Information Security and Fraud Prevention using Numenta’s Artificial Intelligence

June 17, 2009

Why are online fraud and identity theft growing exponentially?

As we add more nodes, Networks grow exponentially in number of connections and complexity. With billions of connected devices, the Internet has become more complex than any other human invention. Nevertheless, we continue to believe that we are in control of the Internet and that we can predict or prevent what happens within it.

Other networks of different nature, such as the economy or the payment industry, have also grown in complexity. The simultaneous growth of all these networks has triggered an exponential increase of insecurity and fraud. In the US today, 94% of all fraud and theft is done through digital means. Identity theft -which includes credit card fraud- has grown at rates of 300% per year and is a black market now bigger than illegal drug trade.

Your credit card, signature and logins are all part of your identity. Digital representation of our identities can now be massively stolen, identically counterfeit and anonymously used. The laws that previously protected against these abuses are no longer useful since the perpetrators are usually abroad. The financial industry and the existing technologies and processes are not ready for a borderless and massive threat such as this one.

Why is it out of control?

Most people continue to believe that the economy or the stock exchange are predictable. In the same way, we would like to think that what happens in the Internet and on our corporate networks is under control. Spam, security breaches, identity theft, Internet fraud, information leaks, malware, spyware and even cyber warfare are all happening, all the time, everywhere. Nevertheless, they are not predictable. We cannot control what we do not know.

What is the industry doing about it?

The information security and fraud prevention industries have quickly grown in the past few years. All developments though, continue to be centered in the same two mechanisms: authentication-based filtering and anomaly-based incident response. All security mechanisms that strive to protect confidentiality and integrity will always rely on a combination of these two models.

To authenticate digitally we use usernames and passwords, certificates, process IDs, IP addresses, cookies, tokens, one-time-passwords, biometrics and even credit card numbers are a kind of authentication. If these credentials were correctly verified and authorized, monitoring and alerting would not be necessary. But all of them can be copied, brute-forced, sniffed, spoofed, cloned or used through man-in-the-middle attacks.

Digital authentication is fallible, therefore filtering that relies on this authentication will only stop part of the attacks. The rest should be detected by finding anomalies. Antivirus, antispyware and intrusion prevention systems work this way. Nevertheless, determining anomalies is much harder than authenticating. Most systems rely on signatures of known attacks or malware, organized into blacklists. Others use expert systems were thresholds or suspicious actions are pre-defined by experts. Still others use heuristic approaches or basic neural networks that try to find anomalies.

Why is it not working?

The main problem is authenticating. An attack may be part of a legitimate network packet, a legitimate application, a legitimate user or even legitimate credit card number. It may be impossible to distinguish a fraudulent transaction or a network attack from a legitimate action. Stopping known attacks is sometimes easy because you can search for the same patterns. But stopping a new kind of malware or a fraud in a credit card’s first purchase may both be impossible with the current state-of-the-art. Criminals know this and continuously work to circumvent detection. If they steal login credentials or card information and impersonate real users, most times there will be no easy or cost effective way to deter them.

Effort is another problem that arises. Most end-users, credit card holders or even system administrators are not willing to put in more effort just to be more secure. If you ask a card holder to call the issuer in order to verify his transaction, he will most probably just switch cards. The same will happen with almost all security authentications. If there is an easier way, most people will take it. And if businesses or financial institutions risk losing customers or transactions because of increased security, they will most probably back off. If the amount is not too high, they can always charge everyone a small premium next year to make up for fraud losses. Card users pay back through increased prices, interest rates and fees. The worldwide card industry now absorbs over a hundred billion dollars in fraud each year. The only beneficiary being, organized crime.

Internet banking, money orders, bank wire transfers, Internet trading, online auctions and all kinds of digital transactions have the same problems to authenticate users and react to fraud. If we talk about network or host intrusion prevention, they also have similar weaknesses. The main problem is that there is a large gray zone between what is considered normal behavior and the real anomalies.

