Revving data engines to chase cyber criminals

By Kishore Jethanandani

Banks are recognizing that speed is of the essence in nabbing cyber criminals. They need to

ferret out lurking dangers on computers and corner criminals before their plots inflict

damage.

Big-data enabled anomalous pattern detection is widely recognized as the best practice for

fraud prevention. The legacy data-warehouses and relational databases, however, were

never designed for rapid storage and querying that is needed for real-time responses to

criminal activity. Data-warehouses are batch processes and they take so long that most

companies wait till after hours to transfer and load data into them.

Relational databases were designed for structured data with an existing schema for

organizing data in columns and rows. As the size of storehouses grows, the queries get

larger and take ever more time to process. Paul Zolfaghar of ParAccel, speaking during a

panel discussion, “Big Data: New Database Paradigms” at the Jefferies Global Technology,

Internet, Media & Telecom Conference, said that some of his clients on Wall Street write

20,000 line SQL statements. In the time that it would take to process a query like that, the

criminals would not only bolt but would be in hiding!

Fraud detection is most effective when it parses both structured and unstructured

information, including video, audio, images, social media feeds, email and more, to

construct a rounded view of events and their relationships. While structured data volumes

are growing slower than unstructured data, the utilization rates of unstructured data are

much lower according to a survey by Freeform Dynamics in late 2012. Experts believe that

unstructured data from social media sites provides a great deal more of insights.

Banks are seeking to greatly increase the speed of data processing with a broader range of

queries to extract information on criminal activity with Hadoop. The cornerstone of the

Hadoop architecture is the use of a cluster of commodity servers and storage devices that

house data without a pre-defined schema. Zion Bancorp, for example, formed a cluster of

30 nodes of servers and switches to process petabytes of data according to a report by

Banktech. The time for queries has been drastically reduced with Big Data from four days

to eight minutes according to Paul Zolfaghar at the conference cited above.

Hadoop clusters are meant for simultaneous processing of multiple queries on as many

data stores. These systems are akin to the Mapreduce architecture, used by search engines

like Google, which sub-divide a larger repository according to a report by The Banker. Each

of these data stores has a category of data that can be queried independent of other data

stores. Since no specific schema is applied when the data is stored, it is possible to store

and query both structured and unstructured data.

Some early data suggests that the emerging architecture for fraud detection and response

to cyber-criminals is effective. According to a survey by Financial Services Information

Sharing and Analysis Center (FS-ISAC), there were an estimated 2.11 cyber-attacks per

1,000 commercial banking customers that compromised computers used for electronic

bank transfers in 2012 compared to 3.42 in 2011. What’s more, in only 9% of the cyber-

attacks the thieves were able to steal money compared to 70% in 2009 and 12% in 2011.

One of the reasons attributed by the survey for the decline in losses from cyber-crime was

the effort that banks are making to continuously track anomalous activity.

The pressure for scrapping legacy bank systems is only going to grow as criminals become

more adept at penetrating them. Banks can benefit from lower losses from crime but also

other payoffs from the analysis of data for product development and customer retention.

Big Brother’s all-seeing eyes for fraud

By Kishore Jethanandani

Big Data will save banks the embarrassment of being informed about security

breaches much too late for their customers! They can now anticipate security

vulnerabilities and respond in real time to prevent a potential loss of data

with help from analytics.

Security analyst Bernt Ostergaard, of industry analyst firm Current Analysis,

reports in an interview to InfoRisk Today that those companies which have

shifted to the new paradigm of security management experienced drops in

losses from security breaches in 2011 compared to those in 2010.

The hallmark of the new paradigm in security management is correlation of

security events, such as an unusual increase in data traffic, with seemingly

unrelated information such as a termination of the employment of a staff

member in the bank. Specialists in data analytics for banks, such as FICO, ID

Analytics, Opera Solutions and Global Analytics, have larger storehouses of

information gathered from inside and outside the bank to find the correlations

that enable them to spot lurking risks to banks.

The traditional methods of securing banks from losses of data, such as

authentication and encryption, have outlived their utility in a world where

malware mutates into new forms before banks deal with known intrusions.

