Cyber-security company ThetaRay is using Series C funding (which may include financing from Alibaba) to open offices in Hong Kong and London, and plans an additional round of fundraising so it can expand its services to insurance and credit risk.
Mark Gazit, New York-based CEO, told DigFin the company opened an office in Singapore in October, 2016, while Hong Kong is likely to commence business this spring or summer – assuming it hires the right person to lead the effort.
A director for the London office has already been identified, and that operation will launch more quickly, Gazit added.
ThetaRay was set up in 2013 by mathematicians to uncover unknown threats through big-data techniques to help defend financial institutions and critical infrastructure. It is based in Israel.
Gazit declined to comment on the firm’s relationship with Alibaba or other investors. The company raised $15 million in a series C round led by the Chinese behemoth, with four other investors, in December 2015, according to Crunchbase. General Electric was a series B investor as well as a client; ING Group is also a client. Its earliest venture financing came from Jerusalem Venture Partners.
“Customers tell us what we do is look for needles in a needle-stack,” Gazit said. “In the financial world, most transactions are now done by machines. So you also need machines to deal with risks.”
Gazit’s career began in providing software and hardware solutions for security to governments, and has longstanding contacts in Greater China as well as Israel.
The company’s mathematicians, and other co-founders, include Amir Averbauch and Ronald Coifman. Averbauch is a veteran of the IBM Watson development team and is now based at Tel Aviv University, teaching computer science. Coifman is a mathematics professor at Yale University with experience in the Pentagon’s DARPA program.
They have patented a series of algorithms using big-data analytics and machine-learning techniques. The company started by using these tools to identify cyber threats, but moved into fintech because banks were under the same kind of attacks as GE.
After having set up an office in New York to market its services to large financial institutions, Gazit says ThetaRay wants to use future funding proceeds to enter into insurance, helping companies identify fraud, as well as to apply its machine-learning to battle credit-card fraud, as well as to help banks improve customer screening.
“Most banks now rely on digital branches, like your mobile phone,” Gazit said. “That’s great for customers, but it also makes crime borderless.” In other words, robbers are no longer gunmen attacking a physical branch, but hackers who could be located anywhere.
Consumer banking is an easy target because hackers can find ways to use individuals’ accounts to commit small frauds, but leverage the system to do so at scale. For example, people who regularly download 99-cent songs from Apple’s iTunes store are unlikely to pay attention when they get billed for a few songs they didn’t actually buy.
“Do that systematically for a month, and you can steal $20 million,” Gazit said. “And the risk [to a criminal] is very low because they’re in another country.”
Anti-money laundering rules are based on outdated notions of lots of proscriptions that banks spend a lot of money on trying to follow. Hackers can take advantage of logical gaps that banks’ (usually regulation-driven) compliance rules miss. ThetaRay’s starting point is to not follow any rules.
For example, for one bank client, ThetaRay found that loans, including mortgages, were fraudulent. The bank’s systems approved a lot of loans of unusually small amounts; loans that were given to teenagers; and loans that were mortgages. These three data points, by themselves, didn’t raise red flags – all are legitimate. But ThetaRay discovered that these three categories of lending were all going to the same people.
In other words, teenagers were being given small mortgages. It’s the sort of crime that could never happen in the physical world. The bank in question did have sophisticated software for fraud detection, but hackers had figured out how to shut down the communications that would have alerted staff to their masquerading as kids taking out mortgages.
The bank’s management’s initial response when it realized what was happening made the situation even worse: they classified the lost money as ‘non-performing loans’ and never reported the crime. Obviously the perpetrators were never found.
Yao Ming versus the aliens
ThetaRay cannot prevent such crimes, Gazit said, but it can discover fraud quickly, giving banks the chance to shut down problems early. He claims the company now works on behalf of many big financial institutions in the US.
Machine learning works intuitively through many, many examples, rather than coming up with solutions via a set of rules. But what if ThetaRay comes across a fraud its algorithms have never seen before? Wouldn’t a highly original attack still get through?
Gazit says there are ways to guard against unknown attacks. His analogy is a test in which the computer must tell the difference between a human and an alien being, when it has zero information about aliens. All it has to go on are data about humans: our sizes, our measurements, our weights, our heights.
But let’s say the computer then comes across someone like Yao Ming (2.29 meters, or 7 feet and 6 inches tall). It might classify him as an alien. The aliens are also quite tall!
But the computer doesn’t create a single rule about height. It also looks at relationships among data. In this example, it will look at the ratios of arm length to torso size, for example. Yao Ming might be as tall as the aliens, but his arms aren’t ten-foot long tentacles.
In the world of financial transactions, ThetaRay examines thousands of parameters over tens of millions of a client’s activities. ThetaRay’s most proprietary algorithms – which is what it competes on in the marketplace – enable it to analyze all of this in something like real time.