Traditional online fraud prevention techniques have high rates of false positives. That means they identify as fraudulent, and turn away, a large number of good customers. You can increase your sales by simply using some of the newer, more accurate tools.
This document summarizes key lessons from a cyber safety month campaign. It outlines guidelines for safe social media use, personal cyber safety including identity theft prevention, banking and online shopping safely, and portable/public computing safety. Key tips include using strong and unique passwords, avoiding sharing too much personal information online, verifying identities, and using antivirus software on all devices.
Cybercrime and the Developer Java2Days 2016 SofiaSteve Poole
The document discusses cybersecurity risks and how developers can help address them. It notes that cybercriminals target developers because they have privileged access and knowledge of systems. Developers are often too trusting and ignore security, installing software without checking for malware or disabling certificate validation. The talk urges developers to take security more seriously by keeping systems updated, using strong authentication, and being wary of suspicious network connections and downloads from untrusted sources. Developers must help address the growing problem of cybercrime by promoting secure development best practices.
Jax london2016 cybercrime-and-the-developerSteve Poole
In the emerging world of DevOps and the Cloud, most developers are trying to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resiliency and scaling to an application. Still, one critical item consistently overlooked is security.
The world of the Cyber Criminal is closer than you realize. Watch a real man-in-the-middle demonstration and learn just how simple it can be for others to steal your secrets. In this talk you’ll learn about other practical examples of how you can inadvertently leave the doors open and what you can do to keep your system secure. In the end, security is everyone’s concern and this talk will teach you a few of simple actions you can take (and some behaviours you must change) to create a more secure application in the Cloud.
Cybercrime and the Developer: How to Start Defending Against the Darker Side...Steve Poole
JavaOne 2016 Talk
In the world of DevOps and the cloud, most developers have to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resilience and scaling to an application. One critical aspect consistently overlooked is security. In this session, learn about a few of the simple actions you can take (and some behaviors you must change) to create a more secure Java application for the cloud. The world of the cybercriminal is closer than you realize. Hear how at risk your application may be, see practical examples of how you can inadvertently leave the doors open, and understand what you can do to make your Java solution more secure.
n the world of DevOps and the cloud, most developers have to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resilience and scaling to an application. One critical aspect consistently overlooked is security.
In this session, learn about a few of the simple actions you can take (and some behaviors you must change) to create a more secure Java application for the cloud. The world of the cyber criminal is closer than you realize. Hear how at risk your application may be, see practical examples of how you can inadvertently leave the doors open, and understand what you can do to make your Java solution more secure.
Webinar: How to avoid the 12 Scams of ChristmasAbilityNet
In the webinar you can learn how to protect yourself and elderly people often most at risk from the most common online scams that can be especially rife around the festive season.
But anyone can become a victim of digital scams. They are a growing problem in the UK and criminals are using social media, email, and messaging services to target their victims.
Worrying about falling victim to online criminals can, understandably, make some people reluctant to engage in the online world. Recent research from BT Group* highlighted that some older internet users may be less familiar with the online world than others, so this webinar aims to provide valuable tips to vulnerable groups who may not be as online savvy as others.
The benefits of getting online can really make a positive difference to everyone's lives, so stay safe by learning about the common tactics that are used to attempt to fool us all.
What you'll learn:
In this free webinar, speakers from Greater Manchester Police and AbilityNet will share their expertise to help you:
Learn about common online scams to be aware of, particularly over the festive period
Arm yourself with background knowledge about what to avoid
Find out about some of the warning signs
Find out more at: www.abilitynet.org.uk/ScamsWebinar
This document summarizes key lessons from a cyber safety month campaign. It outlines guidelines for safe social media use, personal cyber safety including identity theft prevention, banking and online shopping safely, and portable/public computing safety. Key tips include using strong and unique passwords, avoiding sharing too much personal information online, verifying identities, and using antivirus software on all devices.
