Detect Money Laundering, Healthcare Fraud, and Unemployment Fraud with the New Version of the Splunk App for Fraud Analytics

Fraud is a problem that impacts all of us in different ways; there’s probably no one who hasn’t been directly or indirectly impacted by some kind of fraudulent activity. Have you or someone you know had their identity stolen? Has someone hacked your email or social media account? Have you had money taken from your account (think bank or credit cards here) one way or another? These are all examples of fraud and how it can affect us.

Here at Splunk, we take this problem seriously because our customers do. Back in October 2022, one of my colleagues covered the initial release of the Splunk App for Fraud Analytics. Since then, we’ve been busy adding new functionality and use cases to the app to make it even more useful. Now, we’re excited to announce the release of the Splunk App Fraud Analytics 1.2.4.

In this newest release, we’ve expanded on the capabilities we already had from account takeover and new account fraud into three key areas:

• Anti-Money Laundering
• Healthcare Fraud/Opioid Abuse
• Unemployment Fraud

We started with account takeover and new account fraud as a quick and easy way to operationalize fraud as a use case because they’re the most common methods we see fraudsters using to commit fraud. Both of these behaviors are typically the points of entry we see for nearly every kind of fraud and are components for these three new use cases as well. There are many, many different types of fraud other than the three we’ve focused on for this release, and we’ll continue to expand the capabilities of the app.

Anti-Money Laundering (AML)

First of all, what exactly is money laundering and why is it such a problem? Money laundering involves disguising financial assets so they can be used without detection of the illegal activity that produced them. Through money laundering, the criminal transforms the monetary proceeds derived from criminal activity into funds with an apparently legal source¹. This is not just a financial problem but a societal problem as well; money obtained illegally is used to fuel the worldwide drug trade among other illicit activities.

AML is a huge problem: criminals launder over $300 billion each year in the United States alone — and over $2 trillion worldwide! To put this in perspective, this is larger than the GDP of Poland, Argentina and Switzerland combined² and over 5% of the world's combined GDP.

There are multiple ways that criminals launder money, but it’s really about placement, layering and integration. This is where Splunk helps in detecting money laundering. Our solution utilizes machine learning to look for behavioral anomalies against created baselines, as well as statistical medians of the number of transactions and transaction amounts. In particular, the solution provides an investigative workflow and common indicators of money laundering attempts such as:

• Suspicious transactions with “gray” or sanctioned countries
• Reporting thresholds obfuscations (i.e., looking for behavior where an account/user is consistently trying to stay below the line with many small transactions in specific time spans)
• “Fan-in / fan-out” money laundering patterns

^{Figure 1: The AML Dashboard supports analysts as they investigate common indicators of potential money laundering attempts.}

Healthcare Fraud: Drug Diversion

We’ve all heard about the opioid crisis in the media. Every year over 50,000 people overdose as a result of opioid abuse, 10 million people a year misuse opioids, and 7 out of 10 overdose deaths are because of opioid abuse³. Opioid abuse is endemic and affects our society deeply.

Drug diversion is one of the primary ways in which patients and providers illegally obtain opioids. Drug diversion happens when prescription medications of any kind are obtained by illegal means, like accessing secured storage cabinets without the proper authorization. Typically, these secured cabinets require dual authorization by a doctor and a witness to provide access. These cabinets that contain controlled substances are typically heavily monitored by third-party systems; this is where Splunk can help. Splunk can ingest the logs from these systems for additional analysis to help identify trends in the data, such as:

• The time in which a particular storage cabinet was accessed correlated against the provider that was present and who the witness was
• Anomalous access times by never-before-seen providers
• Excessive access by provider/witness
• Unauthorized/forceful access to the storage cabinet

^{Figure 2: Cross-correlate security events against healthcare-specific variables that could indicate potential drug diversion attempts.}

Unemployment Fraud

We’ve all been unemployed at some point in our lives or know someone who has been. In a lot of cases, the affected person will try to obtain some government benefits in the interim. The pandemic was an example of this, as many thousands of people around the globe were affected by the multitude of businesses that shut down, and in some cases are still affected. As these businesses closed down, the employees had to get some kind of assistance to continue living… Enter fraudsters.

The fraudsters saw this as an opportunity to step in and make fraudulent claims, sometimes on behalf of innocent people, so that they could steal the funds set aside for affected individuals. This has cost state and federal governments billions of dollars. The Splunk App for Fraud Analytics can definitely help here as well. Splunk can ingest the logs from the systems of record where the claims are processed and additional analytics and detections to help identify events indicative of unemployment fraud, like:

• User / account impersonation
• Location deception / obfuscation and land speed violations
• Shared / re-used accounts

The app also uses risk scoring and Risk-Based Alerting (part of Splunk Enterprise Security) to determine risky users and accounts based on activity and behavior.

^{Figure 3: Leverage Splunk’s risk framework to identify risky users and accounts to help identify instances of unemployment fraud.}

The Splunk App for Fraud Analytics is freely available on Splunkbase and can be added to your arsenal in the war against fraud. Go to Splunkbase, download it, install it and see how it can help you and your organization. Contact your sales team for more information and help!