• Choose a category
• All
• Classic-Fiction

Horsley proved to be diligent, a keen observer of human behavior, and a man who plainly knew right from wrong. Eventually he was asked to sniff out fraud among bank employees, and in time he graduated to consumer fraud, which was a far wider threat to the bank. U.K. banks lose about $1.5 billion annually to such fraud. In recent years, it had been facilitated by two forces: the rise of online banking and the fierce competition among banks to snag new business.

For a time, money was so cheap and credit so easy that anyone with a pulse, regardless of employment or citizenship or creditworthiness, could walk into a British bank and walk out with a debit card. (In truth, even a pulse wasn’t necessary: fraudsters were happy to use the identities of dead and fictional people as well.) Horsley learned the customs of various subgroups. West African immigrants were master check washers, while Eastern Europeans were the best identity thieves. Such fraudsters were relentless and creative: they would track down a bank’s call center and linger outside until an employee exited, offering a bribe for customers’ information.

Horsley built a team of data analysts and profilers who wrote computer programs that could crawl through the bank’s database and detect fraudulent activity. The programmers were good. The fraudsters were also good, and nimble too, devising new scams as soon as old ones were compromised. These rapid mutations sharpened Horsley’s ability to think like a fraudster. Even in his sleep, his mind cruised through billions upon billions of bank data points, seeking out patterns that might betray wrongdoing. His algorithms got tighter and tighter.

We had the good fortune to meet Ian Horsley at about this time and, jointly, we began to wonder: if his algorithms could sift through an endless stream of retail banking data and successfully detect fraudsters, might the same data be coaxed to identify other bad guys, like would-be terrorists?

This hunch was supported by the data trail from the September 11 attacks. The banking histories of those nineteen terrorists revealed some behaviors that, in the aggregate, distinguished them from the typical bank customer:

They opened their U.S. accounts with cash or cash equivalents, in the average amount of roughly $4,000, usually at a branch of a large, well-known bank.They typically used a P.O. box as an address, and the addresses changed frequently.Some of them regularly sent and received wire transfers to and from other countries, but these transactions were always below the limit that triggered the bank’s reporting requirements.They tended to make one large deposit and then withdraw cash in small amounts over time.Their banking didn’t reflect normal living expenses like rent, utilities, auto payments, insurance, and so on.There was no typical monthly consistency in the timing of their deposits or withdrawals.They didn’t use savings accounts or safe-deposit boxes.The ratio of cash withdrawals to checks written was unusually high.

It is obviously easier to retroactively create a banking profile of a proven terrorist than to build one that would identify a terrorist before he acts. Nor would a profile of these nineteen men—foreign nationals living in the United States who were training to hijack jetliners—necessarily fit the profile of, say, a homegrown suicide bomber in London.

Furthermore, when data have been used in the past to identify wrongdoing—like the cheating schoolteachers and collusive sumo wrestlers we wrote about in Freakonomics—there was a relatively high prevalence of fraud among a targeted population. But in this case, the population was gigantic (Horsley’s bank alone had many millions of customers) while the number of potential terrorists was very small.

Let’s say, however, you could develop a banking algorithm that was 99 percent accurate. We’ll assume the United Kingdom has 500 terrorists. The algorithm would correctly identify 495 of them, or 99 percent.