Every time that a Canadian uses their credit card, logs in online, or interacts with growing WiFi networks and Smart Cities initiatives across the country, there exists a risk of fraud. For example, it is estimated that in March of 2019, 52 percent of retail logins were fraudulent and high risk credit card behaviour skyrocketed 400 percent from February to March 2019.
In terms of preventing such criminal activities, cloud computing is enabling new technologies to thrive, according to Justin Fox who leads DevOps at NuData. NuData, for example, a Vancouver-based biometrics company, uses biometrics, powered by Amazon Web Services’ (AWS) cloud, to first prove that a customer is human, then that he or she is the legitimate user.
Digital Journal spoke with Justin Fox to learn more.
Digital Journal: What are the main cyber threats to businesses?
Justin Fox: The three threats that I would highlight are social engineering attacks, attacks that take advantage of misconfigurations, and attacks that leverage consumer information from data breaches. A major threat from data breaches is how the data is used in common attacks like credential stuffing and fraudulent account creation to undermine consumer confidence while bypassing many traditional security barriers. We’re also seeing headlines highlighting common misconfigurations of new technologies and services. NuData helps companies mitigate all three kinds of threats with our unique approach to protecting consumer identities that leverages emerging technologies powered by machine learning. Our passive biometrics solution looks at your unique behavior to help validate that you are you online.
DJ: Where are these threats coming from?
Fox: Attackers do not recognize borders, boundaries, or nationalities. In our most recent review of fraudulent threats detected by NuData, the US was flagged as a top risk country. However, attackers have become more sophisticated at spoofing geolocation data correctly and masking their true location.
Our device intelligence and trust consortium information is updated in near real-time, and getting the most accurate information possible is a big job. But we’re able to leverage our cloud-based platform, running on Amazon Web Services (AWS), to gather millions of data points across petabytes of data, crunch all the inputs, and get an accurate picture of what’s going on during a transaction.
DJ: How have cybercrime operating models changed in the past year?
Fox: Attackers continue to test the resilience of organizations by layering attacks, updating techniques with additional sophistication, establishing relationships with other attackers, and sharing tools to better disguise their individual identities. Attackers are also conducting targeted intrusions for more effective financial gain. This makes the usage of appropriate controls – like the Center for Internet Security’s Benchmark on AWS, which provides consensus-based best practices to help businesses improve security in the AWS Cloud, or NuDetect by NuData Security, which combines four layers of security to accurately identify your good users within your application – critical to avoid accidental exposure of consumer data.
DJ: How can cloud computing solutions help people to protect their identities?
Fox: Organizations using cloud computing solutions have the ability to scale faster, innovate more rapidly, and provide solutions at lower cost than in the past. By leveraging managed services from cloud service providers it’s possible to build a new service in a manner similar to constructing objects with lego. One of the tools provided by AWS is the Well-Architected Framework, which helps engineers build on the AWS Cloud while ensuring the solutions they build are operationally excellent, secure, reliable, performant, and cost effective.
This is a core reason why NuData has been able to provide innovative solutions that are proven to be effective – and since our acquisition by Mastercard, a fintech company with deep industry roots, we have a global impact on reducing consumer friction and preventing fraud.
We built our solutions on the AWS cloud because cloud computing solutions can offer more control and visibility than a traditional IT setup. We are able to achieve a level of governance and compliance that enables us to work with highly regulated organizations. While it’s still up to companies and individuals implementing solutions on the cloud to practice good cyber hygiene and follow best practices, cloud service providers like AWS do offer key benefits that just need to be turned on. For example, in our solutions that leverage the AWS Cloud we are able to use AWS tools to have more visibility and control of their environments such as AWS CloudTrail, AWS Config, or Amazon Macie.
AWS CloudTrail is a record of API calls made against an AWS Cloud deployment, providing a detailed audit trail. AWS Config allows customers to track AWS resource state and enable prepackaged rules that help ensure that their AWS resources are in a properly configured and in a compliant state. Amazon Macie is a security service that uses machine learning to help AWS customers prevent data loss by automatically discovering, classifying, and protecting sensitive data in AWS.
DJ: How can biometrics help with this process?
Fox: Authentication processes can make use of multiple factors, typically something you know, have, or are. Biometrics, like fingerprint or iris scans, are something that you are. A biometric factor can help to authenticate that you are who you say you are, if the device and authentication workflow supports a biometric factor. Another example of a biometric factor is passive biometrics, which is a versatile factor that leverages machine learning and used in frictionless solutions provided by NuData, working silently behind the scenes in real time. For speed and performance we use Amazon Aurora to power our passive biometrics models with low latency.
DJ: What is the NuData technology?
Fox: NuData combines the power of our four integrated layers of security to enable businesses to verify users based on their inherent behavior, powered by machine learning in real time to prevent fraudulent transactions before they occur. With machine learning built in through a number of AWS managed services, NuData is able to continually adapt, change, and evolve along with the threat landscape providing real-time threat intelligence into our customers’ applications.
DJ: How does the solution work in practice?
Fox: We use advanced technologies to recognize patterns, such as how consumers type, how they browse, how they move their mouse, or how they interact with their device. We can identify between consumers even when the same username, password, device, and multi-factor authentication (MFA) token is used through usage of machine learning and big data.
DJ: Which sectors are using your technology?
Fox: Our focus is with financial services and ecommerce industry verticals, but we have customers from across all industry verticals. Our solution works anywhere where consumer identification or authentication is required. We have been running multiple production workloads on the AWS Cloud for our customers since 2008.
