Stefano Grazioli

Detecting deception: adversarial problem solving in a low base-rate world

The work presented here investigates the process by which one group of individuals solves the problem of detecting deceptions created by other agents. A field experiment was conducted in which twenty-four auditors (partners in international public accounting firms) were asked to review four cases describing real companies that, unknown to the auditors, had perpetrated financial frauds. While many of the auditors failed to detect the manipulations in the cases, a small number of auditors were consistently successful. Since the detection of frauds occurs infrequently in the work of a given auditor, we explain success by the application of powerful heuristics gained from experience with deceptions in everyday life. These heuristics implement a variation of Dennett’s intentional stance strategy, which is based on interpreting detected inconsistencies in the light of the Deceiver’s (i.e., management’s) goals and possible actions. We explain failure to detect deception by means of perturbations (bugs) in the domain knowledge of accounting needed to apply these heuristics to the specific context of financial statement fraud. We test our theory by showing that a computational model of fraud detection that employs the proposed heuristics successfully detects frauds in the cases given to the auditors. We then modify the model by introducing perturbations based on the errors made by each of the auditors in the four cases. The resulting models account for 84 of the 96 observations (i.e., 24 auditors x four cases) in our data.

Fraud detection: Intentionality and deception in cognition

Fraud detection is made difficult in part due to the fact that most auditors have relatively little experience with it. We address the issue of what kind of knowledge supports success in financial statement fraud detection by examining the more general information processing problem of detecting a deception. We define deception as a process in which a deceiver (e.g. management) has intentionally manipulated an environment (a financial statement) so as to elicit a misleading representation in a target agent (e.g. an auditor). We develop a theory of the knowledge that the deceiver and the target use for respectively constructing and detecting deceptions. Drawing on the literature in several fields (e.g. cognitive ethology, military strategy, child development) we identify specific strategies and tactics for creating a deception. We then hypothesize that reasoning about a deceivers goals is one of the main strategies for detecting deception. We use the strategies and tactics for creating a deception to propose what the knowledge that would lead to the detection of financial statement fraud must be like based on a proposed hierarchy of the managers (deceivers) goals. We compare the proposed detection knowledge with the knowledge base of a computer (expert system) model of financial statement fraud detection task that was successful in solving several real fraud cases (and was built independently from the proposed theory). We also compare properties of the detection knowledge proposed in our theory with the knowledge employed by several experienced auditors who performed the task of concurring partner review on one of the fraud cases successfully analyzed by the model.

Consumer and Business Deception on the Internet: Content Analysis of Documentary Evidence

Internet deception threatens the sustainability of Internet commerce because it undermines trust. This paper investigates the deceptive tactics available on the Internet and some of the factors that make them more or less likely to be adopted. An established theory of deception is applied to the Internet context to identify the deception tactics available on-line. The theory is then expanded with new hypotheses that link the selection of a specific tactic to the identity of the target and the purported identity of the deceiver. Content analysis of a broad range of documentary evidence published between 1995 and 2000 is used to build a database of 201 cases of Internet deception. Data from the database are used to test the hypotheses. The results suggest that deceivers select tactics as a function of their targets as well as their own purported identities. Practical implications for deterrence, prevention, and detection of Internet deception are discussed.

Success and Failure in Expert Reasoning

Discusses causes of error in real-world problem-solving tasks by considering errors as failures of reasoning and by focusing on human experts as a source of insight into the basis for reasoning errors. A theory of expertise for diagnostic tasks based on the hypothetico-deductive method of reasoning and 2 principles of expertise (called coverage and composition) is described. The task of fraud detection in financial statement auditing is used in computer simulations and in comparison with a sample of 24 auditors who were given the financial statements of a subset of the companies. Results indicate that when neither of the 2 principles is violated, the performance of the resulting model is comparable with that of human auditors who are able to detect fraud. (PsycINFO Database Record (c) 2012 APA, all rights reserved)

Deceived: under target online

Suppose you’re trying to access your favorite search engine. You haven’t bookmarked it, so you type “google.com” in your browser. Accidentally, you mistype “gogle.com” instead. Your browser brings you to a page that looks just like Google’s but is connected to a competitor’s search engine. At the bottom of the page there is some small print warning that the site you’re viewing is not affiliated with google.com. Did you take time to read it? Probably not. Something similar would have happened if you had typed “gugle.com”, “guggle.com” or “goggle.com.” You’ve just been “page-jacked” [2]. While the negative consequences from this particular incident are probably not very serious, it is easy to imagine what might have happened if a criminal tried to simulate your bank Web site—in particular the page where you log-in your account number and your password. Actually, there is no need to imagine it. It has already happened. Page-jacking—the practice of simulating a legitimate page to obtain secrets or business from an unsuspecting Internet user—is an example of Internet deception. Studies have shown that even sophisticated, technologically-competent Internet shoppers are relatively easy prey for such deceptive copycat sites [4]. Page-jacking is just one example of a set of deviant behaviors that we call Internet deception (such as fraud, misleading advertisement, manipulations of financial information). In the period from 1996 to 1999, the number of reports to Internet Fraud Watch (IFW), a research organization funded by a major credit card network, grew more than 250% annually. Consumer complaints have grown so numerous that several federal agencies—the Federal Trade Commission, the Securities and Exchange Commission, and the Department of Justice—have started specialized programs for the detection and prosecution of Internet fraud. While Internet deception is troubling in its own right, its rising occurrence is a threat to Internet commerce. When buyers have trouble discriminating between good and bad products, even a small number of deceptive sellers might “poison” a market—driving out good products and eventually the consumers [1, 7]. To counter this

A Cognitive Approach to Fraud Detection

Fraud detection is usually done by looking for red flags and various other cues of deceit. Research in auditing and psychology has questioned the effectiveness of these methods. Here we summarize work on constructing a new cognitive approach to understanding both success and failure at detecting financial statement fraud (Johnson, Grazioli, Jamal and Berryman 2001; Johnson, Grazioli, Jamal and Zualkernan 1992). We begin by analyzing the information processing problem than an auditor must solve to detect the presence of deceptive financial information. We then describe a theory of the solution to this problem, i.e. a theory of successful fraud detection. The theory is used as a yardstick to evaluate the actual behavior of Big 4 firm audit partners engaged in the review of real cases of financial statement fraud. An analysis of the errors made by these auditors allows us to formulate and test hypotheses on where they succeed, where they fail, and the cognitive processes that underlie both success and failure.

Computational intelligence in financial engineering trading competition: a system for project-based learning

This paper discusses the implementation of the Trading Competition held at the 2014 IEEE Computational Intelligence in Financial Engineering conference (CIFEr 2014). Participants in the competition were asked to hedge a simulated portfolio of assets, worth approximately

Perils of Internet fraud: an empirical investigation of deception and trust with experienced Internet consumers

54 million. The winner was the individual whose portfolio most closely generated a 1% annualized return based on daily tracking. The goal of the competition was to provide participants with the opportunity to learn portfolio management and hedging skill. Self-assessments indicate that contestants improved their portfolio management skills and enjoyed their experience. This paper discusses methods used to generate the simulated stock and option prices and to construct the trading platform. All of the software used in the competition is being made open source in the hope that students, professors, and practitioners improve on the idea of the competition, thereby facilitating project-based learning for the future practitioners of economics, finance, and financial engineering.