© Copyright 2002, ID Analytics, Inc. CONFIDENTIAL “Data Security – What Data Security?” Guest...

© Copyright 2002, ID Analytics, Inc. CONFIDENTIAL

“Data Security – What Data Security?”

Guest Lecture - AEM 322Professor Aija Leiponen

Steven S. Gal

February 26, 2003


AGENDA

▪ Introduction

▪ About ID Analytics

▪ Data Security – What Data Security?

▪ Questions


OVERVIEW

▪ Identity theft: fastest growing crime in USA,costing financial services over $3B in 2001

▪ First to answer the fundamental question:“Is this person likely who they say they are?”

▪ Founding team has done it before with same customers

▪ Highly predictable recurring revenue business model

▪ Cross-vertical consortium strategy createsnetwork effect – and drives dramatic growth


HOW DOES IDENTITY THEFT HAPPEN?

Writing a Check at the Grocery Store

U.S. POSTAL

Mailing aTax Return

5693 2291 4382 0404

Rentinga Car

Goingto Work

APPLICATIO

N

Filling outan Application

Buying overthe Internet

Bank AccountNumber

Social Security

Number

Credit Card

Numbers

Employment

Information

Date & Place

of Birth

Driver’s LicenseNumber

Cell Phone

Number

Home Address

Mother’sMaiden Name


HOW DOES THE FRAUDSTER EXPLOIT AN IDENTITY?

CITIGROUP

SEARS

AT&T

WELLSFARGO

CAPITALONE

BANK OFAMERICA

DISCOVER

MBNA

5693 2291 4382 0404 $4,500

$4,000

$1,250

$4,000

$6,500

$6,200

$3,750

$6,800

5693 2291 4382 0404

5693 2291 4382 0404

5693 2291 4382 0404

5693 2291 4382 0404

TOTAL LOSS:

+$37,000

OVER 13 MONTHS


The Impact on Financial Services

$2.5B

$3.2B

$4.0B

$5.0B

$6.3B

$8.0B

3.6M

0.5M

2.4M

1.6M

1.1M

0.7M

2000 2001 2002 2003 2004 2005

Identity Theft Fraud Losses

Identity Theft Cases

Sources: Meridien Research, Gartner, Cellent Communications, FTC, Social Security Administration


The ID Analytics Solution

CITIGROUP

SEARS

AT&T

WELLSFARGO

CAPITALONE

BANK OFAMERICA

DISCOVER

MBNA


The ID Analytics Solution

CITIGROUP

SEARS

AT&T

WELLSFARGO

CAPITALONE

BANK OFAMERICA

DISCOVER

MBNA

5693 2291 4382 0404 $350

$107

$2755693 2291 4382 0404

ID THEFT DETECTED

IN LESS THAN 2 WEEKS

LOSS UNDER $1,000


BUSINESS STRATEGY

Our exclusive focus is on comprehensive analytical solutions

for preventing Identity Theft and related fraud


COMPANY TIMELINE

March 2002 ID Analytics, Inc. founded

April 2002 Early market response establishes exclusive focus on Identity Theft and related fraud

June 2002 Raised private equity funding

July 2002 Built team with deep analytics experience

August 2002 Launched National Identity Theft Study

November 2002

Symposium – Closed Out Data Study and Launched Early Adopter Program (EAP)

February 2003 Data Study Results and EAP Roll Out


Name1Name1

Address2Address2

SSN1SSN1

SSN3SSN3Name2Name2

Address1Address1

Address3Address3

SSN2SSN2

4

4

2

4

2

3

5

ABC-DE-FGHI

ACB-ED-FGIH ABC-ED-FGIH

1011010111011001

SSA DMF

SSNSSNAddr1Addr1

Addr2Addr2

Addr3Addr3

Addr4Addr4

Addr5Addr5Addr6Addr6Addr7Addr7 Addr9Addr9 Addr10Addr10

Addr11Addr11

Addr12Addr12

Addr13Addr13

Addr14Addr14

Addr15Addr15

PromisingGrace

PromisingGrace

NameName0111000110010011

M.G.M.G.

