The Antidote to Financial Data Breaches
In February 2016, Wendy’s reported a potentially massive data breach across hundreds of restaurants in its network of 6,500 locations. It turned out that the point-of-sale systems for over 1,000 franchisee locations in its network were infected by a malware since the fall of 2015, the extent of which was only fully discovered by June 2016.
Breaches can be hard to detect. Some organizations do not fully detect the scope of a breach until weeks or months after the fact. As in the Wendy’s story, the breach was discovered only after fraud losses were identified and it seems as if the bleeding continued for months after the breach.
While breaches are big events in themselves, the real scope and impact of the subsequent risk can vary. If payment cards were stolen, they could be used for one off fraudulent activity or used in a coordinated attack where a group of fraudsters attempt to inflict huge financial damage in a very limited time period.
Such a coordinated massive fraud attack seems to have followed Wendy’s breach as well, as the CEO of one credit union mentioned that the credit union was hit with as much fraud in January 2016, as it was generally used to seeing across half a year.
Developing the antidote
While data breaches can indeed be stopped with a robust security infrastructure, a complementary technology that could dramatically mitigate and neutralize the loss that takes place after a breach hasn’t yet been available.
Existing attempts at such a system in the market don’t solve this problem. Some solutions are not real-time and only run every other fortnight, none are truly able to catch coordinated fraud attacks in time and most only offer static models that aren’t easily updated.
Feedzai’s Data Science team saw a unique opportunity to innovate and develop a new machine learning based approach to neutralize any significant financial loss after the breach itself.
For this new system, the team developed proprietary new algorithms to run on Feedzai’s advanced machine learning platform. The platform is in turn supported by a real-time processing stack leveraging Spark & Cassandra for high throughput and low latency. The workflow for flagging the pool of cards at risk was optimized within Feedzai’s Case Manager.
The result was Feedzai’s Massive Attack Detector, consisting of three key features:
- A coordinated massive fraud attacks detection engine which alerts an organization to critical priority attacks with high accuracy (think DEFCON-1).
- A common point of compromise (CPP) identification algorithm isolates the places where the associated cards might have been compromised within the first few such instances of fraudulent use.
- A workflow to flag and disposition the pool of cards at risk that are likely to have been compromised, so that the affected Financial Institution could take proactive action to minimize customer impact.
Neutralizing the poison
The Massive Attack Detector is live at a leading global payments processor and has already achieved great results.
Here is a quick preview of what it was able to accomplish:
- Within the first few days of operations, it detected 100% of fraud stemming from a coordinated fraud attack in the Financial Institution’s security infrastructure and and routed notifications through the integrated Case Manager for immediate investigation and action by the client’s risk team.
- It saved $740,000 in just a few days by stopping a coordinated massive fraud attack. Investigation determined that in many cases fraudsters had hacked the security systems of the Financial Institution to remove the spending limits on the cards and withdrawal limits at the ATMs.
- It accurately identified true common points of compromise (CPP) just a few days after the first few instances of fraud, down to the Merchant, ATM, Issuer or Payment Processor level.
- It identified and blocked 91% of compromised cards before there could be an attempt for them to be used for fraud.
- Demonstrated true scale and rapid learning – it was able to train new models by processing 7.5 billion historical transaction records in about 2 hours, at a rate of about 1 million records per second!
Most companies take over 6 months to even detect a breach. With an enterprise fraud management system that offers massive attack detection capability, organizations can ensure they aren’t blindsided. Chances are that rapid detection of fraud attacks and isolation of the points of compromise will actually help investigate breaches that haven’t even been discovered.
New data science and machine learning based approaches to detect and stop massive fraud attacks allow organizations to focus on their core mission of delivering excellent customer experiences, without fear of the next big data breach.
By Shaker Rawan, VP of Product Management at Feedzai
Shaker recently joined Feedzai and leads the vision and roadmap for Feedzai’s Enterprise Platform. Shaker is an experienced product leader, with over 10 years of product management experience in Financial Services across B2B and B2C channels.