Using technology to reduce migration fraud

When you’re looking for a needle in a haystack, it helps if you can reduce the amount of hay you sort through. That’s the analogy offered by Gavin McCairns, the Department of Immigration and Border Protection’s first assistant secretary in the fraud and integrity division and department-wide chief risk officer.

With 50 million people entering Australia each year, the task of identifying those who plan to commit migration fraud (eg, by overstaying their visas) presents a challenge. The number of border crossings is growing much faster than the resources available, and there is more variety than in years gone by, with smaller airlines providing international flights to smaller airports, to give just one example. So the Department is applying technology in a number of ways to help identify the relatively small number of needles in that haystack of legitimate arrivals, Mr McCairns told the Technology in Government Summit.

The department is using predictive analytics to generate a risk score for each application. This helps the department to deal with all those “first time shoppers” (people who haven’t previously applied for a visa) by matching them with similar people that it does know about. It is easier to refuse a visa than it is to cancel it after the person has arrived, he explained.

Data is available from outside the department remarkably quickly, Mr McCairns said. It knows that a traveller is about to leave for Australia within two minutes of checking in, and access to the US fingerprint database takes about 60 seconds.

Network analytics are used to identify previously hidden connections between people, organisations and addresses. For instance, if the fingerprints of someone applying for a protection visa matched those of a licenced security guard in the US, questions would be asked. Such checks can be made without initially revealing the applicant’s identity to the holder of the other records, but if a match does occur that provides a legal basis for making further enquiries, he said.

According to Mr McCairns, the cross-functional team assembled to develop these systems have just three hard-and-fast rules: don’t break the law, don’t break the mainframe, and don’t break the bank.

The strategy is to prototype (they “try stuff for nothing” or at least for as little as possible), pilot, and then put into production. The system used to alert border officials to arriving passengers who need close scrutiny was piloted for $50,000 (which mostly went on training) and put into production for $1 million. 100% of people entering Australia are now scored, he said.

Relatively small projects that have yielded interesting results that may be taken further include handwriting analysis of arrival cards (while it is normal for one person to fill in the cards for the whole family, a small-scale trial found some matches that could not be readily explained), and some simple analytics applied to working holiday visas - usually limited to one per person - found around 1000 suspicious matches, such as different phonetic spellings of the same name on separate application by what appeared to be the same person. The follow up found 130 cases of confirmed identity fraud, and 69 visas were cancelled. Mr McCairns said he wants to see this analysis applied when working visa applications are received.

Some of these projects use open source software, which helps keep costs down. The R statistical system is one of the most used, he said, but noted that it is important to focus on the business problem rather than a specific technology.

Another example related by Mr McCairns started when Customs officials obtained the email addresses of four drug mules. DIPB was able to link those addresses with others, and combined that information with the IP addresses used to make online visa applications to generate a watch list of suspect travellers. This led to a number of people being caught in possession of drugs either on arrival in Australia or prior to departure. One of them was the subject of a Customs and Border Protection Service press release earlier this year , Mr McCairns implied.

“We’re doing things faster and cheaper,” he said. “I’m over reports… I’m interested in data and access that lets us take action” to facilitate more travel with less red tape. While Australia is learning from some other countries in this field, “we are so far ahead of the game internationally, people are coming to us.”

More from #TechinGov see here

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join the CSO newsletter!

Error: Please check your email address.

Tags migration fraudCustoms and Border Protection Servicenetwork analytic shandwriting analysisrisk#TechinGovidentity fraudpredictive analytic sR Project

More about CSOEnex TestLabTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Stephen Withers

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts