Detecting Publishing Fraud

May be many components, like fraud, inaccuracy, etc.  Knowing what kind might be most useful. Also a related analysis of the peer review?

Weird Computer-Generated Phrases Tip-Off Scientific Publishing Fraud

By Bulletin of the Atomic Scientists, January 13, 2022

Scientists authored six million peer-reviewed publications in 2020, and among them are thousands of fabricated articles. Modern plagiarists are making use of software and perhaps even emerging AI technologies to draft articles — and they're getting away with it.

Technology is also being used to identify fraudulent research. A computer system named the Problematic Paper Screener searches through published science and seeks out "tortured phrases" in order to find suspect work. A tortured phrase is an established scientific concept paraphrased into a nonsensical sequence of words. "Artificial intelligence" becomes "counterfeit consciousness." "Signal to noise" becomes "flag to clamor."

As of January 2022, researchers found tortured phrases in 3,191 peer-reviewed articles published, including in reputable flagship publications. They also found published papers that appear to have been partly generated with AI language models like GPT-2, a system developed by OpenAI. Unlike papers where authors seem to have used paraphrasing software, which changes existing text, these AI models can produce text out of whole cloth.

From Bulletin of the Atomic Scientists

View Full Article     

Mining Financial Data Without Actually Seeing It Can Detect Fraud

Quite interesting.  

 Mining Financial Data Without Actually Seeing It Can Detect Fraud  By Arnout Jaspers, Commissioned by CACM Staff, September 9, 2021

Large-scale data sharing is a potential goldmine for research, health, and security, but until recently this goldmine was largely inaccessible, due to privacy considerations. Now, banks are starting to use secure Multiparty Computation (MPC) to detect potentially fraudulent transactions while protecting the privacy of their customers.

MPC distributes computations on data between several parties in such a way that none of the parties can see the raw data, but the desired result can still be computed. Software to achieve this has been developed over the past years. A similar concept is homomorphic encryption, which guarantees that certain classes of computations performed on encrypted data give the same result as computations on the raw data.          

TNO, the Netherlands organization for applied scientific research, is working closely with two large Dutch banks, ABNAmro and Rabobank, on a pilot project to detect suspicious financial transactions using MPC and an algorithm inspired by Google's page-rank algorithm. The basic idea is that networks of financial transactions can be analyzed in similar fashion to how a search engine determines the importance, or rank, of a website. A website is 'important' if other 'important' websites link to it; although this is a self-referential definition, the page-rank algorithm can, after a number of iterations, produce a consistent ranking of websites. 

In this case, bank accounts are the nodes in the network, and two accounts are linked if a money transfer between them has taken place. Other than in the Internet page ranking, a link can have a weight, depending on how often and how much money was transferred. An account gets a high risk score, for instance for money laundering, if another high-risk account transferred money to it.

Each bank can create such a 'risk propagation network' for the accounts of its own clients because it has their financial transaction data, but many transactions happen between different banks. Risk scoring would improve significantly if the algorithm could add those external accounts to the network, but banks are hesitant to share these data because of their potential impact on privacy. Said Tjebbe Tauber, business developer for innovation and design at ABN AMRO's Detect Financial Crime unit, "We are carefully looking at what is, and what is not possible under the European privacy law."  .... ' 

SAS: Fraud Detection and Machine Learning

Intro to a piece by SAS worth taking a look at.

Fraud detection and machine learning: What you need to know   from SAS

Fraud detection is a challenging problem. The fact is that fraudulent transactions are rare; they represent a very small fraction of activity within an organization. The challenge is that a small percentage of activity can quickly turn into big dollar losses without the right tools and systems in place. Criminals are crafty. As traditional fraud schemes fail to pay off, fraudsters have learned to change their tactics. The good news is that with advances in fraud analytics, systems can learn, adapt and uncover emerging patterns for preventing fraud.

Most organizations still use rule-based systems as their primary tool to detect fraud. Rules can do an excellent job of uncovering known patterns; but rules alone aren’t very effective at uncovering unknown schemes, adapting to new fraud patterns, or handling fraudsters’ increasingly sophisticated techniques. This is where fraud analytics, powered by machine learning, becomes necessary for fraud prevention and detection.