Cybercrime and the Developer Java2Days 2016 SofiaSteve Poole
The document discusses cybersecurity risks and how developers can help address them. It notes that cybercriminals target developers because they have privileged access and knowledge of systems. Developers are often too trusting and ignore security, installing software without checking for malware or disabling certificate validation. The talk urges developers to take security more seriously by keeping systems updated, using strong authentication, and being wary of suspicious network connections and downloads from untrusted sources. Developers must help address the growing problem of cybercrime by promoting secure development best practices.
Jax london2016 cybercrime-and-the-developerSteve Poole
In the emerging world of DevOps and the Cloud, most developers are trying to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resiliency and scaling to an application. Still, one critical item consistently overlooked is security.
The world of the Cyber Criminal is closer than you realize. Watch a real man-in-the-middle demonstration and learn just how simple it can be for others to steal your secrets. In this talk you’ll learn about other practical examples of how you can inadvertently leave the doors open and what you can do to keep your system secure. In the end, security is everyone’s concern and this talk will teach you a few of simple actions you can take (and some behaviours you must change) to create a more secure application in the Cloud.
Cybercrime and the Developer: How to Start Defending Against the Darker Side...Steve Poole
JavaOne 2016 Talk
In the world of DevOps and the cloud, most developers have to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resilience and scaling to an application. One critical aspect consistently overlooked is security. In this session, learn about a few of the simple actions you can take (and some behaviors you must change) to create a more secure Java application for the cloud. The world of the cybercriminal is closer than you realize. Hear how at risk your application may be, see practical examples of how you can inadvertently leave the doors open, and understand what you can do to make your Java solution more secure.
n the world of DevOps and the cloud, most developers have to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resilience and scaling to an application. One critical aspect consistently overlooked is security.
In this session, learn about a few of the simple actions you can take (and some behaviors you must change) to create a more secure Java application for the cloud. The world of the cyber criminal is closer than you realize. Hear how at risk your application may be, see practical examples of how you can inadvertently leave the doors open, and understand what you can do to make your Java solution more secure.
Webinar: How to avoid the 12 Scams of ChristmasAbilityNet
In the webinar you can learn how to protect yourself and elderly people often most at risk from the most common online scams that can be especially rife around the festive season.
But anyone can become a victim of digital scams. They are a growing problem in the UK and criminals are using social media, email, and messaging services to target their victims.
Worrying about falling victim to online criminals can, understandably, make some people reluctant to engage in the online world. Recent research from BT Group* highlighted that some older internet users may be less familiar with the online world than others, so this webinar aims to provide valuable tips to vulnerable groups who may not be as online savvy as others.
The benefits of getting online can really make a positive difference to everyone's lives, so stay safe by learning about the common tactics that are used to attempt to fool us all.
What you'll learn:
In this free webinar, speakers from Greater Manchester Police and AbilityNet will share their expertise to help you:
Learn about common online scams to be aware of, particularly over the festive period
Arm yourself with background knowledge about what to avoid
Find out about some of the warning signs
Find out more at: www.abilitynet.org.uk/ScamsWebinar
This wonderful presentation, appropriate for teens and young adults, was created by Symantec's Rayane Hazimeh for the Dubai Techfest, 2013. We thank her for generously sharing her content with the SlideShare community.
Rayane hazimeh building trust in the digital age teenagers and studentsRayanehaz
This document provides a summary of key topics related to building trust in the digital age. It discusses the evolution of the internet from the early 1990s to today. It highlights differences between digital natives and their parents in terms of internet usage and privacy expectations. It identifies common concerns around digital footprints, privacy, security, bullying, predators, and protecting oneself online. It provides tips on creating positive digital footprints, strengthening privacy and security, dealing with cyberbullying, and staying safe from online threats. The document aims to educate people on building trust online through safe internet practices.
The document discusses various risks facing organizations with a web presence and provides recommendations to address those risks. It identifies issues such as security vulnerabilities, privacy concerns, social media risks, and analytics inaccuracies. It recommends that organizations conduct security audits, monitor their websites for hackability, disclose any required information, and stay aware of their site's performance, uptime, and what search engines are indexing about them.
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Steve Poole
Cybercrime how bad can it be? Organised attacks around the world in 2016 have shown how unprepared we are to deal with the growth of Cybercrime. In this talk learn a little about the scale of the challenge developers face from assaults on our systems. Be prepared to be appalled and scared. Fainting is not allowed. Discover how to fight back and see how you can change your behaviour and your code to defend against these attacks.
Your destiny is clear - it’s time to be come a Cyber Defender
The document discusses various topics related to internet safety and security. It covers internet and dark web related risks like identity theft, credit card fraud, and malware. It provides tips for safe internet usage including using strong passwords, updating software, and using a VPN. The document also discusses internet addiction risks from gaming, mobile usage, and provides signs and treatment options. Common cyber attacks and protocols used on the internet like email, file transfer, and the world wide web are also summarized.
This document discusses various types of internet scams and fraud. It describes common scams like Nigerian 419 scams, work from home scams, romance scams, and malware scams disguised as important notifications. It provides tips on how to recognize these scams and advises readers not to provide personal information or money to potential scammers. The document also discusses psychological tricks scammers use and strategies to protect yourself from various internet and phone-based scams.
Cybercrime and the Developer: How to Start Defending Against the Darker SideSteve Poole
In the world of DevOps and the cloud, most developers have to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resilience and scaling to an application. One critical aspect consistently overlooked is security. In this session, learn about a few of the simple actions you can take (and some behaviours you must change) to create a more secure Java application for the cloud. The world of the cybercriminal is closer than you realize. Hear how at risk your application may be, see practical examples of how you can inadvertently leave the doors open, and understand what you can do to make your Java solution more secure.
Common Consumer Frauds and How to Avoid Them-03-14Barbara O'Neill
The document provides information on common consumer frauds and how to avoid them. It discusses identity theft in detail, including what it is, common forms of it, and how to reduce the risk. It also covers phishing scams, how to spot them, and examples. The document concludes by discussing investment fraud and provides tips to avoid schemes like cold calls, pump and dumps, pyramids, Ponzi schemes, and affinity fraud.
How To Keep the Grinch From Ruining Your Cyber MondayMichele Chubirka
Ready to avoid crowded stores and online scammers during the holidays? Join Michele Chubirka as she goes through:
-Tips for safe online shopping and securing your banking information
-Protecting yourself from internet scams, phishing and fraud
Safeguard your personal information against identity theft
-How to use Anti-virus and other security software to keep your digital information safe.
The document provides tips on how businesses can protect themselves from cyber attacks. It begins by introducing common hacker tactics like phishing, exploiting wireless networks, and scanning for website vulnerabilities. It then discusses the types of attackers and their motives, usually to steal financial information or damage a company's reputation. Several specific attack vectors are outlined, including using default passwords, vulnerable websites, insecure wireless networks, flaws in internet banking, and social engineering through phishing emails. The presentation emphasizes adopting a "protect, detect, correct" mindset and classifying sensitive data, as well as following security best practices like enabling two-factor authentication, using strong unique passwords, and keeping software updated. The key message is that businesses of any size can take
Internet safety awareness presentation for teenagers. Includes embedded videos, speaker notes, and examples. Based largely on research out of the Crimes Against Children Research Center.
This document provides tips for improving mobile security and avoiding common threats. It discusses how smartphones and tablets have become ubiquitous, yet many users are unaware of security risks like malware, phishing scams, and unsecured wireless connections. The document outlines three main categories of threats - email/communication, malware, and phishing. It provides specific safety guidelines, such as disabling unnecessary wireless services, using app ratings to identify trustworthy software, avoiding suspicious email attachments and links, and promptly changing passwords if a device is compromised. The overall message is that mobility benefits from an informed approach and sense of responsibility regarding digital safety.
Basic Security for Digital Companies - #MarketersUnbound (2014)Justin Bull
Speaking about how to go about taking security seriously in a digital company. Be it from scratch, or fixing a legacy codebase, learn from Canada Revenue Agency's Heartbleed mess-up and advice from a white-hat hacker.
