Identity Resolution Daily

By Dan Power, President and Founder, Hub Solution Designs

There definitely seems to be a trend lately with small companies in the master data management (MDM) and data quality space being purchased (as in the asset acquisition of Exeros by IBM) or partnering with larger firms (such as Silver Creek Systems’ OEM relationship with Oracle).

I think this is a good thing. Using the classic “build, buy or ally” strategy, it isn’t surprising that sometimes companies will conclude that it’s faster and/or cheaper to buy a technology, or partner with another company that has that technology, rather than build it themselves internally.

A lot of companies do tend to suffer from the “not invented here” syndrome, where anything not developed inside their four walls tends to be regarded with disdain. But that tendency leads to a much slower pace of innovation. In very competitive industries like enterprise software, getting there faster is a very definite advantage.

Since I’ve been working with the identity resolution experts at Infoglide, I’ve become much more aware of the role identity resolution technology plays in our daily lives. Every time you get on an airplane, file an insurance claim, apply for a job / mortgage / credit card, or even shop in a retail store or on a web site, your identity is probably being evaluated by an Identity Resolution Engine.

A lot of people in the MDM space refer to this as “matching”, but there’s considerably more to Identity Resolution than the sophisticated pattern matching that most MDM hub platforms use today. The more robust form – Identity Resolution – is mostly used currently for sophisticated applications like terrorist screening and anti-money laundering, where big consequences or big dollar amounts are at stake.

But that technology is gradually filtering down to more routine commercial applications like master data management for customers. The large MDM vendors like Oracle, IBM and SAP – and the smaller vendors like Siperian, Initiate Systems and D&B/Purisma – will follow the “build, buy or ally” pattern, with some opting to create their own more sophisticated Entity Resolution capabilities, some buying smaller firms who already have those advanced products, or perhaps partnering as a middle ground between building and buying.

Either way, this trend is good both for specialized companies like Infoglide and for the general public. We’ll all be a little safer getting on a plane, a little less likely to suffer from identity theft or confusion, and perhaps save a little money through reduced incidence of various types of fraud.

Full-fledged Identity Resolution is a capability that most MDM hubs should plan on adding in the next revision cycle or two, as MDM customers become more discriminating and more demanding of their hub’s ability to identify individuals and businesses from an ever-growing stream of data.

Dan Power is president of Hub Solution Designs, a consulting firm specializing in master data management and data governance. He writes a popular blog and a column for Information Management magazine, speaks frequently at technology conferences, and regularly advises clients on developing & implementing high impact MDM and data governance strategies.

Share This

By Robert Barker, Infoglide Senior VP & Chief Marketing Officer

Clowns to the left of me, Jokers to the right,
Here I am, stuck in the middle with you.

-Jerry Rafferty and Joe Egan, Stealers Wheel

One reason Identity Resolution Daily began two years ago was to create a venue to address privacy/security controversies. Because we supply and support core technology used in DHS’s Secure Flight program that performs airline passenger watch list matching, we established a vehicle to discuss how powerful technology can help the country be more secure while simultaneously protecting privacy.

The discussion rages on: how can we balance society’s competing needs for privacy and security? Fusion centers were created to increase the collaboration and effectiveness of law enforcement agencies in combating crime and terrorism, but now we see privacy groups and legislatures (among others) pitted against each other, and guess who’s caught in the middle? Those enforcing the law.

From wikipedia, “a Fusion Center is a terrorism prevention and response center” that gathers “information not only from government sources, but also from their partners in the private sector. They are designed to promote information sharing at the federal level between agencies such as the CIA, FBI and Department of Justice) and at the state and local level.”

A concept developed as a response to the events of 9/11, the objective of fusion centers is to coordinate law enforcement efforts to prevent future terrorist events. While 58 state and local fusion centers have been implemented, standardization is lacking when it comes to how they operate and what they focus on.

Of course, any effort that deals with personal information produces the potential for abuse. Recent news stories have raised cries from both the left and right ends of the political spectrum, resulting in some strange partnerships.

So where do we fall on this issue? You might say we’re stuck in the middle. Like law enforcement agencies, we’re trying to do our job as best we can. In the case of the agencies, it’s catching the bad guys before they do damage, yet without infringing on citizens’ privacy. For us, that means supplying software that allows them to do just that.

Share This

By Robert Barker, Infoglide Senior Vice President & Chief Marketing Officer

In a February post blogger Steve Sarsfield talked about government mandates that direct financial institutions to avoid doing business with known “bad guys”:

The mandates have to do with the lists of terrorists offered by the European Union, Australia, Canada and the United States. For example, in the U.S., the US Treasury Department publishes a list of terrorists and narcotics traffickers. These individuals and companies are called “Specially Designated Nationals” or “SDNs.” Their assets are blocked and companies in the U.S. are discouraged from dealing with them by the Office of Foreign Asset Control (OFAC)… If your company fails to identify and block a bad guy… there could be real world consequences such as an enforcement action against your bank or company, and negative publicity.

