Want more Insights from SAS? Subscribe to our Insights newsletter. Or check back often to get more insights on the topics you care about, including analytics, big data, data management, marketing, and risk & fraud.
Why data is king of the borders
Building the case for risk scoring
By Sue Cameron, Principal Pre-sales Consultant, SAS
Border security agencies have a tough job; they need to carefully balance public security against convenience and cost: They can either check every passenger (estimated at 3.3 billion in 2014) and every piece of cargo (about 50 million metric tons!) or risk letting in travelers or cargo that pose a threat. Obviously the blanket approach is impractical. Risk scoring incorporates multiple data sources, including advanced passenger information (API), passenger number record (PNR) details and watch list information, to help agencies narrow the search.
In addition to the volume of traffic to be evaluated, some agencies are also constrained by regulations about data privacy and the length of time data can be retained for analysis. Agencies typically need advanced data management to connect and merge the necessary data sets. But merging the data can sometimes result in individuals being identified, thereby breaching the privacy regulations. Anonymizing data, however, satisfies privacy laws while still providing valuable intelligence.
To achieve an appropriate balance between cost, passenger convenience and security — that prioritizes the latter — an approach based on risk scoring is the only viable option.
Coupled with this, agencies operating in integrated regions like the EU need to deliver open borders while dealing with the added risks. Under the Schengen Agreement, member states agree to the four freedoms of movement (people, goods, services and capital), putting pressure on nations with external borders to provide adequate border protection.
How to be selective
Agencies need advanced data management capabilities to connect and merge the data in a way that will make it most useful. Once the right data has been collected and formatted, agencies can move to the risk scoring phase. The solution should include these three elements: watch list management, rules-based profiling and analytics-based profiling.
The first refers to managing and matching lists of known or suspected criminals held by intelligence or other agencies. Rules-based profiling tests passengers against known rules. For instance, a person who buys a long-haul ticket on the day of travel with cash will generate a higher score than someone who buys a ticket by credit card two weeks in advance.
The third method – analytics-based profiling - uses historical data (hard to obtain in some countries), to create clusters of travelers or cargo with similar characteristics and identify patterns. Then, individual passengers and shipments can be checked against norms to determine risk.
The ideal approach should encompass data management, watch list matching, rules-based profiling and analytics-based profiling all within one solution. Individual risk scores can then be generated to create an overall risk score, with alerts sent if thresholds are exceeded. Risk scoring should be used as part of a coordinated approach to border management, complementing the expertise of experienced border guards to help them make more informed decisions.
Risk scoring ensures the balance
Preserving public security should always be the end goal, and risk scoring helps achieve this while controlling costs, reducing queues and streamlining border crossings. Yet while some border agencies have implemented it, the technology they use is often rules-based and doesn’t incorporate analytics-based profiling. Why is this?
The effectiveness of analytics-based profiling is dependent on its ability to access a rich source of high-quality historical data, and, critically, hold it for prolonged periods. This is difficult in many countries because of the stringent data privacy rules under which many countries operate. The current rules make it difficult for agencies to hold data long enough to run effective analysis; however, with judicious use of anonymization, they may be able to retain more historic information that can then be used to generate risk-based profiles.
Data privacy is a critically important principle and the prevailing legislation in this area must and should be respected and adhered to. However, it is hoped that the relevant laws may be modified in the future to allow a greater range of data to be accessed by agencies and for that data to be retained for longer periods.
Ultimately, any approach to profiling depends on the quality of data collected. The way this data is managed and analyzed will be critical in determining the quality of the final results achieved. The technology to optimize this process is available today and is now increasingly being applied to border management challenges. Security is paramount and to achieve an appropriate balance between cost, passenger convenience and security, that prioritizes the latter, an approach based on risk scoring is the only viable option.
Business needs are driving agencies to adopt a more sophisticated and targeted approach to border management. This paper examines the many challenges agencies face in meeting this goal and the ways these challenges can be met with the help of risk-based modeling.