Michael Bridges

If you are the owner or the caretaker of a financial services industry firm then you have a $4 million plus liability waiting for you—the data breach. The financial services industry collects personal information, financial information, health information, and in some parts like insurance. This is the data the cyber criminals want to steal.

Just to be clear, the information cyber criminals are after are our names, social security numbers, date of birth, and anything that identifies an individual (PII). Next is nonpublic information (NPI), typically financial information encompassing credit cards, bank accounts, loans, and mortgages. Cyber criminals are also after personal health information (PHI). This is any type of information regarding medical conditions, pharmacy, family history and more. These three categories of confidential information are at the center of transacting business in the financial services industry.

According to the IBM 2021 Cyber Security Report, the average breach costs $4.23 million and, if that breach included medical information, it could reach as high as $9.2 million.

Now when we talk about the average breach, what is that? It’s every company that’s reading this article. It only takes (at $148 the average cost of breach mitigation per record) approximately 30,000 records to be stolen. Larger companies rise to mega breach liability, 50 million records stolen with an average cost of $400 million to resolve. These breach costs are typically expensed within the first 12 to 18 months. For more detail on the anatomy of a breach, you can read the entire article discussing these events and their associated cost in the Broker World archive.

Well now, who is responsible for this average breach? Who has to pay $4.2 million? It’s every company reading this article. Federal and state laws hold the firm or organization that collects the user’s data responsible. That means you are responsible for the data breach; you will pay any fines or fees resulting from any legal action. As a company or firm processing transactions on behalf of a customer or client, you are now the data owner—you are responsible for the privacy and security of their information. Engaging a third party to manage that information (Cloud SaaS Vendor) is called the data holder. If a breach occurs at the data holder location, the data holder must notify the data owner but not much more than that. The data owner who outsourced to the third party SaaS vendor may pay more in fines related to how the data holder secured the information and your failure to do proper due diligence over their operations. Again, to be clear, the data owner (that’s you) bears all the financial responsibility. There are some exceptions to this, such as HIPAA, which, under certain circumstances, can fine the data holder as well.

Inside the company, the CEO most likely accepts the blame for the breach. A third of these CEOs either resign or are fired shortly after the breach. The cyber security community believes the C-Level leadership is responsible because they control the budgets that impact the resilience of their cyber security. IT professionals continually need more technology, which costs more money to protect the data they’re in charge of.

Cyber security professionals face a daunting task; they are fighting a criminal that has the advantage. Attackers according to the IBM cyber security report of 2021, maintain a presence inside the company’s infrastructure an average of 297 days, almost nine months, undetected. Once the attackers get through perimeter security they are now inside the infrastructure. They now conduct reconnaissance, inventory all the assets of the infrastructure, understanding the security in place while always pursuing the highest level credentials they can obtain. Once inside the infrastructure with credentials they can steal your data. Over the last decade, security professionals have focused on the internal infrastructure called Network Detection and Response (NDR). NDR has proven useful reducing the average stay inside the infrastructure to 222 days. New solutions appearing in the market leverage artificial intelligence to reduce the number of false positive detections making NDR more effective.

Cyber security experts agree that the only defense to the breach pandemic is encryption. Cyber encryption was first deployed when companies wanted to interconnect data systems over dedicated lines, and to secure them they created the Virtual Private Network (VPN). When businesses turned to the Internet for conducting business, they turned to internet HTTPS protocols. Today Google estimates that 95 percent of the Internet traffic is encrypted. Before encrypting the Internet, it was very easy to listen—all you needed was an ethernet packet sniffer and you could collect data real-time. This encrypted traffic is known as “encrypted data in motion,” and, with today’s strong encryption, encrypted traffic has not been cracked.

Once we secured the Internet and before the cloud, most business computing was done at on-premises and co-location data centers. The attackers changed their tactics to stealing hardware, hard drives, and backups. In 2008, Microsoft introduced Transparent Database Encryption (TDE). This symmetrical encryption scheme encrypted the database requiring a login or additional authentication whereby the database would be decrypted and available for use; this is known as “encryption at rest.” With TDE encryption deployed on databases on notebooks, desktops and servers, databases were now protected with strong encryption. This was a significant improvement because if a notebook computer was stolen and the database was protected with TDE security, experts would determine there was no breach. Security professionals agree confidential information with strong encryption provides no access to its contents, therefore the data owner is in safe harbor—no harm.

