All posts by Doug Clare

Fraud & Security Report from RSA: Bangers, Mash, Security and OpportUNITY

Feb162017

The RSA Conference has descended upon San Francisco’s Moscone Center, bigger and more energizing than ever. With security an agenda-topping concern of many CIOs in 2017, the fervor to fight cybercrime is at an all-time high. While there was a wide range of top-of-mind topics being discussed, two topics in particular continued to show growing interest – artificial intelligence and cyber insurance. More on that in a minute. The theme of this year’s RSA Conference was “The power of opportUNITY,” and we had plenty of opportunities in San Francisco to showcase FICO’s unity with security professionals and industry influencers on similar missions. Two of these events took place in informal settings designed to encourage networking and dialogue: The Cyber+IoT Bangers and Mash Roundtable Breakfast, held on Tuesday morning in conjunction with the San Diego industry organization CyberTECH. This panel session focused on “Securing the Smart City” and featured guests such... [Read More]

Leave a comment

Fraud & Security What Does Your Wearable Tech Tell a Cybercriminal?

Runners with wearable tech
Feb022017

The short answer: potentially a lot more than you intend. Let’s say you take a walk or run early every morning, on the same route in your favorite park, before the sun comes up. Your fitness wearable times your run, tracks your progress, and calculates your distance based on location, which is great—until that information, stolen during a data breach, ends up in the hands of a cyber stalker. Now, all of a sudden, you’ve unwittingly been put in a very vulnerable place. It’s true, this type of theorizing can be a little macabre. So are the ethics of self-driving cars, and many other aspects of the new world of artificial intelligence we now inhabit. The reality is, every category of technology carries inherent risks, and as people become more connected with technology in every aspect of their lives, we must be cognizant of those risks. New technology creates new... [Read More]

Leave a comment

Fraud & Security 5 Cyber Predictions for 2017: Will Your Fingerprints Get Hacked?

Fingerprints
Dec192016

In the world of cybersecurity, 2016 was a banner year – and not in a good way. From the Bank of Bangladesh/SWIFT heist in February to the Dyn DDoS attack a few weeks ago, the year’s wild attacks have one thing in common: They were proof that hacker innovation is on a growth trajectory. That’s the bad news. The good news is that businesses and consumers are also much more aware of cyber threats than they were 12 months ago, and that’s the jumping off point of my cybersecurity predictions for 2017. 1. Consumers will care a lot more about the security of the companies they do business with. With hackers hitting organizations from the Internal Revenue Service to the University of California, Berkeley in 2016, consumers are more anxious than ever about the downstream financial crime that follows data breaches. In 2017, consumer demand will emerge around wanting to... [Read More]

Leave a comment

Fraud & Security Cyber Risk Transparency Is Good for Insurance – and Business

Cyber risk score gauge
Oct272016

“What gets measured gets managed,” might be the oldest saw in the business universe. But in my mind, it is closely followed by another: “What gets measured gets monetized.” And that is exactly what is happening today in the booming, yet very-brand-new market for enterprise cyber breach insurance. Specifically, I believe that the new FICO® Enterprise Security Score (ESS), a metric that quantifies the vulnerability of an organization to cyber attack, will dramatically catalyze the growth of the cyber breach insurance market. ESS can be used by an enterprise to understand its cyber risk and shore up defense gaps. It is also an important assessment tool for third parties such as potential business partners and, notably, cyber insurance providers. With its quantitative, empirically derived analytics, FICO ESS will drive objective risk measurement, transparency and predictability into both breach insurance underwriting and longer-term portfolio management––essential requirements in monetizing the rapidly evolving market... [Read More]

Leave a comment

Fraud & Security What’s Your Organization’s Cyber Score?

Meter for cybersecurity risk
Jun142016

What if there were clear measure that told you how protected your organization is from cyber threats? The potential benefits of such a score are clear. It could help security professionals address gaps, and help the boards of public companies prioritize security investments. It could also enable third parties, from partners and potential customers to insurers, understand a firm’s security risk. This is precisely what FICO is developing: a FICO® Enterprise Security Score to rank an organization’s level of cybersecurity risk. Today we announced that we have acquired QuadMetrics, an innovative cyber risk security scoring company, to further this effort. We see the FICO Enterprise Security Score as an essential complement to FICO® Falcon® Cybersecurity Analytics for threat detection. With the acquisition of QuadMetrics and the infusion of FICO’s analytic scoring methods, FICO will provide both cybersecurity defences and an enterprise-level “cyber score” that gives an empirical, impartial measure of... [Read More]

Leave a comment

Fraud & Security Is AI Wrong for Cybersecurity?