Machine learning is all the rage now. Most vendors claim they have some form of machine learning, especially for fraud detection. SAS has been a pioneer in machine learning since the 1980s, when neural networks were first used to combat credit card fraud. But just because we’ve been doing machine learning and fraud analytics for so long doesn’t mean we’ve been resting on our laurels. In fact, it’s quite the opposite.

Machine learning is a critical part of the fraud detection toolkit. Here’s what you’ll need to get your fraud analytics initiative started. ... " 

Recorded Future to Acquire Gemini Advisory

We followed Recorded Future here since its beginning

Recorded Future acquires Gemini Advisory in $52 million deal  in ZNet

The company will leverage the purchase to carve a place in the fraud analytics market.

By Charlie Osborne for Zero Day  

Announced on Tuesday, the enterprise security intelligence provider said the purchase has been secured and agreed upon through both cash and equity. 

Founded in 2009 and based in Massachusetts, Recorded Future works with over 1,000 corporate clients and government entities to provide threat intelligence through automated data collection and analytics. 

Gemini Advisory, however, focuses on fraud and activities in the Dark web. Services include brand monitoring, cybercriminal activity alerts, access to compromised datasets discovered in the web's underbelly, and consultancy when it comes to the development of mitigation procedures when stolen records and credentials appear online. 

"Recorded Future and Gemini Advisory will offer organizations the most comprehensive intelligence platform, giving organizations a critical edge with the visibility to act at the speed of the adversary to mitigate cyber risk and fraud," the companies say. ... " 

Review Manipulation in Amazon

 Had only just recently directly noticed fake or manipulated reviews on Amazon.  Had thought that Amazon was controlling these, but then alterted to it by an ArsTechnica article, see below.  Remember being impressed by 'extensive detailed  reviews' on Amazon, especially for complex technical items.    When I buy something expensive or complex I am likely to be cautious in its selection.   But examples show in some cases clearly not even reviewing the product at hand.  Inserted to skew statistics in comparisons.    It cheapens the whole idea of reviews as a useful measure.   Certainly AI could detect these by patterns using AI.  Lets fix it. 

Amazon still hasn’t fixed its problem with bait-and-switch reviews

Amazon has done little to stop sellers from gaming its search algorithm.

By Timothy B Lee ... in ArsTechnica

On Fakes and Frauds via AI

Creating frauds that are hard to distinguish from the real thing.

AI vs. AI   By R. Colin Johnson in ACM

The Hackathon for Peace, Justice and Security (logo pictured) featured a contest to create the best AI software to identify deep fakes..

This battle of the artificial intelligence spitting fraudster again cybersecurityis being fought in the trenches of fake news, fake videos, and fake audio.

Artificial intelligence (AI) has made great strides in catching attempted credit-card fraud—most of us have received communications from our credit-card issuers to confirm attempted purchases made by cybercriminals. Using machine learning (ML) to compile "synthetic identities" that display the usual behavior patterns of its credit holders, financial institutions can spot anomalous behaviors in real time. Unfortunately, cybercriminals likewise are using AI to create their own synthetic identities, producing results realistic enough to fool the AI that spots anomalous behaviors.

This battle of the AIs—pitting fraudster again cybersecurity—is also being fought in the trenches of fake news, fake videos, and fake audio. Thus the arms race has begun: AI versus AI.

Jupiter Research's Steffen Sorrell says synthetic identities are the "low-hanging fruit" of credit card fraud. According to Jupiter Research's latest Online Payment Fraud report, synthetic identities are driving online payment fraud toward $200 billion in losses to the bad guys by 2024. For the good guys, it is also driving the fraud-detection market to reach $10 billion over the same period, up from $8.5 billion this year.

"Online fraud takes place in a highly-developed ecosystem with division of labor," said Josh Johnston, director of AI Science at Boise, ID-based fraud prevention enterprise Kount Inc.  Johnston said cybercriminals specialize in different types of crimes ranging from manually "skimming cards" to creating synthetic identities with AI. "Others test stolen card numbers and credentials against soft targets like charities and digital goods merchants to make sure they haven't been cancelled," said Johnston, who claims high-limit credit card numbers with accurate name, address, and CVV (card verification value) can be purchased for less than a dollar in Internet black markets on the dark web.
"A fraudster can buy a list of these verified cards and monetize them through any number of online schemes," said Johnston. "AI is used heavily by these criminals, who also share software tools and tips on Internet forums just like legitimate developers."