SSN1SSN1Address1

Address2Address2

Address3Address3

Address4Address4

Address5Address5

Address6Address6

SSN2SSN2

SSN3SSN3

SSN4SSN4

SSN5SSN5

SSN6SSN6

ABC-DE-5601

ABC-DE-5621

ABC-DE-5671

ABC-DE-9511

ABC-DE-9611

XXX-XX-XXXX

1011010101011011

SSN1

app2

SSN2SSN2

Phone2Phone2 Name2Name2

Address2Address2SSN1SSN1

Name1Name1

Phone1Phone1Address1Address1

app1 app1

app1

app1 app2

app2

app2 app3

app3

app3

app3app2

app3

coa

coa

coa

1000000111111001

app2

SSN2SSN2

Name2Name2

SSN1SSN1

Name1Name1


app1app1

app1

app1 app2

app2

app2

app3

app3

app3

app3app2

app3

SSN3SSN3

Name3Name3SSN4SSN4Name4Name4

SSN5SSN5

Name5Name5

Phone2Phone2

Address2Address21011010011011011

SSNSSNApplication1Application1

PhonePhoneNameName

AddressAddress

SSNSSN

Application2Application2 PhonePhone

NameName

AddressAddress

0111010111010001SSNSSN

Application1Application1

PhonePhone

NameName

AddressAddress


App2

App2

App2

App1

App1

App1

App2 App2

App2

App1

App1

App1

1011010101011000app2

SSN2SSN2

Name2Name2

SSN1SSN1

Name1Name1


app1app1

app1

app1 app2

app2

app2app3

app3

app3

app3app2

app3

SSN3SSN3


SSN5SSN5

Name5Name5

Phone2Phone2

Address2Address2

0001010111001011Name1Name1

Address2Address2

SSN1SSN1

SSN3SSN3Name2Name2

Address1Address1

Address3Address3

SSN2SSN2

4

4

2

4

2

3

5

ABC-DE-FGHI


0111011101011001

SSA DMF

SSNSSNAddr1Addr1

Addr2Addr2

Addr3Addr3

Addr4Addr4


Addr11Addr11

Addr12Addr12

Addr13Addr13

Addr14Addr14

Addr15Addr15

PromisingGrace

PromisingGrace

NameName

1011010111010011M.G.M.G.

SSN1SSN1Address1

Address2Address2

Address3Address3

Address4Address4

Address5Address5

Address6Address6

SSN2SSN2

SSN3SSN3

SSN4SSN4

SSN5SSN5

SSN6SSN6

ABC-DE-5601

ABC-DE-5621

ABC-DE-5671

ABC-DE-9511

ABC-DE-9611

XXX-XX-XXXX

0011010011011001

SSN1

app2

SSN2SSN2



Name1Name1


app1 app1

app1

app1 app2

app2

app2 app3

app3

app3

app3app2

app3

coa

coa

coa

1010100110000010

app2

SSN2SSN2

Name2Name2

SSN1SSN1

Name1Name1


app1app1

app1

app1 app2

app2

app2

app3

app3

app3

app3app2

app3

SSN3SSN3


SSN5SSN5

Name5Name5

Phone2Phone2

Address2Address2

0011010101010011

SSNSSNApplication1Application1

PhonePhoneNameName

AddressAddress

SSNSSN

Application2Application2 PhonePhone

NameName

AddressAddress

1001011111010010

SSNSSN


PhonePhone

NameName

AddressAddress


App2

App2

App2

App1

App1

App1

App2 App2

App2

App1

App1

App1

1111010011011001

app2

SSN2SSN2

Name2Name2

SSN1SSN1

Name1Name1


app1app1

app1

app1 app2

app2

app2app3

app3

app3

app3app2

app3

SSN3SSN3


SSN5SSN5

Name5Name5

Phone2Phone2

Address2Address2

0011010111011011

Name1Name1

Address2Address2

SSN1SSN1

SSN3SSN3Name2Name2

Address1Address1

Address3Address3

SSN2SSN2

4

4

2

4

2

3

5

ABC-DE-FGHI


0111010001010010

SSA DMF

SSNSSNAddr1Addr1

Addr2Addr2

Addr3Addr3

Addr4Addr4


Addr11Addr11

Addr12Addr12

Addr13Addr13

Addr14Addr14

Addr15Addr15

PromisingGrace

PromisingGrace

NameName

0111010001010010

M.G.M.G.

