Scott Zoldi Ensures Smarter Machines Thwart Cybercriminals at FICO

FICO disrupts traditional cybersecurity models with analytics and artificial intelligence that do a better job identifying risks and outfoxing bad guys

The FICO Falcon score, one of the most successful operationalized, neural network models for detecting credit card fraud, has been around since 1992. Now, thanks to Scott Zoldi and the organization’s innovations in real-time artificial intelligence (AI) and analytics, FICO is bringing new capabilities to cybersecurity.

Zoldi, FICO’s chief analytics officer, has been with the company for seventeen years and has authored seventy-seven patent applications—thirty-eight of which have been granted and thirty-nine of which that are pending. His previous focus had been in theoretical physics, where he developed equations that described and predicted activity in the physical world, such as when a heated fluid would move from a stable to an unstable state.

He eventually shifted that focus to predicting and explaining human behavior and how that behavior is reflected in patterns that can be detected in digital systems. For example, when you are notified that an unusual purchase has occurred on your credit or debit card, it is because the system recognizes details—such as the location, amount, or specific vendor—as being outside of your usual purchasing behavioral patterns.

“Traditional models are good at predicting behavior based on historical data,” Zoldi says. “But they aren’t nearly as good in environments that are continuously changing, such as cybersecurity, where attackers’ techniques and tactics change so fast that historical data doesn’t mean much. That’s where adaptive technologies and self-learning AI take on much greater importance.”

Zoldi’s first experience developing such an application came in the early 2000s while he was developing systems to protect telecommunications networks in the United Kingdom. That challenge required inventing self-learning models that didn’t rely on existing data and could understand and react to deviations from normal activity by continually reevaluating and relearning from data in real time.

FICO has leveraged these kinds of capabilities in its Falcon Cyber Security Analytics platform. Using methods similar to the real-time, behavioral analytics and neural networks that detect payment card fraud, the platform takes only tens of milliseconds to generate threat scores that rank transaction integrity. Transactions monitored by Falcon models now include two-thirds of the world’s payment card purchases and network flow data that can signal a breach in complex internal computer networks.

Zoldi points out, however, that cybersecurity in most companies has lagged behind state-of-the-art analytics capabilities in financial services. The traditional reactive process continues to detect, investigate, and then block suspicious activity, which can mean a days- or weeks-long lag behind the mere fractions of seconds it takes to lose data.

“Falcon operationalizes risk and prioritizes the half-million or more alerts a large company can experience daily,” Zoldi explains. “Based on behavioral analytics in real time, it can identify a system or a single computer that is behaving abnormally and, most importantly, detect threats undetected by traditional methods. By detecting and blocking in real time before investigating, we can stop data breaches as they’re happening.”
FICO uses Falcon Cyber Analytics to protect its own systems and data, along with its Enterprise Security Score (ESS), which generates an overall cyberbreach risk score that indicates the level of exposure created by all of an organization’s assets. This includes IP responses, misconfigurations, and even proprietary information found on dark websites, among many other details. “Using the same AI systems as our clients, we’re able to continually learn more and improve the systems to better meet real-word challenges,” Zoldi says.

The greatest challenge to maintaining the leading edge in analytics and AI is developing the appropriate skill sets in new talent. Since academic understanding and capabilities can be different from addressing the types of threats encountered in the business domain, Zoldi and his team created what amounts to three-year apprenticeships for new hires.

By learning from senior team members’ experiences and insights, new employees can develop the necessary skills and avoid common pitfalls, many of which frequently impact startups without such a depth of expertise. For example, FICO does not utilize a “remaining credit balance available” feature in Falcon because fraudulent use needs to be detected immediately, not after a user’s credit has already been accessed and depleted.

“Knowing the theory of how an engine works is different from being able to go into a garage and fix one,” Zoldi says. “We take time to integrate and familiarize our data scientists and engineers with real-world business environments where clients rely on our applications to run flawlessly 24/7.”
His years of experience have taught him to take a comprehensive and holistic view of his work. As a result, it’s not uncommon for Zoldi to turn to other areas for inspiration. He refers to the Internet of Things and its challenges with managing massive amounts of streaming data as an example.
As more industries recognize the power of AI algorithms to extract value from huge streams of data, FICO will already be ahead of many of its competitors. “We’ve been developing AI solutions for more than twenty-five years,” he says. “That gives us an edge as we keep refining our products and pioneering innovations that help companies leverage their own data, keep their assets secure, and enable them to make the best decisions possible.”