Now with “encryption at rest” protecting mobile devices, notebooks, desktops and servers, the attackers changed tactics again and started penetrating infrastructures to reach the data in use. This attack surfaced over the last decade and has created the most damage and what we call the breach. Once inside the infrastructure attackers have direct access to plaintext data in databases that support our business applications. The logical next step would then be to encrypt the “data in use.” Unfortunately, if you encrypt data in use your applications will not run. The utility of encrypted data in databases becomes inoperable—no searching, no computations, no productivity. If we could encrypt our data maintained in databases while in use, the attackers would find no value in stealing your data and they would be out of business (e.g., sell your cryptocurrency).

Over the last decade plus, academics and researchers have been working with a new type of encryption called Homomorphic Encryption (HE). The goal of HE is to do computations on encrypted data while the data remains encrypted. In 2009, Dr. Gentry demonstrated the use of lattice cryptology whereby computations could be performed on encrypted data. Dr. Gentry called this variation, Fully Homomorphic Encryption (FHE). Since his disclosure, many technology companies have continued his work on FHE because it was the first that could do both arithmetic and multiplication. Many security experts agree that encrypted data while in use would be the “Holy Grail” of data security.

Unfortunately, FHE is not ready for prime time. It will take a few more decades before a practical use may be realized. FHE suffers from several problems which impact performance, encryption strength, and accuracy. FHE is 10,000 times slower than today’s SQL performance. For example, a SQL query taking 25 milliseconds to execute normally would take 3 ½ minutes in FHE. FHE encryption strength is limited to 128 bits, considered weak encryption by today’s standards. FHE multiplication is limited to integers and small data sets so as not to suffer from execution noise—but we never give up.

I am proud to have worked over the last five years with a group committed to finding a solution to “data in use” encryption. Remaining true to the tenets of homomorphic encryption, this group has created a new solution that allows us to encrypt the database and use it in commercial applications never having to decrypt while in use. This patented technology along with other innovations can now stop the breach, eliminating the attacker’s reason to begin with. This group set out with the real world security understanding that the attackers are inside the perimeter, the attackers have gotten credentials and that every database query is an attack. This unique privacy enhancing technology will be available soon for anyone to finally secure their data from everyone. It’s zero trust encryption ensures that no single keyholder could access the data, removing implicit trust to data holders, and that data owners cannot be betrayed by internal staff. Application Program Interface (API) access to the data also is secured by zero tolerance threat detection and response quickly isolating attackers and blocking them.

If you are still reading this article, the good news is that the cavalry is just over the hill. In a very short time you and your vendors will have access to new tools that will stop the reality of a breach and save your company. Remember, it’s always better to be safe than sorry. Let’s stop the breach.

The notion that Cybercrime is fueling the Cryptocurrency market through money laundering activity-they are interdependent. If we eliminated 95 percent of cybercrime, we could declare victory and keep $5 trillion moving in our global economy.

I picked today to start writing because Bitcoin mining rewards halves today. BTC halving simply means a 50 percent pay cut for building (mining) block chains, therefore, I cut my expenses by half resulting in 50 percent less blocks verified per period-advantage cybercriminal. When I wrote the part one article, BTC was trading at $6,800. This past Friday it closed at $10,000. No one can predict if the BTC mining cutback is going to affect the coin price as it has in the past. I believe it will go up because of the COVID-19 pandemic and ignore the 50 percent mining reward cut. Hackers are having a field day with us opening our systems to enable work from home, and this summer we will see an uptick in reported cybercrime. Hackers will have more money to push into BTC. BTC market cap will grow, and that is the fuel for BTC appreciation.
Three promising approaches core to our perimeter defense doctrine are coming on-line and will become game changers in stopping cybercrime: Identity and Access Management, Software Defined Perimeter, and Searchable Symmetrical Encryption. Think about what’s important-people accessing content-it’s that simple.