This document provides information on identity theft, including how it occurs, warning signs, and steps to reduce risk and respond if identity theft happens. It discusses how identity thieves obtain personal information through stealing mail, hacking computers, or deceiving individuals. It recommends placing fraud alerts on credit reports and filing police and FTC reports if identity theft is suspected in order to limit damage to finances and credit history. Key steps include monitoring bank statements, securing personal information, and using security software to protect computers and personal data.
Avoiding Scams & Identity Theft presented by George Dillman, Consumer Outreach Specialist, Investor Education & Consumer Outreach Office.
As presented to the Where to Turn Resource Fair Virtual Fall 2020 Event
Ever wonder, "how can I make my home internet more secure" or "how can I make sure my kids are safely browsing the internet"? Join this cat meme filled presentation on how to secure your home's internet; everything from securing your wireless network to tools that you can use to help keep you and your family safe while surfing the web.
This document provides information and best practices for staying safe online. It discusses avoiding common scams like phishing, identity theft, file sharing risks, and using strong passwords. The key recommendations are to use up-to-date security software like antivirus and firewalls, only share information with known entities, and be wary of unsolicited messages asking for personal details. Backing up files and knowing how to respond if malware is suspected are also advised. The overall message is to be cautious online and protect personal information.
This wonderful presentation, appropriate for teens and young adults, was created by Symantec's Rayane Hazimeh for the Dubai Techfest, 2013. We thank her for generously sharing her content with the SlideShare community.
Rayane hazimeh building trust in the digital age teenagers and studentsRayanehaz
This document provides a summary of key topics related to building trust in the digital age. It discusses the evolution of the internet from the early 1990s to today. It highlights differences between digital natives and their parents in terms of internet usage and privacy expectations. It identifies common concerns around digital footprints, privacy, security, bullying, predators, and protecting oneself online. It provides tips on creating positive digital footprints, strengthening privacy and security, dealing with cyberbullying, and staying safe from online threats. The document aims to educate people on building trust online through safe internet practices.
The document discusses various risks facing organizations with a web presence and provides recommendations to address those risks. It identifies issues such as security vulnerabilities, privacy concerns, social media risks, and analytics inaccuracies. It recommends that organizations conduct security audits, monitor their websites for hackability, disclose any required information, and stay aware of their site's performance, uptime, and what search engines are indexing about them.
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Steve Poole
Cybercrime how bad can it be? Organised attacks around the world in 2016 have shown how unprepared we are to deal with the growth of Cybercrime. In this talk learn a little about the scale of the challenge developers face from assaults on our systems. Be prepared to be appalled and scared. Fainting is not allowed. Discover how to fight back and see how you can change your behaviour and your code to defend against these attacks.
Your destiny is clear - it’s time to be come a Cyber Defender
The document discusses various topics related to internet safety and security. It covers internet and dark web related risks like identity theft, credit card fraud, and malware. It provides tips for safe internet usage including using strong passwords, updating software, and using a VPN. The document also discusses internet addiction risks from gaming, mobile usage, and provides signs and treatment options. Common cyber attacks and protocols used on the internet like email, file transfer, and the world wide web are also summarized.
This document discusses various types of internet scams and fraud. It describes common scams like Nigerian 419 scams, work from home scams, romance scams, and malware scams disguised as important notifications. It provides tips on how to recognize these scams and advises readers not to provide personal information or money to potential scammers. The document also discusses psychological tricks scammers use and strategies to protect yourself from various internet and phone-based scams.
Cybercrime and the Developer: How to Start Defending Against the Darker SideSteve Poole
In the world of DevOps and the cloud, most developers have to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resilience and scaling to an application. One critical aspect consistently overlooked is security. In this session, learn about a few of the simple actions you can take (and some behaviours you must change) to create a more secure Java application for the cloud. The world of the cybercriminal is closer than you realize. Hear how at risk your application may be, see practical examples of how you can inadvertently leave the doors open, and understand what you can do to make your Java solution more secure.
