Energy theft detection has been discussed at all utilities, deployed at many and is a passion to a few. Theft detection in general terms implies that proactive measures have been taken to identify theft of electricity, gas or water. In almost all cases, the measures taken have been the implementation of a “tip” program that rewards meter readers for notifying the revenue protection department when suspicious conditions are noticed in the field. Once implemented, these programs become reactive rather than proactive, with the revenue protection investigators waiting for tips to investigate. With the advent of Automatic Meter Reading (AMR), meter readers are becoming obsolete as are tip based programs.
Recently, a new approach to the discovery of energy theft has emerged in response to these changes. The approach combines data from many sources, including AMR tamper flags, and uses that data to not only identify cases of theft at a specific customer site, but to do so with a scheme that prioritizes investigation efforts by targeting higher probability and higher value cases.
Focus on high value cases
Using a proactive approach to energy theft detection removes the handcuffs that have been placed on utilities that relied on tip programs to generate revenue protection leads. Even though many studies have shown that 80% of the dollars lost to theft by utilities is in the commercial sector, 80% of the investigation effort has been put into the residential sector. Residential leads typically result in cases worth hundreds of dollars; focused commercial leads tend to be in the thousands, and sometimes hundreds of thousands of dollars.
AMR tamper flags do not provide enough information
Automatic Meter Reading systems have worked well for identifying usage on inactive meters but their usefulness in the war on energy theft nearly stops there. There are just too many legitimate causes that generate false tamper flags and in addition, there is no means to prioritize the flags once generated. As a result, most utilities ignore the tamper reports generated by their systems. Additionally, the higher dollar commercial cases have more elaborate transformer rated equipment and as a result tampering often occurs away from the meter.
This does not mean that AMR tamper flags are useless though. Through integration with other data, the valuable information provided by an AMR system can be used effectively. Tamper flags have been ignored because there has been no automated way to evaluate whether they are valid or not. If a tamper flag is truly indicating that meter tampering has occurred, then the tampering will show up in other information about the customer in a way that validates the flag. In order to effectively validate AMR tamper flags it is first necessary to have methods that will identify the abnormal patterns caused by each.
It all starts with knowing the customer
In the residential sector a meter and a customer are usually one in the same, but many commercial accounts are made up of multiple meters which are often billed to different accounts. These separate meters and separate accounts must be merged to truly represent the energy usage of a customer and to compare their patterns against their peers.
Figure 1 shows a simplified example of how even a proactive approach can get fooled by analyzing the individual meters at a customer’s site. The business in Figure 1 (See PDF) is a single premise but with meters A & B that were installed at different times and as different accounts.
Each meter has one outlet attached to it and there is a large cooler at the business. An event is caused if the cooler was plugged into meter A’s outlet (Figure 1a) (See PDF) and then the plug is moved to meter B (Figure 1b) (See PDF). The three month electric usage for meter A would drop abruptly, and show up as a potential theft case using meter based analysis. The three month electric usage for meter B would have the opposite profile. This event would not have been flagged if the customer was analyzed after first combining the consumption of all the related meters. Figure 2 (See PDF) depicts a common situation where a business in a strip mall expands into the space next door, thus occupying two premises. The same false event would be introduced in this case without account merging, but the solution is more difficult since the two accounts are at different addresses.
Fortunately, sophisticated matching algorithms are now available that can mine the information in all accounts in a Customer Information System (CIS) to pair the accounts that really represent a single customer or business. The combined accounts can then be compared as a business to peers using different methods to determine how its patterns compare to the group.
This leads to another major issue faced when performing peer group analysis, incorrect business type information. Business codes (SIC, NAISC, etc) are obtained by a customer service representative at the time a commercial account is established. For many reasons incorrect codes are entered initially and are rarely kept current over time. Experience has shown that only 10-25% of the business codes are correct for most utilities. The solution to the business code problem uses the same sophisticated matching algorithms used to pair meter based accounts into customer groups. It has been found that Yellow Page and other business databases contain much more accurate business classification information as well as a wealth of other data about each business. We can truly know the customers we are analyzing when these databases are purchased and their listings are matched to the utility accounts.
