Can Analytics Move Us Beyond Basic Security?

Analytics is, at its heart, the study of data. With enough of that data, surprising patterns can emerge, which is why it's so useful for predicting weather or customer behavior, or figuring out a more efficient way to do something.

Fraud prevention is another big growth industry in the analytics sector, with cumulative data being used to build up much more detailed pictures of clients and customers, thereby making it easier to detect if they do something out of the ordinary. It doesn't have to be as obvious as someone using their bank card to buy something strange, though understandably many organizations prefer to remain hushed on the specific metrics they're looking for.

Take the example of Featurespace, which is among the companies looking to take things a step further, by not necessarily even specifying those monitoring points. Its new adaptive learning, fraud monitoring system is currently being implemented by UK mobile payment company Zapp, and will be used in conjunction with security systems from partner banks and other financial institutions to detect if someone other than the account holder is trying to access their funds.

The algorithms Featurespace created run in real time and spot minor changes on individual accounts, which it says will allow it to detect existing fraud techniques and possibly ones that have yet to be devised.

That latter part is possible because the algorithms learn as they go. As customers use their accounts, it will build up even deeper profiles and become more aware of their nuances and subtleties, reducing the number of false positives and making it more likely to catch anyone that attempts to use that account for fraudulent activities.

This sort of detective software is incredibly important right now, as we continue to discuss the merits of traditional security measures like passwords, and look to possibly new ones like Windows Hello's face detection. As hackers and nefarious individuals become better at figuring out our secret questions, deciphering our passwords, and social engineering their way past support staff, perhaps these sorts of analytical systems could be put in place as a third factor in our security.

Should those looking to steal our money, account details or entire identities actually figure out our login information, perhaps the cumulative red flags about how they operate via our stolen account could trigger a shutdown. Sure a few false positives would appear the next time we logged into Netflix after a few glasses of wine, but perhaps that would be worth it for better security.

It could even go a step further and factor in some biometric data from a wearable device as well. Not only do I need to act like me to get in, but my heart needs to sound like mine too.

Or we could utilize it as a way to ditch security information altogether. Perhaps anyone can login to my Skype account, but if they don't operate it in the way I tend to do, it locks them out.

That would certainly cut down on the number of passwords I need to remember.

Jon Martindale, Technology Journalist

Jon Martindale is a technology journalist and hardware reviewer, having been covering new developments in the field for most of his professional career. In that time he's tested the latest and greatest releases from the big hardware companies of the world, as well as writing about new software releases, industry movements,and Internet activism.

Brexit Negotiations Drive Analytics Growth

Could Britain's exit from the EU drive a new wave of analytics investment and growth? Here's a closer look.

Vocal Commands Arrive for Analytics

Voice interfaces may give many more users access to self-service analytics. Here's a closer look.

Re: Fooling the foolproof
  • 11/25/2015 5:19:23 PM

Maybe the using of some feature of "algorithms learn as they go" some hackers or even card customers may more readily figure ways to out smart the security ironically. But, it would seem customers may be annoyed by more false alarms as their credit gets shut down for some uses that seem out of the ordinary.

Re: Fooling the foolproof
  • 11/12/2015 11:49:51 PM

Jameson, that is a great point. There is a communication breakdown between IT and end users. I liken it to men who don't want to go to the doctor, so when they feel an illness coming on or a strange ache, they simply don't go to the doctor. They don't tell anyone their problems because they don't want to deal with the inconvenience of dealing someone fixing it.

Re: Fooling the foolproof
  • 11/12/2015 11:46:26 PM

I am not surprised there would be some people writing PIN numbers on front and back of their debit cards.  They will not have to do that with security chip in credit/debit cards (the small metallic square on front). 

Re: Fooling the foolproof
  • 11/12/2015 5:27:49 PM

Can you believe some people write their PIN numbers on the front or back of their debit card? These people shouldn't have debit cards.

Re: Fooling the foolproof
  • 11/12/2015 2:16:18 AM

I know about the "don't write down your passwords" issues. Writing down your password and file it in your desk drawer and lock the drawer and then lock the door when you leave your office for 15 minutes or 15 days is one story. Writing down the password and glue it to your monitor's side in an open cubicle for the world to see is one of the points the social engineer in his route takes to get the information he wants but not supposed to have.  I encouraged participative meetings with the employees to talk about what they could do to improve security (not just with the passwords) within the framework of government regulations.

Re: Fooling the foolproof
  • 11/11/2015 9:34:08 AM

@Terry. I think the only way to create better end users who don't fall into social engineering traps is to personalize security. Historically IT security has been hidden in the backroom burdened by a bunker mentality. "We're overworked, we can't catch up, it's us against them, and the them is just the criminal but also those stupid users."

They send out "don't do this" memos once a year and these days they might even make people watch a video every few years.

Security team communications -- with help from all of the IT team and from managers -- are best delivered in small groups as two-way face-to-face communications. That's where users can be shown how easy it is get them to surrender passwords or at least clues to passwords. It's where the security team can learn first hand what people in each part of the organization actually do with computers and with social media. It's where security can learn why people need a particular application and what they would do with it, and, if that app is a security risk they can explore to find something similar that would be safe.

One of the flaws in IT security is that the security team often doesn't understand what their clients do. For example, there's the "don't write down your passwords" rule. Good luck with that one. Show me a corporate user who doesn't utilize at least 25 applications and websites that require passwords (often with unique structures).

To me the key to having better end users is to bring them onto a virtual security team and to build out a security strategy designed for the realities of today's computing environment.


Re: Fooling the foolproof
  • 11/11/2015 4:39:59 AM

Social engineering is not new.  It has been going on for decades.  There are two groups of social engineers -- The first group has the intent to steal information that they could use to exploit vulnerailities.  The second group are ignorant people about protecting passwords, talking to friendly strangers, etc.  I am the one who gave monthly training to about 2000 or 3000 employees  to be more security conscious, apply defense-in-depth mechanisms and report to me if people they do not know approached them for information without my permission.  If the "strangers" had legitimate reasons for approaching the employees, they provided me with proper documentation and then were educated to be more security conscious.

-- Judith, Blogger

Re: Fooling the foolproof
  • 11/10/2015 5:49:29 PM

It's a great point about social engineering and security, Jim. Until security companies can invent better end-users, all the sophisticated algorithms in the world don't stand a chance.

Re: Grammar or Grammer
  • 11/9/2015 5:50:30 PM


Jim writes

We slipped that word in there just to see if you were paying attention.


And just to prove I was also on the ball, I caught the other one you slipped in:

Fraud prevention is another big growth industry in the analytics sector, with cummulative data being used to build up much more detailed pictures of clients and customers, thereby making it easier to detect if they do something out of the odrindary.


"Cummulative" should be "cumulative". Bet you thought you could slip that one past me...


Re: Grammar or Grammer
  • 11/9/2015 3:31:54 PM

James writes <We slipped that word in there just to see if you were paying attention.>

When I saw that word, it was obvious to me it was slipped in.  That's why I didn't say anything about it until now.

Page 1 / 3   >   >>