Search
Article

An investigator’s ‘inside’ perspective: investigation techniques must continue to evolve as threats evolve


Fraudsters’ methods and techniques for committing fraud continue to evolve, growing ever more complex and difficult to detect. We, as anti-fraud professionals, must do the same, evolving our investigative techniques to stay ahead of fraudsters to detect, investigate and remediate fraud as early as possible.

As we move forward, continuing to use our traditional investigative methods as a foundation for proceeding with our investigations is important, however, we must also build upon this foundation with emerging techniques and technologies such as data analytics and Open-Source Intelligence (OSINT) and other investigative databases.

While we cannot avoid issues with the source data, we can now easily avoid being part of the age-old adage when we reference data issues, “garbage in, garbage out.”

After creating a scope for our investigations based on fraud schemes that are most likely to occur and are most impactful to the organization, our analysis phase begins. In addition to conducting interviews, a major component of this stage is analyzing transactions and processes associated with these transactions to determine specific instances in which fraud may have occurred. As anti-fraud professionals, we use our standard bag of tricks like comparing our vendors to our employees and reviewing the expense payment process. However, data analytics tools available today allows us to go far beyond this, enabling us to view and analyze data in more ways than ever. In the past, anti-fraud professionals were greatly constrained by such things as data was received, the size of the data, the need to normalize data into a usable format, among others. With today’s tools, we can import data of all forms and sizes without constraint. While we cannot avoid issues with the source data, we can now easily avoid being part of the age-old adage when we reference data issues, “garbage in, garbage out.” Data analytics tools allow us to quickly ingest, analyze and report results, and this speed and agility, in turn, helps to enhance outcomes.

If we think about investigations in terms of a funnel, in which we start with a large amount of data, processes, procedures and other information and then narrow it all down to a specific issue or occurrence of fraud (and, ideally the identification of a perpetrator), it is important to consider the data refinement process. Our data analytics tools do well in getting us further down the funnel, but do not always get us to the bottom on their own. Rather, they generally help us hone our focus to specific people and specific areas of the business.

The incorporation of OSINT investigation is often overlooked in many investigations, particularly in forensic accounting-related investigations. OSINT refers to any information that is publicly available, whether on the internet, dark web or elsewhere. Initially, using OSINT’s readily available information may seem contrary to the intent of fraudsters who, by nature, work hard to conceal their nefarious efforts. If information is readily available, how can it be helpful?

It’s easy to adopt an attitude of “if it’s not broken, don’t fix it,” however, that is not an attitude we can afford to take. Full use of innovation in how we approach and conduct investigations is paramount to our success.

The first step in effectively using OSINT technology and techniques is accepting that, with the right tools, even the most mundane information can be captured, analyzed and pieced together to form a powerful whole. With the right tools and skill set, it is possible to capture e-mail addresses, phone numbers, previous usernames, passwords and, notably, social media accounts and other information that can prove useful in the course of an investigation. Today, individuals of all ages, across all demographic groups, use social media. A medium that first was populated solely by Millennials and Generation Z now has millions of users aged 40 and older. Now, think about this pervasive use and longevity of social media use in the context of an investigation. If we can take the results of our data analytics, and overlay data gleaned from social media (including posts, phone numbers, e-mail addresses and more) we can exponentially improve the breadth and depth of our investigation, making it, ultimately, more effective. And, as OSINT technology and tools continue to evolve, we’ll be able to extract even more salient information from the seemingly mundane.

We, as anti-fraud professionals, must adapt and embrace new technologies and techniques in our investigations. To continue to be effective in our work, we must be agile in adapting to new methodologies employed by fraudsters to allow us to be effective in both deterring and detecting fraud. It’s easy to adopt an attitude of “if it’s not broken, don’t fix it,” however, that is not an attitude we can afford to take. Full use of innovation in how we approach and conduct investigations is paramount to our success.

This publication presents the views, thoughts or opinions of the author and not necessarily those of HKA. Whilst we take every care to ensure the accuracy of this information at the time of publication, the content is not intended to deal with all aspects of the subject referred to, should not be relied upon and does not constitute advice of any kind. This publication is protected by copyright © 2021 HKA Global Ltd.