Identity Management has many implementations today, but the trend is to cloud solutions because of the resources they can touch and the vendor community can support-Cloud IAM. Single Sign On (SSO) was one of the first tools and even though it helped, it had limited utility and IT remained with multiple silos to management. Users, in general, need more for online safety as they work, shop, bank, travel, and more. There are already certain restrictions in place for those who want to access casino sites, hence why are so many are looking into how to bypass roobet location checkpoint, for example, to ensure they have the opportunity to play the games on this site. This type of protection is something that should be in place for all sites. Also, the point is Identity Authentication is paramount for the individual, the people and the organizations around them. Supporting one identity provider has many benefits for all concerned. Users could interface with one site for all their online needs including work. These identity providers offer Multifactor Authentication (MFA) features like fingerprint scans, facial recognition, GPS location, IP address, behavior analytics and complete isolation when bad actors are detected. What if an online store hack of an individual could close their ability to access company assets, or a company hack could lock down all your employees’ bank or credit card accounts?

The workplace now can rely on one access integration point and enhance their users’ experience. Vendors now can set requirements with the identity provider on the type or level of authentication required (i.e., password greater than eight characters, two-factor, bio rec, etc.) before granting access. A unified access portal where users can set vacation flags turning off work access but opening travel destination access. Wallet security questions further personalizing the individual identity. This process could help adoption for electronic signatures, video conferencing, voting, law enforcement and electronic health records. Users could get their own access reports, and all concerned could be notified when an alert is triggered or a distress condition is set.

Validating and testing the identity are also important. Individuals have a responsibility to validate their identity by an onboarding process where nonpublic information is asked, and answers provided much like the experience of locking down your credit reports at TransUnion, Equifax, and Experian. Then an annual recertification process to ensure all the information and goals are being met.

The Cloud IAM market is taking shape with the usual suspects, Google (Cloud IAM), Amazon (AWS IAM) and Microsoft (Azure AD). There are many IAM vendors in the market, the first started around 2007 focused on company enterprise solutions benefiting the company not the individual. Cloud IAM vendors are focused on both the individual and the company enterprise. Leverage the reach of the cloud to ensure access security and stop the decentralized landscape we endure today-fifty different points of potential failure deployed by fifty different companies. Hackers rarely waste time with companies that deploy MFA solutions because there are so many who have not. Today, you are best served to extend your password length to 10 or 12 characters or use passphrases, enable two factor authentication and IP restrictions.

The second change of behavior comes from the Cloud Security Alliance Association (CSA) known as the Software Defined Perimeter (SDP). The Software Defined Perimeter solution is designed to stop network attacks against application infrastructure. With the adoption of cloud services, the threat of network attacks against application infrastructure increases since servers cannot be protected with traditional perimeter defense techniques. The traditional fixed perimeter model is rapidly becoming obsolete because of internal security neglect or bad actors, BYOD that attach to internal networks, phishing attacks and IoT devices that introduce malware providing untrusted access inside the perimeter-the classic Trojan Horse.

Connectivity in an SDP is based on a “need-to-know” model, in which device posture and identity are verified before access to the application infrastructure is granted. Today’s perimeter approach is too broad when looked at from underneath (what I call the plumbing). Vendors building SaaS solutions design three layers separated by firewalls and connected via VPNs and NACs. Unfortunately, what is in view across the network can be seen if you know what you are looking for-hacking. CSA states this as “Authenticated users have overly-broad network access, increasing the attack surface area and enabling the types of wide-reaching breaches that we see far too often.”

Let me give you this example: You are kidnapped and being driven to a secret location, all the while watching the scenery and sites as you travel. SDP environment is the same story but this time they blindfold you going to the secret location. The Department of Defense and Intelligence community call this a “Black Network.” In effect, SDP establishes a direct connection from you to the host resource (application) you are requesting and if the host resource needs help from a different host resource (database) a new connection is created between host resources only. The SDP instrument managing all these connections is called “SDP Host Controller.” Now that I’ve over simplified SDP, the concept is, there is no plumbing-connections are dynamic.

So far, we have discussed Cloud IAM solutions designed to ensure your identity and maintain your authentication. SDP introduces Black Networking where the identity also has a “need to know,” or privilege to a portal or application. The bad guys now have a tremendous challenge to break in from the outside. Eight-character passwords are considered weak security when that is the only challenge separating the bad guys from your third-party trusted content. With cybercrime growing 15 percent per annum, our security perimeter needs to change. Bad guys are smart too. The technique of brute force password hacking is seldom used because it is much easier to be invited in. Phishing, URL Forgeries, and Social Media Impersonations are just some of the techniques used whereby one click is all they need. Then they sneak in some Java code infecting File Explorer, coming to life the next time you start File Explorer. Red Flag: If your File Explorer starts doing odd things (i.e., very slow, chopped screens, bad characters) then you should sweep your device in Safe Mode with a capable commercial tool.

