arrow left facebook twitter linkedin medium menu play circle

A Data Breach is Just the Beginning

Stolen data can be used anywhere. In fact, it will be. The question is, can you stop the attack before it’s too late?

By Yinglian Xie August 2, 2019

Photo of Yinglian Xie

about Yinglian Xie
Yinglian Xie is CEO and Co-Founder of DataVisor. She was previously at Microsoft Research, where her focus was on advancing the security of online services with big data analytics and machine learning. Yinglian completed both her Ph.D. and post-doctoral work in Computer Science at Carnegie Mellon University, and currently holds over 20 patents in her field. A highly-regarded researcher, author, and conference contributor, Yinglian is widely regarded as one of the most influential figures in the areas of artificial intelligence, machine learning, and big data security.

The news about the Capital One data breach was a shot heard around the world. This is understandable. They’re a very large company, and the breach was very large. However, a breach is only the beginning. The real concern is what happens next. The downstream effects of an event like this are far more impactful than the breach itself. Before we know it, the stolen data lands in the hands of fraudsters who waste no time in using the information for massive-scale attacks.

As reported by several media outlets, the details of this particular data breach are remarkably simple. By seemingly all accounts, one person took advantage of one misconfiguration, and just like that, the data was loose. There are, of course, ongoing inquiries into whether other companies may have fallen victim as well. Regardless, the real question remains the same: how will the stolen data be used, and what can we do to protect against the inevitable attacks?

As we consider this question, it’s important to remember who the real victims are—all good customers. For those customers whose data was exposed in the breach, their information is at risk of being exploited to conduct various downstream attacks, causing potentially serious damage. Other service providers could be severely impacted as well, as they face increased fraudulent account opening requests from attackers with stolen credentials or synthetic IDs. 

In the course of preparing for these uphill battles, it’s important to understand the challenges modern financial institutions face when it comes to creating exceptional experiences for other legitimate customers as security measures are tightened and scrutiny intensifies.

On the one hand, consumers want convenience, speed, and accessibility, and businesses are under constant pressure to provide these benefits. Mobile banking’s ongoing rise can be directly ascribed to this demand, as mobile offers all the above. Simultaneous to this, enterprises are under equally relentless pressure to deliver safety, security, and ironclad protection from fraud.

From this tension emerges another crucial question: how do financial institutions protect good customers, without compromising their experience, as they face increasing levels of suspicious activity?

To address this challenge successfully, more and more companies are now thinking beyond supervised machine learning and rules-based approaches. These legacy solutions are prone to high false positives that result in poor customer experiences due to their reliance on simple anomaly detection. Instead, companies are leveraging the power of unsupervised machine learning (UML) to expose hidden patterns and connections that indicate coordinated malicious activity. Using UML removes the need for historical labels, lengthy training times, and frequent re-tuning, thereby enabling nimble, real-time detection.

In undertaking these transformations, organizations achieve the most crucial goal of all: stopping attacks before they launch and before any damage can happen. By enabling holistic data analysis and constant monitoring at scale, systems can expose suspicious accounts, actions, and events that would otherwise go unnoticed if viewed in isolation. This makes it possible to literally know the unknown, and protect against even the most sophisticated and previously unknown attack types. 

The results are what we all want—exceptionally high detection accuracy, the elimination of false positives, and frictionless customer experiences. Stolen data can be used anywhere. In fact, it will be. The question is, can you stop the attack before it’s too late, and mitigate the impact on good user experience?

Popular Posts

Intelligent solutions. Informed decisions. Unrivaled results.

DataVisor Fraud Index Report: Q2 2019

Learn More

The DataVisor Q2 2019 Fraud Index Report is here.

Customers online want convenience, ease, and access. Fortunately, your business offers it all. Unfortunately, that’s what fraudsters want too. To a cyber criminal, those features means vulnerabilities. To bring you the very latest and most actionable insights about where the risks are and what you…

Dumb & Dumber vs Ocean’s 11

Learn More

Understand the range of modern fraud attacks to ensure complete coverage for your organization.

Complex and coordinated fraud attacks that are extensively planned, hard to detect, and highly scalable are the new normal for online platforms. Explore and understand the full spectrum of fraud attacks—from simple to sophisticated—and learn how you can defend against each type in this…

Diagnose and Defeat Application Fraud with the Latest AI-Powered Tools

Learn More

Learn how leading financial institutions are using ML to proactively detect card application fraud.

In this insightful webinar, you’ll explore how organizations are leveraging AI-powered fraud management solutions to get tangible, real-world benefits as they work to proactively detect and defeat sophisticated modern fraud attacks. Plus, you’ll discover strategies for empowering cross-team…

Protect your business, your customers, and your data.

Request Demo