Common Consumer Frauds and How to Avoid Them-03-14Barbara O'Neill
The document provides information on common consumer frauds and how to avoid them. It discusses identity theft in detail, including what it is, common forms of it, and how to reduce the risk. It also covers phishing scams, how to spot them, and examples. The document concludes by discussing investment fraud and provides tips to avoid schemes like cold calls, pump and dumps, pyramids, Ponzi schemes, and affinity fraud.
How To Keep the Grinch From Ruining Your Cyber MondayMichele Chubirka
Ready to avoid crowded stores and online scammers during the holidays? Join Michele Chubirka as she goes through:
-Tips for safe online shopping and securing your banking information
-Protecting yourself from internet scams, phishing and fraud
Safeguard your personal information against identity theft
-How to use Anti-virus and other security software to keep your digital information safe.
The document provides tips on how businesses can protect themselves from cyber attacks. It begins by introducing common hacker tactics like phishing, exploiting wireless networks, and scanning for website vulnerabilities. It then discusses the types of attackers and their motives, usually to steal financial information or damage a company's reputation. Several specific attack vectors are outlined, including using default passwords, vulnerable websites, insecure wireless networks, flaws in internet banking, and social engineering through phishing emails. The presentation emphasizes adopting a "protect, detect, correct" mindset and classifying sensitive data, as well as following security best practices like enabling two-factor authentication, using strong unique passwords, and keeping software updated. The key message is that businesses of any size can take
Internet safety awareness presentation for teenagers. Includes embedded videos, speaker notes, and examples. Based largely on research out of the Crimes Against Children Research Center.
This document provides tips for improving mobile security and avoiding common threats. It discusses how smartphones and tablets have become ubiquitous, yet many users are unaware of security risks like malware, phishing scams, and unsecured wireless connections. The document outlines three main categories of threats - email/communication, malware, and phishing. It provides specific safety guidelines, such as disabling unnecessary wireless services, using app ratings to identify trustworthy software, avoiding suspicious email attachments and links, and promptly changing passwords if a device is compromised. The overall message is that mobility benefits from an informed approach and sense of responsibility regarding digital safety.
Basic Security for Digital Companies - #MarketersUnbound (2014)Justin Bull
Speaking about how to go about taking security seriously in a digital company. Be it from scratch, or fixing a legacy codebase, learn from Canada Revenue Agency's Heartbleed mess-up and advice from a white-hat hacker.
This document provides information on identity theft, including how it occurs, warning signs, and steps to reduce risk and respond if identity theft happens. It discusses how identity thieves obtain personal information through stealing mail, hacking computers, or deceiving individuals. It recommends placing fraud alerts on credit reports and filing police and FTC reports if identity theft is suspected in order to limit damage to finances and credit history. Key steps include monitoring bank statements, securing personal information, and using security software to protect computers and personal data.
Avoiding Scams & Identity Theft presented by George Dillman, Consumer Outreach Specialist, Investor Education & Consumer Outreach Office.
As presented to the Where to Turn Resource Fair Virtual Fall 2020 Event
Ever wonder, "how can I make my home internet more secure" or "how can I make sure my kids are safely browsing the internet"? Join this cat meme filled presentation on how to secure your home's internet; everything from securing your wireless network to tools that you can use to help keep you and your family safe while surfing the web.
This document provides information and best practices for staying safe online. It discusses avoiding common scams like phishing, identity theft, file sharing risks, and using strong passwords. The key recommendations are to use up-to-date security software like antivirus and firewalls, only share information with known entities, and be wary of unsolicited messages asking for personal details. Backing up files and knowing how to respond if malware is suspected are also advised. The overall message is to be cautious online and protect personal information.
Similar to Traditional Fraud Prevention is Costing you Customers (20)
Comfort & Clean Air Solution Authorized Corporate Sale & Service Dealer.
