Healthcare Fraud Detection

🚨 AI + Font Forensics = ₹68 Lakh Tax Fraud Busted in Hyderabad 🚨 The Income Tax Department in Hyderabad recently used AI-powered font forensics to uncover a Long-Term Capital Gains (LTCG) fraud worth ₹68.7 lakh. A taxpayer claimed improvement costs from a bill dated 2002, but AI tools flagged the use of the Calibri font—which was only released in 2006–07. This inconsistency exposed the document as forged, prompting a revised ITR and additional taxes paid . 🔍 Why This Matters for Auditors & Risk Professionals 1. Innovative Forensics AI isn't just for big data and predictive insights—it’s now a frontline tool in document authenticity verification. Font analysis is a low-cost, high-impact method. 2. Red-flag Awareness It’s not enough to verify the content—verify the context. Details like font age, metadata timestamps, or even document origin can reveal fraud. 3. Regulatory Relevance Tax authorities are stepping up forensic capabilities. Expect similar methods to be applied in other regulatory areas—GST, money laundering, financial filings. 4.Upgrade Your Toolkit Incorporate similar forensic checks—font, metadata, version histories—into due diligence, vendor audits, expense claim reviews, and whistleblower investigations. ✅ Action Steps ✅ Add font & metadata analysis to your internal audit and investigation playbooks. ✅ Train teams to look beyond signatures—validate document authenticity at a granular level. ✅ Evaluate simple AI tools that can detect anomalies in fonts or document history. ✅ Share this knowledge in audit committees, risk forums, and compliance training. This case is another reminder: fraudsters adapt, but so must we. In a world where even fonts can betray deception, staying ahead requires curiosity, precision, and technology-backed scrutiny. What forensic techniques are you using to catch today’s more subtle frauds? #Forensics #Audit #RiskManagement #AI #InternalAudit #Compliance

Medical Claims with Modifiers - Constantly Evolving Patterns As I dive deeper into finding Fraud, Waste, and Abuse patterns in healthcare billing, I discover fascinating areas I haven't examined closely before. One of these is Modifiers. Modifiers have always been critical for revenue cycle management folks and billers, but when running value-based care analytics and data management, I honestly never paid much attention to them. Yes, I looked here and there, but never studied them deeply. The complexity of modifier usage is remarkable. Take CPT 17000, a simple procedure code used to report the destruction of one premalignant lesion. Looking at Medicare payment data over the years shows dramatic shifts in modifier usage patterns. The most striking change? Around 2019, there was a sudden flip from Modifier 51 (multiple procedures) to Modifier 59 (distinct procedural service), with payments for Modifier 59 skyrocketing from about $25M to nearly $55M by 2022! This is particularly interesting because Modifier 59 is often central to unbundling fraud cases. Providers can use Modifier 59 to "unbundle" services that should have been billed under a single, bundled procedure code - potentially increasing reimbursement. So what caused this dramatic shift? Is it legitimate changes in coding rules, or are we seeing more unbundling practices? Is this a response to reimbursement incentives, or something else entirely? The patterns in our healthcare claims data tell stories - we just need to know how to read them. Fascinating, right?

