Feedzai’s Bizzaro: regulation a challenge for cybersecurity providers

The need to anonymize certain data because of regulations is providing an added challenge for cybersecurity providers, says Pedro Bizzaro, co-founder and chief science officer at Feedzai.

“In some cases, when you have to anonymize let’s say the name or the address of something, obviously if you are anonymising then there are some techniques that you cannot apply. For example, sometimes fraudsters are using funny or fake names and you cannot apply some metrics of name similarity and name comparison,” says Bizzaro.

“We are inspected by clients, by external entities, many times per year, they check our data centres they check our security, they check the networks, so it’s a very controlled environment.”

According to a report from RSA business-driven security, phishing – when a fraudster impersonates a reputable company or person – accounted for 50% of overall fraud attacks globally for Q3 of 2018.

Feedzai recently launched Genome – technology which allows fraud analysts to investigate financial crime patterns using advanced graph technology to let the analyst filter data in a much more visual manner.

Fraudsters today have the perfect way of camouflaging themselves in purchases to get through AI and the human barriers of security says Rodolfo Cristovao, product manager at Feedzai.

“In these sophisticated bot attacks what happens is you use many different shapes of stolen cards with stolen devices and they make use of something that is very unique in the US which is the postal office, so they write real malformed addresses so you get 55 purchases they all go to kind of the same zip code but the address is not exactly the same so they try to trick the models, the AI with that because for example it would say 123 mine street and the other would say 123B mine st. It smart because the human at the postal office thinks that this is a mistake,” says Cristovao.

Bizzaro says cybersecurity is an arms race.

“There is an arms race at multiple levels between us and the fraudsters, and between the banks and merchants,” he says.

“There are always new opportunities for fraudsters as well, as there is new legislation coming in PSD2 in Europe, so banks have to open their APIs for open banking.

“They (the fraudsters) improve, we improve. Maybe it will change to a different type of attack, maybe they will focus on other geographies, or on other merchants or other banks. I think this is one of the cases where the fraudsters are going to attack the weakest link so banks and merchants are all trying to improve because they know that if they are not the weakest link the other bank or the other merchant is.”

There is no talent pool of fraud prevention engineers, according to Bizzaro, because there is currently no formal fraud prevention education, therefore, the only solution is to hire people from various backgrounds.

“We hire a lot of people from universities and there is no degree of fraud detection, there is no fraud detection engineering, there is computer science, there is mathematics, physics, and aerospace engineers and so on but there is no fraud detection, so we normally hire from many different backgrounds, and most of those people don’t know fintech when they start working at a company like Feedzai. But they learn very quickly.”

Related reading