Upload
douglas-knight
View
213
Download
0
Tags:
Embed Size (px)
Citation preview
© Copyright 2002, ID Analytics, Inc. CONFIDENTIAL
“Data Security – What Data Security?”
Guest Lecture - AEM 322Professor Aija Leiponen
Steven S. Gal
February 26, 2003
© Copyright 2002, ID Analytics, Inc. CONFIDENTIAL
AGENDA
▪ Introduction
▪ About ID Analytics
▪ Data Security – What Data Security?
▪ Questions
© Copyright 2002, ID Analytics, Inc. CONFIDENTIAL
OVERVIEW
▪ Identity theft: fastest growing crime in USA,costing financial services over $3B in 2001
▪ First to answer the fundamental question:“Is this person likely who they say they are?”
▪ Founding team has done it before with same customers
▪ Highly predictable recurring revenue business model
▪ Cross-vertical consortium strategy createsnetwork effect – and drives dramatic growth
© Copyright 2002, ID Analytics, Inc. CONFIDENTIAL
HOW DOES IDENTITY THEFT HAPPEN?
Writing a Check at the Grocery Store
U.S. POSTAL
Mailing aTax Return
5693 2291 4382 0404
Rentinga Car
Goingto Work
APPLICATIO
N
Filling outan Application
Buying overthe Internet
Bank AccountNumber
Social Security
Number
Credit Card
Numbers
Employment
Information
Date & Place
of Birth
Driver’s LicenseNumber
Cell Phone
Number
Home Address
Mother’sMaiden Name
© Copyright 2002, ID Analytics, Inc. CONFIDENTIAL
HOW DOES THE FRAUDSTER EXPLOIT AN IDENTITY?
CITIGROUP
SEARS
AT&T
WELLSFARGO
CAPITALONE
BANK OFAMERICA
DISCOVER
MBNA
5693 2291 4382 0404 $4,500
$4,000
$1,250
$4,000
$6,500
$6,200
$3,750
$6,800
5693 2291 4382 0404
5693 2291 4382 0404
5693 2291 4382 0404
5693 2291 4382 0404
TOTAL LOSS:
+$37,000
OVER 13 MONTHS
© Copyright 2002, ID Analytics, Inc. CONFIDENTIAL
The Impact on Financial Services
$2.5B
$3.2B
$4.0B
$5.0B
$6.3B
$8.0B
3.6M
0.5M
2.4M
1.6M
1.1M
0.7M
2000 2001 2002 2003 2004 2005
Identity Theft Fraud Losses
Identity Theft Cases
Sources: Meridien Research, Gartner, Cellent Communications, FTC, Social Security Administration
© Copyright 2002, ID Analytics, Inc. CONFIDENTIAL
The ID Analytics Solution
CITIGROUP
SEARS
AT&T
WELLSFARGO
CAPITALONE
BANK OFAMERICA
DISCOVER
MBNA
© Copyright 2002, ID Analytics, Inc. CONFIDENTIAL
The ID Analytics Solution
CITIGROUP
SEARS
AT&T
WELLSFARGO
CAPITALONE
BANK OFAMERICA
DISCOVER
MBNA
5693 2291 4382 0404 $350
$107
$2755693 2291 4382 0404
ID THEFT DETECTED
IN LESS THAN 2 WEEKS
LOSS UNDER $1,000
© Copyright 2002, ID Analytics, Inc. CONFIDENTIAL
BUSINESS STRATEGY
Our exclusive focus is on comprehensive analytical solutions
for preventing Identity Theft and related fraud
© Copyright 2002, ID Analytics, Inc. CONFIDENTIAL
COMPANY TIMELINE
March 2002 ID Analytics, Inc. founded
April 2002 Early market response establishes exclusive focus on Identity Theft and related fraud
June 2002 Raised private equity funding
July 2002 Built team with deep analytics experience
August 2002 Launched National Identity Theft Study
November 2002
Symposium – Closed Out Data Study and Launched Early Adopter Program (EAP)
February 2003 Data Study Results and EAP Roll Out
© Copyright 2002, ID Analytics, Inc. CONFIDENTIAL
Name1Name1
Address2Address2
SSN1SSN1
SSN3SSN3Name2Name2
Address1Address1
Address3Address3
SSN2SSN2
4
4
2
4
2
3
5
ABC-DE-FGHI
ACB-ED-FGIH ABC-ED-FGIH
1011010111011001
SSA DMF
SSNSSNAddr1Addr1
Addr2Addr2
Addr3Addr3
Addr4Addr4
Addr5Addr5Addr6Addr6Addr7Addr7 Addr9Addr9 Addr10Addr10
Addr11Addr11
Addr12Addr12
Addr13Addr13
Addr14Addr14
Addr15Addr15
PromisingGrace
PromisingGrace
NameName0111000110010011
M.G.M.G.
