Embed Size (px)
Citation preview
DHS presentation:
World Bank 2019
Page 2
Who is the Department of Human Services?
• Provides essential services to almost every Australian through:• Medicare (health services)• Social Welfare• Aged care• Child support; and• Crisis recovery
• 2017-18 in numbers• $173.4 billion in payments• More than 3.3 million social security and welfare claims• More than 62,000 aged care claims• More than 419 million Medicare services
Page 3
Digital Transformation and WPIT
Digital
• In 2017-18 financial year Medicare services claimed digitally rose to 97.9%
• A significant number of practices claimed 100% of their claims digitally
Welfare Payment Infrastructure Transformation (WPIT)
• This is a business-led, user centered, technology enabled transformation that is fundamentally transforming welfare payments and services
• Tranche two automated student claims - transforming welfare payment processes and services for students
• The medium time for processing claims is now less than 3 weeks
• The new process tailors questions based on a students circumstances and reuses information held by the Department
• This has reduced the questions that some have to answer by 70% - down from 117 to 37
• Moving toward near real time approval
Page 4
Our environment is changing and we must adapt
We cannot look at fraud in isolation
We need to develop holistic assessments of enterprise fraud risks, and respond accordingly
We need to ensure that the department targets fraud cases of the highest priority
Page 5
Some stats: debts 2017/18
• 2016 -17 = 2.8 billion
• 2017-18 = 3.2 billion
• Tip offs per year = 110 thousand • Undeclared income, member of a couple, eligibility etc
• Taskforces on Welfare / NDIS / Family Day Care
• 3301 evaluations and 748 in-depth fraud investigations
Page 6
Fraud Control Strategy
Page 7
How we are responding: our future is driven by data
Page 8
Data-driven Prioritisation Framework will prepare us for the future
Will determine which programmes and their components are comparatively more vulnerable to fraud
Will provide an objective methodology to guide and focus our fraud intelligence and investigation activity
Will ensure an appropriate level of activity occurs across the programmes that the department is responsible for
Will identify payments with anomalous activity that require further examination
Page 9
Fraud Detection and Evaluation
What we do:
• Identify and manage risks of exploitation of programs administered by the department.
• Develop proactive intelligence strategies, sophisticated analysis and the production of high quality intelligence assessments to support the department's investigations.
• Investigate cases of serious non-compliance through an evaluation process, which aims to ensure correct entitlement to payment, enable early detection of fraud, and encourage voluntary compliance.
Page 10
Fraud Detection Methodology
High Level Overview1. Initialise Fraud Profile (All relevant stakeholders in
attendance (Operations, Data Analytics, Tactical Intelligence, Investigations))
2. Develop Business Rules that “may” be indicative of fraud or non compliant activity/behaviour (i.e. frequent international travel of customers “may” be suggestive of ‘undisclosed wealth’).
3. Codify Business Rules - by utilising internal and external data holdings.
4. Combine and Categorise business rules to produce a “picture”.
5. Disseminate test cases to Tactical areas for evaluation.
6. Operationalise the Fraud Profile i.e. automate dissemination of cases for intelligence assessment/triage.
7. Apply Predictive Modelling techniques to improve accuracy
Chart Title
CollaborateDevelop
Learn
Page 11
Predictive Modelling
Machine Learning
• Predictive modelling uses the outcomes and attributes of historical fraud cases to predict the outcome of
future cases
• The indicators used in a Fraud Selection Matrix are fed into Machine Learning algorithms to develop
selection models
• These selection models identify combinations of indicators that show elevated risk of fraud and can be
used to discover new cases of potential fraud
• Using machine learning techniques in combination with expert
defined indicators leverages both human knowledge and big data
to ensure that the highest risk cases are identified
Many different machine learning algorithms are tested to find the best
selection model for the specific type of fraud being investigated
Page 12
Predictive Modelling
The Benefits
1. Learn from the past / Learn from outcomes
2. Combine expert knowledge and machine learning techniques
3. Improve predictive performance
4. Evaluate and utilise (reverse engineer) success stories
5. Leverage data to drive decisions
6. Continuously improve and review
• One example the Department has real-time capability to detect suspicious
payment destination changes.
• The system uses detection methods to identify payment update risks in real
time.
• When an unacceptable level of risk is identified, an alert is generated within
the system for manual assessment.