He goes on to describe the role that data quality software plays in addressing the problem. While I agree with Steve that improving data quality is an important component of some solutions, I’d emphasize that it’s critical to know when and where to improve it. Too much “quality” can actually hurt a solution’s effectiveness.

Professor John Talburt (ERIQ) illustrated this notion in a recent guest post. Making the case for using entity resolution to find hidden relationships, he first showed how the absence of sufficient attributes can cause false positives. He then went on to say:

Even given that the set of identity attributes is large enough to avoid a false positive, the larger problem with matching as a surrogate for entity resolution is that it produces false negatives.  For example, “Mary Doe, 234 Elm St” and “Mary Smith, 456 Pine St” do not match, but does that mean they are not references to the same entity?  It could very well be the case that Mary Doe married John Smith and moved to his house at 456 Pine St.

So in looking for bad actors, suppose the address of one of the two Mary Does above had been resolved to the “correct” address by applying data quality software before using entity resolution to search for hidden relationships. We might have never discovered that Mary Doe married the nefarious John Smith who is on the OFAC list!

If the goal of the solution is merely compliance with a minimum of false positives, data quality can help achieve these goals. But if the goal of the solution is to find bad guys by discovering non-obvious relationships, false negatives are a more important consideration. While false positives are a costly annoyance that require extra resources to resolve, false negatives can mean missing bad guys altogether, and that hurts much more than the bottom line. It can mean not complying with the mandates.

Share This

January 30th, 2009

[Post from Infoglide] Will Workers Comp Employer Fraud Keep Rising?

“In our collections of links about identity resolution, we often include stories about employees who defraud workers compensation agencies. Most of the time it concerns someone who’s claimed a disability in order to get payments and is then working another job that proves they are healthy.  Another twist is covering up the fact that a relative drawing workers comp benefits has died in order to continue receiving payments.”

Insurance & Financial Advisor: Pennsylvania man among seven charged in multi-million dollar workers’ comp fraud

“In a pair of recent indictments, the defendants are accused of lying on insurance applications and failing to remit insurance premiums to the insurance companies, instead keeping the money for themselves, according to theNew Jersey Attorney General’s Office. The defendants are also accused of laundering money so the scheme would go undetected. As a result, many people were allegedly left without workers compensation insurance.”

Business Intelligence News: Gartner’s Magic Quadrant for Business Intelligence Platforms 2009

“Recently, Gartner published its report called Magic Quadrant for Business Intelligence Platforms 2009. This report is Gartner’s opinion about the market of BI and their main vendors.”

Network World: MySpace faces fresh controversy over sex offender issue

“Pallorium maintains a database of more than 600,000 sex offenders culled from state registries around the country. Rambam said he took a random sample of 40,000 names from that database and then searched more than 2 million MySpace member pages for matches. An initial search using first and last names, approximate age and city and state of residence as keywords yielded over 12,400 matches, Rambam claimed.”

Daily Insurer: New Yorker Nabbed in Workers’ Comp Scheme

“According to Solomon Jones, an investigator with the Insurance Department’s Frauds Bureau, Cossio submitted signed statements to the Insurance Fund falsely claiming he was unable to work after injuring his back while employed as a laborer. Jones said investigators found that Cossio was working as a porter and maintenance attendant while collecting the benefits.”

Share This

By Robert Barker, Infoglide Senior Vice President & Chief Marketing Officer

In our collections of links about identity resolution, we often include stories about employees who defraud workers compensation agencies. Most of the time it concerns someone who’s claimed a disability in order to get payments and is then working another job that proves they are healthy.  Another twist is covering up the fact that a relative drawing workers comp benefits has died in order to continue receiving payments.

The Ohio Bureau of Workers’ Compensation estimates that they pay as much as $320 million annually in fraudulent claims to both employees and employers. Their definition of fraud is “as an intentional act or series of acts resulting in payments or benefits to a person or entity that is not entitled to receive those payments or benefits. Fraud is committed when a person
•    knowingly receives benefits which he or she is not entitled to receive by law;
•    makes false or misleading statements for the purpose of receiving money or services; or
•    enters into a conspiracy to defraud the Ohio State Insurance Fund or self-insuring employer under the Workers’ Compensation Act.”

While the employee fraud problem is significant, blogger Leonard Jernigan rightly points out that the third type of fraud in Ohio’s definition, i.e. fraud by employers, is an even bigger problem. “When thousands of employers across the country intentionally fail to pay required workers’ compensation premiums or misrepresent the job classification of employees who are covered, the fraud perpetrated on the system vastly exceeds the dollar amount of employee fraud.” Despite this fact, attention (and most of the news coverage) seems to be focused on employee fraud. Perhaps it’s the “gotcha” aspect of many of the nighttime news programs that makes employee fraud more appealing. Employer fraud isn’t as sensational but, based, on the financial impact, it should be getting more attention.