These high-volume fakes use all types of AI and other automation techniques, ranging from small programs that generate and register realistic email addresses by combining real first and last names followed by random numbers, to large ML programs that create synthetic identities by combining bits of information from multiple real people to create a composite, according to Johnston.  If a fraud detector checks on a synthetic identity, they often find a fake email account, Facebook page, and other Internet presences showing details of the synthetic identity have been recorded by the fraudster. ... '

Aiming to Dupe AntiFraud Systems: Digital Doppelgangers

Quite an interesting discovery.  Constructing fake user profiles to facilitate fraud.   Goes back to the need for stronger means of constructing foolproof real identities, probably cryptographically determined.  'Fraud on Demand'?  The linked-to article contains considerable detail on the current activity here.   Doppelgangers vs Digital Twins?     'Synthetic Identities'

Dark Web's Doppelgängers Aim to Dupe Antifraud Systems  By Paul Marks

Communications of the ACM, January 2020, Vol. 63 No. 2, Pages 16-18
10.1145/3374878

Deep within the encrypted bowels of the dark Web, beyond the reach of regular search engines, hackers and cybercriminals are brazenly trading a new breed of digital fakes. Yet unlike AI-generated deepfake audio and video—which embarrass the likes of politicians and celebrities by making them appear to say or do things they never would—this new breed of imitators is aimed squarely at relieving us of our hard-earned cash.

Comprising highly detailed fake user profiles known as digital doppelgängers, these entities convincingly mimic numerous facets of our digital device IDs, alongside many of our tell-tale online behaviors when conducting transactions and e-shopping. The result: credit card fraudsters can use these doppelgängers to attempt to evade the machine-learning-based anomaly-detecting antifraud measures upon which banks and payments service providers have come to rely.

It is proving to be big criminal business: many tens of thousands of doppelgängers are now being sold on the dark Web. With corporate data breaches fueling further construction of what market analyst Juniper Research calls "synthetic identities," Juniper estimates online payment fraud losses will jump to $48 billion by 2023, more than double the $22 billion lost in 2018.

The existence of a doppelgänger dark market was first discovered in February 2019 by security researcher Sergey Lozhkin and his colleagues at Kaspersky Lab, the Moscow-based security software house. His team was carrying out their regular threat analyses on several underground dark forums, "when we discovered a private forum where Russian cybercriminals were hosting information about something called the Genesis Store," Lozhkin says.  .... " 

AB InBev Uses Machine Learning for Corruption

Have in the past few months seen several interesting examples of automated and semi-automated fraud detection, and some cases where it should be being used.  Here another somewhat unexpected example.

AB InBev Taps Machine Learning to Root Out Corruption
The Wall Street Journal
By Dylan Tokar

Brewer Anheuser-Busch InBev spent three years developing machine learning technology to spot corruption in its business partners. The BrewRight analytics platform harnesses data from operations in more than 50 countries to proactively track legal risks and deter violations, rather than investigating problems after they crop up. Companies have traditionally probe misconduct after it happens, but Harvard Business School's Eugene Soltes said, "Data analytics and what AB InBev has done changes that equation. They want to put much more on the front-end—on prevention and detection." The machine learning aspect allows the platform to become smarter and more effective over time. It already has cut hundreds of thousands of dollars in costs associated with investigating suspect payments.  ... '

Ultimate ID: Facial Recognition?

Where you would expect it, but the results are still less than perfect.  And where it is mostly likely to be spoofed for direct fraud. 

Facial Recognition Making Its Way in Banking    By AI Trends Staff

Facial recognition technology is making its way into the banking industry, used primarily for physical security and ID recognition.

A handful or startups have emerged to serve the niche, the largest being Yitu Technology, a company with some 200 employees based in Shanghai, according to a report in emerj. Started in 2012 by a founder with a PhD in statistics from the University of California, the company employs a number of machine learning researchers. The company makes the Yitu Dragonfly Eye Intelligent Security System.

Another is Cloudwalk Technology of China, which had raised $507 million as of September 2018. They have contracts with the Bank of China and Bank of Chongqing. The president has a PhD in electrical engineering from the University of Illinois- Urbana Champaign. In facial recognition, the company appears to be in startup mode with few data scientists and machine learning researchers employed.

