A conceptual model for proactive detection of potential fraud enterprise systems: exploiting SAP audit trails to detect asset misappropriation

Fraud costs the Australian economy approximately $3 billion annually, and its frequency and financial impact continues to grow. Many organisations are poorly prepared to prevent and detect fraud. Fraud prevention is not perfect therefore fraud detection is crucial. Fraud detection strategies are intended to quickly and efficiently identify frauds that circumvent preventative measures so that an organisation can take appropriate corrective action. Enhancing the ability of organisations to detect potential fraud may have a positive impact on the economy. An effective model that facilitates proactive detection of potential fraud may potentially save costs and reduce the propensity of future fraud by early detection of suspicious user activities. Enterprise systems generate millions of transactions annually. While most of these are legal and routine transactions, a small number may be fraudulent. The enormous number of transactions makes it difficult to find these few instances among legitimate transactions. Without the availability of proactive fraud detection tools, investigating suspicious activities becomes overwhelming. This study explores and develops innovative methods for proactive detection of potential fraud in enterprise systems. The intention is to build a model for detection of potential fraud based on analysis of patterns or signatures building on theories and concepts of continuous fraud detection. This objective is addressed by answering the main question; can a generalised model for proactive detection of potential fraud in enterprise systems be developed? The study proposes a methodology for proactive detection of potential fraud that exploits audit trails in enterprise systems. The concept of proactive detection of otential fraud is demonstrated by developing a prototype. The prototype is a near real-time web based application that uses SAS for its analytics processes. The aim of the prototype is to confirm the feasibility of implementing proactive detection of potential fraud in practice. Verification of the prototype is achieved by performing a series of tests involving simulated activity, followed by a full scale case study with a large international manufacturing company. Validation is achieved by obtaining independent reviews from the case study senior staff, auditing practitioners and a panel of experts. Timing experiments confirm that the prototype is able to handle real data volumes from a real organisation without difficulty thereby providing evidence in support of enhancement of auditor productivity. This study makes a number of contributions to both the literature and auditing practice

Fraud Detection in Credit Card System Using Web Mining

Abstract: Now a day the usage of credit cards has dramatically increased. As credit card becomes the most popular mode of payment for both online as well as regular purchase, cases of fraud associated with it are also rising. Various techniques like classification, clustering and apriori of web mining will be integrated to represent the sequence of operations in credit card transaction processing and show how it can be used for the detection of frauds. Initially, web mining techniques trained with the normal behaviour of a cardholder. If an incoming credit card transaction is not accepted by the web mining model with sufficiently high probability, it is considered to be fraudulent. At the same time, the system will try to ensure that genuine transactions will not be rejected. Using data from a credit card issuer, a web mining model based fraud detection system will be trained on a large sample of labelled credit card account transactions and tested on a holdout data set that consisted of all account activity. Web mining techniques can be trained on examples of fraud due to lost cards, stolen cards, application fraud, counterfeit fraud, and mail-order fraud. The proposed system will be able to detect frauds by considering a cardholder"s spending habit without its significance. Usually, the details of items purchased in individual transactions are not known to any Fraud Detection System. The proposed system will be an ideal choice for addressing this problem of current fraud detection system. Another important advantage of proposed system will be a drastic reduction in the number of False Positives transactions. FDS module of proposed system will receive the card details and the value of purchase to verify, whether the transaction is genuine or not. If the Fraud Detection System module will confirm the transaction to be of fraud, it will raise an alarm, and the transaction will be declined

BERT4ETH: A Pre-trained Transformer for Ethereum Fraud Detection

As various forms of fraud proliferate on Ethereum, it is imperative to safeguard against these malicious activities to protect susceptible users from being victimized. While current studies solely rely on graph-based fraud detection approaches, it is argued that they may not be well-suited for dealing with highly repetitive, skew-distributed and heterogeneous Ethereum transactions. To address these challenges, we propose BERT4ETH, a universal pre-trained Transformer encoder that serves as an account representation extractor for detecting various fraud behaviors on Ethereum. BERT4ETH features the superior modeling capability of Transformer to capture the dynamic sequential patterns inherent in Ethereum transactions, and addresses the challenges of pre-training a BERT model for Ethereum with three practical and effective strategies, namely repetitiveness reduction, skew alleviation and heterogeneity modeling. Our empirical evaluation demonstrates that BERT4ETH outperforms state-of-the-art methods with significant enhancements in terms of the phishing account detection and de-anonymization tasks. The code for BERT4ETH is available at: https://github.com/git-disl/BERT4ETH.Comment: the Web conference (WWW) 202

