill passed during the last session by the former House majority party (D).  Both parties make “fact based” arguments about why killing or keeping the bill will reduce the deficit, yet both can’t be right.

This isn’t a political blog, and I’m not going to take a side on this issue. What struck me is how often we use “facts” to bolster our argument, with “facts” defined as any real data that can be massaged or misinterpreted to suggest that our desired outcome appears to be the best one. Actual data is often plentiful but our preference for one alternative keeps us from embracing and promoting reality.

So mishandling the truth when you have all the facts you need is a conscious action. What happens when you think you have the data needed to make a rational decision but you aren’t conscious of important information that could totally change your perception? For example, we may have access to what look like sufficient pieces of information to reach a rational business decision, such as a driver’s license with a photo ID or a computed credit score based on the person’s history of business transactions.

However, what’s often missing from the decision process is knowledge about relationships between people. Understanding these relationships – who’s who, who knows who, and other non-obvious connections – can increase beneficial decisions in a colossal way, yet awareness of these relationships is rarely incorporated into the process.

Since entity resolution can increase the accuracy of business processes by an order of magnitude, our New Year’s resolution here at Infoglide is to introduce as many people as possible to its benefits.

Happy New Year!

Share This

By the Infoglide Staff

Penn Olson: State of Cloud Computing

“Today, everything seems to be moving into the cloud. In 2005, investment in cloud computing was about $26 million. But in 2009, the investment grew to $370 million, more than 10 times of what was invested in 2005.”

WSJ: Banks Exit From Embassy Business

“Some of the nation’s largest banks are exiting or scaling back their dealings with foreign embassies and missions in the U.S. because of the burden of complying with money-laundering regulations… ‘It’s a commercial decision, but clearly it has ramifications for diplomatic relations,’ said Mark Toner, acting deputy spokesman for the State Department. ‘We want these foreign missions to be able to carry out their normal diplomatic functions here in the U.S.’”

Sandia National Laboratories: New standard proposed for supercomputing

“There are an estimated 50 million patient records, with 20 to 200 records per patient, resulting in billions of individual pieces of information, all of which need entity resolution: in other words, which records belong to her, him or somebody else.”

Share This

By the Infoglide Staff

Ottawa Sun: Gang boss gets HSBC credit card for false alias

“Federal laws require banks to know who exactly they’re doing business with - identification checks are mandatory - and they must gather details of clients’ backgrounds and lives. Failure to comply with those regulations can lead to administrative and criminal charges. Banks and other businesses that handle cash also are required to report suspicious transactions involving their clients to a federal anti-money laundering agency, FINTRAC. Reporting failures can also lead to administrative penalties and criminal charges.”

Pharmalot: Healthcare Fraud, Whistleblowers & US Treasury

“Specifically, there were 145 FCA cases settled in the 2010 fiscal year and the 10 largest settlements involved health care fraud, with eight involving drugmakers, according to Taxpayers Against Fraud, a non-profit that supports whistleblower lawsuits. The 10 largest cases accounted for $2.7 billion recovered. Although fiscal year 2009 actually recovered a larger pot of money - $5.6 billion.”

Rob Karel’s Blog: Software AG buys Data Foundations: Business Acumen Meets Data Competency

“It’s no longer too scandalous or surprising to admit that technology- or IT-centric MDM strategies just don’t work.  Building a single version of truth of master data in a central hub somewhere doesn’t directly solve any business problems. The only way master data can reduce risks, improve operational efficiencies, reduce costs, increase revenue or strategically differentiate an organization is by figuring out how to connect and synchronize that master data into the business processes and decisions most important to an organization’s success.”

ctv.ca: Search continues for true stolen lotto prize winner

“Police believe the real winner is a frequent player who purchased the ticket at a favourite store in St. Catharines in 2003, then had it checked at a Burlington store. Back at that time, there was no scanner allowing players to have their tickets checked automatically. They had to trust the clerk. Police have alleged the store’s operators lied to the customer and passed the winning ticket to a female relative to cash in.”

Share This

By Mike Betron, Infoglide Software Director of Marketing

On the one hand, recognition of the power that entity resolution can bring to bear on challenging problems both in the commercial and public realms continues to increase. On the other hand, resistance to change and lack of budget seem to be inhibiting dramatic increases in productivity and effectiveness that could be gained by a more rapid uptake of this new technology.

A few days after the 2009 Christmas Bomber incident, President Barack Obama made this statement:

“The bottom line is this: The U.S. government had sufficient information to have uncovered this plot and potentially disrupt the Christmas Day attack. But our intelligence community failed to connect those dots, which would have placed the suspect on the ‘no fly’ list. In other words, this was not a failure to collect intelligence; it was a failure to integrate and understand the intelligence that we already had. The information was there.”

Being able to connect the dots by using readily available data is every bit as challenging for private companies. Many commercial organizations (e.g., insurance companies, banks), similarly have all the right data available to them to solve problems related to identity.