The process of detecting theft can begin once meters are merged to represent the entire business, or “customer”, and data from all available sources is compiled for that customer. Useful data for analysis includes:
• Electric/gas/water consumption
• Electric/gas demand
• Weather data
• Correct business codes & sub codes
• Real estate records
• Employee information
• Financial information, including credit rating
Using all the data about the customer
Let’s introduce the concept of a “Customer Model”. A Customer Model as the name implies looks at a feature or pattern of use by a customer. There are many reasons why energy is un-metered, therefore there must be many ways to detect these conditions. These detection methods are referred to as Customer Models because they compare the energy use of a business with the model profiles of their peers. Examples of Customer Models that have been deployed are:
• Slope Deviation
• Load Ratio Deviation
• Energy Ratio Deviation
• Heating Gas Deviation
• Meter Capacity Deviation
• Building Capacity Deviation
• Excessive Seasonal Variation
• Bent Disk Profile
• Credit Risk Profile
• Blown Fuse Profile
• Erratic Profile
It is not efficient for revenue protection departments to simply generate lists of potential theft cases; they need a way to prioritize their work. For example, just searching out accounts with a specific drop in consumption will result of thousands of cases. In most of these cases, the drop will have occurred for legitimate reasons. Prioritization has to be done so that the investigation staff can focus on the highest probability cases. A total score can be derived, as shown in Figure 3 (See PDF), by calculating component scores with each Customer Model, applying a business weighting to each component score then applying an optional customer level weighting to complete each component score.
These final component scores can then be combined to produce a single total score that represents the likelihood that energy theft is occurring.
Using many data sources and a combination of models that look for independent features in a customer’s consumption profile has transformed theft detection into a viable and cost effective solution for utilities. All previous attempts to analytically identify energy theft resulted in success rates of 3-5%. These new techniques have delivered an average success rate of over 20% for those who have deployed them.
Benefits of looking beyond AMR
The Customer Model approach to theft detection has been proven to be a new and effective method of identifying energy theft. The addition of AMR tamper flags provides an additional and independent indication that an event has occurred at a meter. The two most common AMR tamper flags are Meter Removal/Loss of Power and Meter Tilt. If the event the AMR flag signals is theft related, then one or more of the Customer Models validates it.
The best way to emphasize how Customer Models work together with AMR flags is through analysis of some examples. The first example is a meter that is removed to wrap copper wire around the meter prongs, thus creating a path for the current around the meter. When reinserted in the socket, the meter will only register one half of what is actually being used. This type of event would most likely cause both a Meter Removal and a Tilt flag in the AMR system for a single month. These tamper flags are denoted by the red triangle in Figure 4. (See PDF).
The account associated with the tampers flags will be marked as suspect in the detection system rather than dispatching investigators to a site. The energy usage from all meters that make up the account will then be monitored to validate that a consistent drop in consumption follows the tampering event. All other available information (i.e. corresponding drop in gas or water, change of name on account, etc) will be used as well to differentiate between a theft event and a change in business operation. If the ongoing usage on the account supports the theory of a theft then the utility would dispatch resources to investigate. In the interim, all false cases would have proven themselves to be legitimate thus excluding themselves from further scrutiny.
The previous example assumed that a new event occurred after the accounts were being monitored. In a perfect world this approach would catch most cases. However, energy theft has probably been occurring since Thomas Edison’s days. The good news is that techniques have been developed to identify situations with no recent “event” as well. The second example is when a customer has removed their meter and inserted shunts into the socket for 15 days each month, and this has been occurring for years. As with the first example, one half of the consumption is actually metered each month. Tamper flags would appear every month as shown in Figure 5 (See PDF) but there would not be a corresponding drop in consumption to support the tampering event.
In this situation the detection system would mark the account as a potential intermittent situation and immediately use all available information to verify or ignore the repeated tamper flags. Customer information such as electric demand, gas and water consumption, meter capacity, monthly consistency and neighboring account tamper flags are all used by several Customer Models to determine if these AMR tamper flags are valid. In this scenario, a total score would have been computed from the combination of several component scores without the tamper flags. Integration with the Customer Model theft detection system allows the AMR tamper flags to become a key component of the prioritization scheme and help move this case to the top of the list.
A new opportunity for utilities
Whether delivering electricity, gas or water and whether using meter readers or AMR to collect consumption readings, there is a new opportunity to accurately and efficiently identify theft of these valuable commodities. New techniques and the availability of electronic information have enabled the creation and application of an energy theft detection solution that not only identifies cases but uses all available information about the customer to establish a total score. The score in turn enables a utility to focus their valuable revenue protection resources on the highest probability cases.
Moreover, the implementation of a Customer Model based detection system allows AMR tamper flags that were once discarded to become a valuable part of the overall revenue protection scheme.