All prevention systems have very high rates of false-positives and false-negatives. All networks, merchants, processors or financial institutions still use humans to try to filter out these gray zones. The volume is so high that what are considered to be lower threats may be automatically passed. And if they believe there is a possibility of alienating a legitimate customer, they will most probably allow the transaction. Finally, there are large amounts of human mistakes or omissions.

How would a solution based on Numenta’s HTM be able to reduce these fraud levels?

Numenta has developed the most advanced artificial intelligence engine to date. This technology known as Hierarchical Temporal Memory (HTM) emulates the human neo-cortex and is capable of predicting patterns based on previous learnt experience. Their technology will forever change the way computers synthesize information, recognize patterns and predict future behaviours.

To reduce fraud, the financial institution’s main challenge is to authenticate their users in such a way it prevents others from impersonating them. And they should do this without increasing user effort (several authentication mechanisms) or merchant costs (such as biometrics or new devices).

By using Numenta technology this can be reversed. Instead of trying to authenticate persons based on additional on-site security mechanisms, HTM networks should allow us to centralize prediction and respond with a level of certainty for each particular transaction. An HTM network would compare the transaction against the prediction for that particular user and deliver a level of certainty for the legitimacy of the transaction.

The solution we are working on will try to predict the behavioral patterns of users. This would allow us to authenticate each user individually, not only based on their login or card number, but also based on their transactional pattern such as frequency of use, types of transactions, geographical proximity, serialized purchases, etc.

Employing conventional technology would require customizing rules by hand for each cardholder or Internet banking user. This would be almost impossible. In addition to this, the speed required to query and answer thousands of transactions per second may be impossible to reach with other solutions.

By using Numenta’s HTM technology to learn individual behavioral patterns beforehand we not only expect to predict the most probable next clicks or transactions, we should also be able to do so in a fraction of a second.

Personal Long-Term Focus

March 16, 2009

Personal Long Term Focus

Defining your Personal Focus may be the single most important decision (or series of decisions) in life. What you spend your energy and attention on today, will make a big difference within a few days, months and even years.

What continues to amaze me is how often I have to reassess my priorities and redefine my focus. It seems to be a moving target; an open question that should never be completely answered and that needs to be revisited frequently.

I wrote about focus in my previous post. Personal focus though, is something that needs to be defined. Today I have been once again questioning myself on how to reset my priorities and how that may affect my long-term focus.

My personal focus is the guiding star behind all my projects and goals.  It defines the projects I undertake and the goals I set myself to accomplish. I have found three aspects to be important in defining my focus: sustainable motivation, personal strengths and economic feasibility.


1. Sustainable Motivation

Focus is all about sustaining attention and energy in time. There is no way I can sustain my attention if I do not start highly motivated. But perhaps, it is even more important to find a way for motivation to be reinforced in time as part of the process. We need a motivation virtuous circle to guarantee that our focus will be sustained long enough for it to be valuable.

I have little control over what motivates me. I can go as far as to influence myself indirectly, for example by reading a book. But in general I have to adapt to what is already my passion. Therefore, it is important to start with something I am currently highly motivated to do and be sure to check for future motivation feedback opportunities.

I should be asking myself what my desired outcome should be and how can I progressively get closer to it by receiving little doses of extra-motivation along the way.

In my case, I have found three main ways to build a positive motivation cycle, they are very personal and based on what makes me tick, but they should be a good example of what I mean.


My first motivation virtuous cycle is to “find a collaborator”. I have several times in life committed with someone to jointly develop a project or idea. Having a collaborator has been a key success factor for me in sustaining my focus through long personal projects, activities or goals.

By having a collaborator I have been able to write a theatrical play, develop software, travel to far away places, found new companies, exercise regularly, as well as build a Website and a computer with my son. My success ratio when I feel responsible for or committed with someone is far greater than what I have ever done by trying to commit to myself or to my personal projects. I do not want to disappoint those who trust me, I want to live up to what they expect from me. That is normally what keeps me going.