HVAC is an acronym for Heating, Ventilation, and Air Conditioning. The term HVAC is used to describe a complete home comfort system that can be used to heat and cool your home, as well as provide improved indoor air quality.
"Cold Call Campaigns Success visually represent data and information related to the effectiveness of cold calling in sales and marketing strategies. These graphics use a combination of charts, graphs, and illustrations to convey key insights and statistics in a concise and engaging manner.
The infographics may include data on conversion rates, lead generation, call-to-sale ratios, and other metrics to showcase the impact of cold calling on business growth. They can also highlight best practices, tips, and strategies for optimizing cold call campaigns to improve success rates.
By presenting complex information in a visually appealing format, these infographics make it easier for viewers to understand and digest the content quickly. This makes them an effective tool for businesses looking to communicate the benefits of cold calling and its role in driving sales success.
Overall, infographics on Cold Call Campaigns Success serve as a valuable resource for sales professionals, marketers, and business owners seeking to enhance their cold calling strategies and achieve greater success in their campaigns.
8. Positive - ScammerNegative – Good customer
False Positive – We classify someone as a
scammer when they aren’t
Lose customers
False Negative – We classify someone as a good
customer when they are a scammer
Lose money
9. New Disease - Alexitis
• Very rare – only affects 1 in a million
people
• Luckily, we have a test that is 99%
accurate
• If they have Alexitis, test is positive 99% of
the time
• If they don’t have Alexitis, test is negative
99% of the time
10. I’ve just tested positive for
Alexitis. What are the
chances I actually have
it?
11. 99%, right? I’m screwed!
Would you believe .01%?
Has
Alexitis
Does not have
Alexitis
Total
Test Positive 1
(true positive)
10,000
(false positive)
10,001
Test Negative 0
(false negative)
989,999
(true negative)
989,999
Total 1 999,999 1,000,000
Paradox of the False Positive
12. Conditional Probability
If you live in the United States, you
probably speak English
If you speak English, you probably don’t
live in the United States
13. IF YOU ARE TESTING FOR
SOMETHING THAT RARELY OCCURS,
YOUR TOOLS HAVE TO BE
REALLY, REALLY GOOD
Remember
22. IP Geo-Location
891889-11
Problem 2: Other Carriers
891888 United States
891889 Nigeria
9999 FedEx
891891 Luxemborg
9999
9999
9999
9999
9999
9999
9999
9999
23. IP Geolocation
• With “honest” users, IP Geolocation can be
somewhat accurate
• Nation: 95% - 99%
• City: 50% - 80%
• In terms of fraud prevention, it will only
catch the most clueless of fraudsters
• Essentially useless for mobile data
25. Proxy Detection
• Can catch known proxies
• Suffers from same database issues as
IP Geolocation
• ANY machine on the internet can be a
proxy
26. Cookies
Once I find out your are a scammer, I sneak
into your house and put an X on your
envelopes, with invisible ink
891889-11
891899-11
X
X
27. Cookies
• Will work if the scammer does nothing to
prevent it
• Can be prevented with a single click
• Useful for tracking customers, almost
useless for tracking fraudster
29. Behavior Detection
• Very difficult to measure accurately
• Highly subject to false positives
• Almost any behavior that appears
suspicious can also have a legitimate
purpose as well
30. Browser Fingerprinting
I am going to measure the unique
characteristics of the paper, so I can
recognize the bad letters
31. Browser Fingerprinting
• Somewhat effective technique for tracking people
online
• Measures unique characteristics of your browser
(fonts, plug-ins, etc.) that are reported to web server
• Not well known among general public
• Generally not completely unique
• Will lead to false positives
• Not useful for mobile
• Trivial to circumvent
• Clean browser install
• Virtual machine
33. Transactional Data Strengths
• Does not require user involvement or
knowledge
• Usually quick
• Can encompass many data points
• Does not affect the user experience
• Can be tested on sample data
34. Transactional Data Weaknesses
• Generally easy to workaround
• Significant false positive rate
• Difficult to aggregate across platforms
36. Identity-Based Fraud Prevention
• In the real world, we want to know who we
are dealing with
• Personal recommendations are extremely
important
• Social context is extremely important
• However, online we have no identity
framework to leverage
37. FUNDAMENTALLY WE HAVE
BEEN SOLVING THE WRONG
PROBLEM
WE DON’T HAVE A TRANSACTION
PROBLEM, WE HAVE AN IDENTITY
PROBLEM
however
38. “No man is just of his own free
will [...] he will always do wrong
when he gets the chance. If
anyone who had the liberty [of
the ring of Gyges] neither
wronged nor robbed his
neighbor, men would think him
a most miserable idiot.”