Dark Reading logo
Feb082016

I’ve just participated in a debate over analytics vs. encryption for cybersecurity, on the InformationWeek Dark Reading website. This is a sign of the times — the cyber space is so hot that technologies are being treated as rivals, jockeying to win your infosec budget. The truth is, it isn’t an either/or proposition. As I note in my article, arguing against encryption would be a bit like arguing against locks on doors. Strong encryption – like firewalls and user authentication – is a basic defense against the damage that might flow from a successful attack on information infrastructure. But encryption is not foolproof, and it shouldn’t be your one means of defense. As artificial intelligence and analytics have come into play, there has been some criticism — often from competing vendors who misunderstand or misrepresent how AI works. In the past, cybersecurity analytics were focused on gathering data about compromises,... [Read More]

Leave a comment

Fraud & Security Like Sherlock, We Need Details To Fight Cyber Crime

Sherlock Holmes with magnifying glass
Mar162015

“Data! Data! Data! I can’t make bricks without clay.” That’s what Sherlock Holmes says in “The Adventures of the Copper Beeches,” and the same goes for the data sleuths today trying to stop cyber crime. It’s a positive sign that lawmakers recognize this need. Information sharing has become of the fundamental tenets of cybersecurity being discussed by regulators on Capitol Hill. But the data we need is more than what is being proposed in some regulatory plans. On March 3, the House Commerce Subcommittee on Oversight and Investigations held a hearing on “Understanding the Cyber Threat and Implications for the 21st Century Economy.” Greg Shannon, Chief Scientist of the CERT Program at Carnegie Mellon University, spoke to this need: “Richer data needs to be shared with the research and development community — meaning not only incident data but also datasets that enable understanding of what ‘normal’ resembles (in terms of... [Read More]

Leave a comment

Fraud & Security Using Predictive Analytics To Advance Cybersecurity

Fraud locks
Mar022015

FICO has been investing heavily in cybersecurity analytics and related software solutions, including proof-of-concept partnerships over the last 18 months. This work has met with a tremendous reception as we presented it to prospective partners, clients and industry analysts. Not surprisingly, given our deep expertise and IP assets in fraud, our approach goes a long way to untangling the deeply intertwined problems of cybercrime, data theft and subsequent fraud. We have just announced our first solution, FICO® Cyber Security Analytics. We have leveraged our formidable arsenal of unique assets — including our streaming data infrastructure, patented profiling technology and self-learning analytics — to create a solution that closes the gap left by today’s cybersecurity solutions. That gap is illustrated by the chart below. The current approach of gathering data on a compromise, developing a threat’s “signature” and then using that signature to protect against future threats, results in massive time... [Read More]

Leave a comment

Fraud & Security EMV and Its Double-Edged Impact on Fraud

Jun052014

My fellow FICO bloggers and I have long been advocates for the adoption of the EMV (Europay, Mastercard, Visa) standard in the US, which will boost security for payment cards. But it's critical to remember that EMV adoption is not an anti-fraud panacea.

EMV technology (featuring an embedded chip which enables dynamic, rather than static, authentication credentials) has proven highly effective in reducing counterfeit card fraud in Europe, Brazil and nearly every market where it’s been adopted. However, fraud is a moving target. Quash it in one place, and history demonstrates that it will pop up somewhere else.

Case in point: When the UK rolled out EMV, fraudsters quickly refocused their efforts on cross-border counterfeit fraud and card-not-present (CNP) attacks, where they could bypass the new EMV protections. Fraud temporarily spiked, driven largely by CNP fraud, which grew in overall volume as well in terms of its percentage of card fraud losses (from about 40% prior to the EMV rollout to 72% two years later). We’ve seen similar CNP fraud spikes in...

5 Comments

Fraud & Security Can Fraud Alerts Raise Customer Loyalty?

Dec172012

For most people, being contacted by a bank about potential fraud isn't a wonderful experience—but it can be if it’s managed in a timely, personalized manner. In fact, customers of a UK banking client consistently point to fraud intervention as a "golden moment" of customer service in the organization's quarterly surveys. As you've heard from several of us on this blog, mobile devices and electronic channels are facilitating the ability of banks to engage their customers in intelligent automated dialogs. One key benefit, among many, is that these capabilities enable banks to stop fraud faster, while building customer trust and loyalty. When a suspicious transaction is detected, banks can reach out to customers instantly, using the media of their choice, to see if it’s indeed fraudulent. And by constantly feeding back to analytics the results of these customer interactions, banks are improving the accuracy and adaptability of fraud detection systems. FICO has just published an Insights white paper that discusses how leading banks are...

1 Comment