SSN1SSN1Address1
Address2Address2
Address3Address3
Address4Address4
Address5Address5
Address6Address6
SSN2SSN2
SSN3SSN3
SSN4SSN4
SSN5SSN5
SSN6SSN6
ABC-DE-5601
ABC-DE-5621
ABC-DE-5671
ABC-DE-9511
ABC-DE-9611
XXX-XX-XXXX
1011010101011011
SSN1
app2
SSN2SSN2
Phone2Phone2 Name2Name2
Address2Address2SSN1SSN1
Name1Name1
Phone1Phone1Address1Address1
app1 app1
app1
app1 app2
app2
app2 app3
app3
app3
app3app2
app3
coa
coa
coa
1000000111111001
app2
SSN2SSN2
Name2Name2
SSN1SSN1
Name1Name1
Phone1Phone1Address1Address1
app1app1
app1
app1 app2
app2
app2
app3
app3
app3
app3app2
app3
SSN3SSN3
Name3Name3SSN4SSN4Name4Name4
SSN5SSN5
Name5Name5
Phone2Phone2
Address2Address21011010011011011
SSNSSNApplication1Application1
PhonePhoneNameName
AddressAddress
SSNSSN
Application2Application2 PhonePhone
NameName
AddressAddress
0111010111010001SSNSSN
Application1Application1
PhonePhone
NameName
AddressAddress
Application2Application2
App2
App2
App2
App1
App1
App1
App2 App2
App2
App1
App1
App1
1011010101011000app2
SSN2SSN2
Name2Name2
SSN1SSN1
Name1Name1
Phone1Phone1Address1Address1
app1app1
app1
app1 app2
app2
app2app3
app3
app3
app3app2
app3
SSN3SSN3
Name3Name3SSN4SSN4Name4Name4
SSN5SSN5
Name5Name5
Phone2Phone2
Address2Address2
0001010111001011Name1Name1
Address2Address2
SSN1SSN1
SSN3SSN3Name2Name2
Address1Address1
Address3Address3
SSN2SSN2
4
4
2
4
2
3
5
ABC-DE-FGHI
ACB-ED-FGIH ABC-ED-FGIH
0111011101011001
SSA DMF
SSNSSNAddr1Addr1
Addr2Addr2
Addr3Addr3
Addr4Addr4
Addr5Addr5Addr6Addr6Addr7Addr7 Addr9Addr9 Addr10Addr10
Addr11Addr11
Addr12Addr12
Addr13Addr13
Addr14Addr14
Addr15Addr15
PromisingGrace
PromisingGrace
NameName
1011010111010011M.G.M.G.
SSN1SSN1Address1
Address2Address2
Address3Address3
Address4Address4
Address5Address5
Address6Address6
SSN2SSN2
SSN3SSN3
SSN4SSN4
SSN5SSN5
SSN6SSN6
ABC-DE-5601
ABC-DE-5621
ABC-DE-5671
ABC-DE-9511
ABC-DE-9611
XXX-XX-XXXX
0011010011011001
SSN1
app2
SSN2SSN2
Phone2Phone2 Name2Name2
Address2Address2SSN1SSN1
Name1Name1
Phone1Phone1Address1Address1
app1 app1
app1
app1 app2
app2
app2 app3
app3
app3
app3app2
app3
coa
coa
coa
1010100110000010
app2
SSN2SSN2
Name2Name2
SSN1SSN1
Name1Name1
Phone1Phone1Address1Address1
app1app1
app1
app1 app2
app2
app2
app3
app3
app3
app3app2
app3
SSN3SSN3
Name3Name3SSN4SSN4Name4Name4
SSN5SSN5
Name5Name5
Phone2Phone2
Address2Address2
0011010101010011
SSNSSNApplication1Application1
PhonePhoneNameName
AddressAddress
SSNSSN
Application2Application2 PhonePhone
NameName
AddressAddress
1001011111010010
SSNSSN
Application1Application1
PhonePhone
NameName
AddressAddress
Application2Application2
App2
App2
App2
App1
App1
App1
App2 App2
App2
App1
App1
App1
1111010011011001
app2
SSN2SSN2
Name2Name2
SSN1SSN1
Name1Name1
Phone1Phone1Address1Address1
app1app1
app1
app1 app2
app2
app2app3
app3
app3
app3app2
app3
SSN3SSN3
Name3Name3SSN4SSN4Name4Name4
SSN5SSN5
Name5Name5
Phone2Phone2
Address2Address2
0011010111011011
Name1Name1
Address2Address2
SSN1SSN1
SSN3SSN3Name2Name2
Address1Address1
Address3Address3
SSN2SSN2
4
4
2
4
2
3
5
ABC-DE-FGHI
ACB-ED-FGIH ABC-ED-FGIH
0111010001010010
SSA DMF
SSNSSNAddr1Addr1
Addr2Addr2
Addr3Addr3
Addr4Addr4
Addr5Addr5Addr6Addr6Addr7Addr7 Addr9Addr9 Addr10Addr10
Addr11Addr11
Addr12Addr12
Addr13Addr13
Addr14Addr14
Addr15Addr15
PromisingGrace
PromisingGrace
NameName
0111010001010010
M.G.M.G.