- Plato
42. Extreme Identity: DoD Top Secret
Clearance
• Takes 1-2 years
• Involves ~ 40 pages of
documentation
• Leverages numerous federal
databases
• Involves dozens of interviews
with people who have known
you for
51. BeehiveID Advantages
• Ultra-low friction
• Selfies are easy!
• Uniqueness through biometrics
• NO private information whatsoever
• Supports trust through
connections between people
• One-step integration
52. Summary
• Classification problems are inherently fuzzy
• When the thing you are looking for is rare, you have to
be really precise
• Transactional data is dependent upon data effectively
provided by the scammers
• Results in high false positives, losing customers
• Is easy to circumvent by scammers
• Identity is the foundation of trust in the real world, and
can be used from trust online, with the right tools
• Must be low-friction
• Must preserve privacy
Let’s say you are a banker. You are concerned about a few different things. You need your bank to make money so you need deposits and you need to make loans. You need people to come in and make accounts. You know that some people may be doing things that are less than legal, but as long as they are making deposits you might not care. Or maybe you care deeply about that. In any case, you only have so much time to try to figure out why people are using your bank. You need those deposits.
But the government has told you exactly how much you need to care. They give you parameters on what you need to care about – cash deposits > $10,000 for example. But they don’t let you get off that easily – you also have to support “suspicious” activity.
Here are some examples of the complexities of determining suspicious activity. All of these could possibly be classified in any different way, depending upon context. A corporate check could be from a shell company doing money laundering and a $9,999 deposit could be legit.
FINCEN’s guidelines: http://www.fincen.gov/statutes_regs/guidance/pdf/msb_prevention_guide.pdf (fascinating stuff)
Binary classification is the process of separating things into two categories. In the graph on the right, a simple equation can perfectly separate the two classes. We want things to be this way, but unfortunately they rarely are.
In most real-world classification processes, the boundaries are much more fuzzy and the best we can do is catch some of the things on either side,
We can define “positive” and “negative” however we want. But since we are talking about fraud prevention/detection, we will define “positive” as someone being a scammer. That means negative is a good outcome – a good customer. You can think of it kind of like disease detection.
Using this definition, we want to avoid false positives because that means we are turning away good customers. We also want to avoid false negatives because it means we are letting in the scammers. Generally, when you try to optimize one, you make the other worse.
99% accurate is another way of saying 1% inaccurate. If we test 1,000,000 people, only one of them will actually have Alexitis. But since we are 1% inaccurate, we will falsely say 10,000 people have it. (.01 * 1,000,000).
Put in math terms, P(Alexitis | Positive) = .01%
This is called the paradox of the false positive and it occurs in populations where the probability of an event is low.
Conditional probability is actually quite simple, but most people don’t think about it when they are predicting what outcomes will happen
Here’s some other ones:
Here is a very simplified diagram of how the internet works. (ha)
Contrary to popular belief, the internet is not a series of tubes or even a series of wires. You may think of an internet connection as kind of like a phone call, but it is not. It is a series of distributed packets.
We’ll be using some mail analogies in the coming slides
LA Times did an experiment where they had both anonymous comments and Facebook comments available for articles. The difference in the level of discourse was “stunning” When people see their real name and face next to a comment, the civility of the discourse changes dramatically.
Ultimately, a security clearance is about trying to figure out who you are