What can we do when the bad guys gain access inside our defenses…eliminate their reward? Yes. We want an ending like Geraldo Rivera opening Al Capone’s vault-nothing. Well that goal has been long coming because today’s database protection is non-existent. Databases are secured by Transparent Data Encryption (TDE) or Cell Encryption (CE). TDE encrypts appropriate database files (every row) and CE encrypts only the field (cell) where the data exist-a column. They both use one symmetrical key, and each has pros and cons.

TDE is good for “Data at Rest,” which means the database is inactive but cannot be reasonably searched because you must decrypt all the rows before the query can begin. According to Matthew McGiffen, “When TDE does not read from disk it doesn’t add any overhead, but how do we quantify what the overhead to queries is when it does have to access the disk? From my testing we could suggest it adds from 10 percent to over 1000 percent CPU.” (Thoughts on Query Performance with TDE enabled, May 23, 2018). To make it clear, it kills performance not just for you but everyone. Microsoft, who created TDE in 2008, now offers Always Encrypted SQL where the data is encrypted at the workstation. This distributed model makes sense-offloading the server-but we want to move away from workstations and the thought of moving symmetrical keys across the enterprise would make any IT organization nervous.

CE is a column level encryption; it encrypts only the sensitive information in a table column. With CE, the data is still encrypted even when searched and decrypted when displayed. Just like TDE though, if you search on that column, then the entire column is decrypted. Again, a performance killer. How much of a killer? A 5,000,000 row database with one encrypted column takes 12 seconds to return results compared to 0.0012 seconds when not encrypted. User mutiny.

The real problem is TDE and CE are not that secure because of the leakage they create. Leakage is a term used to describe breadcrumbs and artifacts left in the SQL database which enables hacking. A great demonstration of this is a 10-minute video published by Simon Mcauliffe (https://simonmcauliffe.com/technology/tde/) where he steals a TDE database and hacks it revealing all its decrypted content. Ten minutes.

In 2005 scholars started a subject called “Searchable Symmetrical Encryption” and many doctoral theses were launched. And that is where it ended-abstracts and a bunch of calculus but no products-until now. I have watched over the last four years our version of SSE perform with virtually no overhead and no leakage; a totally different approach to securing data making it searchable and secure. Security that does not encrypt plaintext data but instead shreds the data with no context. It does not store data in rows but builds algorithms that bring order to shreds of data across multiple records; a mathematical non-equation (equations that produce more than one answer). Hackers rely on seeing encrypted text and plain text together as best portrayed in the war movie Midway (AF). Without these relationships hackers are flying blind. SSE that supports more than one symmetrical key making it impossible to remove (steal) the database. A total scheme that delivers no value to thieves and will not for the next 100 years. As an employee of a company that builds supply chain solutions, my company will not rest until we complete our SSE project, eliminating risk for the data we manage and report that we do not store confidential information.

Cybercrime reached over $5.5 trillion dollars last year. The bad guys cashed out for $1.5 trillion and the victims paid out an additional $4 trillion covering the lost $1.5 trillion and $2.5 trillion in mitigation cost, technology, fines, and lost reputation compounded with departing senior management.

Protecting confidential information from bad guys is obtainable and the above discussed subjects collectively can put hacking in the past. Publishing the fact that XYZ Company has deployed Cloud IAM, Black Networking and Shredded Data at Rest should be more than enough for Bad Guys to move on and not waste their time. Of the three options, Shredded Data Storage would have the least impact on deployment and stop the potential loss of confidential data immediately.

In signing off, BTC is selling at $9,400, no effect from the halving four days ago. And if you are in BTC, sell high-because the party is about to end.

I’ve always been curious about who’s making the money from cybercrime. Among the players we have Nation States, Organized Crime, small teams to individuals, so let’s follow the money. To keep this simple and about money, we’ll discuss the three most active cyberattacks-Phishing, Ransom and Identity Theft. Each of these attacks have a list of usual suspects, Phishing is a small group or individuals, Ransom and Identity Theft are larger groups like Organized Crime and Nation States. According to McAfee the top Nations States are China, Russia, North Korea, Iran and Central America. All these groups combined in 2019 realized $1.5 trillion in money stolen-good guys to bad guys. The good guys also ended up paying $4.0 trillion in money to clean up the mess; global cybercrime cost $5.5 trillion in 2019 in an $80 trillion global economy.