A risk-based approach (RBA) in financial crime investigative reporting means prioritizing and tailoring investigative efforts based on the level of risk posed by an entity, transaction, or behavior. This helps ensure that resources are used efficiently and the highest risks are addressed first. Here’s how to apply an RBA in your financial crime investigations: ⸻ 1. Understand the Risk Factors Start by identifying key risk factors relevant to the case: • Customer risk: High-risk jurisdictions, PEPs, adverse media, source of wealth • Product/service risk: Complex or anonymous services (e.g., crypto, shell companies) • Geographic risk: Countries with high levels of corruption, sanctions, or terror financing • Channel risk: Non face-to-face onboarding, third-party payments • Transaction risk: Unusual size, frequency, or destination ⸻ 2. Prioritize Investigations Based on Risk • High-risk cases: Prioritize cases with potential regulatory or reputational fallout (e.g., sanctions breaches, PEP corruption cases, terrorism financing). • Medium/low-risk: Investigate based on patterns or thresholds, but possibly with fewer resources or less urgency. Example: A transaction from a sanctioned country to a shell company = High risk A retail customer sending a one-time large payment abroad = Medium risk ⸻ 3. Use Risk Scoring Tools (if available) Many banks use automated risk rating or scoring models. Use these as a starting point, but always apply judgment. • Don’t rely solely on automation. • Combine quantitative risk scores with qualitative red flags (e.g., client behavior, inconsistencies). ⸻ 4. Tailor Your Investigation Depth Use the risk level to decide how deep you go: • High risk: Deep source-of-funds checks, multi-jurisdictional tracing, external data (e.g., adverse media, leaks like Panama Papers). • Lower risk: Focus on transaction logic, brief documentation review, internal flags. ⸻ 5. Document Risk Justification Clearly • Explain why a case is considered high/medium/low risk. • Link your conclusion to the bank’s risk appetite and policy (e.g., “This exceeds the Group’s tolerance for shell company exposure in high-risk jurisdictions.”) ⸻ 6. Escalate Appropriately High-risk findings should go to: • Senior management • Compliance/Legal • Financial Intelligence Unit (FIU), for potential SAR/STR filing ⸻ 7. Continuous Feedback Loop • Track which risk types lead to confirmed cases or SARs. • Adjust your risk filters and triage logic accordingly. ⸻ Example Case: Scenario: A corporate customer sends frequent payments to a shell company in Cyprus. • Risk Factors: Offshore shell, high volume, no economic rationale, high-risk jurisdiction. • Action (RBA): Full KYC review, source-of-funds check, look for links to known tax evasion schemes, possibly escalate for SAR filing.

🧾 Employees using AI to create fraudulent expense receipts 🤖 Fake or otherwise malicious “candidates” using Deepfake to hide their true identity on remote interviews until they get far enough in the process to hack your data 🎣 AI-powered phishing scams that are more sophisticated than ever Over the past few months, I’ve had to come to terms with the fact that this is our new reality. AI is here, and it is more powerful than ever. And HR professionals who continue to bury their head in the sand or stand by while “enabling” others without actually educating themselves are going to unleash serious risks and oversights across their company. Which means that HR professionals looking to stay on top of the increased risk introduced by AI need to lean into curiosity, education, and intentionality. For the record: I’m not anti-AI. AI has and will continue to help increase output, optimize efficiencies, and free up employees’ time to work on creative and energizing work instead of getting bogged down and burnt out by mind numbing, repetitive, and energy draining work. But it’s not without its risks. AI-powered fraud is real, and as HR professionals, it’s our jobs to educate ourselves — and our employees — on the risks involved and how to mitigate it. Not sure where to start? Consider the following: 📚 Educate yourself on the basics of what AI can do and partner with your broader HR, Legal, and #Compliance teams to create a plan to knowledge share and stay aware of new risks and AI-related cases of fraud, cyber hacking, etc (could be as simple as starting a Slack channel, signing up for a newsletter, subscribing to an AI-focused podcast — you get the point) 📑 Re-evaluate, update, and create new policies as necessary to make sure you’re addressing these new risks and policies around proper and improper AI usage at work (I’ll link our AI policy template below) 🧑💻 Re-evaluate, update, and roll out new trainings as necessary. Your hiring managers need to be aware of the increase in AI-powered candidate fraud we’re seeing across recruitment, how to spot it, and who to inform. Your employees need to know about the increased sophistication of #phishing scams and how to identify and report them For anyone looking for resources to get you started, here are a few I recommend: AI policy template: https://lnkd.in/e-F_A9hW AI training sample: https://lnkd.in/e8txAWjC AI phishing simulators: https://lnkd.in/eiux4QkN What big new scary #AI risks have you been seeing?

