Catching shadows: fighting fraud in utilities
Fraud is a big business. Non-technical losses, which always seems a very euphemistic way to describe theft, cost European utility companies around €3.7 billion every year. This figure includes the value of electricity used without payment, but it does not include the additional costs related to tracking down fraudsters, damages compensation, or legal proceedings.
The incentive to improve detection is not just about minimizing revenues lost to fraud; it is also to increase the hit-rate of action against the fraudsters. Taking typical hit rates from 5% to 40% doesn’t just give a better return on field inspection site visits. It also makes potential fraudsters think twice about stealing electricity, or indeed gas.
Picking the right target: who are the fraudsters?
Not every country suffers the same rate of loss through fraud. Paradoxically, domestic fraud is more common among the richer than the poorer consumer. As far as segmentation goes, it’s useful to think of a three-way split. We are most frequently asked to help combat fraud amongst domestic consumers and small and medium-sized businesses. Enterprise users are the third target in, but these are a more challenging group. Fraud detection relies strongly on peer-to-peer analysis of usage patterns, and with major enterprises, this is more difficult to undertake.
When we, at Atos, are invited to make proposals for fraud analysis and detection, our starting point will always be determined by the specific concerns of the utility company – with regard to both geography and customer profile. Revenue protection will be built on best practice, but will always be specific to the individual utility client.
It’s worth remembering that the best return will not always come from the most obvious target.
Nothing stands still: continual advances in fraud
For every advance in technology or technique, there is a corresponding advance in the sophistication of the fraudster.
To help fight utility fraud and boost security requires looking continually to the future, while always safeguarding heritage practices and technologies.
Just consider, for example, the co-existence of analog and smart metering systems. Utilities with significant installations of traditional meters need to protect themselves. Fraudsters use techniques which match the target – physically interfering with meters or by-passing them altogether. In these cases, the analytic models we use need to match predictive usage from carefully defined peer groups of similar consumers.
The smart meter and smart grid, by definition, invite a smarter kind of fraud. Why drill holes in meters or risk electrocution when you can execute a clean and sustained attack with software? The real cyber-crime threat is less likely to come from individual consumers, but from those who target entire networks, possibly with a view to selling on usage data or using is maliciously.
It’s true that the more sophisticated software or data-driven fraud is in its infancy, but we must always anticipate the next move. Although finance and retail sites may currently be more profitable targets for hackers, utilities must be fully prepared to manage the security implications of smart grids and the multiple access points represented by smart meters:
- Consultancy – industry and subject-specific
An inside industry focus is essential in fraud detection. Here we believe it makes more sense to start with the sector-specific industry model and build from there: it’s faster, cheaper in the long-term, and delivers better results. In short, when confronting fraud in any sector, it always makes sense to start with knowledge of what makes the target sector especially susceptible to threat.
- Statistical – combining breadth and focus
Our statisticians are obsessives. Evidence is always the basis of analytics, and the more usable data we are able to gather, the better positioned we are to help clients act on it.
- Data analytics – with real-time focus
Data analytics is the motor of fraud detection and data scientists build the actual algorithms which produce the detail clients need to catch the bad guys. Here too, close working relationships with industry experts are essential. It’s the inside intelligence which ensures the analytical algorithms deliver actionable business insight. Using Atos Codex as a framework, we have access to a depth of analytical resources and techniques.
It goes without saying, that the analytics perspective increasingly embraces “realtime” – allowing our clients both to act on what is happening right now while building up a deeper historical profile for revenue protection.
Things move fast. It is only a matter of time before a major security breach in utilities hits the headlines – and the chances are that the story will be about data-driven or software-enabled fraud, possibly attacking smart grids as gateways to critical infrastructure or as a means of gathering mass customer information for resale. We’ve seen it in financial services, in entertainment, healthcare and retail: there is no reason to suppose that utilities will be immune.
But businesses can be prepared and can pre-empt and fight back against the fraudsters. Our analytics-based approach is already helping win the battle.