So, what did the bad guys do with $1.5 trillion? Where can you hide billions of dollars? At the top, identity theft spoils (NPI, PII and PHI) are sold to others on the dark web and they launder and monetize the stolen assets. This accounted for $860 billion. High-earning cybercriminals can make $166,000+ per month; middle-earners can make $75,000+ per month and low-earners can make $3,500+ per month according to Mike McGuire, University of Surrey (UK), April, 2018.

Just selling your personal information to other bad guys can collect:

• Social Security number: $1
• Credit or debit card: $5 to $110
• Driver’s license: $20
• Passports (US): $1,000 to $2,000
• Medical records: Up to $1,000 for complete APS

Experian 12/6/2017

The value of your personal information is four to six years. Once they have their clean cash, then how do cybercriminals spend it?

• Immediate needs-paying bills: 15 percent
• Disorganized/Hedonistic spending: 15 percent
• Finance criminal activities: 20 percent
• Status spending: 20 percent
• Cryptocurrency: 30 percent

Mike McGuire, 4/2018

Nation States mostly focus on intellectual property and, when monetized, its value is $600 billion. China’s Ministry of State Security and People’s Liberation Army are mandated to steal U.S. industrial and trade secrets. Forrester Research Inc. 10/2019

Here’s a typical story on how Nation States engage business opportunities with technology companies to gain access to their infrastructure, steal their intellectual property, then pursue litigation while making use of stolen property.

American Superconductor Corporation (AMSC) was a developer of world-class technology for software to control wind turbines. Sinovel (2007), AMSC’s Chinese partner, paid a bad guy $1.7 million to steal the software and, as a result, ended their AMSC relationship. Sinovel engaged in litigation refusing to pay $800 million owed to AMSC and AMSC has countersued for $1.2 billion. AMSC is in survival mode and the litigation is going nowhere. AMSC claims that 20 percent of China’s wind farms are running stolen code. In the last decade the Chinese initiative has stolen intellectual property such as:

• Dupont technology for the benefit of Chinese chemical manufacturers
• Motorola’s cellular technology
• Dupont genetically modified corn seeds
• T-Mobile confidential equipment
• Cisco Systems core router software code
• Avago and Skyworks wireless communications technology

Gen. Keith Alexander, NSA Chief, in July 2012, warned us that Nation State cybercrime will be the “greatest transfer of wealth in history.” Nation States like China are after our technology for their own internal benefit and to understand how to crack it as we use this technology today in our perimeter cyber security defense.

Bad guys conducting Ransom attacks took home $21 billion and Phishing victims lost $1 billion. Ransom attacks start with the introduction of malicious code (Phishing) that encrypts your hard drive or database with a displayed message on how to contact them.

“Fifty-five percent of SMBs from the US would pay hackers to recover their stolen data in ransomware attacks. A total of 140 US local governments, police stations, and hospitals have been infected with ransomware. In the third quarter of 2019, the average ransomware payout increased to $41,000. Ninety-five percent of ransomware profits are laundered with cryptocurrency,” reported Heimdale Security, December 2019. The FBI reports that only 19 percent of Ransomware crimes are reported. No loss of data exempts them from declaring a breach and if the FBI’s figures are close, $100 billion plus was coerced from businesses last year.

Cybercrime continues to grow at 15 percent per year and the bad guys have figured out how to make more money by selling their tools. Bad guys now offer platforms like service providers; they don’t commit the crimes directly but enable others for a fee. Such sites offer more than tools, they include customer reviews, technical support, descriptions, ratings and information on success rates. Some examples of the services offered:

• A zero-day Adobe exploit can cost $30,000
• A zero-day iOS exploit can cost up to $250,000
• Malware exploit kits cost $200-$600 per exploit
• Blackhole exploit kits cost $700 for a month’s leasing, or $1,500 for a year
• Custom spyware costs $200
• One month of SMS spoofing costs $20
• A hacker-for-hire costs around $200 for a small hack

The point here is that cybercrime is evolving into its own institution like drug cartels, prostitution rings and illegal gambling. The same types of people involved in organized crime are now into cybercrime. Well, so far we’ve discussed who, what and where cybercriminals are making their money, but like all illegal gains it must be washed of any stains and be accounted for by a trusted third party.