About the Author
Michael Madrazo is the founder and President of Detectent, the pioneer in developing analytical revenue protection solutions. Detectent has helped utilities across the country increase the efficiency of their revenue protection efforts by implementing proactive theft detection tools and services.
For more information about Detectent, visit www.detectent.com or call 760-233-4030.
Recently, a new approach to the discovery of energy theft has emerged in response to these changes. The approach combines data from many sources, including AMR tamper flags, and uses that data to not only identify cases of theft at a specific customer site, but to do so with a scheme that prioritizes investigation efforts by targeting higher probability and higher value cases.
Focus on high value cases
Using a proactive approach to energy theft detection removes the handcuffs that have been placed on utilities that relied on tip programs to generate revenue protection leads. Even though many studies have shown that 80% of the dollars lost to theft by utilities is in the commercial sector, 80% of the investigation effort has been put into the residential sector. Residential leads typically result in cases worth hundreds of dollars; focused commercial leads tend to be in the thousands, and sometimes hundreds of thousands of dollars.
AMR tamper flags do not provide enough information
Automatic Meter Reading systems have worked well for identifying usage on inactive meters but their usefulness in the war on energy theft nearly stops there. There are just too many legitimate causes that generate false tamper flags and in addition, there is no means to prioritize the flags once generated. As a result, most utilities ignore the tamper reports generated by their systems. Additionally, the higher dollar commercial cases have more elaborate transformer rated equipment and as a result tampering often occurs away from the meter.
This does not mean that AMR tamper flags are useless though. Through integration with other data, the valuable information provided by an AMR system can be used effectively. Tamper flags have been ignored because there has been no automated way to evaluate whether they are valid or not. If a tamper flag is truly indicating that meter tampering has occurred, then the tampering will show up in other information about the customer in a way that validates the flag. In order to effectively validate AMR tamper flags it is first necessary to have methods that will identify the abnormal patterns caused by each.
It all starts with knowing the customer
In the residential sector a meter and a customer are usually one in the same, but many commercial accounts are made up of multiple meters which are often billed to different accounts. These separate meters and separate accounts must be merged to truly represent the energy usage of a customer and to compare their patterns against their peers.
Figure 1 shows a simplified example of how even a proactive approach can get fooled by analyzing the individual meters at a customer’s site. The business in Figure 1 (See PDF) is a single premise but with meters A & B that were installed at different times and as different accounts.
Each meter has one outlet attached to it and there is a large cooler at the business. An event is caused if the cooler was plugged into meter A’s outlet (Figure 1a) (See PDF) and then the plug is moved to meter B (Figure 1b) (See PDF). The three month electric usage for meter A would drop abruptly, and show up as a potential theft case using meter based analysis. The three month electric usage for meter B would have the opposite profile. This event would not have been flagged if the customer was analyzed after first combining the consumption of all the related meters. Figure 2 (See PDF) depicts a common situation where a business in a strip mall expands into the space next door, thus occupying two premises. The same false event would be introduced in this case without account merging, but the solution is more difficult since the two accounts are at different addresses.
Fortunately, sophisticated matching algorithms are now available that can mine the information in all accounts in a Customer Information System (CIS) to pair the accounts that really represent a single customer or business. The combined accounts can then be compared as a business to peers using different methods to determine how its patterns compare to the group.
This leads to another major issue faced when performing peer group analysis, incorrect business type information. Business codes (SIC, NAISC, etc) are obtained by a customer service representative at the time a commercial account is established. For many reasons incorrect codes are entered initially and are rarely kept current over time. Experience has shown that only 10-25% of the business codes are correct for most utilities. The solution to the business code problem uses the same sophisticated matching algorithms used to pair meter based accounts into customer groups. It has been found that Yellow Page and other business databases contain much more accurate business classification information as well as a wealth of other data about each business. We can truly know the customers we are analyzing when these databases are purchased and their listings are matched to the utility accounts.