The only problem with this approach is that finding someone who is equally interested in a personal project is sometimes tough. For example, I have been trying to find a person that would like to write a book with me for the last two years to no success. On the other hand, hiring someone to help me has not had the same long term effect. When hiring someone, I do not feel personally as committed to him as when we are both investing our time and passion.

Sell a Project

My second motivation feedback mechanism is a variation to the previous approach. I shall call it “sell your focus”. As an entrepreneur I frequently get the opportunity to sell a project of something I want to do and which is aligned to my personal focus. When the opportunity arises, I define a project based on what I would like to be doing.

This generates the same kind of commitment as with the collaborator, with the added value of financing the endeavor and allowing for additional people to participate and help me. It is not very common, but when it happens it is the best way to get your long term focus sustained.

Sequential Commitments

My third motivation strategy is again similar to the two previous ones and good for shorter projects: “sequential commitments”. It is based on finding a series of opportunities and directing each one incrementally to something you would like to do.

You can even slightly over-commit in each iteration to increase pressure (in my case it helps motivate myself). Fine tuning here is critical. If I over-commit too much I end up unable to do it and frustrated. On the other hand, if the commitment is not challenging enough, I will sometimes postpone it or even fail to do it.

For example, I use lectures and conference talks for this purpose. I will normally try to influence the topic towards something I would like to study or develop.

Generally I will work very hard to read, prepare and deliver a talk in the best possible way. Giving talks is something that motivates me deeply; I can therefore be sly and include a topic I would like to research. Sometimes I also decide to develop or prepare a demonstration that is challenging. As a consequence I end up reading, writing and learning about something new, which in turn also motivates me.

I try to point all my talks towards my main focus. That way, every time I have the opportunity to speak, I move forward a bit in the main direction of my preselected guiding star. This works for me by giving me a deadline, giving me motivation and helping me further learn or develop in the right direction. And it does so in small incremental tasks. This has been a great way for me to move the bucket forward a few steps at a time.

2. My strengths as amplifiers

The better aligned my personal strengths are to my focus, the bigger the effect.

I need to remind myself always about my strengths to properly assess my projects. It is tempting to try something completely new. Sometimes I believe I would enjoy this new project or that I may have a hidden skill for something akward. But in this process, I always end up finding that only one or two options seem greatly amplified by my current strengths. When my strengths seem aligned, priorities are obvious when compared to other possibilities.

Strengths can be defined in many ways. In this case, I try to give equal weight to two kinds of strengths: my natural strengths (defined as those activities in which I have consistent near-perfect execution) and my historical strengths (based on my personal history and experience).

Natural Strengths

My natural strengths include those activities where I naturally excel. For example, in my case I consider myself to be a great synthesizer, an outstanding communicator and a very quick learner. To unveil the last two of these strengths I found of great help a book called “Strengths finder 2.0” by Marcus Buckingham, I highly recommend it. In a video also by Marcus called “Trombone player wanted” he further defines a strength as “anything you do that makes you feel stronger.”

This is exactly what happens when I finish synthesizing a new concept, giving a talk or learning something new. I feel great. If I am doing any of these activities I finish highly motivated, refreshed and strengthened by them, even if I have stopped eating or sleeping in the mean time.

When evaluating future projects or redefining my focus I require all options to build upon my natural strengths.

Historical Strengths

Similarly, we have what I call historical strengths. These strengths are the accumulation of experiences and recognition in certain aspects of life. The more you have done something, the easier it will be to continue doing it.

I started working and earning money with computers since I was eleven years old. I continued to found eight technology companies. It is safe to assume that I have a lot of recognition and experience in this field. In fact, every time in life I have tried to do something unrelated to computers I have quickly ended back where I feel comfortable, where other people trust my experience and where it is easy for me to earn money.