Jernigan lists no fewer than 14 different ways that employers defraud the system and thereby increase the burden on taxpayers for underwriting the healthcare costs of injured workers. Employer fraud takes many forms, but in all cases the object is to eliminate or reduce payments into the workers compensation system, and that increases the tax burden on all of us. The current challenging economic situation will likely increase the temptation for businesses to workers compensation payments. The losses incurred through employer fraud should increase detection and prosecution efforts.

Share This

By the Infoglide Team

Long Beach Press-Telegram: 3 more truck firms named in port probe

“In the latest cases, the companies were able to avoid paying overtime, payroll taxes, health insurance and workers’ compensation by labeling their drivers ‘independent contractors’ — a label applied to some 90 percent of truckers in the ports of Long Beach and Los Angeles.”

All Things Data: Master Data Management and the Mid-Market Need

“Basically, the MDM Summit in New York confirmed that the process to implement a Master Data Management initiative is generally the same regardless of whether the organization is a Mid-Market company or a larger enterprise.”

SmartBrief: Homeland Security releases more details on Secure Flight program

“The Department of Homeland Security estimates 99% of passengers will breeze through security next year when federal officials take over the job of screening names provided by the airlines.”

Confessions of a database geek: Updates to the Information Quality Aggregator

“It’s great to see more activity in the data quality arena. Dylan Jones started the Data Quality Pro site, and dropped me a note with some additional blogs to consider. A couple look pretty good!”

Share This

[Post from Infoglide] Start Early on Data Quality

“Identity resolution plays a vital role in data quality applications. Applying identity resolution on the front-end can ensure that error-filled and fraudulent identity information is detected and kept from entering production systems.”

Nashua Telegraph: Owners take on workers at issue

“In addition, the business avoided more than $368,000 in worker’s compensation insurance premiums by under-reporting the number of workers they had hired, prosecutors claim.”

Kiplinger Business Resource Center: Government to Take over Screening from Airlines

“Under a program dubbed Secure Flight, the Transportation Security Administration (TSA) will assume responsibility for checking passengers against a watch list of known and suspected terrorists. Currently, that job is performed by the airlines, and each one has its own process.”

CSO Security Leadership: Opposing Forces in a Down Market

“In a tightening economy, history has proven that the risks faced by businesses increase significantly. When times begin to get tough for individuals, many will turn to crime to abate their diminishing financial situations.”

Share This

By the Infoglide Team

info4security: The Cybercrime Arms Race

“Criminal activity has always mirrored legitimate business. The image of a Mafia accountant may be the first to spring to mind. However, it’s worth noting that cybercrime is not currently organised into one or more worldwide Mafia-like organizations with a Dr No figure at the helm. Rather, it’s an interdependent world based on groups who have complementary functionality.”

Portfolio.com: Insider Trading Suspects Settle Up

“In what the S.E.C. called the ‘Wall Street Serial Insider Trading Ring,’ 14 defendants, in two different schemes, traded repeatedly on non-public information in exchange for cash kickbacks, according to the complaint. Overall, they allegedly made at least $15 million in illegal profits.”

SecurityFocus: Two-thirds of firms hit by cybercrime

“More than 7,800 companies responded to the survey (pdf), which classified cybercrime into cyber attacks, cyber theft, and other incidents.”

Information Week: Congress Extends Cybercrime Laws

“The U.S. House of Representatives approved the bill — H.R. 5938 — Monday. The amendment — part of Senate bill S. 2168 — expands the ability of the federal government to prosecute identity theft crimes and allows victims to obtain restitution for the time and money they spend trying to restore their credit. The legislation, which must be signed by President George W. Bush, allows a fine and up to five years imprisonment for spyware.”

NRF LPInformation: Update on ORC Hearing, September 22 (Monday) at 4pm

“The House Judiciary Committee’s Subcommittee on Crime, Terrorism and Homeland Security is scheduled to address H.R. 6713, the ‘E-fencing Enforcement Act of 2008′, H.R. 6491, the ‘Organized Retail Crime Act of 2008′ and S. 3434, the ‘Combating Organized Retail Crime Act of 2008′.”

Share This

By Robert Barker, Infoglide Senior Vice President & Chief Marketing Officer

At the recent International Conference on Cybercrime Forensics Education and Training in Canterbury UK, international experts discussed the challenges involved in keeping up with increasingly sophisticated criminals who target children on the internet. They covered a wide array of subjects that illustrated the complex ways that computer systems are exposed, including topics like mobile phone forensic investigation, the social effects of Spam, digital intrusion forensics, implications and methodology of facial ID training, and virtual reality police training.