Let's build a Real Time ML System to fraud. Step by step 🧵↓ 𝗧𝗵𝗲 𝗯𝘂𝘀𝗶𝗻𝗲𝘀𝘀 𝗽𝗿𝗼𝗯𝗹𝗲𝗺 💼 Every time your credit card is used online by someone (hopefully you), your card issuer (for example Visa, Mastercard or PayPal) has to verify if it is you the person trying to pay with the card. Otherwise, the transaction is blocked. Now the question is: ““𝗛𝗼𝘄 𝗱𝗼𝗲𝘀 𝗩𝗶𝘀𝗮 𝗱𝗼 𝘁𝗵𝗮𝘁?”” And the answer is… a real time ML system! 𝗦𝘆𝘀𝘁𝗲𝗺 𝗱𝗲𝘀𝗶𝗴𝗻 📐 As any ML system that has existed, exists and will exist, this one can be broken down into 3 types pipelines 1️⃣ Feature pipelines 2️⃣ Training pipeline 3️⃣ Inference pipeline Let's go one by one 1️⃣ 𝗙𝗲𝗮𝘁𝘂𝗿𝗲 𝗣𝗶𝗽𝗲𝗹𝗶𝗻𝗲𝘀 💾  The feature pipelines are the Python services that produce the inputs (aka features) our ML model needs to generate its predictions. In our case, we have (and I bet Visa has) at least 3 feature pipelines: ▣ 𝗥𝗲𝗮𝗹-𝘁𝗶𝗺𝗲 feature pipeline from recent transactional data. - runs 24/7 - consumes incoming data from an internal message bus (like Kafka, Redpanda) - transforms this data on-the-fly using a real-time data processing engine - saves the the final features in a feature store, like Hopsworks. ▣ 𝗕𝗮𝘁𝗰𝗵 pipeline from historical features in the data warehouse. - runs daily - reads data from the data warehouse/lake, and - saves it into another feature group in our feature store, so it can be consumed by our ML model really fast. ▣ 𝗟𝗮𝗯𝗲𝗹𝘀 𝗽𝗶𝗽𝗲𝗹𝗶𝗻𝗲, so the ML model can be trained with supervised ML. Each completed transaction that is not claimed by the card owner within 6 months can be safely called non-fraudulent (class=0). We call it fraudulent (class=1) otherwise. Once we have these 3 feature pipelines up and running, we will start collecting valuable data, that we can use to train ML models. 2️⃣ 𝗧𝗿𝗮𝗶𝗻𝗶𝗻𝗴 𝗽𝗶𝗽𝗲𝗹𝗶𝗻𝗲 🏋🏽 We can use a supervised ML model (a boosting tree model like XGBoost does the job in most cases) to uncover any patterns between > the features available in your Feature Store, and > the transaction class: 0 = non-fraudulent, 1 = fraudulent. The final model is pushed to the model registry (like MLflow, Comet or Weights & Biases), so it can be loaded and used by our deployed model. And this is precisely what the last pipeline in our design does. 3️⃣ 𝗜𝗻𝗳𝗲𝗿𝗲𝗻𝗰𝗲 𝗽𝗶𝗽𝗲𝗹𝗶𝗻𝗲 🔮 The inference pipeline is a Python streaming application, that at start up loads the model from the registry into memory and for every incoming transaction > loads the freshest features from the store for that card_id, > feeds them to the model, and > outputs the predictions to another Kafka topic. These fraud scores can be then consumed by downstream services, to > Block the card, and > Send an SMS alert to the card owner, for example. BOOM! No dark magic. Just Real World ML. Follow Pau Labarta Bajo for more Real World ML

The Evolution from Triangle to Pentagon: In my years of experience as a forensic practitioner, I've encountered countless white-collar crimes, often orchestrated by mid to senior-level employees entangled in conflicts of interest, bribery, and corruption. Traditionally, the fraud triangle—pressure, opportunity, and rationalization—has served as our guiding framework. Yet, recent investigations have illuminated the critical importance of two additional elements, transforming our understanding into the fraud pentagon. The fraud pentagon emerged as an evolution of the fraud triangle, recognizing that fraud is not merely a product of situational factors but also