Identity Resolution Daily

9News.com: Hey CY8ER_Sh0pp3r, wanna buy a watch?

“‘I don’t think people realize that could have been stolen and then sold,’ said Rep. Alice Borodkin (D-Denver), who will introduce the Internet Auction Sales Act when lawmakers return to work next week. ‘Besides shoplifting and fencing and selling things out of the back of a truck, we can now shoplift and we can fence it on (Internet) auction sites. It’s a new crime. It’s a new technology and I think the public needs to understand everything you buy on eBay may not be as it seems,’ she said. The measure would require sites like eBay, YahooShopping and Overstock.com to get a written or electronic record of purchase from anyone wishing to use their marketplace. If they don’t, they could be subject to significant fines from Colorado authorities.”

The Heritage Foundation: Homeland Security: Five New Year’s Resolutions for Congress

“The task of homeland security is to help keep America safe, free, and prosperous. Congress plays an important role in achieving these goals. By any measure, 2007 was not the best year for homeland security in Congress. Its landmark legislation for the year, the ‘Improving America’s Security by Implementing Unfinished Recommendations of the 9/11 Commission Act of 2007,’ did anything but what its title promised, adding numerous unnecessary mandates that were never mentioned by the Commission. At the same time, Congress left unfixed homeland security faults that have lingered for years. Congress can do better in the new year by sticking to five New Year’s resolutions that fix the errors it introduced in 2007 and address long-time oversights.”

Fraud, Phishing and Financial Misdeeds: Democratic fundraiser Norman Hsu sentenced to three years

“Norman Hsu, who used to be a major fundraiser for Hillary Clinton and the Democratic party has been sentenced to three years for fraud.”

Jeff Jonas: Data Decommissioning - Destruction of Accountability

“Having designed a lot of systems over the years - more often than not the customer says they plan on performing periodic purges of historical data. This always seems logical at the time. But, it turns out once you have data it becomes hard to justify its destruction. And if anyone actually destroys data … one is at the same time eliminating any accountability whatsoever (not to mention other adverse consequences). Data decommissioning is a double-edged sword.”

Share This

We’ve occasionally dabbled in issues of right or wrong in our posts. When does security go too far? What if well-intentioned loss prevention efforts have the bad effect of turning retail clerks into racial profilers? While companies are in the business of making money, we feel they also have a responsibility to act ethically. Here at Infoglide Software, we’re very proud of all our Inc. 500, Software 500, and Deloitte Technology Fast 500 recognitions, but we’re equally proud of being a finalist for the Samaritan Center Ethics in Business Awards.

While we all know that the gross misdeeds at companies like Enron, Adelphia Communications, and Tyco are wrong, ethical issues come in many shades of gray. One that we’ve seen come up several times recently is not whether a company should commit fraud or crime - to quote Shakespeare, ‘Duh’ - but whether a company should take steps to right wrongs that they didn’t commit. You might think that if they aren’t the offending party then they’re not responsible. But what if a company or organization makes money off the misdeeds of others? Hmm. Let’s look at a couple of recent instances that illustrate this exact dilemma.

Apple and the Case of the Ill-gotten iPods
SanDiegoReader.com recently reported that Apple has the means to know when a stolen iPod is being used to download music on the company’s iTunes web site.

Ferry hopes that Apple’s decision not to track stolen iPods doesn’t have to do with the fact that the more iPods that are stolen, the more iTunes users buy songs and the more victims buy replacement iPods.

Interesting. Most of the comments on the article expressed a desire for Apple to be proactive in helping consumers who have had their iPods stolen. [Note - some comments include strong language]

EBay and the Case of E-fence Straddling
E-fencing is a growing problem for retailers. Individuals and organized retail crime (ORC) rings steal goods and then sell them on eBay and other auction sites. Because of the anonymity and global reach, e-fencing is a relatively safe, profitable way of getting rid of stolen goods. The thing is, because eBay makes money on every transaction, it’s also pretty profitable for them as well. So how hard should eBay work to solve this problem? As you might imagine, retailers and eBay disagree on how much and what eBay should do.

From “Shoplifters taking high-tech road” on denverpost.com:

Retailers responding to a National Retail Federation survey last year estimated that 70 percent of gift cards sold in eBay were fraudulently obtained . . . Mr. LaRocca, the federation’s loss-prevention chief, says the group raised a “big stink” with eBay, which eventually changed its policy. EBay now limits sellers to posting one gift card per week, with a value of no more than $500. When the National Retail Federation scrutinized gift cards sold on eBay on Sept. 14, says Mr. LaRocca, it identified more than a dozen auctions involving sellers who had violated eBay’s policy by listing more than one gift card a week. “Although we have been talking with eBay, the conversations have clearly not been fruitful to date,” says Mr. LaRocca.

