Treating Cybercrime Like A Disease


Do you remember what you were thinking about on Dec. 19, 2013? We do. We can be almost sure that at some point on that day you thought something along the lines of “Oh my God, Target got breached? How did that happen?”

Because as recently as two years ago, most of us were still capable of being even remotely surprised by a major retailer being breached by cyber criminals.

Canh Tran, on the other hand, was not at all surprised by the announcement, as he and the crew at Rippleshot — the firm of which he is the co-founder and CEO — had noticed the breach a full two weeks before it was announced.

Because that, in essence, is what Rippleshot does, Tran explained to MPD CEO Karen Webster in a recent podcast conversation. The digital security startup applies data analytics to fraud to detect breaches. With their help, issuing banks have been able to reduce fraud losses by 25 percent, because the wave of frauds that follow major breaches can be shut down quickly.

“We monitor card transactions across the payment system and we monitor consumer purchase behavior and merchant transaction behavior,” he said. “And most importantly, we monitor the travel of the card from merchant to merchant.”

Because, Tran noted, though the theft happened at a single retailer — Target, for example — fraud happens all over the ecosystem, with a $100 gift card purchase in Vegas, a laptop in Seattle and some stereo equipment in Florida.

“We can see all those transactions that are identified as fraudulent and then we can quickly determine ‘what do all those cards that are being used have in common?’ When you find that one point in space and time, you have you breach,” Tran noted.

“A lot of times you have data breaches that spread across the U.S. like viruses in a malignant chain. It can go through malware, it can go through a POS terminal. We see it early on and we can stop it before it becomes a catastrophic event.”

If it sounds a bit like epidemiology, it is because it kind of is. Rippleshot is essentially looking through all the “infected” cards in an attempt to figure out the retail equivalent of “patient 0”: the source of the contagion.

A contagion that Tran notes comes in many, many forms. In the case of Target, it was malware implanted through a third-party contractor’s access. In other cases they have dealt with, they’ve had major restaurant chains think their system has been compromised only to discover that their data systems are fine; they just have a crooked bartender who is skimming customer credit cards.

Sometimes the culprit isn’t software or a person. It is hardware that is invisible to users. Tran noted they had a chain of gas stations whose problem was traced to a scanner surreptitiously installed in a gas pump card reader. He also referred to the Barnes & Noble breach where the skimming hardware actually came pre-installed in the credit card machinery from China.

But for Rippleshot’s purposes, the source of the contagion is immaterial. They are agnostic as to what it is, as their security net is all about detecting its effects.

“We work with networks and issuing banks, so we see all those transactions,” Tran noted. “The banks will also confirm that a fraud has happened. When that is combined with our analytics that is scanning the progress of a card, and looking for patterns in fraud, we are usually able to follow the ripple back to the source.”

And, Tran noted, that ability to spot the breaches is only to going to get more important, because, quite frankly, the thieves are getting smarter every day, and actively working to outfox the measures put up to block them.

“Thieves are now actively working to thwart geofencing. They only sell cards locally when they know that banks will flag transactions that pop up more than 250 miles away from a cardholder’s home,” Tran noted.

“Thieves are also getting more strategic about how they do the breaches. The average duration of a breach is about eight months and that is becoming longer because they are staying dormant for longer to harvest more information,” Tran noted. “Fraud is like a balloon, if you squeeze in on areas, it is going to come up someplace else. If you block it online, it will go to prepaid cards, or it will pop up at gas stations. Even EMV chips can be hacked. They are always going to evolve their game, and it’s an arms race.”

However, while many security firms are dedicated to outgunning the fraudsters in the race, Rippleshot is more likable to a missile shield — a protective data grid that monitors the POS terminals and card accounts nationwide to make sure that no major strike can land.

And bring those advantages to the whole system.

“The real sweet spot for us aren’t the big six banks or the major retailers,” Tran noted. “It is the 11,000-12,000 community banks, regional banks and credit unions that don’t have these types of sophisticated analytics, and we are able to deliver it over the cloud. That is something we weren’t able to do five years ago.”

Rippleshot entered a market where cybercrime was about to become an ominously familiar household word. And though no one likes thinking about it, being aware is proven time and again as the best method for warding it off. So Rippleshot is out there, staying aware and waiting to thwart the best criminal ideas that bitcoin can buy.



Digital transformation has been forcefully accelerated, but how does that agility translate into the fight against COVID-era attacks and sophisticated identity threats? As millions embrace online everything, preserving digital trust now falls mostly on banks and FIs. Now, advances in identity data and using different weights on the payment mix afford new opportunities to arm organizations and their customers against cyberthreats. From the latest in machine learning for fraud and risk, to corporate treasury teams working in new ways with new datasets, learn from experts how digital identity, together with advances like real-time payments, combine to engender trust and enrich relationships.

Click to comment