deeply influenced by personal attributes. These two additional elements—Capability & Arrogance/Personal Ethics—were introduced by Brent Arnow and David T. Wolfe in their seminal 2004 paper, "The Fraud Diamond: Considering the Four Elements of Fraud." They posited that understanding the personal traits & psychological dimensions of fraudsters provides a more comprehensive view of fraudulent behavior. Let me share a story that illustrates this transformation. We recently unraveled a case in the #Auto&IM sector involving a mid-level manager who had been colluding with vendors, exchanging lucrative contracts for personal and financial favors. Initially, the fraud triangle helped us understand the basic motivations: 1. Pressure: His mounting debts and financial obligations created a pressing need for additional income. 2. Opportunity: Lax oversight in the vendor selection process presented a tempting gap to exploit. 3. Rationalization: He convinced himself that he was merely taking what he deserved for his hard work and dedication. But soon after I interviewed the accused, it was the fraud pentagon that brought the full picture into sharp focus: 4. Capability (Ego Strength): His role afforded him the knowledge and access to manipulate the system without raising suspicion. This wasn't just about opportunity; it was about his specific ability to execute the fraud. 5. Arrogance/Personal Ethics (Superego and Moral Compass): An inflated sense of self-worth and a distorted moral compass led him to believe he was untouchable, above the rules that govern ordinary employees. "Putting the Freud in fraud," we see the psychological depth and complexity of these elements. This manager's capability and arrogance were not mere coincidences; they were integral to his fraudulent behavior. His ego and ethical lapses allowed him to rationalize his actions, while his skills and position enabled him to carry them out. The fraud pentagon isn't just a theoretical expansion—it's a practical tool that reveals the intricate psychological mechanisms driving fraudulent behavior. By applying these additional dimensions, we can enhance our ability to detect, prevent, and address frauds and white collar crimes. #FraudPentagon #ForensicInsights #WhiteCollarCrime #EthicsInBusiness #FraudDetection

A recent report by the The Wall Street Journal has revealed a shocking case of alleged fraud by United Healthcare (UHC), where the company reportedly added non-existent diagnoses to patients' records, potentially defrauding Medicare by more than $50 BILLION. Let's unpack this. #MedicareAdvantage (MA) is a program where #taxpayer money is given to private insurers like UHC to provide insurance coverage for beneficiaries. These MA programs receive more funds based on higher risk score adjustments for more diagnoses (or "sicker patients" and by diagnosis "add-ons"). However, the WSJ investigation uncovered that UHC falsely claimed thousands of patients had conditions like diabetic cataracts and HIV when they did not. While other insurers have engaged in similar "diagnostic fabrications," UnitedHealth Group stands out as a significant outlier. Why are we here? First, follow the money. In Medicare Advantage, taxpayer money from Centers for Medicare & Medicaid Services funds private health insurance corporations. The corporations then provide insurance coverage to Medicare beneficiaries (i.e. privatizing Medicare). Second, the financial