Other startups include IntelliVision, which offers Face Recognizer, which can recognize a customer’s face as shown on a stored image, when the customer is trying to access their bank account from an ATM with a camera, for example. If the customer’s photo is not stored in the bank’s database, the ATM can record the persons face and associate it with the account being accessed. IntelliVision has raised $6 million.

FaceFirst is offering software of the same name for access control using machine vision. The system is able to authorize identities, deliver mobile notifications to the security team, and recognition priority customers so that they receive the appropriate preferences. The companies say clients can integrate the software with existing image databases and with video footage. FaceFirst has raised $9.5 million in investment capital.  ... "

Visa Tests AI to Detect Fraud

An area I always thought would be ideal.   Considering the idea now in an emerging architecture that would provide both data for such an analysis, as well as the structure of existing interactions.    The card companies have the data.

Visa to Test Advanced AI to Prevent Fraud 
The Wall Street Journal
By Sara Castellanos

Visa is launching a platform to help its engineers quickly test artificial intelligence (AI) algorithms designed to detect and prevent credit card fraud. The platform is an example of the broader financial services industry trend toward using AI to detect patterns in transactions that could be a sign of criminal behavior. The new platform, which is cloud-based, will test algorithms that use deep learning to sift through data to find anomalies in an effort to prevent fraudulent transactions that involve billions of dollars every year. Platform users will be able to access a secure dataset made up of Visa's real-time card transactions in a way that allows them to test algorithms on a subset of the data before deploying it widely.  ... "

NASA Aluminum Fraud Causes Sat Failures

Looking at how fraud and scams exist in different parts of contract processes.  Here is one we are examining as a case study.   Any input?

An Oregon aluminum manufacturer has admitted to falsifying critical tests on aluminum sold to NASA over a 19 year period, agreeing to pay a $46 million fine to the Department of Justice.

NASA says the scam was at the heart of two failed missions—2009’s Orbiting Carbon Observatory, which carried equipment designed to take the most precise measurements of atmospheric carbon dioxide to date, and 2011’s Glory, which was also meant to aid in climate research—where the Taurus XL rockets protective nose cones failed to separate on command. Both rockets plummeted back to earth. ... " 

Benford's Law and Data Science

Used it from the very beginning in enterprise data science.  well worth understanding,  especially for anomaly cases in finance or research fraud.   Even in finance we found relatively few people that had heard of it or how to use it.  Good, mostly non technical overview.

What is Benford’s Law and why is it important for data science?

By Tirthajyoti Sarkar
Sr. Principal Engineer | Ph.D. in EE (U. of Iilinois)| AI/ML certification (Stanford, MIT) | Data science author | Open-source contributor| AI in Simulations

We discuss a little-known gem for data analytics — Benford’s law, which tells us about expected distribution of significant digits in a diverse set of naturally occurring datasets and how this can be used for anomaly or fraud detection in scientific or technical publications.

Introduction
We all know about the Normal distribution and its ubiquity in all kind of natural phenomena or observations. But there is another law of numbers which does not get much attention but pops up everywhere — from nations’ population to stock market volumes to the domain of universal physical constants.

It is called “Benford’s Law”. In this article, we will discuss what it is, and why it is important for data science. 

What is Benford’s law?

Benford’s Law, also known as the Law of First Digits or the Phenomenon of Significant Digits, is the finding that the first digits (or numerals to be exact) of the numbers found in series of records of the most varied sources do not display a uniform distribution, but rather are arranged in such a way that the digit “1” is the most frequent, followed by “2”, “3”, and so in a successively decreasing manner down to “9”.  ... " 

Machine Data and Operational Intelligence

Looking at how companies analyse server and security logs to tackle cyber crime and internal fraud, and optimize the user experience.  In Computerweekly.

Fraud Detection with Graph Analytics

In Analytic Bridge:  A quick look at the value of graph analytics for fraud detection and analysis in retail.

Big Data and Analytics Fighting Fraud

The November-December Analytics Magazine discusses Fraud

Big Data, Analytics, Fight Fraud
by Drew Carter and Stephanie Anderson  
Fraud doesn't play favorites; it's a multi-industry problem. How to employ analytics for effective, proactive fraud monitoring.

Goal-Driven Analytics 
by Eric A. King 
Big buzzkill: size and success don't correlate. Big data needs advanced analytics, but analytics does not need big data.

