Skip to main content

Do graphs have the power to stop coronavirus-related cybercrime?

(Image credit: Image Credit: Jariyawat Thinsandee / Freepik)

Coronavirus aid is a big target for cybercriminals. With the pandemic moving so fast and funds being issued so swiftly the potential for scams and fraud are huge.

Coronavirus has been a gift for cybercriminals and they have been fast to exploit it. The World Health Organization, for example, has seen a five-fold increase in cyberattacks since the pandemic started. Cybercriminals are by their very nature opportunistic. They are spotting where organizations don’t have appropriate security or the infrastructure in place for adequate protection and capitalizing on it. The operational challenges organizations face due to the unpredictability of the health crisis have made some easy prey.

Bad actors are using fake identities to syphon off governmental emergency funds, for example. This behavior is particularly severe in Germany, where fraudsters are trawling businesses applying for emergency funds. This data is used to divert funds from state accounts into their own fraudulent bank accounts. The government of German province North Rhine-Westphalia is believed to have lost tens of millions of euros in a recent phishing attack. Cybercriminals cloned an official website designed to distribute Covid-19 financial aid. Personal details provided by applicants on the site were used to fraudulently file funds and collect requests on their behalf.

The attack in North Rhine-Westphalia is yet another example of hackers using Coronavirus-related content to fill their coffers. In a joint advisory the UK’s National Cyber Security Centre (NCSC) and the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) have issued a warning that a number of malicious cyber actors and advanced persistent threat groups are extremely active. They are targeting individuals, small and medium businesses and large organizations with Covid-19 scams and phishing emails.

Can the financial services industry’s experience shed any light?

Departments issuing Coronavirus funds and loans can learn much from the financial services sector. Here companies continuously check and compare transactional and personal data to monitor for suspicious actions in the fight against fraud. Similar to the application for financial aid, bad actors that defraud financial institutions use false or synthetic identities when creating accounts or loan applications. Information such as home address, phone number and email details utilize identities that are reconstructed to create a totally fictitious persona.

Conventional fraud detection solutions are not powerful enough to uncover these synthetic identities. These solutions can only relate two to three pieces of data at any one time, such as name, home address or bank account. This can be sufficient for snaring individual perpetrators, it just isn’t sophisticated enough to uncover fraud rings where multiple parties are working together.

The other issue is that these solutions also throw up a disconcerting number of false-positive results. According to research by Microsoft, banks are reporting that these can be as high as 95 to 99 per cent. Figures like this can be extremely damaging to customer trust.

Uncovering hidden fraud rings

The main reason why conventional approaches to fraud monitoring are ineffective is that the majority of fraud detection systems are based on a relational database model. This means that data is stored in predefined tables and columns. With large, unstructured data sets, they rapidly hit their limits. Queries end up being too complex and response times too slow.

In addition, these solutions are trying to detect fraud with no real context. Banks and government authorities need the ability to trace a trail from one account to another. This requires having a 360-degree view of the intricate complexity of the fraud network to determine how fraudulent activities are related.

Graph database technology may be an important weapon in fighting bad actors. In contrast to relational databases, graphs not only interpret individual data such as person, account number and home address, but also their relationships with one another. This includes links such as “resident in” or “transacted with”. The data model can thus accurately portray these complex relationships. Data and relationships are referred to as "nodes" and "edges or relationships".

The beauty of graph database technology is that any number of qualitative or quantitative properties can be assigned, showing complex relationships in a coherent and descriptive way.

One of the best-known graph algorithms for potentially warding off coronavirus bad actors is dubbed ‘PageRank’. This algorithm measures transitive influence or connectivity between nodes or objects. It can uncover objects based on their additive relationships and rank nodes with a relative score.

For fraud detection in financial institutions, the algorithm identifies important or influential customers who head up countless money transactions. Nodes with a high PageRank Score can be illustrated using a visualization tool so that they appear larger in the view and can be easily and quickly picked out.

This is paramount. As business processes accelerate and become more automated, the time margins for detecting fraud become much narrower. This increases the need for a real-time solution.

Another key algorithm is ‘Weakly Connected Components’. This algorithm is designed to reveal the hidden networks that form a fraud ring based on common identity features such as a telephone number used by more than one person or multiple applicants that appear to live at the same address. Pinpointing patterns like these allow analysts to identify suspicious activity concerning synthetic and stolen identities. These hidden connections provide valuable insight in hunting out fraudsters.

An example of the power graphs have in uncovering such hidden connections is highlighted by the International Consortium of Investigative Journalists, the group behind the infamous Panama and Paradise Papers. The group used graph technology to map incredibly complex financial connections and spot irregularities. Graph technology has played a major role in recouping more than $1.2 billion in resulting fines and back taxes since the original investigation back in 2016.

Fighting coronavirus fraud

Graph technology same innate power can be used in the fight against Coronavirus aid fraud. Business technology and data company Dun and Bradstreet, for example, is using graphs for fraud detection.

To check who the ultimate/real economic owners of a company are faster, Dun and Bradstreet runs extensive ‘know-your-customer’ queries. Prior to using a graph-based system, this research required highly-qualified personnel. A single query can occupy employees’ time for up to 15 days. By using graphs, the company can now perform customer reviews rapidly and more accurately. This enables it to uncover fraud and other crimes faster.

Graph technology: the route to advanced fraud detection

Malicious actors and cyber fraud rings are becoming increasingly sophisticated at alluding discovery. Graph technology has the scope to uncover fraud rings and other scams with a very high level of accuracy, checking the legality of applications and highlighting suspicious behaviors.

With fraud attempts becoming more complex and faster to execute, staying one step ahead of cybercriminals is extremely challenging for authorities, organizations and financial service providers. Having a deep understanding of the connections between data is imperative in enabling rapid detection and response – ensuring the continuity and availability of Coronavirus aid to those who need it.

Amy Hodler, Director, Analytics and AI Program, Neo4j