The Andera Blog

Although I've been working in retail bank marketing for many years now, a decade ago I was managing marketing for JPMorgan's two online brokerage brands, BrownCo and JPMorgan Invest.  Often I'm struck by the similarities between the problems I encounter now and the problems I encountered then. In many ways, I feel like the banking industry is where the brokerage industry was 15 years ago. 

I recently came across a case study that comparing Charles Schwab and E*Trade, written in 1999.  (You can access it here). When I read it, I felt like I could have been reading a publication about retail banking written in 2013. Just take these excepts and replace the bolded text with "banks and credit unions:

In person, identity verification is easy. Ask for a photo ID, check to make sure the hair is the same color and the age looks right, shine it under a purple light if you want to be extra sure it's real.  Online, it's a little more difficult.  As the famous 1993 New Yorker cartoon states, "  On the Internet, nobody knows you're a dog." Although we've come a long way in online identity verification since 1993, it's still an imperfect process. This is how identity verification in online account opening and lending works:  

Step 1:  Verify that someone with the applicant's name, address, and social security number exists.

To complete step one, most online identity verification systems call out to one of the big three credit bureaus, Experian, Equifax, and TransUnion, who then search for an identity match within their vast repositories of consumer credit data.

A couple of weeks ago I wrote a short post about my experience working as an ethical hacker before I came to Andera.  During that time, I infiltrated a financial institution using social engineering techniques, gaining me access to customer information.

Although I don't have more bank break in stories to share, I did also hack into two other data rich institutions during my tenure as an ethical hacker: a university and a hospital.  Both types of institutions have loads of sensitive information that a hacker could resell on the black market.

Operation Animal House

I know what you're thinking.  Here comes another 500 words of blather about a concept that has been so worked over it's become nearly meaningless. Don't worry; I'm not going to pretend that I have anything useful to say about big data. Instead I'm going to summarize the ideas of someone who I think does. 

On May 11 Jonathan Levin  and Liran Einav  of Stanford University published a National Bureau of Economic Research (NBER) working paper called "The Data Revolution and Economic Analysis."  The paper is about how economists can use big data, but begins with an excellent discussion about the nature of big data in general. Specifically Levin and Einav outline four characteristics of big data that differentiate it from data available in the past

Before I joined Andera as the Director of Information Security, I led a team of 30+ security experts for a very well-known security company for over seven years, and before that I worked as a security consultant to two other firms.  I was a jack of all trades in this space; I did audits and assessments, I advised on system design and procedural best practices as a security architect, and I participated in security incident response teams.

I also did some ethical hacking. There has been some  debate over the appropriateness of the term "ethical hacker," and it's also possible to become a  certified ethical hacker, but in this case I mean specifically that I was contracted by a bank to identify weaknesses in their security system by trying to steal personal data.