The Anti-Phishing Working Group estimates that 39% of all computers are

infected with financial malware that are typically placed on computers to steal

account information. Identity thieves, masquerading as account holders, have

increased the rate of takeover of online bank accounts at the rate of 150% per

year according to numbers from Financial Services Information Sharing and

Analysis Center and quoted by the American Banker magazine.

A telling statistic, awkward for bank security managers, is the means by which

banks become aware of a security breach. In 2012, banks were alerted to an

intrusion by customers in 82% of the cases. This has increased from 76% of

the cases in 2010 according to the 2012 Faces of Fraud Survey conducted by

the Information Security Media Group. Banks can hardly mitigate losses when

the criminals bolt from the scene of crime much before they even become

aware of it!

As mobile payments grow, banks are more vulnerable to security breaches. A

2011 Aite Group survey of 24 global financial executives found that 75% of

them believe the mobile channel exposes them to fraud and security risks and

88% are convinced it will be the dominant source of fraud risk.

Some of the traits of smart phones lend themselves to fraud. Due to a smaller

screen, some of the telltale signs of a phishing attempt are missed by users.

Mobile users are three times more likely than their PC counterparts to give

away their personal information on suspicious websites according to a report

by Bank Director Magazine. A survey of the Aite Group found that only 37% of

the respondents in the banking industry have a security system that

integrated their online and mobile channels.

In the arms race against the bad guys, banks are better served if they give up

the idea that it is even possible to build a security fortress. The bad guys are

guerrillas who will always find their way inside. Big Data is akin to a counter-

intelligence system able to spy on them and catch them in the act.

Predictive Analytics: an eye for the Black Swan

By Kishore Jethanandani

Recurring outages in October and September of 2012 at Bank of America and

five of the largest banks were a new normal of Bank IT disasters.

Outages of up to 20 hours were experienced as traffic volumes zoomed to 65

Gbps. The distraction of a congested network is also the backdrop for

fraudulent wire transfers.

The symbolism was striking; the nation’s banks, the channel for payments to

government employees and the military, were overwhelmed by the

unprecedented magnitude of the disaster.

Banks are increasingly susceptible to catastrophic disasters as cost-cutting

compulsions drive them to virtualize their infrastructure that includes inter-

connecting their sprawling data centers. In the latest wave of attacks, hackers

created virtual clones of actual machines. They then used the IP addresses and

related identity information of victims to masquerade as genuine customers in

order attempt transfer of funds.

A disruption in any of the servers, storage or cloud networks rapidly cascades

throughout the virtual IT infrastructure. After the fact, banks find themselves

overtaken by the momentum of disastrous events. Their one chance of

minimizing the damage is to predict and pre-empt a disruption before it

begins to snowball.

Complexity has grown in data centers with increasing recourse to

virtualization. More applications can be housed on a single server with

virtualization. A 2012 Symantec survey of data centers found that the level of

complexity in North American organizations is 7.81 (on a scale 1 to 10)

compared to 6.15 for East Asian companies. The contributing factors are

growing numbers of business critical applications, larger volumes of data,

server virtualization, mobile and cloud computing.

Companies have also made progress in switching to management tools that

are more effective in the new world of virtualization. In 2011, there was a

16% increase in management tools, integrated with the virtualization

platform, such as Virtual Machine Manager, Virtual Center Manager or

XenCenter.

These management tools ease the tedium of data gathering and manual

reconfiguration of physical devices that was the norm before virtualization

was widely adopted. Virtualization also enables aggregation of data as it

affords visibility into the entire network.

On the other hand, the ease of reconfiguration encourages companies to

redeploy the physical devices for a variety of functions as needs change. The

likelihood of an error and outages increases as the servers are switched to a

variety of functions. On an average, companies endure a staggering 16 outages

each year at a cost of $5.1 million and 11 of them are due to system failures.

Increasingly, banks like other companies recognize that real-time data

aggregation and predictive analytics is the key to realizing their most valued

goal of increasing availability of their IT. Several companies, IBM-Tivoli,

Netuitive and HP’s Service Health Analyzer among others incorporate

predictive analytic solutions in their management tools.

However, these management tools are not a substitute for the effort

companies have to make to identify key performance indicators. Only they can

extract the relevant data from their systems and choose the models that

predict performance with the greatest degree of accuracy. This is the task that

will preoccupy them in the coming years.