Supporting Decision-making in Fraud Sensitive Environments: Including Personal Data from Public Sources in Risk Analyses

Abstract

The purpose of this research is to investigate if, and how, personal data from public sources can be utilized for risk analyses of (prospective) customers. An objective was to identify the steps necessary for the implementation of a system that enables this, and what the architecture of such a system would be. An additional objective was to find out what legal issues arise with the implementation of such a system in the Netherlands.

For this investigation, a qualitative approach was taken. A literature study on Business Intelligence, Web Information Extraction and Entity Matching was performed in order to identify techniques and methods with which the objectives could be attained. Additionally, to acquire knowledge about the current state of risk analyses, three interviews with experts in the field were conducted. Based on the data that was gathered during these activities, the Public Sources for Risk Analyses (PSRA) Process and PSRA Architecture were constructed.

The PSRA Process contains six phases, each containing several steps. The purpose of this process is to guide the development of a system that extends current risk analysis systems with personal data from public sources. The PSRA Architecture, in turn, serves as a high-level reference architecture for such a system.

These two artifacts were evaluated by the implementation of a proof of concept, and by experts in the field. The proof of concept was unable to prove that personal data from public sources can be utilized for risk analyses, since it could not accurately decide which profile belonged to a particular subject. This was mainly caused by the lack of publicly available personal data. Additionally, some legal obligations that should be met in the Netherlands make the utilisation of personal data from public sources in risk analysis systems even more difficult.