incentives. They are fairly straightforward- increase revenues while reducing expenses = higher profits. How do we increase revenues? Lots of SINOs - "Sick In Name Only" patients. The "sicker" on paper, the more money UHC gets from the government. How do you decrease expenses in this scheme? A) Make it hard for patients to receive the care they need or create barriers for treatments for physicians (ex: prior authorization) and/or B) Leverage SINOs and well patients - If they aren't sick, they won't need treatment; expenses will decrease. Key Questions: Why are we, as taxpayers, policymakers, patients, and healthcare professionals, continuing to tolerate this? Is it because UHC is too big to fail? Are we financially rewarding a corrupt system with virtually no penalties for fraud? What do we do? As I said in a previous article in MedPage Today (https://shorturl.at/dzVb4), our private health insurance problem demands Congressional attention and oversight. We must implement better safeguards to protect our patients and taxpayers from unethical practices. It's time to hold corporations accountable and ensure that our healthcare system prioritizes patient well-being and the integrity of taxpayer funds. We also have to change the system and the financial incentives in the system. If growing profitability is the North Star of a corporation, the focus and actions will always be placed there. #Healthcare #MedicareAdvantage #Fraud #TaxpayerMoney #HealthcareIntegrity #UnitedHealthcare #PolicyChange #Accountability #WSJReport ABIG Health MedPage Today ESCP Business School UNC Kenan-Flagler Business School

Accuracy is the most misleading metric in data science. I can't count how many teams I've met who thought their high-accuracy models were killing it. If you're predicting fraud that happens 1% of the time, a model that outputs "NO FRAUD" on everything will be 99% accurate, but completely useless. You always need to look at a combination of Precision and Recall. They show you what's really happening. • Precision: Of all the times you predicted fraud, how often were you right? • Recall: Of all the actual fraudulent transactions, how many did you find? But don't make the mistake of looking at them separately! You need to consider the tradeoff between them: A model deployed at an airport that labels everyone a terrorist will have 100% Recall (but horrible Precision). This model would be useless. If the same model labels everyone not a terrorist, it will have 100% Precision most days (but horrible Recall). This model is also useless. Instead of worrying about Precision or Recall separately, focus on the F1-Score. The F1-Score is the harmonic mean of Precision and Recall. It gives you a single number that reflects a balance between the two metrics.

𝗧𝗵𝗲 𝗯𝗲𝘀𝘁 𝗠𝗟 𝗮𝗹𝗴𝗼𝗿𝗶𝘁𝗵𝗺 𝗶𝗻 𝗮 𝗰𝗿𝗶𝘀𝗶𝘀? 𝗥𝗮𝗻𝗱𝗼𝗺 𝗙𝗼𝗿𝗲𝘀𝘁. No matter if you’re building a fraud detection model or a credit scoring system 𝗥𝗮𝗻𝗱𝗼𝗺 𝗙𝗼𝗿𝗲𝘀𝘁 often beats everything else without deep tuning. Here’s how it works, 𝗮𝘀 𝗶𝗳 𝘆𝗼𝘂’𝗿𝗲 𝗲𝘅𝗽𝗹𝗮𝗶𝗻𝗶𝗻𝗴 𝗶𝘁 𝘁𝗼 𝗮 𝗰𝗼𝗹𝗹𝗲𝗮𝗴𝘂𝗲 𝗧𝗵𝗲 𝗣𝗿𝗼𝗯𝗹𝗲𝗺 𝗪𝗶𝘁𝗵 𝗗𝗲𝗰𝗶𝘀𝗶𝗼𝗻 𝗧𝗿𝗲𝗲𝘀 Decision Trees are simple and powerful. But they tend to overfit. Badly. They’ll memorize your training data, split too many times, and get confused by noise. Which means great accuracy on paper, but terrible performance in real-world data. So what if we don’t rely on just one tree? 