Campaign Contributions and the Case of the Funny-money Funds
We recently did a post on campaign finance fraud. Here again, you have a situation where someone can benefit financially from the fraudulent activity of someone else. In this case though, Hilary Clinton’s campaign, which received the bulk of the fraudulently attained money, did refund the donations. What we don’t know is what efforts, if any, are being taken to make sure this sort of thing doesn’t happen again.

It seems like the trend here is for the entities that are benefiting from the crimes of others to either do nothing or present a partial solution to the problem. Identity resolution software, like our Identity Resolution Engine(tm) and IBM’s Entity Analytic Solutions, could provide a total solution to all these problems. But only if the organizations want to solve them.

Share This

Few would find a problem with large contributions coming to political candidates and committees from a single household. But over $200,000 in contributions since 2004 from a single middle-class household might raise some eyebrows, especially when the head of that household is reportedly a mail carrier.

The Paw family of Daly City, California was highlighted in a Wall Street Journal article. The Paws were noted for their apparent connections with Norman Hsu of New York, a one-time fugitive and major campaign fundraiser. Hsu’s status as a “bundler” meant that he brought big money to campaigns. While all of the details still aren’t clear, it is undeniable that Hsu faces Federal fraud charges for his business dealings and campaign funding activities.

Campaigns are required to report contributions they receive to the Federal Elections Commission (FEC). That data is publicly available through several sources, including public interest groups, political websites, and the FEC itself.

But campaign data is like all data. It suffers from the same problems that we see in industries such as retail, insurance, and banking — it is “noisy”. Variations in formatting and mistakes in typing cause straight “equality” comparisons to fail. And when you can’t count on the data to agree, you can’t make decisions.

Traditional, exact searches of the public sources yield conflicting results that range from variations in the spelling of contributor names and their employers to differing cities. Exact matching yields only a portion of the contributions that were apparently from their household.

You cannot count on common database queries or even “similarity” measures like soundex to reveal matches across variations such as:

• Multipart names, nicknames, and misspellings
• Address abbreviations (e.g., “Parkway” versus “Pkwy.”) and misspellings “6300 Bridgepoint” versus “6300 Bridge Point”)
• City misspellings and miscodings
• Zip code misspellings and formatting (e.g., “78730″ versus “78703″ versus “787303824″)

Advanced similarity search algorithms, however, can resolve most of these inconsistencies.

And in the cases in which field-by-field similarity comparisons fail, all is not lost. Advanced relationship detection and identity resolution techniques can see past inconsistencies and still connect the dots. So contributions attributed to residents of a specific address but related cities can still be resolved to the same individuals. And the connections can be exposed, analyzed, and highlighted.

Here’s a scenario for how identity resolution software might have automatically highlighted the Hsu connection for further scrutiny:

• Similarity search would be applied to group contributions by identical household to find the highest contributors.
• The total for the household would be above average. It would be flagged as a household of interest.
• Relationships of household members to others would be examined.
• Some contributions report variations of “Next Components, Ltd.” as an employer.
• Another person related to “Next Components, Ltd.” is Norman Hsu.
• Hsu repeatedly made contributions to the same committees on the same days as the household.

Identity resolution technology, like that of Infoglide Software’s Identity Resolution Engine™, could have detected this as an interesting pattern warranting further investigation. It cannot unequivocally determine that these patterns indicate that there is criminal behavior involved vs. just an innocent coincidence where two co-workers have similar political leanings. But for organizations and individuals seeking potentially dirty needles in a haystack of dirty data, it could narrow down the search significantly.

All of this is revealed from the data, if enough brute force or hindsight — or the right technology — is brought to bear.

It does not take sophisticated technology to tell some parts of the story, however. When the scandal broke, campaigns had to field uncomfortable questions, return hundreds of thousands of dollars in contributions, and find new contributors to replace the old.

Too bad the campaigns didn’t use technology to help them “know their contributors” and avoid a black eye. But others can learn from their woes and protect their organizations from similar problems.

Other industries faces analogous, if not identical, issues.

• Retailers unwittingly hire bad employees with connections to known bad check writers, hand cash-equivalent refunds to shoplifters, and overlook organized retail crime (ORC) rings in their midst.
• Insurers are defrauded by individuals who game their application process or collude to cash in on fraudulent claims.
• Bankers are challenged with knowing a sea of customers well enough to avoid painful consequences and public embarrassment related to Bank Secrecy Act (BSA) and other compliance regulations.

It’s a good thing that the solution to these problems exists. Is your organization using it? Or is it waiting for an Hsu-sized black eye before it takes action?

Share This