SSN1SSN1Address1
Address2Address2
Address3Address3
Address4Address4
Address5Address5
Address6Address6
SSN2SSN2
SSN3SSN3
SSN4SSN4
SSN5SSN5
SSN6SSN6
ABC-DE-5601
ABC-DE-5621
ABC-DE-5671
ABC-DE-9511
ABC-DE-9611
XXX-XX-XXXX
0101001001000011
SSN1
app2
SSN2SSN2
Phone2Phone2 Name2Name2
Address2Address2SSN1SSN1
Name1Name1
Phone1Phone1Address1Address1
app1 app1
app1
app1 app2
app2
app2 app3
app3
app3
app3app2
app3
coa
coa
coa
0111010001010010
app2
SSN2SSN2
Name2Name2
SSN1SSN1
Name1Name1
Phone1Phone1Address1Address1
app1app1
app1
app1 app2
app2
app2
app3
app3
app3
app3app2
app3
SSN3SSN3
Name3Name3SSN4SSN4Name4Name4
SSN5SSN5
Name5Name5
Phone2Phone2
Address2Address2
1101010001010001
We identified patterns of ID thieveswho manipulate SSNs in an attempt
to construct IDs
These patterns can beturned into algorithmicequations for storage
We identified patterns of ID thieveswho open several accounts under
one SSN an many addresses
We identified another pattern wherean ID thief opened several accounts
across several different organizationsat several different addresses
We identified and graphed thousands of anomalous and benign identity patterns
GRAPH THEORETIC ANOMALY DETECTION™
© Copyright 2002, ID Analytics, Inc. CONFIDENTIAL
AnomalousPattern
Variables
Janet Taylor19876 Poway Rd.Escondido, CA 92640DOB: 03/17/70Hm: 858-678-0090Wk: 858-427-2800
SSN1
app2
SSN2SSN2
Phone2Phone2 Name2Name2
Address2Address2SSN1SSN1
Name1Name1
Phone1Phone1Address1Address1
app1 app1
app1
app1 app2
app2
app2 app3
app3
app3
app3app2
app3
coa
coa
coa
101101011101100101110001100100111011010101011011100000011111100110110100110110110111010111010001101101010101100000010101110010110111011101011001101101011101001100110100110110011010100110000010001101010101001110010111110100101111010011011001001101011101101101110100010100100111010001010010010100100100001101110100010100101101010001010001
1011010111011001
Incoming Applicationis graphed and coded
ID PatternDatabase
This pattern is matched to the ID Pattern Database
Captures Patterns Fed into Model
GRAPH THEORETIC ANOMALY DETECTION™
© Copyright 2002, ID Analytics, Inc. CONFIDENTIAL
ID VERIFICATION TECHNOLOGY
DiscreteDiscrete HolisticHolistic
1980’s 1990’sToday
Is this elementSuspicious?
Do these elementsfit together?
Current technologies verify data about discrete elements of an individual …
… but, lack the ability to identify fraudulent activity or organized behavior
Reactive
BehavioralBehavioral ContextualContextual
Is this person who they say they are?
Proactive
Future
© Copyright 2002, ID Analytics, Inc. CONFIDENTIAL
HOLISTICDISCRETE
DATA
TE
CH
NO
LO
GY
Directories
CDI
VerificationServices
BiometricsFederatedSystems
Profiling
IDENTITY SOLUTIONS MARKET
Seisint
Experian
Equifax ChoicePoint
LexisNexis
TransUnion
FairIsaac
MantasSearchSpace
Actimize
TSIACarreker
BEHAVIORAL CONTEXTUAL
Acxiom
IBM
MSFT
Concord PPS
Microsoft
Liberty Alliance
Identix
© Copyright 2002, ID Analytics, Inc. CONFIDENTIAL
DATA SECURITY?
▪ I can steal the identity of anyone in this room within 12 hours
▪ I can get all the information I need by buying it – from Experian, Trans Union, Equifax, Lexis-Nexis, Choicepoint, etc.
▪ Those same companies sell the same data to credit grantors in order to confirm I am who I say I am
▪ There is virtually nothing you can do to prevent it