Category: Predatory Crime

Deception: Nonverbal Behaviour

Risk appetite at Critical Infrastructure depends on the the level of threat and anticipated outcome of a security compromise. The outcome was catastrophic from terrorist boarding airplanes in Boston [2001] and crashing them into the World Trade Center, the Pentagon and a field in Pennsylvania.

There was a lot of political noise post-911. What to do about terrorists boarding aircraft using fraudulently obtained identification cards?

The Congressional Reaction 

The political response, in lieu of seemingly impossible logistics of a National ID Card, was to tweak the security requirements for State issuing of driver’s licences and identification cards with REAL ID.  A post implementing review of REAL ID was undertaken by the U.S. General Accounting Office. The first audit results were published under title, Counterfeit Identification Raises Homeland Security Concerns [2003]. Another study published in 2009 reviewed the progress of individual states in complying with the REAL ID regulations.


The outcome is not all that promising for security. Desk audits found a general inability to detect deception with counterfeit and forged documents presented to security and immigration at airports and at Departments of Motor Vehicles (DMV) across the U.S. State compliance with REAL ID is not consistently applied across each State.

The reality, when someone presents a Certificate of Birth, of which there are 7,000 plus issuers in the US, at a DMV service outlet as proof of status, it is a genesis document for a variety of other means of identification. With a birth registration system designed for the conditions of 1907, no provisions were made to include a biometrics directly linked to the birth record. It remains the same to this day. Secondly, out-of-state deaths are not correlated with in-state births.

So, what is left?

Outside increasing the effort to commit personation and identity fraud, and which is beyond the reach of those depending on these documents, what is left is to increase certainty of catching predators in the act. They are at their most vulnerable while presenting fraudulently acquired, forged, and loaned/stolen genuine documents at the point-of-service to complete their ruse.

Ability to identify red flag indicators of deception is a learned and honed skill.  People higher on the emotional intelligence scale have a better chance of success in maintaining focus over longer periods of time, and better equipped to pick up on the emotions of others.

Back to Affective Realism

The previous post, “Affective Realism“, poured the footings for deception risk mitigation. This metaphor high-lights the most fundamental building block of deception management.

This post posits nonverbal behaviour as a component of assessing the reliability of statements and declarations made at the point-of-service in the deception management game. Assessing nonverbal behaviour can be complicated and fraught with variability. It refers to communication distinct from speech. It is taken generally to include facial and eye expressions, hand and arm gestures, postures, positions, use of space between individuals and objects, and various movements of the body, legs and feet.

Nonverbal behaviour communication can be generated deliberately, the behaviours can be culturally nuanced, and they can be triggered my emotions from below levels of conscious awareness.

The complexity here is that the emotionally triggered nonverbal behaviour can be for something totally unrelated to a request or question posed.

Context is Everything

Nonverbal behaviour must be interpreted contextually: “Depending on or relating to the circumstances that form the setting, in this case, for a security screening event.”  And as learned in the last post, nonverbal behaviour is interpreted through the prism of emotions, as well as beliefs and biases. One can see that is not a precise, nor absolute science. It is fraught with variability.

This does not mean throwing nonverbal behaviour out. It for certain means assessing with humility. When something appears to be aberrant, or out-of-sequence, it is mistake to jump to a conclusion that there is deception. It is something to potentially action with followup questions at the point-of-service or, optionally, to escalate for more in-depth review.

What’s Next?

Meta studies of the research resulted in no single nonverbal or verbal clue as a reliable indicator of deception. The probability of detection increases when clusters of indicators are present (DePaulo ‘et al’, 2003; Masip, ‘et al’ 2005; Vrij 2006; Sporer & Schwandt, 2006,2007).

A future post scans verbal behaviour.

Heath Care Systems: Outside-the-System Predatory Fraud Controls (3 of 3)

This is the last in this three part series on the financial harms posed by misuse, abuse and fraud. The last post addressed inside-the-system threats. This post explores outside-the-system threats.

