Fraud Detection and Prevention – From Post-It note to production part 2/3

In this, the second post of a three-part series on the development of a fraud detection and prevention system on the ServiceNow platform, we will be looking at some of the more custom solutions we needed to develop in order to meet the requirements of the project. If you missed part one of the series, we recommend you start there to give you an understanding of the product as a whole.

As discussed previously, the fraud taking place on the UK Rail network is multifaceted, committed not only by determined organised criminals, but also by opportunistic consumers. The latter tend to use less sophisticated methods to commit fraud, the former however will try and use any methods available to beat the system. One of our main objectives in the project was to detect the methods known to be used by criminals and flag these cases for immediate investigation; stopping money from leaving the company.

Barcode verification and digital image forensics are just a couple of the features we needed to implement to meet the project objectives.

Barcode Verification

When setting out to develop our barcode verification solution, we looked at many technologies, both client-side / browser based, and server-side, eventually due to the requirement that the detection aspect of the project should be fully automated, we decided upon a server-side solution. At this stage, and after some research, we discovered that barcode reading would unfortunately not be possible on the ServiceNow platform itself, however it gave us the opportunity to make great use of an often underutilised aspect of the ServiceNow ecosystem, the MID Server. Traditionally the MID Server has been used primarily to enable a ServiceNow instance access to an internal corporate network, for such activities as Discovery or LDAP integrations. The MID Server however is a very powerful tool, allowing a developer to call on Java classes and importantly on custom built Java classes.

Rather than start from scratch on this element of the project, we chose to use an open source library to read the Aztec format 2D barcodes on tickets, but before we could read the barcode it first needed to be detected and localised, the action of finding the barcode in an image and rotating and perspective mapping the barcode so that the reader could successfully be read by the aforementioned library. The accomplish this task we turned to the extremely powerful library OpenCV (Open Computer Vision). After many iterations we eventually settled on a final solution for the barcode reading, but it didn’t end there. The data contained in barcodes used on the UK rail network is encoded, our end goal was the extract the ticket number for comparison with the consumer supplied ticket number. We turned to the RDG (Rail Delivery Group), who control the technology-based aspects of the UK rail network, who were able to provide us the information required to decode the encoded barcode data. Once the ticket number was finally extracted from the barcode, this was sent back to the ServiceNow instance, at this stage the Fraud Detection Framework is kicked into life to verify the ticket numbers in the barcode and supplied by the consumer match, any discrepancies then result in a fraud case being raised for the compliance team to investigate.

Digital Image Forensics

The area of digital image forensics is vast, and for the purposes of the first phase of our Fraud Detection and Prevention solution, we decided to keep this a relatively simple implementation, we will discuss the future in part three of this series.

As mentioned above, people who are determined to defraud will use many methods and techniques to achieve their goals, one of the often-used techniques is the editing of photos containing tickets, either to change the ticket number or date on the ticket. Many people who do this do not realise that they leave breadcrumbs in the form of EXIF data when they do this, this EXIF data can directly link us to several things, but for the example above, it tells us information on any software that has been used and the dates when any editing may have taken place. Using this data, we can reliably determine if an image has undergone a process of editing, this is unfortunately prone to false positives though as genuine consumer may have valid reasons for cropping, rotating or resizing images. But it is just one indicator in the large Fraud Detection and Prevention solution that can be used by compliance analysts to determine whether a consumer is potentially performing fraudulent activities. As mentioned above, the area of digital image forensics in the solution is set to be vastly extended in the next phase, this will include not only automatic detection system, but also tools that analysts can use to search images for potentially edited regions, more on this in the next post.

The Consumer Dashboard

At UP3 we like to think of ourselves as real partners of the clients we work with. With most projects we aim to innovate and create solutions as though we were the client. To achieve this, we often provide the client with small proof of concept ideas that may never have been considered or indeed even known were possible. If the client likes the concept, we then continue to build out a production ready solution. In the case of the Fraud Detection and Prevention project, this was the consumer dashboard, a single page powerhouse build on the Service Portal that allows compliance analysts to amass a real picture of a consumer. Historical information such as the consumers claims, and journeys is supplemented by claim trend analysis, behavioural analysis, linked consumers and impossible journeys. A picture paints a thousand words, so below you can see the consumer dashboard from a real case which resulted in prevention of fraud. All personal and commercially sensitive information has been obscured.

The centrepiece, and what initially sold the concept to Virgin Trains, is the Consumer Connections. This comprises a force directed graph detailing the links between the consumer in question and other consumers within the consumer database. Links are automatically discovered on several attributes including addresses, phone numbers, email addresses and other items that we can’t make public. The dashboard also allows agents to add manual links between consumers and to explicitly exclude a consumer or attribute from the linking processing, thereby ensuring that any innocent by-standers are not wrongly accused of committing fraud.

The Consumer Connections force directed graph is built on the client side using a JavaScript library called D3 (Data Driven Documents). The data for the graph as created on the server side using recursive functions to look up related consumers and attributes. In all, the graph takes less than 2 seconds to generate, which is impressive in the knowledge there are a total 1.4 million consumers in the database, each with multiple attributes. This really starts to demonstrate the power of the ServiceNow platform and the possible applications you can build on top of it.

In the next post we will see what the future holds for the Fraud Detection and Prevention application. We will discuss some of the successes the Virgin Trains compliance team have had with the application in the two months since go-live and some of the new features that are planned to be released in phase two.