Real-Time Fraud Detection in the Cloud 
by Saurabh Tandon
Detecting fraud among online banking customers in near real time by running a combination of learning algorithms on a data set. ....   " 

Countering Fraud With Big Data

Obvious application.  Having more data lets you more easily extract outliers and patterns of interest.  Find correlations that don't need to be causation.  This has been done long before data was big, or even commonly available.  It can also lead you to patterns that I was reminded of by a practitioner of compliance earlier this week.  Data can be too good, track other indicators too well.  Indicating a manipulation to influence a result.

Countering Fraud and Financial Crime

I was invited to a meeting on Fraud and Financial crime last week, but due to a number of issues could not make it.  I believe the detection of detecting fraud and how to counter it is an important one and is in particular a place where classic big data analytics can be used to address the problem. I have been involved in several such efforts long before there was the depth of data available today.   We have that data, but where do we start?

Addressing fraud is also an area where any sized company can get benefit.  The large company can employ expertise to address this problem and use the solutions attached to specific problems. Smaller companies often cannot make the same investments.  Its natural that they could leverage automated methods to discover and then address ninety percent of the typical fraud issues that arise.

The problems here are related to generalized compliance activity as it connects to regulations. It can be addressed by constructing a portfolio of most important and likely fraud issues, then taking them in the order of their possible risk and return. Also understanding the costs involved to detect and remedy each component.  An agility also of value to the smaller company.

Below are some documents that cover the meetings, and some comments I provide.   First the NYTimes article: IBM Launches New Software and Consulting Services to Help Organizations Tackle $3.5 Trillion Lost Annually to Fraud and Financial Crime

The meetings can be traced on Twitter with #counterfraud:  https://twitter.com/#Counterfraud

 Read the blog post: http://bit.ly/1eSljbP

 And the related video: http://bit.ly/1qQ0OEV

 Also a supporting infographic: http://bit.ly/1mg0UFg

And the supporting press release: http://ibm.co/Oy94dH  Excerpt:

" ...  IBM launched its “Smarter counter fraud” initiative, drawing on the expertise and innovation from more than 500 fraud consulting experts, 290 fraud-related research patents and $24 billion invested in IBM’s Big Data and Analytics software and services capabilities since 2005. The initiative extends IBM’s leadership in Big Data and Analytics and Cloud to help public and private organizations prevent, identify and investigate fraudulent activities.    ... " 

Continuing to follow the threads above.  Will have more comments in this thread as I digest the approaches mentioned.

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. I’ve been compensated to contribute to this program, but the opinions expressed in this post are my own and don't necessarily represent IBM's positions, strategies or opinions.  #MidsizeIBM

Fraud Detection Using Big Data

Using Big Data to Prevent Fraud:  A fairly obvious application when you start to gather lots of operational data.    See Zylab.   " ... When it comes to data that will be analyzed and managed by outside parties, organizations need to develop policies and procedures around the data they plan to share to determine how those parties will protect the data once it is shared, says Tom Zeno, a former federal prosecutor who now has a data privacy practice at the Washington-based law firm Squire Sanders. ... "Data storage is huge, and not everyone needs access to all the data," he says. "This is a whole growing area as far as lawsuits." ... '

Topology Mapping for Analytics

Seems Vincent Granville has been thinking similarly lately.  See his article and code in Data Science Central:   A little known component that should be part of most data science algorithms. Beware, this has a general introduction, and then gets technical with R code. And goes further:

" ...  This is a component often missing, yet valuable for most systems, algorithms and architectures that are dealing with online or mobile data, known as digital data: be it transaction scoring, fraud detection, online marketing, marketing mix and advertising optimization, online search, plagiarism and spam detection, etc. .... I will call it an Internet Topology Mapping. It might not be stored as a traditional database (it could be a graph database, a file system, or a set of look-up tables). It must be pre-built (e.g. as look-up tables, with regular updates) to be efficiently used. ... "

I came to think of this when I experimented with the free, open source GePhi network management system and reported on it here. Though the most common network we might work topologically is the Internet, or a social network. These are not the only networks, things like influence maps come to mind.     Have not thought how R in particular links with GePhi, but exploring.  I have a real application in mind. Any thoughts out there?

Detecting Access Fraud

Brought to my attention,   Fraudlogix, a system that detects access fraud, resulting from artificial lead generation.  The included behavior analysis that separates legitimate access from non value connections, is of interest.    See also their video.