 |
|
|
 |
What's New?
The VisuaLinks 4.0 release is rapidly approaching. This month, we begin to take a look at some of the changes and new features you can expect to see in this release.
In addition to the general usability and performance enhancements, the 4.0 release will include several new services and features including:
 Query on Association
Geospatial Query
Text Analysis
Entity Extraction
Classifier
DataVCR
Take a look at our VisuaLinks 4.0 – Beta presentation for more details.
Be sure to check the Visual Analytics site for updates on this impending release.
|
|
|
 |
 |
...that the Memo Viewer highlights key words automatically?
The text in a memo window can automatically highlight key words for faster interpretation. Whenever a text field is encountered within the dataset, VisuaLinks presents the contents as a notepad icon along with an "abstract" of approximately 25 letters to help convey the content.
As shown in this preview of the Tracker-All sample data model, the REMARKS attribute is presented as a yellow memo-icon.
The number in parentheses indicates the total number of characters contained in the memo
field. VisuaLinks has a property referenced through the
clientresources.properties file
called com.vai.vl.gui.objectTable.memo.sizeCheck
that confirms the presentation of any memo fields larger than 50,000 characters. This property can be set
larger or smaller depending on the analytical demands of the system.
When a memo icon is selected (clicked on), a separate window opens displaying the
full content of the text field.
However, to initiate the highlighting of key terms, the appropriate settings need to be applied.
The Markup Settings command (under the Setting menu) lets you define how key words are highlighted.
Upon selecting this option, a separate window displays with at least one default selection.
Additional entries can be created using the plus "+" icon.
Under the LIST column is where the different system selections are presented.
Currently, there are entries for ALIAS, EXCLUDE, HIT LIST, SEACH RESULT, and
CURRENT SEARCH RESULT. Each contains simple key words that can be used to highlight
text in the memo text:
- ALIAS - Uses the alias files to show any first names, nick names,
or name variations. For example, the different aliases for JOHN include JOHNATHAN,
JOHNNY, JON, JONNY, and JUAN. If any of these names are in a memo field, they can
be highlighted.
- EXCLUDE - All entries in the exclusion list will be highlighted.
Keep in mind the exclusion list is "blank" by default until users start to enter values.
Also, excluded values tend to be "bad data" such as objects keyed with UNK,
UNKNOWN, N/A, NOT DEFINED, etc. This option is typically not used to highlight
terms in the memo field.
- HIT LIST - Is designed especially for memo field term matching.
Thus, all important terms an analyst wants highlighted should be entered into the
hit list. By default, the list is blank, however, there is a "hitlist.txt" file
provided in the commonresources
directory containing many special terms used in various investigations.
These terms can be loaded using the Edit menu's Hit List command.
- SEARCH RESULT - Contains all the past search values used in any query.
This list is based on the individual searches performed by each analyst and therefore
looks different for each configuration.
- CURRENT SEARCH RESULT - Contains only the last search result generated.
Often, analysts place more emphasis on their "current" search term than on all past
search terms. This special setting allows the users to specially mark the value so it
stands out in the memo text.
The other settings associated with the Markup Settings menu including Case and Match Type.
Some environments are configured to support both upper- and lower-case entries.
Therefore, if the "case" of the match is important, this option should be turned on
(it is off by default). Once activated, only those entries in the lists will match
those values in the memo field if their cases are identical. The Match Type settings
allow the user to define the degree-of-match between the lists and the memo text.
The options include:
- EXACT -terms must match the memo text exactly
- CONTAIN - the terms can be part of the memo text (e.g., wildcard matches)
- SOUND - a phonetic encoding match on any term is supported
The following memo window shows what the final markups would look like for a
standard setting. The different colors and fonts of the highlighted values are
controlled through the markup styles associated with each entry.
|
|
|
 |
This month, we're providing a sneak peek at one of the newest 4.0 features - the DataVCR.
This feature provides an animated step-by-step walk-though of all the values for a selected
attribute. The icon to invoke the DataVCR is in the View Services toolbar on the right-side
of the display. The icon looks like the "play" button on a video player.
Invoking this service brings up a Playback window presenting all of the object and
association types in the display.
Selecting a value in the list on the left populates the ATTRIBUTE area with the
appropriate value choices.
In this example, we use the MONEY LAUNDERING model to select all of the link types
and choose the TRANS-DATE attribute for the playback.
There are several options that affect the behavior of the DataVCR including the
granularity of the attribute type (e.g., date, string, number). For example, when
using a date type attribute, the granularity can be the actual date (default) or the
day-of-week, month, year, etc. Each type has a different configuration.
Additionally, the Settings menu at the top of the DataVCR window provides additional
controls over how the service will present the results. Adjusting these settings can
make a big difference in helping to interpret the results.
Once the "Play" button is clicked, the DataVCR cycles through all of the values for
the selected attribute, from lowest to highest. Each new display shows only those
results that match the current DataVCR value and is shown in a text-box in the center
of the main View (as well in the title of the DataVCR menu).
The following example shows the starting View:
This next screen shows only those values for transactions that have occurred on 01/10/97.