Pedophiles use multiple forms of internet communication to share information, including photographs. A recent infamous example in the UK is Philip Anthony Thompson. A British police unit discovered that his home computer was hosting a quarter of a million child porn images, including 3000 depicting sadistic abuse, and that Thompson served as an administrator of a forum that enabled and encouraged sharing of images and knowledge. 

Is the fact that Thompson was caught a sign that law enforcement has the problem under control? Not exactly. Denis Edgar-Nevill, chairman of the cybercrime forensics conference, pointed out that “people should not believe that cybercrime is being dealt with well or that it is something law enforcement agencies are on top of.” He was not being critical of law enforcement, and in fact he commended them for work in certain areas. It’s just that the scale of the problem is so huge, and with the growing number of avenues for people to communicate, it’s incredibly difficult for enforcement agencies to keep up. Their resources are divided across a number of cybercrimes, and, for better or worse, financial crimes are often considered more serious.

Given the finite human resources of police agencies, can technology fill the gap? Sexual predation depends on the use of fraudulent identities. Identity resolution technology has been used to fight many other types of fraud. It can find stolen goods being fenced on eBay by ORC groups. Stock exchanges find hidden relationships that lead to identification of insider trades. Retailers use it to detect and prevent deceptive returns of stolen merchandise by deceitful employees. Lotteries can detect false claims with winning tickets. Workers’ compensation agencies leverage identity resolution to identify fraudulent claims. And terrorists are prevented from boarding airplanes.

With proper cooperation between law enforcement agencies and information technology vendors, surely identity resolution technology can enable the development of automated systems that will shine a light on predators and greatly diminish their ability to operate under the radar of police groups.

Share This

“It is unfair to label Iranian and other immigrants as dangerous based solely on the activities of their government’s leaders. This one-sided post unnecessarily causes fear towards immigrants from Iran, Cuba, Sudan, and Syria. […] Immigration did not cause 9/11.”

That’s one of our own, Joe Alavi, Web Developer for Infoglide Software, taking us to task for our post on Monday, Much Ado About Ahmadinejad. But What of the Other 3,100 Iranians in the US? And of course, he’s right.

There was no intent to impugn every immigrant from these countries. Instead, we wanted to call attention to a new GAO report that warns that U.S. government is not taking adequate steps to properly resolve the identities of immigrants who apply through the Diversity Visa (DV) program. The report says, “Consular officers at 6 of the 11 posts we reviewed reported that widespread use of fake documents, such as birth certificates, marriage certificates, and passports, presented challenges when verifying the identities of applicants and dependents. Difficulty in verifying identities has security implications because State’s security checks rely heavily on name-based databases.”

In making our point, instead of keying off this provocative headline from Reuters, U.S. admits nearly 10,000 from “terrorism” states, we could have employed this more balanced story from the Washington Post — Risk of Fraud High in Visa Program.

Another story from the San Antonio Express News reported that of the 10,000 immigrants who have migrated here from states that sponsor terrorism, “None of those immigrants has been linked to terrorist investigations or acts. But the program should be overhauled, the 51-page report concluded, because the risk remains high and there are other lingering problems, such as rampant fraud.”

However, Investor’s Business Daily, CNSNews and Sen. Jeff Sessions (R-Ala.) all call attention to one exception: Mohamed Hadayet. He earned a green card through his wife and she gained entry through the DV program. Mohamed Hadayet was the terrorist who shot and killed two people at the El Al counter at LAX in 2002. For the sake of balance, we should point out that Hadayet was an Egyptian and Egypt is not listed as a state sponsor of terrorism.

And balance is what our post on Monday was missing.

Thank you, Joe, for writing

“The post does not mention that the vast majority of immigrants from these countries are peaceful, intelligent, law abiding citizens that make a positive impact on this country on a daily basis. It is irresponsible to single out Iranians in the title of the post because there are no facts to suggest that these Iranians are dangerous whatsoever. They are coming to this country to receive an education, a better way of life, to visit relatives, etc. They are not coming to be spies or terrorists as this post suggests.”

Joe also called us out for not balancing our post with the very real accomplishments of Iranian-Americans.

He’s right about that and he’s also right about this:

“The United States was founded by immigrants in Plymouth, Massachusetts and Jamestown, Virginia. The first transcontinental railroad (one of the greatest technological achievements of the 19th century) was constructed largely by hard working Irish and Chinese immigrants in very dangerous and grueling conditions.

“This country receives tremendous benefit by welcoming immigrants because often they are very intelligent individuals seeking higher education, and end up working in various industries, giving our country a competitive edge over the rest of the world. They bring fresh ideas and perspectives and give credibility to our country as an open minded society. Just because 9/11 happened does not mean that immigration is an epidemic. Immigration did not cause 9/11.”

Thanks again, Joe, for speaking up and keeping the blog on the right path.

Share This