Information Security and Fraud Prevention using Numenta’s Artificial Intelligence

June 17, 2009

Why are online fraud and identity theft growing exponentially?

As we add more nodes, Networks grow exponentially in number of connections and complexity. With billions of connected devices, the Internet has become more complex than any other human invention. Nevertheless, we continue to believe that we are in control of the Internet and that we can predict or prevent what happens within it.

Other networks of different nature, such as the economy or the payment industry, have also grown in complexity. The simultaneous growth of all these networks has triggered an exponential increase of insecurity and fraud. In the US today, 94% of all fraud and theft is done through digital means. Identity theft -which includes credit card fraud- has grown at rates of 300% per year and is a black market now bigger than illegal drug trade.

Your credit card, signature and logins are all part of your identity. Digital representation of our identities can now be massively stolen, identically counterfeit and anonymously used. The laws that previously protected against these abuses are no longer useful since the perpetrators are usually abroad. The financial industry and the existing technologies and processes are not ready for a borderless and massive threat such as this one.

Why is it out of control?

Most people continue to believe that the economy or the stock exchange are predictable. In the same way, we would like to think that what happens in the Internet and on our corporate networks is under control. Spam, security breaches, identity theft, Internet fraud, information leaks, malware, spyware and even cyber warfare are all happening, all the time, everywhere. Nevertheless, they are not predictable. We cannot control what we do not know.

What is the industry doing about it?

The information security and fraud prevention industries have quickly grown in the past few years. All developments though, continue to be centered in the same two mechanisms: authentication-based filtering and anomaly-based incident response. All security mechanisms that strive to protect confidentiality and integrity will always rely on a combination of these two models.

To authenticate digitally we use usernames and passwords, certificates, process IDs, IP addresses, cookies, tokens, one-time-passwords, biometrics and even credit card numbers are a kind of authentication. If these credentials were correctly verified and authorized, monitoring and alerting would not be necessary. But all of them can be copied, brute-forced, sniffed, spoofed, cloned or used through man-in-the-middle attacks.

Digital authentication is fallible, therefore filtering that relies on this authentication will only stop part of the attacks. The rest should be detected by finding anomalies. Antivirus, antispyware and intrusion prevention systems work this way. Nevertheless, determining anomalies is much harder than authenticating. Most systems rely on signatures of known attacks or malware, organized into blacklists. Others use expert systems were thresholds or suspicious actions are pre-defined by experts. Still others use heuristic approaches or basic neural networks that try to find anomalies.

Why is it not working?

The main problem is authenticating. An attack may be part of a legitimate network packet, a legitimate application, a legitimate user or even legitimate credit card number. It may be impossible to distinguish a fraudulent transaction or a network attack from a legitimate action. Stopping known attacks is sometimes easy because you can search for the same patterns. But stopping a new kind of malware or a fraud in a credit card’s first purchase may both be impossible with the current state-of-the-art. Criminals know this and continuously work to circumvent detection. If they steal login credentials or card information and impersonate real users, most times there will be no easy or cost effective way to deter them.

Effort is another problem that arises. Most end-users, credit card holders or even system administrators are not willing to put in more effort just to be more secure. If you ask a card holder to call the issuer in order to verify his transaction, he will most probably just switch cards. The same will happen with almost all security authentications. If there is an easier way, most people will take it. And if businesses or financial institutions risk losing customers or transactions because of increased security, they will most probably back off. If the amount is not too high, they can always charge everyone a small premium next year to make up for fraud losses. Card users pay back through increased prices, interest rates and fees. The worldwide card industry now absorbs over a hundred billion dollars in fraud each year. The only beneficiary being, organized crime.

Internet banking, money orders, bank wire transfers, Internet trading, online auctions and all kinds of digital transactions have the same problems to authenticate users and react to fraud. If we talk about network or host intrusion prevention, they also have similar weaknesses. The main problem is that there is a large gray zone between what is considered normal behavior and the real anomalies.

All prevention systems have very high rates of false-positives and false-negatives. All networks, merchants, processors or financial institutions still use humans to try to filter out these gray zones. The volume is so high that what are considered to be lower threats may be automatically passed. And if they believe there is a possibility of alienating a legitimate customer, they will most probably allow the transaction. Finally, there are large amounts of human mistakes or omissions.

How would a solution based on Numenta’s HTM be able to reduce these fraud levels?

Numenta has developed the most advanced artificial intelligence engine to date. This technology known as Hierarchical Temporal Memory (HTM) emulates the human neo-cortex and is capable of predicting patterns based on previous learnt experience. Their technology will forever change the way computers synthesize information, recognize patterns and predict future behaviours.

To reduce fraud, the financial institution’s main challenge is to authenticate their users in such a way it prevents others from impersonating them. And they should do this without increasing user effort (several authentication mechanisms) or merchant costs (such as biometrics or new devices).

By using Numenta technology this can be reversed. Instead of trying to authenticate persons based on additional on-site security mechanisms, HTM networks should allow us to centralize prediction and respond with a level of certainty for each particular transaction. An HTM network would compare the transaction against the prediction for that particular user and deliver a level of certainty for the legitimacy of the transaction.

The solution we are working on will try to predict the behavioral patterns of users. This would allow us to authenticate each user individually, not only based on their login or card number, but also based on their transactional pattern such as frequency of use, types of transactions, geographical proximity, serialized purchases, etc.

Employing conventional technology would require customizing rules by hand for each cardholder or Internet banking user. This would be almost impossible. In addition to this, the speed required to query and answer thousands of transactions per second may be impossible to reach with other solutions.

By using Numenta’s HTM technology to learn individual behavioral patterns beforehand we not only expect to predict the most probable next clicks or transactions, we should also be able to do so in a fraction of a second.