What will this provide - real time detection
Page 14
The future: digital forensics
• Digital forensics officers provide digital forensics capability for our external and internal investigations
• Digital forensics capability covers computer, mobile device, network, cloud and vehicle forensics
• Cryptography and password cracking of files, computer and mobile devices and operating systems
• The team are able to extract, recover and analyse digital evidence such as GPS, video, documents, SMS, MMS, logs, chats and app data to name a few, to support the allegations of social welfare fraud
Operation examples and case
studies
Page 16
Fraud Selection Matrix
Indicators of ”potential” fraud or non compliance
Customer Income Risk Asset Risk Identity Risk Qualification Risk
Customer vx418413 3/8 Indicators 2/4Indicators 0/10 Indicators 7/8 Indicators
Customer wd61234 0/8 Indicators 0/4 Indicators 8/10 Indicators 1/8 Indicators
Customer al89161 4/8 Indicators 5/4 Indicators 0/10 Indicators 7/8 Indicators
Customer ce54862 5/8 Indicators 3/4 Indicators 2/10 Indicators 5/8 Indicators
Case Studies
• In late 2018, two high priority referrals encompassing matters of:
• Cyber fraud
• Identity fraud
• Unauthorised payment redirection.
• Intelligence products were produced and released for investigation within days of the
offending being referred.
• A strong working collaboration across the Department is required to assess and
address the impact on the victims.
• Geospatial analysis – what fraud risks or potential hot spots exist in a location
Case Study One
• Referral received from the Identity Theft and Scams Helpdesk in November 2018
regarding multiple compromised accounts.
• In total, the Operation identified several hundred breaches.
• Analysis of the records identified victims of unauthorised payment destination
updates.
• Tactical Intelligence identified the alleged perpetrator and produced an intelligence
product for Investigations within 3 hours of the initial referral.
Page 19
Web forum used to gain information
The forum Nulled.to is a clear
web forum associated with data
hacks, leaks and the trading of
stolen/purchased personal data
including credit card information,
usernames and passwords.
The forum relies on the use of
pseudonymous cryptocurrencies
for payment.
.
Case Study Two
• Analysis identified suspicious bank account activity for
a number of customers sharing the same bank
account.
• In analysing the activity a further victims were identified
as having unauthorised changes made to bank
accounts including redirection of payments.
• The modus operandi (MO) of this offending was of
similar nature.
Page 21
Case Study Three
➢ Customer had false children and was claiming benefits to the value of $90,000
➢ Customer went to the extreme lengths of wearing a prosthetic baby bump to convince people of her story.
➢ During the search warrant the following items were seized:
• Prosthetic baby bump
• Mobile phones
• Laptops
• Portable drives
• Documents
• Photos
➢ Digital forensics analysis showed:
➢ Ultrasound pictures of her alleged twins were extracted from customers mobile.
➢ Reverse image searches of these photos (google image search and Tineye reverse image search) uncovered that they had been downloaded from the internet.
➢ Customer then sent these images to her partner via MMS and claimed them as her own.
➢ Deleted SMS and pictures from multiple devises were later used to support the prosecution process.
➢ A total of 11,000 SMS texts and 12,000 pictures were analysed and provided to the investigation team.
Page 22
Internal Fraud Detection and Intelligence
Internal Fraud Intelligence and Data Analytics
We seek to detect and respond to:➢Fraud committed by departmental staff or contractors
➢Unauthorised access of customer records by department staff or contractors
➢Data theft and data loss
➢Serious non-compliance by staff as customers
Page 23
Internal Fraud Detection Program
Automated detection program. Currently approximately 80 projects.
Examples of internal fraud that we seek to detect include:
• Employees diverting customer payments
• Employees creating fictitious customers
• Beneficial servicing
• Procurement and vendor fraud
• Rorting of employee entitlements
• Unauthorised access to information
• Fraud by staff as customers to the department
• Data Loss and Mass Data Theft
The goal of the fraud detection program is to identify suspicious transactions
Page 24
The next challenge: IDENTITY Fraud
• An initiative is underway to remove the need for individuals to confirm their identity multiple times when dealing with government.
• There is also a review underway to strengthen arrangements that support and govern the protection and management of identity information.
• The aim is to protect Australians from the theft or misuse of their identity information, recover from the impacts of identity crime and access services.
Page 25
Identity Fraud
• Fraudulent identities may be used to facilitate organised crime.
• Organised crime groups can sell stolen identity information to other criminal networks.
• Identity crime is a key enabler of serious and organised crime and it has been estimated by
researchers that it costs the economy billions.
• Identity fraud against the department comes in many forms including fabricated identities,
stolen or borrowed identities and payment hijacking (unauthorised redirection of
payments).
• The department works with the Police, and other government agencies to prevent, detect,
investigate and disrupt identity crime in order to protect the identities of Australians and
preserve a secure identity system.
Page 26
The end
Questions – thank you