At one stage in my life I studied drama for a year and loved it. But at the same time I had a computer-related business that demanded more and more of my time. I may have ended up being a good actor, but people would come to me with new business or software ideas, not once with an acting role.

My reputation in the industry and my experience founding and growing companies have become strengths. Within them, there are specific niches and technologies that also strengthen as the result of my direct involvement in them. As a consequence, some of my main historical strengths today would be: credit card processing and fraud prevention, data science and machine learning, as well as information security and incident response.

And if you review the type of companies I have managed and grown, a clear pattern will also emerge: service oriented technology companies for the financial and corporate sectors.

Business contacts, projects, investors, clients, suppliers, media reporters, talks, Internet references, contributions, resume and experience are all related and part of these strengths.

By building on top of your existing historical strengths, project and goal accomplishments are easier and faster. That is why experience and historical strengths are always considered when defining my projects and focus.

3. Economic Feasibility

I try to always focus on personal growth. At different moments it has had different motivations or end goals. But whatever it may be, it always has to be economically realistic. If I use my savings, I should make sure I have enough. If I use my spare time, I have to plan on doing so without affecting my family or work. If I get my company involved, it should be a good business for us. And if I use my reputation, that also gets spent.

My father once taught me that money, free time and reputation could be seen as three types of resources that could be exchanged for one another. It has proven to be true for me. I have spent my free time accumulating reputation that I then spent to earn more money. These resources are assets that you accumulate or have available through time and that you can invest if you have a surplus.

I used to believe that by accumulating enough money I would then be able to do what I really loved. It seemed like a good and easy intermediate goal. I thought I could realign my life to my passions once I had the economic stability to make it happen. But it turned out that money was never enough. The more I earned, the more I spent and the more I invested. And in the process of making money I would lose my focus, my congruence and the very purpose that had set me off in that direction.

Money should never be the end goal, but at the same time, required resources should always be considered.

Anything I have wanted to do or to accomplish has always had an economic repercussion. Even if it is measured as free time spent on something, or hard earned reputation that is being invested, all prolonged efforts require an economic foundation for them to be feasible. Free time and reputation come at a cost and that should also be considered.

I therefore always add a resource indicator as part of my focus and project analysis. I want to know how much time, reputation and money it costs and I need to define how I plan to allocate those resources.

Defining my Personal long-term Focus

Defining my long-term focus is an iterative process. Every time I reassess the projects I would like to embark on my long-term focus has to shift as well.

I generally start by writing down all the personal or professional projects I would like to work on. It can be anything, from researching a topic or writing a book to traveling around the World with my family.

Then I define in which of them I will be able to sustain motivation, how they relate to my strengths and how will the resources get allocated. This process allows me to consider all aspects and prioritize the projects.

This time around it was easier than ever. I have a long list as always but I have a project which is amazing. It is so aligned with my personal focus that it becomes a life changing experience.

I realized it has all three of my motivation engines. I have had a highly motivated “collaborator” since the beginning. I have a “paying customer” that wants to invest in it. And the project is so interesting that it will allow me to “sequentially” give conferences and write many blog posts.

From my historical strengths perspective this “artificial-intelligence-based credit-card-fraud-prevention solution” brings together most of what I have been doing over the last fifteen years: credit cards, AI, data analytics, security and incident response. I have the accumulated skills and experience to probably be the best in the world to do this.

My natural strengths are all highly attuned as well. It is something in which I will continuously need to learn, synthesize and communicate.

Finally from a resource perspective, we are in the process of securing a two year contract that will pay for all the research and development.

I currently feel very fortunate and humbled by this opportunity. It even seems to good to be true sometimes. All the other options in my list seem inadequate or irrelevant when compared to this one.

This project has now reset my personal long-term focus. It is so right for me that I feel it has become my new life project.

I guess this is what happens when your motivation, strengths and resources are truly aligned. Nevertheless, I am still suprised; it continuous to feel like magic.