The process of detecting theft can begin once meters are merged to represent the entire business, or “customer”, and data from all available sources is compiled for that customer. Useful data for analysis includes:
• Electric/gas/water consumption
• Electric/gas demand
• Weather data
• Correct business codes & sub codes
• Real estate records
• Employee information
• Financial information, including credit rating
Using all the data about the customer
Let’s introduce the concept of a “Customer Model”. A Customer Model as the name implies looks at a feature or pattern of use by a customer. There are many reasons why energy is un-metered, therefore there must be many ways to detect these conditions. These detection methods are referred to as Customer Models because they compare the energy use of a business with the model profiles of their peers. Examples of Customer Models that have been deployed are:
• Slope Deviation
• Load Ratio Deviation
• Energy Ratio Deviation
• Heating Gas Deviation
• Meter Capacity Deviation
• Building Capacity Deviation
• Excessive Seasonal Variation
• Bent Disk Profile
• Credit Risk Profile
• Blown Fuse Profile
• Erratic Profile
It is not efficient for revenue protection departments to simply generate lists of potential theft cases; they need a way to prioritize their work. For example, just searching out accounts with a specific drop in consumption will result of thousands of cases. In most of these cases, the drop will have occurred for legitimate reasons. Prioritization has to be done so that the investigation staff can focus on the highest probability cases. A total score can be derived, as shown in Figure 3 (See PDF), by calculating component scores with each Customer Model, applying a business weighting to each component score then applying an optional customer level weighting to complete each component score.
These final component scores can then be combined to produce a single total score that represents the likelihood that energy theft is occurring.
Using many data sources and a combination of models that look for independent features in a customer’s consumption profile has transformed theft detection into a viable and cost effective solution for utilities. All previous attempts to analytically identify energy theft resulted in success rates of 3-5%. These new techniques have delivered an average success rate of over 20% for those who have deployed them.
Benefits of looking beyond AMR
The Customer Model approach to theft detection has been proven to be a new and effective method of identifying energy theft. The addition of AMR tamper flags provides an additional and independent indication that an event has occurred at a meter. The two most common AMR tamper flags are Meter Removal/Loss of Power and Meter Tilt. If the event the AMR flag signals is theft related, then one or more of the Customer Models validates it.
The best way to emphasize how Customer Models work together with AMR flags is through analysis of some examples. The first example is a meter that is removed to wrap copper wire around the meter prongs, thus creating a path for the current around the meter. When reinserted in the socket, the meter will only register one half of what is actually being used. This type of event would most likely cause both a Meter Removal and a Tilt flag in the AMR system for a single month. These tamper flags are denoted by the red triangle in Figure 4. (See PDF).
The account associated with the tampers flags will be marked as suspect in the detection system rather than dispatching investigators to a site. The energy usage from all meters that make up the account will then be monitored to validate that a consistent drop in consumption follows the tampering event. All other available information (i.e. corresponding drop in gas or water, change of name on account, etc) will be used as well to differentiate between a theft event and a change in business operation. If the ongoing usage on the account supports the theory of a theft then the utility would dispatch resources to investigate. In the interim, all false cases would have proven themselves to be legitimate thus excluding themselves from further scrutiny.
The previous example assumed that a new event occurred after the accounts were being monitored. In a perfect world this approach would catch most cases. However, energy theft has probably been occurring since Thomas Edison’s days. The good news is that techniques have been developed to identify situations with no recent “event” as well. The second example is when a customer has removed their meter and inserted shunts into the socket for 15 days each month, and this has been occurring for years. As with the first example, one half of the consumption is actually metered each month. Tamper flags would appear every month as shown in Figure 5 (See PDF) but there would not be a corresponding drop in consumption to support the tampering event.
In this situation the detection system would mark the account as a potential intermittent situation and immediately use all available information to verify or ignore the repeated tamper flags. Customer information such as electric demand, gas and water consumption, meter capacity, monthly consistency and neighboring account tamper flags are all used by several Customer Models to determine if these AMR tamper flags are valid. In this scenario, a total score would have been computed from the combination of several component scores without the tamper flags. Integration with the Customer Model theft detection system allows the AMR tamper flags to become a key component of the prioritization scheme and help move this case to the top of the list.
A new opportunity for utilities
Whether delivering electricity, gas or water and whether using meter readers or AMR to collect consumption readings, there is a new opportunity to accurately and efficiently identify theft of these valuable commodities. New techniques and the availability of electronic information have enabled the creation and application of an energy theft detection solution that not only identifies cases but uses all available information about the customer to establish a total score. The score in turn enables a utility to focus their valuable revenue protection resources on the highest probability cases.
Moreover, the implementation of a Customer Model based detection system allows AMR tamper flags that were once discarded to become a valuable part of the overall revenue protection scheme.
About the Author
Michael Madrazo is the founder and President of Detectent, the pioneer in developing analytical revenue protection solutions. Detectent has helped utilities across the country increase the efficiency of their revenue protection efforts by implementing proactive theft detection tools and services.
For more information about Detectent, visit www.detectent.com or call 760-233-4030.