Notice that many of the linkages are "opaque" based on the settings chosen.
Each display will change according to the current value being processed by the DataVCR.
The DataVCR can be stopped, paused, fast-forwarded, or rewound at any time.
Give the DataVCR a play though once you get your new version VisuaLinks 4.0!
|
|
 |
Bust-out Schemes
The pattern discussed this month is based on the submission of SARs (Suspicious Activity Reports)
filed by banks and financial institutions based on a "bust-out scheme" pertaining to credit card
and checks. Although a bust-out scheme is really more of a fraud rather than money laundering,
it still has major implications for our financial sectors and represents unlawful activity.
The stolen money can be used by radical groups (e.g., financing for terrorist groups) or by
organized crime rings. Often, the FBI, Secret Service and state-level law enforcement agencies
cover these types of crimes.
A bust-out scheme is "generally" defined to be a situation where a corrupt merchant is
involved with processing unauthorized credit cards. Basically, the merchant obtains credit
card numbers that are either stolen or provided by other members involved in the scheme
who know they are not "liable" for any of the charges. The merchant quickly maxes-out the
cards with fictitious charges in a fairly short period of time. Unaware that the outstanding
charges are bogus, the credit card (bank) transfers the funds to the merchant's account.
Many times the merchant will declare bankruptcy or simply "disappear" to avoid paying back
the money collected.
Sometimes this happens to a legitimate business when a "broker" requests use of a merchant's
account to process charges for special deals and promises to pay a fee (e.g., 10% or 25%)
of the charges. When the bank catches improper charges, they are charged back to the merchant
to recollect the full amount. The merchant is ultimately liable for these charges and the
broker is nowhere to be found. There are many variations to the bust-out scheme including
using family members, targeting certain ethnic groups, or through blatant criminal activities.
In this example, the VisuaLinks Summarize feature was used to expose all the SSNs
(Social Security Numbers) that were used in DCNs (Document Control Numbers) that
occurred in multiple states (branch states). This approach is used because the SSNs
used by the corrupt merchant tend to be used in multiple schemes because the credit
scores are good (pre-fraud). Thus, they can move around very quickly and set up different
bust-out operations.
The minimal count was set to 6 - which would mean that the same SSN was used at financial
institutions in at least 6 different states. At the time of this writing, there were less
than 50 occurrences of this pattern in the SAR database using this exact configuration.
However, each one reviewed contained an explicit bust-out scheme and often extended to a
number of other transactions, addresses, and suspects.
The entries shown in the query results table below provide a breakdown of the top 10
bust-out schemes.
Each row corresponds to a different SSN - which has been hidden for security reasons.
The number shown in the COUNT column for each row represents the total number of different
states encountered for that SSN. The first row contains 74 states because it represents
bad data (where the SSN is null). The second row reflects the SSN 999999999 and is
therefore discarded.
The next row, with a count of 9, is shown in the diagram below. Although there are
11 SARs shown in the diagram, they actually represent 9 distinct states
(NY and DE are repeated).
The labels show various violation types include check kiting, check fraud, and credit
card fraud. Notice the dates for each of these transactions - they all occur over a very
short time period - basically a full billing cycle for the bank to process the credit card
charges.
In the following example, the SARs are expanded one level using the Walk Data feature and
the primary SUBJECT is now exposed.
The names of both SUBJECTs are the same (with some minor spelling variation) and may be treated
as a single target. Additionally, the banks reporting these SARs were each affiliated with
several credit card companies as reflected in the account numbers presented - which indicates
this was not a localized bust-out scheme.
Expanding the network one additional level, as shown below, reveals the SSN originally used
to expose this bust-out scheme shown as a thick purple line near the 11:30 position in the
right-side circle.
This is indicative of a bust-out scheme and was expected to appear in this level of the
expansion. What is also of interest is the account at the 6:00 position in the middle-circle
because it has a large fan-out, with connections to almost 50 additional SARs
(bottom part of right-side circle).
The network was further expanded (not shown) and reviewed. Each of the SARs expanded to
other SUBJECTs and ACCOUNTs indicating that this is a very extensive bust-out scheme.
One interesting observation is that all of the SUBJECTs displayed in this level have
similar ethnic names. The NARRATIVEs consistently discuss bounced checks, insufficient funds,
and other non-payments.
The next entry in the original query results represents a bust-out scheme that occurred in
8 states represented by each of the unique SARs.
Expanding the network several levels reveals this pattern is structurally identical to the
previous example. Again, the dates reflect that the frauds occur over a very short time
period (a single billing cycle). Considering each SAR is submitted from a separate financial
institution, the collective behavior clearly shows the bust-out pattern, however, the
individual banks have no knowledge of the other banks involved in the scheme.
Unfortunately, these types of events net their operators some quick money and impact the
rest of the financial industry through increased fees, premiums, and other operational
inconsistencies. Getting a better handle on the indicators of the pattern can help banks
expose the scheme earlier to minimize losses. Additionally, it can help law enforcement
pursue and prosecute these schemes with greater success.
For additional information on bust-out schemes, please visit the following URLS:
|
|
|
 |
|