Here I sit, a cybercriminal with $1 million worth of credit cards ready to cash in. Now we play the shell game where we move money around offshore shell companies with just enough transaction history to be legitimate when it lands. Setting up shell companies is quick and costs about $5,000 each. Me, the bad guy, has an E-Commerce site in the Cayman Islands that only sells pet rocks. I place the orders using stolen credit cards, never shipping anything, and deposit the proceeds into my Cayman business account. The next day I start moving the money through Panama, Samoa, The Seychelles, Belize and ending up in the British Virgin Islands. Then move what I need into the U.S. for taxation. This process has worked well for many years but, like most third-party processes, you’re paying fees and dealing with many layers-a lot of systems to trust that leave fingerprints around the money.

So now we come to cryptocurrency, several different types of peer to peer financial exchange networks (see here for an example of one). The most popular of the cryptos are Bitcoin and Etherium, with names like those you would think they held no weight but it is the opposite. Cryptocurrencies have no third-party trust, no oversight, traceability or bureaucracy. With the technology behind them it is almost impossible to forge them (but it is possible to steal). Naturally, dealing with cryptocurrency trading can feel like you’ve swiftly waded into murky waters which is why using the best cryptocurrency trading platform might help you safeguard your investments. Just two people agreeing to exchange value based on an arbitrary exchange rate. One of the first cryptocurrencies, called Bitcoin, was founded in 2009 by Satoshi Nakamoto (alias).

Satoshi’s design solved the fundamental problem of double-spending with the introduction of Blockchain-a public ledger of all transactions that ever happened within the network, available to everyone. Bitcoin, to establish the market exchange, set the total number of coins at 21 million. You can buy portions of Bitcoins and you can be a miner and be rewarded Bitcoins. If you are thinking to trade on more coins, then the crypto portfolio tracker could help you in keeping track of all the coins and all the exchanges you’re on. That being said, miners are Blockchain verifiers who add transactions to as many Blockchains out there as quickly as they can so that thousands of Blockchains will have your transactions. Mining has evolved into very special hardware, similar to the equipment that you can get on sites like https://coinminingdirect.se/product/goldshell-kda-box-home-miner/, which means that the miners have gone institutional. It’s not a surprise to find the most well-known mining hardware manufacturer around, Bitmain, was founded in 2013 in China, and today has offices in several countries around the world. Bitcoin today is valued at $6,887.49 per coin for a market cap of $126 billion. Source: https://bitcointicker.co/.

Now back to my cybercriminal selling pet rocks in the Caymans. Bad Guy now wants to move his washing machine to crypto-exchanges and stay below the radar of law enforcement because they’re so far behind. Bad Guy takes the stolen identities and opens 20 to 30 crypto accounts under the same names. I write about cryptocurrencies because there are 540 plus crypto exchanges on the globe and bad guys spread these new accounts across many exchanges. Some platforms collect personal information to build trust, but many others remain anonymous accounts; 40 million people own cryptocurrency, 11 percent are Americans. Based on my research, I believe half (five percent) of those Americans don’t even know it. Interesting for 2019 IRS forms asking if you own any cryptocurrency.

Bad Guy now takes about 300 to 400 credit cards directly to the Bitcoin trading platform and deposits about $2,000 to $3,000 illicit CC transactions directly into their wallets and buys 145 Bitcoins. The next day Bad Guy starts trading among his controlled accounts creating three to five transactions each. The small amount of trades is less likely to be mined because these networks rely on the largest Blockchain to be more complete, therefore a better record by passing small chains. Then on schedule, Bad Guy transfers funds to a “legitimate” account (opened with stolen ID) and then to their roadside vegetable stand bank account or to their import/export business. Hell, today you can go to a Bitcoin ATM and withdraw cash directly as needed.