SSN1SSN1Address1

Address2Address2

Address3Address3

Address4Address4

Address5Address5

Address6Address6

SSN2SSN2

SSN3SSN3

SSN4SSN4

SSN5SSN5

SSN6SSN6

ABC-DE-5601

ABC-DE-5621

ABC-DE-5671

ABC-DE-9511

ABC-DE-9611

XXX-XX-XXXX

0101001001000011

SSN1

app2

SSN2SSN2



Name1Name1


app1 app1

app1

app1 app2

app2

app2 app3

app3

app3

app3app2

app3

coa

coa

coa

0111010001010010

app2

SSN2SSN2

Name2Name2

SSN1SSN1

Name1Name1


app1app1

app1

app1 app2

app2

app2

app3

app3

app3

app3app2

app3

SSN3SSN3


SSN5SSN5

Name5Name5

Phone2Phone2

Address2Address2

1101010001010001

We identified patterns of ID thieveswho manipulate SSNs in an attempt

to construct IDs

These patterns can beturned into algorithmicequations for storage

We identified patterns of ID thieveswho open several accounts under

one SSN an many addresses

We identified another pattern wherean ID thief opened several accounts

across several different organizationsat several different addresses

We identified and graphed thousands of anomalous and benign identity patterns

GRAPH THEORETIC ANOMALY DETECTION™


AnomalousPattern

Variables

Janet Taylor19876 Poway Rd.Escondido, CA 92640DOB: 03/17/70Hm: 858-678-0090Wk: 858-427-2800

SSN1

app2

SSN2SSN2



Name1Name1


app1 app1

app1

app1 app2

app2

app2 app3

app3

app3

app3app2

app3

coa

coa

coa

101101011101100101110001100100111011010101011011100000011111100110110100110110110111010111010001101101010101100000010101110010110111011101011001101101011101001100110100110110011010100110000010001101010101001110010111110100101111010011011001001101011101101101110100010100100111010001010010010100100100001101110100010100101101010001010001

1011010111011001

Incoming Applicationis graphed and coded

ID PatternDatabase

This pattern is matched to the ID Pattern Database

Captures Patterns Fed into Model

GRAPH THEORETIC ANOMALY DETECTION™


ID VERIFICATION TECHNOLOGY

DiscreteDiscrete HolisticHolistic

1980’s 1990’sToday

Is this elementSuspicious?

Do these elementsfit together?

Current technologies verify data about discrete elements of an individual …

… but, lack the ability to identify fraudulent activity or organized behavior

Reactive

BehavioralBehavioral ContextualContextual

Is this person who they say they are?

Proactive

Future


HOLISTICDISCRETE

DATA

TE

CH

NO

LO

GY

Directories

CDI

VerificationServices

BiometricsFederatedSystems

Profiling

IDENTITY SOLUTIONS MARKET

Seisint

Experian

Equifax ChoicePoint

LexisNexis

TransUnion

FairIsaac

MantasSearchSpace

Actimize

TSIACarreker

BEHAVIORAL CONTEXTUAL

Acxiom

IBM

MSFT

Concord PPS

Microsoft

Liberty Alliance

Identix


DATA SECURITY?

▪ I can steal the identity of anyone in this room within 12 hours

▪ I can get all the information I need by buying it – from Experian, Trans Union, Equifax, Lexis-Nexis, Choicepoint, etc.

▪ Those same companies sell the same data to credit grantors in order to confirm I am who I say I am

▪ There is virtually nothing you can do to prevent it


QUESTIONS?

© Copyright 2002, ID Analytics, Inc. CONFIDENTIAL “Data Security – What Data Security?” Guest...

Documents

Transcript of © Copyright 2002, ID Analytics, Inc. CONFIDENTIAL “Data Security – What Data Security?” Guest...