In the movie Casino, Robert DeNiro plays a casino manager who observes a winning blackjack customer. He is drawn to this player not only because of his consecutive winning hands, but also because the player rarely loses, and never with a large wager.
The casino manager, upon closer examination, also notices the player exchanging signals with another player at an adjacent table. The player at the other table is able to see the hole-card of the dealer where the winning player is seated, and exchanges a signal so the winning player can bet accordingly.
The casino manager observes that the dealer was not a willing participant in the scheme; he was merely lifting his cards too high. Although the casino manager was vigilant on this particular night, this fraudulent scam had gone unnoticed for some time at this casino, as well as others. Despite heavy video surveillance, it was only detected by chance.
What if there was a more effective way to detect fraud? What if there was a method by which an existing casino resource—namely data—could be used in conjunction with conventional surveillance techniques to expose patterns indicative of potential fraud?
If suspicious behavior monitoring techniques were employed in the aforementioned scenario, surveillance would have known exactly where and when to observe this fraud. They may even catch the suspicious behavior in progress. The data, and not a chance encounter, would have led surveillance to that dealer/customer/table combination. Using this same simple scenario as an example, there are several ways a suspicious activity monitoring solution could expose a crime. To detect fraud using data, there should be a credible alert that indicates the occurrence of potential fraud. If there are too many alerts, they may be ignored. Too few, and frauds may go undetected.
Ideally, an alert needs to be scored against other alerts and prioritized so that a respondent can decide the relative nature of the risk and where to focus first. To generate an alert, there should be a trigger, or series of triggers (just as smoke can trigger a smoke detector). However, a suspicious activity monitoring solution will look at disparate, seemingly unrelated pieces of data (all potential triggers) to develop a holistic view of events and trigger an alert if a pre-defined threshold has been exceeded. The potential triggers (data) already exist in a casino’s information systems, but the data is useless without the necessary aggregation and analysis.
Fraud Risk Score
To help catch the culprits in the described scenario, a Fraud Risk Score should be developed to trigger the necessary alert. To do this, several analyses should be performed. One of the first data profiles to analyze is the relationship between the dealer and his peers. For example, does the cash intake (known as the drop) differ from the intake of his peers when analyzed over a period of time? Is there less activity or play at his table relative to his peers? Is there a history of other alerts with this dealer? All of this data could be readily sourced and aggregated from existing casino information systems, and could be used, in part, to help develop the Fraud Risk Score.
Simultaneously, data profiles on player information are considered and added to the development of the Fraud Risk Score. For example, what is a player’s activity over several months or years? Does a player’s background information include higher-risk attributes? What are a player’s win rates when compared to peers, as well as theoretical holds? Are there higher-risk attributes in a player’s rating card, such as overlapping playing times, and credit movements, with actual time spent at a table that can affect the Fraud Risk Score?
Data between profile groups can now be compared and aggregated within the emerging Fraud Risk Score. For example, what is the relationship with other blackjack games, other pits, or areas, and the same game in various areas at different times of both the day and week?
Profile analysis is performed between dealers and customers, as well as between the dealer and the table, to look for anomalous behavior. For instance, does the dealer vary his actions because he somehow knows the camera is inoperable at a certain table? Other combinations of analysis can also be employed to develop the Fraud Risk Score, such as customer to the table, customer to the rating card, and the table itself to the rating card.
Entity Scoring
Entity scoring for the dealer could also be performed. For example, age, family status, job start date, whether the dealer is an employee or a contractor, a resident or non-resident, and whether or not there have been any previous complaints against the dealer, are some of the attributes that are combined to develop an Entity Score.
The same concept could be applied to the player, with attributes including registration date, history of previous alerts, resident status, as well as various association and relationship factors. These Entity Scores can then also be included in the aggregated Fraud Risk Score.
The final piece of data needed to help develop the Fraud Risk Score is the analysis of transactions for known patterns of fraud. For example, is a group of players moving together? Are there peaks in betting and winning sums? For rating card fraud, is there a movement of funds from dormant accounts to a member’s card?
When all this data is aggregated, an algorithm could be used to instantaneously develop the composite Fraud Risk Score. Based on configurable thresholds, the Fraud Risk Score could generate an alert, and an investigator or compliance officer could receive the alert via a user-friendly case management interface.
The end users, such as compliance officers and investigators, could drill down for additional information on the case. Workflow capability could be developed to allow the alert to be shared with peers for additional information, as well as escalation to management when necessary.
Cases could then be easily managed from inception to resolution. Audit trails would be generated with each step of the process, which is useful when dealing with regulators. Role-based permissions could be provided so that sensitive information can only be viewed by those possessing proper access.
This fraud scenario would generate a Fraud Risk Score sufficient enough to generate an alert because the underlying data indicated anomalous patterns, when viewed holistically, that warrant attention.
Therefore, instead of relying on the chance to actually observe the fraud, surveillance would know where to focus their efforts (i.e. at that table, with that dealer, and with those players). With data generating an alert, the proverbial haystack can become much
smaller, and thus the needle can become easier to detect.
Virtually all casinos are required to have anti-money laundering (AML) programs, as mandated by the Bank Secrecy Act and Regulation 6A. This same approach for fraud detection could be used for detection of money laundering.
Structuring, as well as more sophisticated methods of money laundering can be detected through the analysis of the data and transactions. Further, using the same case management function, Suspicious Activity Reports for Casinos (SAR-C), as well as Currency Transition Reports for Casinos (CTR-C), could be generated automatically.
Finally, this same approach could be used to help detect back-office fraud, including accounts payable, accounts receivable, payroll, and other frauds that are routinely perpetrated within organizations.
A continuous monitoring approach for suspicious behavior detection is relatively inexpensive and could be rapidly implemented within most organizations. Identifying data needs, along with the mapping and loading of data to the software is often the biggest challenge.
However, a data warehouse is not required, and data mapping methodologies exist that can help expedite this process. System configuration and alert tuning are often performed in a matter of weeks and training in a matter of days. The solution can run on a real-time, continuous monitoring basis, with feeds derived from various source systems throughout the day.
Alternately, data feeds can be sent in batch form at the end of each day for review at the beginning of each new business day. If the solution is installed on site, relatively little infrastructure is needed. In an outsourced environment, Application Solution Provider (ASP)-hosted solutions are available.
Casinos are targets of fraud. Whether at the gaming tables, slot machines, or through the player comp process, there are opportunities and motives for employees and customers to steal. Concurrently, regulations mandate that a casino combat money laundering. It can be costly, inefficient, and arguably impossible to do this effectively with manual processes that are not data-centric.
By itself, visual surveillance is generally not adequate to detect fraud, as there is simply too much to observe combined with too much data and not enough staff to analyze every transaction. Invariably, frauds are often missed, and the ones that are detected are either the result of random luck or whistleblower allegations.
If casinos do not employ readily available automated pattern detection software, they may be exposed to financial loss, regulatory sanction, and reputational damage. A potential solution is too readily available, inexpensive, and easy to implement and assimilate for any organization to accept the consequences of inaction.
The views expressed in this article are those of the author and do not necessarily represent those of Deloitte Financial Advisory Services LLP.
Thomas Ciulla is a Senior Manager in the New York office of Deloitte’s Risk Technology and Operations practice. He is a certified project management professional (PMP) who has developed Capital Markets technology solutions for both equity and fixed-income trading, as well as investment analysis applications for private wealth clients.
Comments
Post new comment