Three innovative ways start-ups are harnessing data for security

Data will spark the Fourth Revolution in the global payments ecosystem, after analogue, magnetic stripe, chip & PIN, and tokenisation. It’s a commodity, but also a vital tool that will transform the way we keep payments safe.

Visa Navigate interviewed three companies working on potentially game-changing innovations in this space: Silot, Uniken and EverCompliant, at the Asia Pacific Visa Security Summit, held in Shanghai.

Silot: The decision engine for banks

Assessing the risks of potential clients has always been one of the biggest challenges facing financial institutions. While the digital era means the amount of information available on clients has never been larger, assessing that information efficiently and accurately remains a challenge. Silot, a Singapore-based fintech which uses its fast and scalable AI technology to help banks make decisions on dealing with new clients, pointed out that any security is only as good as the data it is based on.

Andy Li, founder and chief executive officer of Silot, said: “For security, the biggest challenge is data. On the one hand, it helps you to make better decisions and presents opportunities. On the other hand, if the data has been manipulated by hackers, how can the AI be correct?”

One of the key problems in making sure that the data available is accurate is a lack of trust between financial institutions, according to Silot, whose technology allows banks to make real-time intelligent decisions for Know Your Customer (KYC) onboarding and anti-fraud purposes. Competing banks are trying to purchase data from third parties as a result – and this data may not always be reliable. A system of collaborative and secure data sharing, via blockchain, would be ideal, Li argued.

“Banks would not be giving the data away – they would be contributing as part of the blockchain,” he said. “We believe that the blockchain technology will use that trust and help banks trust each other – they’re already more trustworthy than most institutions. To do so in a way that creates the best fuel for AI.”

Uniken: Military grade authentication

As digital commerce becomes more sophisticated, so must authentication. When customers get used to ever-quicker and easier payment methods, they want the authentication process to be as seamless as possible – and so do merchants and issuers, so that the customer will complete a purchase. Of course, data – whether on contact details, buying habits or even biometrics – can be used as part of a seamless authentication process to keep those customers in the buying process.

Dwayne Cosby, at Uniken, a US software company focused on security for mobile applications, said “Security is not the customer’s problem. And consumers want seamless and instant services.” Uniken’s product, REL-ID, is a security platform that integrates directly into a merchant’s or issuer’s mobile app, tightly coupling identity, authentication, end point threat detection and channel security.

For European merchants, issuers and consumers moving towards Strong Customer Authentication (SCA), which will require digital payments customers to be authenticated in multiple ways, the message about the importance of rethinking the payment experience is clear.

“Do you design for the lowest common denominator – such as a 90-year-old grandmother who doesn’t use the web or a mobile device and prefers to call the call centre for support – or do you design the solution you want and need for today and the future? Our thought is you should design the ideal solution, and then appropriately adapt it to accommodate the lowest common denominator.

“You create specific journeys and techniques to support the outlier client, recognising that over time this group will shrink in size. You then take your solution and think how it applies against your channels. This means you can quickly and securely support the grandmother without trading off the security or experience for other customers that have already fully embraced mobile as their primary way of doing business,” Cosby argued.

EverCompliant: Solving transaction laundering

Wherever commerce is conducted, crime often follows. This has been the case with the era-defining movement from brick and mortar stores to online commerce. Just as in the physical world, cyber criminals leave fingerprints and “DNA” in digital spaces. Digital evidence can be discovered and analysed at scale and speed using software; software once thought of only in spy movies and in real-life for combating terrorists.

Noam Rabinovich, CTO and Co-Founder of EverCompliant – a US/Israel-based company that uses cyber intelligence to enable clients to stop transaction laundering – said: “Television shows portray money laundering in the physical world as if you need a brick and mortar merchant, like a car wash or nail salon. But in fact, it is so much easier to launder online.”

EverCompliant illuminates data and the dark corners of the internet to uncover malicious activity by merchants to examine whether the business entity is legitimate or a front for criminal activity. EverCompliant’s MerchantViewTM software uses artificial intelligence (AI) and machine learning (ML) to power its cyber intelligence platform in order to assess hundreds of millions of domains. The software categorises the internet, analysing content, images and code to determine the true nature of a website. These insights shine a light on the hidden relationships among websites and identifies the risks associated with each according to a client’s own risk profile. The analysis provides an entity’s full ‘Digital DNATM’, revealing threats as well as new opportunities to scale business efficiently and confidently.

“One of the problems we have today is that when payment processors, acquiring banks, payment facilitators, and other marketplaces onboard a merchant. They, for many reasons, such as resources or time constraints, do not continuously monitor those merchants. So even if they thoroughly check the merchant initially, over time things can change, which could reveal troublesome and potentially illegal connections, and result in reputational damage and hefty fines for processors and banks,” Rabinovich said.

The need for sophisticated use of data to address transaction laundering concerns is clear. Rabinovich warns: “Criminals are early adopters. They try everything really quickly, and they’re smart. They open and shut websites for laundering with a click of a mouse, which is most often undetected. You need technology on your side to fight crime.”

When it comes to the relationship between security and data, we often focus on how attractive data is to criminals, and how it must be protected. Yet, data is also our ally. Companies hoping to protect data must also work out the best way to harness it, whether to flag criminality, make important decisions or ensure seamless authentication.