Authorising m-commerce with location

Global fraud in 'cardholder not present' transactions over the World Wide Web continues to grow, in line with the ever-increasing numbers of transactions carried out over this medium. Unfortunately, at present the measures designed to combat against this fraud continue to require improvements to be made to limit the fraud. In this paper we will propose a series of indicators that financial service providers should consider in their attempts to limit fraudulent transactions. The indicators make use of prevalent technologies coupled with a need to place more power to limit fraud in the hands of the customer, especially given banks are continually moving responsibility onto the customer to protect their data.Whilst the banking sector uses a variety of measures for fraud detection at present there is only limited usage of device related indicators that customers could establish to limit the fraud on their account. For instance, whilst many users will have multiple devices the likelihood of a user performing a valued transaction on a device outside of that subset of devices is limited. Therefore, an indicator linked to device usage controlled by the customer may help to introduce further difficulties for the individual attempting to commit fraud. Similar indicators exist linked to device geo-location, service usage, time determinants and other aspects.This thesis demonstrates that users do not find device location services too complex to use. Indeed, providing user controls to enabled personalised security settings increase users trust levels. This research proposes security controls are embedded within users banking application. The effect of this approach increases users willingness to engage with location based security controls. Any initial privacy concerns are overcome as long as the proposed controls remain within the banking application

An Intelligent Data Mining System to Detect Health Care Fraud

The chapter begins with an overview of the types of healthcare fraud. Next, there is a brief discussion of issues with the current fraud detection approaches. The chapter then develops information technology based approaches and illustrates how these technologies can improve current practice. Finally, there is a summary of the major findings and the implications for healthcare practice

A Fraud Detection System Based on Anomaly Intrusion Detection Systems for E-Commerce Applications

The concept of exchanging goods and services over the Internet has seen an exponential growth in popularity over the years. The Internet has been a major breakthrough of online transactions, leaping over the hurdles of currencies and geographic locations. However, the anonymous nature of the Internet does not promote an idealistic environment for transactions to occur. The increase in online transactions has been added with an equal increase in the number of attacks against security of online systems. Auction sites and e-commerce web applications have seen an increase in fraudulent transactions. Some of these fraudulent transactions that are executed in e-commerce applications happen due to successful computer intrusions on these web sites. Although a lot of awareness has been raised about these facts, there has not yet been an effective solution to adequately address the problem of application-based attacks in e-commerce. This paper proposes a fraud detection system that uses different anomaly detection techniques to predict computer intrusion attacks in e-commerce web applications. The system analyses queries that are generated when requesting server-side code on an e-commerce site, and create models for different features when information is extracted from these queries. Profiles associated with the e-commerce application are automatically derived from a training dataset

Data mining for detecting Bitcoin Ponzi schemes

Soon after its introduction in 2009, Bitcoin has been adopted by cyber-criminals, which rely on its pseudonymity to implement virtually untraceable scams. One of the typical scams that operate on Bitcoin are the so-called Ponzi schemes. These are fraudulent investments which repay users with the funds invested by new users that join the scheme, and implode when it is no longer possible to find new investments. Despite being illegal in many countries, Ponzi schemes are now proliferating on Bitcoin, and they keep alluring new victims, who are plundered of millions of dollars. We apply data mining techniques to detect Bitcoin addresses related to Ponzi schemes. Our starting point is a dataset of features of real-world Ponzi schemes, that we construct by analysing, on the Bitcoin blockchain, the transactions used to perform the scams. We use this dataset to experiment with various machine learning algorithms, and we assess their effectiveness through standard validation protocols and performance metrics. The best of the classifiers we have experimented can identify most of the Ponzi schemes in the dataset, with a low number of false positives