𝗘𝗻𝘁𝗲𝗿: 𝗥𝗮𝗻𝗱𝗼𝗺 𝗙𝗼𝗿𝗲𝘀𝘁 🌲🌲🌲 Imagine 𝟭𝟬𝟬 different Decision Trees, Each trained on a 𝗿𝗮𝗻𝗱𝗼𝗺 𝘀𝘂𝗯𝘀𝗲𝘁 of your data Each considering a 𝗿𝗮𝗻𝗱𝗼𝗺 𝘀𝘂𝗯𝘀𝗲𝘁 of features ↳ That’s a Random Forest: a collection of weak learners voting together. Why does this work so well? Because randomization → lowers correlation → reduces overfitting → increases generalization. Think of it like this: 1 dumb voter = noisy 100 random voters = surprisingly wise 𝗛𝗼𝘄 𝗶𝘁 𝗮𝗰𝘁𝘂𝗮𝗹𝗹𝘆 𝘄𝗼𝗿𝗸𝘀 ↳ First, we use bootstrapping  Randomly sample data (with replacement) to create different training sets ↳ Then we build many Decision Trees  Each one picks random features at each split ↳ Final output?  Majority vote for classification  Average value for regression Result: High accuracy, low variance, no manual tuning needed. 𝗥𝗲𝗮𝗹-𝗪𝗼𝗿𝗹𝗱 𝗘𝘅𝗮𝗺𝗽𝗹𝗲 Let’s say you work in FinTech. You’re building a fraud detection model. But fraud patterns change. A simple Decision Tree overfits to old patterns. 𝗪𝗶𝘁𝗵 𝗥𝗮𝗻𝗱𝗼𝗺 𝗙𝗼𝗿𝗲𝘀𝘁: ↳ You feed it transaction history, user metadata, device info ↳ It trains 100+ trees ↳ Learns generalized patterns of fraud ↳ And flags anomalies with surprisingly high precision even on unseen data You just saved your company millions. 𝗪𝗵𝗲𝗻 𝗦𝗵𝗼𝘂𝗹𝗱 𝗬𝗼𝘂 𝗨𝘀𝗲 𝗜𝘁? ✅ When you need high accuracy out of the box ✅ When you want to avoid heavy tuning ✅ When your data is structured and tabular ✅ When interpretability is less important than performance 𝗕𝗲𝘀𝘁 𝗣𝗮𝗿𝘁? Random Forest can also give you feature importance ↳ So you learn what actually drives predictions. 𝗧𝗶𝗽: Use 𝗦𝗰𝗶𝗸𝗶𝘁-𝗟𝗲𝗮𝗿𝗻 from sklearn.ensemble import RandomForestClassifier model = RandomForestClassifier(n_estimators=100, max_depth=10) model.fit(X_train, y_train) predictions = model.predict(X_test) ↳ Add model.feature_importances_ to see what mattered most. 𝗧𝗼 𝗿𝗲𝗰𝗮𝗽: Random Forest is not “fancy” It’s just clever, practical, and battle-tested. If you’re not sure where to start with a supervised ML problem Start with Random Forest. It’ll surprise you with how far it takes you. --- Follow Arif Alam

The recent unveiling of Operation Gold Rush—the largest health care fraud takedown in U.S. history—marks a pivotal moment for our industry. A $10.6 billion scheme, orchestrated through the acquisition of legitimate Medicare-enrolled suppliers and the mass submission of fraudulent claims, has shaken the very foundation of our health care system. What makes this case extraordinary isn’t just the scale, it’s the sophistication. Fraudsters didn’t build shell companies from scratch. They bought their way into the system, exploiting trust, regulatory gaps, and the inertia of legacy controls. Over 1.2 million real identities were stolen. More than a billion urinary catheters were billed, far exceeding what the U.S. could even manufacture. But here’s the real story: how it was stopped. Federal agents pivoted from reactive investigations to real-time detection. They froze payments before they left the system. They used data, speed, and interagency coordination to outmaneuver a global fraud ring. This is the future of fraud prevention—and it’s already here. As leaders in risk and fraud, we must ask ourselves: Are we still playing defense in a world that demands offense? Are our systems agile enough to detect anomalies before they metastasize? Are we investing in the right partnerships, technologies, and mindsets? Operation Gold Rush is more than a case study. It’s a blueprint. And it’s a challenge to all of us to raise the bar. #OperationGoldRush #Fraud #FinancialCrime http://2.sas.com/6046fKJuu