While some people are skeptical that we’re making enough progress in developing and using advanced analytics, we’re certain that the remaining issues are solvable using available entity resolution technology in conjunction with readily available data.  It’s more a matter of will and resources than lack of capability that’s holding us back.

Share This

By Douglas Wood, Infoglide Senior Vice President

International companies, particularly those in the financial services markets, have long struggled to comply with the varying data privacy laws of the countries in which they operate.  Simple data analysis practices in one region of the world may or may not be acceptable in another, and the penalties of non-compliance can be harsh to say the least.  This leads to inefficiencies in areas such as AML, Compliance and Fraud Investigation.

For most companies, the data to identify and catch fraudsters already exists within the organization; however, because data is distributed across various data silos in different countries, resolving identities and non-obvious relationships requires rapidly accessing multiple data sources with different structures and access methods.

Consider then the requirement to comply with data privacy laws, which make it essential that the analyst returns only the calculated probability of a match in a foreign database, instead of the actual data associated with that match.  Businesses have spent massive amounts of money trying to tip-toe through the minefield of privacy laws and acceptable practices.  Determining “who’s who” and “who’s working with whom” has proven difficult where data privacy laws prohibit individual analysts from ‘seeing’ the results of a search into a database in another country.

Infoglide’s Identity Resolution Engine is uniquely capable of solving these requirements by searching into disparate data – irrespective of where it resides – and returning only the percentage likelihood that a match or relationship was found.  The software then returns contact information of the appropriate data steward, if desired.

Taking the weight of data privacy concerns off analysts increases productivity and helps them focus on the cases that truly matter to your organization.  For more information, contact sales@infoglide.com.

Share This

[Post from Infoglide] Surface Web, Dark Web, and Social Media

“A recent article in Bank Systems & Technology  says that financial services institutions are discovering increasingly sophisticated attempts to defraud their customers – more sophisticated in how they gather information and employ it in their criminal schemes. ‘As fraudsters increasingly seek to exploit weaknesses in consumers’ defenses through social engineering schemes rather than hack vulnerabilities in banks’ security systems, the need for enterprisewide solutions to detect fraud across channels is greater than ever.’”

IT-Director.com: An Intelligent Match

“Buying rather than building speeds up the process of filling gaps in (or simply improving) functionality, and so is a logical step, and Experian itself has plenty of acquisition experience (including of course QAS itself). It opens up the intriguing possibility that Experian QAS may be looking in the future to spread its wings beyond its historically tight market of contact data management. If so then this may not be the last acquisition that it makes.”

AllBusiness: TSA “Secure Flight” Requirements

“Effective November 1, 2010, if you do not accurately provide the TSA with your full legal name as it appears on your government issued identification within 72 hours of a flight, your reservation could be canceled, at will, by the Transportation Security Administration (TSA). Why are they doing this?  To enhance the security of commercial air travel, the TSA has developed Secure Flight, a program that compares airline passenger information against U.S. government watch lists.”

InformationWeek: Top 10 Cloud Computing Complaints

“‘You need the ability to migrate data from one cloud service provider to another, and there are cloud interoperability scenarios that need to be addressed as well,’ notes Matt Edwards, director of the cloud services initiative at TM Forum, a communications industry association. ‘There are multiple things that need to be addressed to avoid vendor lock-in and to remove the barriers for the adoption of cloud services.’”

Share This

By Mike Betron, Infoglide Software Director of Marketing

A recent article in Bank Systems & Technology says that financial services institutions are discovering increasingly sophisticated attempts to defraud their customers – more sophisticated in how they gather information and employ it in their criminal schemes. “As fraudsters increasingly seek to exploit weaknesses in consumers’ defenses through social engineering schemes rather than hack vulnerabilities in banks’ security systems, the need for enterprisewide solutions to detect fraud across channels is greater than ever.”

The sources of information about individual consumers are rapidly growing and increasingly accessible. Most of us concerned about our personal information think first about that portion of the World Wide Web that is indexable by conventional search engines, sometimes called the “surface web.” That information is more easily monitored and managed than social media sites (e.g. Facebook) and other dark web sources such as local, state, and government databases.

What is needed is a comprehensive picture of our personal online reputation, but it’s not a simple task. It requires the ability to tie together diverse data from a multitude of sources in a variety of formats. Using similarity searching, advanced filtering, and sophisticated scoring, federated searching across disparate data sources can produce a unified view of an individual’s “identity” for ongoing monitoring. Ideally, that unified identity can be refreshed using automated rather than manual processes.

Identity resolution offers the ideal core technology for any solution designed to present a unified picture of personal identity across surface web, dark web, and social media sources. Since identity resolution engines are designed to incorporate new data sources without requiring system rewrites, they offer the best hope for deployment of extensible systems for online identity management.

Share This