Predation is a different cup of tea than reducing threats posed by trusted billing agents cheating a little bit. Although outside-the-system attacks may involve corrupting trusted billing agents, this is not representative of the billing agent  community at large.

With automated billing systems, it isn’t what’s known about predatory attacks that is important. It what isn’t known. Much of the storytelling about healthcare systems’ fraud is sourced from attitudinal surveys. The interesting thing about this, the more this story is told, the more it is believed that these attitudes reflect reality.

Committees’ of the United States Congress picked up on this during the Clinton administration; when exploring fraud in America’s healthcare systems. Experts were quoting a ten percent (10%) loss from predation. The committees recognized no one really knows. It has never been scientifically quantified. And, there is no evidence that the threat of investigation and prosecution is a stand-alone deterrent to fraud. It is little wonder risk managers and business decision makers balk at putting additional resources towards countering fraud, much to the angst of those struggling to control it.

The question then becomes how do you quantity predatory fraud in healthcare systems for making business decisions on resources to put at it; and how do to quantify what is being done to determine if it is effective?

There is evidence from the problem-oriented policing service delivery model that   situational crime prevention works, when it  engages non-police stakeholders partnering in identifying and tackling root causes of crime.

This model views enforcement as one intervention strategy to be applied with other interventions (three to five) which shut down crime attractors. The mastery is in isolating recurring outlier patterns and hot spots for which projects can be undertaken and completed in six to nine months. The targeted activity is quantified going in, and outcomes measured for effectiveness in reducing harms. From it will grow a body of best practices in a situational health care fraud matrix. The short of the long] learn from doing.

Malcolm Sparrow [J.F. Kennedy School of Government, Harvard]  proposes this problem solving model in his book,  “A License to Steal: How fraud bleeds American’s health care system.” As an educator of and practitioner of problem-oriented policing, Gregory Saville o/a SafeGrowth can vouch for its effectiveness in reducing crime harms. Regrettably, from all account, the fraud investigations culture in the health care sector has been slow on the uptake.

There are no physical barriers to becoming more effective at reducing predatory financial harms, only mindset barriers.

Health Care Systems: Misuse, Abuse & Predatory Fraud Controls (1 of 3)

Health care is part of a nation’s critical infrastructure (CI). It is the largest public cash dispensing sector of the United States and Canadian economies. Ten times that of defense. Health care services delivery is an extraordinarily complex system. Within this context, conversation on misuse, abuse and predatory fraud controls must be broken down into smaller ecosystems to make sense of the issues and counter measures.

Definition: Ecosystems are, “living organisms in conjunction with nonliving components of their environment interacting with the system.”  

This is the first of three articles addressing human cheating and predatory practices causing financial harms to health care systems.

The United States spends in excess of 17.3% of GDP on health care. It is a complicated vertical system of public and private sector plans. People falling between the cracks end up uninsured. The result can be physically, emotionally and financially  catastrophic for families.

Far and way, the United States has the most expensive per capita health care spending in the world. In  “A License to steal: How Fraud Bleeds America’s Health Care System”, Harvard University’s Malcolm K. Sparrow explores the health care delivery system’s defenses from predatory attacks and makes recommendations on controls that are for most part unheeded across North America.

Canada spends in excess of 10.53 % of GDP on health care benefits and services. The Canadian system is horizontal; with basic care for everyone meeting status and residency requirements. It is topped up by private plans for unregulated services, Some costs are also absorbed by the property and casualty insurance industry in the case of injury related accidents.

Increasingly larger portions of provincial budgets is sunk into universal health care resulting in insidious deregulation of formerly paid for publicly services. In Chronic Condition; What Canada’s Health Care System Needs to Be Dragged Into the 21st Century”, Jeffrey Simpson explores the options with a growing problem the Canadian system faces; including cuts to “nonessential” services, tax increases, various types of privatization, and finding savings within health care itself.

The next post in this series addresses inside-the-system financial harms and controls. The third in this series explores outside-the-system financial harms and controls. The distinction between these two types of harms and controls is too often poorly defined.