Fraud Detection with the SQL Server Suite Author : Dejan Sarka Reviewer :

........................................................................................................................................................ 5 Introduction ................................................................................................................................................... 5 The SolidQ Approach to Projects................................................................................................................... 7 Data Preparation ........................................................................................................................................... 9 Data Overview ............................................................................................................................................. 12 Data Mining Models .................................................................................................................................... 13 The Continuous Learning Cycle ................................................................................................................... 14 The Results .................................................................................................................................................. 14 Conclusion ................................................................................................................................................... 15 References ................................................................................................................................................... 16 About the Author ........................................................................................................................................ 17 About SolidQ ............................................................................................................................................... 17 Fraud Detection with the SQL Server Suite 3 Management Summary The most significant element of SolidQ’s approach to Fraud Detection is the continuous learning cycle. We are focusing on using Microsoft SQL Server Suite as the fraud detection toolset because it includes all of the software one needs to create an appropriate fraud detection infrastructure. The service is performed as mentoring: actual work and consulting, together with the transfer of knowledge onto the customer’s employees. Once the project is completed, or sometimes even as soon as the proof-of-concept (POC) project is completed, the customer can deploy the fraud detection system into production. The way the infrastructure is set up supports continuous learning, which means that the customer is able to improve the system after deployment and address the ever changing circumstances of the particular business, throughout its use. Two principal techniques are employed: supervised or directed models, and unsupervised or undirected models. Supervised data mining algorithms try to explain the value of the flags, with which the existing fraudulent transactions have been marked. When the patterns and rules that lead to fraudulent behavior are identified, they can be used to predict fraudulent behaviors in new transactions. Unsupervised techniques analyze data without any prior knowledge. With unsupervised models we establish a way to control the supervised ones, which together with OLAP models or DW reports represents the foundation for continuous learning infrastructure is established. SolidQ suggests to start with a proof-of-concept (POC) project. It takes between 5 and 10 working days. Besides SolidQ’s data mining mentor (expert) the team should include a subject matter expert (SME) and at least one information technology (IT) expert. We can always replace the IT part of the team with SolidQ people; however, we cannot conduct a project alone, without a SME. Steps:  Training (optional, but strongly recommended) (1-2 days)  Data Preparation (2-3 days together with the Data Overview) o Selection of data; Building computed variables; Sampling; Handling of missing values and outliers; Categorization.  Data Overview (2-3 days together with Data Preparation) o Checking the distribution of variables; Finding dependencies between variables; the amount of information in variables (entropy).  Building and Evaluating Data Mining Models (2 days) o Decision Trees; Neural Networks; Naïve Bayes; Clustering  Initial preparation of the continuous learning infrastructure (1 day)  Presentation of results (1 day) POC Benefits:  The customer learns how fraudulent behavior manifests itself in operational data  The customer’s employees learn how to perform the entire maintenance cycle on their own, which means that additional engagements by SolidQ would only be required in the unlikely event that the complexity of the problem grew unexpectedly o Analysts with appropriate subject matter expertise can perform additional in-depth analyses o IT experts can perform data extraction and preparation much more efficiently o Both groups of employees learn how to employ creativity to further improve the process and the procedures Fraud Detection with the SQL Server Suite 4  Improved data quality  Improved employee job satisfaction, as each one of them can see how they could proactively contribute to the central knowledge about fraud patterns in the company  With a larger number of employees involved in the enterprise the more and better fraud detection patterns can be developed Fraud Detection with the SQL Server Suite