Last time, I wrote about evidential reasoning as a necessary technique for an analysis system. To recap, using a single approach to identify fraud, such as comparing employee or vendor names to those on a watch list, leads to a noisy and sub-optimal system. Instead, heterogeneous data and analysis techniques are required, giving rise to an approach called “evidential reasoning”. This discussion arose while watching a video on a fraud analytics system. Beyond the single dimensional nature of the system, I was also struck by the usage model. It presupposes that a human analyst will sit down and manually investigate data. As with BI systems, the controls were capable, even engaging, but it misses one important fact. Fraud, waste, and abuse never sleep. In the weeks between use of such a manual system, fraud might be occurring, draining the enterprise coffers or worse, destroying its reputation. It would take constant manual usage and vigilance to catch perpetrators in time. Thus, there is a need for automated and even continuous transaction analysis. Several important characteristics are required to perform such analysis. First, as already discussed, the system must be able to leverage multiple analytical techniques in order to drive all the way to (proposed) conclusions. Otherwise, the time requirements placed on the user for manual, ad hoc analysis are untenable. Second, the system must be able to extract data incrementally and keep track of previous information. Unlike typical ETL tools and data warehouses, the goal is not to create a snapshot every week. Instead, the goal is to identify new or changed data within minutes or hours, and store it in an analysis-accessible fashion juxtaposed to previous versions of the data. This is important for efficient continuous usage and detailed trend analysis. But it is also critical for uncovering concealment activities, since fraudsters try to cover their tracks by changing data back after their attack. The ability to track behavior over time and factor those observations into the analysis is naturally supported by an evidential reasoning platform. The third requirement is to keep the human analyst in the loop as the final arbiter, even as the system does the majority of the investigation. More on that discussion next month.