In connecting the dots, let’s look at two ecosystems: Cybercriminals and cryptocurrency. Cybercriminals reportedly bought $350 billion ($250 billion in ID theft and $100 billion from Ransom theft) worth of cryptocurrency in 2019. Reports size the cumulative market capitalization of cryptocurrencies at $237 billion in 2019, almost double 2018. Professional money laundering is a business and they are very active in cryptocurrency, taking the normal 10-30 percent off the top-in BTC of course. The money laundering front sells to Bad Guy a coin at the going rate ($6,000). Bad Guy then sells the coin back to the front for $4,000; Bad Guy walks away with $4,000 and the front keeps $2,000. Remember, this is a peer to peer exchange, not much different than OTC brokerage exchanges but without any oversight.
Therefore, with the admission of cybercriminals using cryptocurrency to launder stolen money around a market of stolen identities with unsustainable Blockchain verification and auditing, the bad guys are cashing out. In Part Two of this article, I’ll discuss three promising technologies that could eliminate or at least significantly reduce cybercrime. Then one wonders…by eliminating cybercrime, could that alone crash the value of cryptocurrencies?

Machine Learning (ML) will change three areas of the core processes we use in the life insurance industry today—paper and electronic application business, internal workflow, and underwriting medical data. The supply chain of life insurance distribution has for years promoted electronic forms for processing. While captive carrier models have the high adoption, 80 percent of distribution remains paper based. The good news is that even though paper is used to execute the agreement, if properly managed, an imaged document can be created and the original paper can be ultimately destroyed or stored. Internal workflow applications, commonly referred to as “Rules Based Workflow,” are programed applications managing routing, tasks, approvals, logic (if/then), limitations, people and exceptions, ensuring case management flows in an efficient manner. Medical input remains critical to underwriting so the best evaluation for an individual can be predicted to competitively price the policy. ML over the next few years will greatly impact these areas for the better.

Starting with Paper/E-App capture, Deep Learning (DL) and ML will be game changers, and this is why—color capture. In Part One of this article I discussed DL and it’s focus on processing color images, MNIST Training Set (TS) of grayscale images and DL models focused on biometrics. Today we challenge DL with the least optimum source image to process, the binary compressed TIF image; TIF images are limited to black or white pixels. Since the beginning of image capture our entire electronic documentation foundation is built on TIF images. The reasons for TIF remain as valid today as they did 30 years ago—quality reproduction output (paper-out), small byte count for bandwidth requirements and smallest storage footprint. So, we have a world of TIF images and a “slow to change” supply chain to overcome.

Paper/E-App capture will have to change from this day forward and change this inbound traffic to color. To take the greatest advantage of DL we need to start to capture with color images (i.e., PDF, JPEG, PRN, etc.). Delivering color images to your DL-CNN for text or handwriting recognition is your best chance of getting the best results. Getting producers, agents, registered reps, and advisors to scan in color, or mobile capture and save in color, to send in is all the change we need. This works because they are going to deliver those color images directly to your DL solution or DL service.

In the field of AI, people are working in a color world, no one is building Symbolic Learning (SL) or DL algorithms for black and white pixels; that would be like building PONG again. Therefore, if we expect great things from our technology, we must be willing to change. By introducing color into our documents, forms can use color to help page recognition, instructions for people and print or handwriting processing. Example: If my form when digitized (scanned) was the color blue and the person filled it out in black ink, when you do forms dropout you only remove the blue pixels; you preserve (black pixels) the original content which enables better recognition. Once the DL process is complete and you have received your data, convert the color image to a TIF image for storage. Conclusion: When building or selecting a vendor, ensure direct capture to the DL solution or DL service of color images.

Medical information and ML have several opportunities and challenges. The opportunity is that ML provides more perspectives to analyze data which will help when evaluating an individual. A true premise in Statistics and Probability mathematics is that you can predict the population but not the individual. Most systems are confined to three dimensions of perspective (i.e., lifestyle, health and family history). The one area you cannot predict is the ability of the individual to change. When negative lifestyle and health behavior changes to the positive, this individual changes to a new carrier/product for better coverage value, while the opposite change goes unnoticed. ML now offers the opportunity to add on new data sources available and predict the ability of the individual to change. New sources like social media, electronic health records, DNA screening, internet activity, buying trends, twitter content, criminal violations, fraud detection and more will help predict the individual aptitude or tendencies to change.

ML models are pliable. One model can be used for many processes and even across different industries. The point is, one ML model could automate an entire company. UCLA developed a ML algorithm to predict earthquakes around the globe. The same ML algorithm is used by the Los Angeles Police Department to predict crime. In both cases, they used historical data to train their models and have produced significant results. LAPD has experienced a reduction of 33 percent in burglaries, 21 percent in violent crime, and 12 percent in property crime across the area where the algorithms are being applied. LAPD built a TS incorporating data going back as far as 30 years. The next effort underway is to process more sources to fine tune the ML parameters.

This ties back to change in medical information because finding the right model is key and next is your TS. This now becomes a challenge because the Electronic Medical Record (EMR) is 90 percent image based. The good news is that the Electronic Health Record (EHR) is digital. The bad news for EHR is that there are no standards; interoperability between vendors is nonexistent. EMR requires a process of transcribing images to usable data to build your TS. All the Attending Physician Statements (APS) and Part 2 medical forms need to be converted into data. These are one-time projects called “Dark Data” and the trend in the life insurance industry is converting Part 2 forms.

Carrier Part 2 medical forms is another area of change that needs to happen to make ML/DL effective. Carriers and others paying for medical exams need to stress to the examination companies to “Follow the Forms’ Instructions!” Working with many Part 2 forms we see shortcuts which to humans may be acceptable but to ML are accuracy killers. Example: Part 2 checkbox groups where the author strikes a diagonal line through the group intending No as the answer for all the checkboxes. This line now passes through some checkboxes making them true to DL when the intention was for false. Without a level of quality control of the form, this individual could lose their chance or at least add additional expense to the carrier’s process. Part 2 form designers need to add more space when collecting explanations to requested questions. Designers should provide data capture examples (i.e., MM/DD/YYYY, $1,000, Group checkbox selection, etc.) and allow space to write equivalent to 30 font size.

Digitizing the APS has challenges, but with ML we see the opportunity to transcribe for about the same cost of summarization. When underwriting ML matures, the APS data will best reveal the individual. Predictive Analytics will become a competitive edge if focused on the individual and not the population. In the medical industry their ML efforts are focused on quality of care. The most used vendor service for doctors and medical providers is “UpToDate” a Wolters Kluwer company keeping professions up to date with the latest clinical support resource with improved outcomes. Medical professionals also want “Natural Language Processing” (NLP) because they know there is so much more data collected if the doctor—patient encounters could be recorded and processed. Unfortunately, there is very little progress with NLP and medicine, but this is the hottest AI area according to Robert Wacther, author of The Digital Doctor and others. To life underwriters I would recommend working with their summarization partners and get the ML projects going to build TS, something small but that still has a positive impact, and start cheering for medical NLP.

Rules Based Workflow Is Dead—Long Live Machine Learning! Over my career I have never seen a Rules Based Workflow (RBW) produce a ROI. I have been involved in many RBW projects that took many hours of consulting, configuration, programming and training wrapped in much debate on how the flow really works. A year or two in development, finally launched, the standard comment was “Great—we’re only two years out of date.” RBW is like the newspaper business—their product has a 24-hour lifespan. Change it and the staff required to manage it simply stops, users pushout work-arounds, and then the entire RBW is killed in the first reorganization chance that comes along.

ML is a different paradigm. You don’t configure or program rules. ML writes the rules on the fly based on its data inputs. ML will learn from all three training events (Supervised, Unsupervised, and Reinforcement) and, based on input, change the workflow. Let’s walk through such an event like routing information for approval. Jillian works within a New Business processing shop; she and her boss Lara are the only ones who are authorized to approve a type of application. Jillian takes a one-week vacation and therefore won’t be available to approve, leaving Lara to watch her queue or get sysops involved to change that route for a week and then change back. ML would learn from email that Jillian is out of office. ML knows from the existing TS that this type of application is routed to Jillian 90 percent of the time and Jillian approves the application compared to Lara’s 10 percent of the time. ML could have an input from the email solution for Jillian’s “Out of Office” notices and change the routing to Lara’s queue and back to Jillian’s when the input changes. The point is, new workflow solutions will be manual with ML taking over as the data and TS mature. This is where the data science comes in, reducing program development for data development and, in time, the workflow will maintain itself.

I talked about three areas AI and ML can impact the way life insurance is processed today. Image capture, future back office systems and medical underwriting. Of those three, there is no question the industry is focused on medical underwriting, the real opportunity for competitive products. Next, ML workflow for its inherent focus on your processing and your product optimizing resources. Leave “image capture to data” to vendors—it offers little, if any, ROI when built internally. Final point: Focus your ML efforts on your largest and most strategic return, and outsource the rest. 