Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

December 16 2011

Developer Week in Review: HP sets webOS free

Hard to believe there's only 15 days left in 2011; it's flown by so quickly. Next week, I'll be putting out the much anticipated Developer Year In Review, highlighting the ups and downs of the industry over the last 12 months. But for the moment, enjoy these pre-holiday tidbits:

HP gets into the spirit of the season

HP WebOSEvidently, Meg Whitman was visited by three ghosts recently because she opened her window last week and shouted for the boy downstairs to run to the butcher and buy the big goose in the window so it could be delivered to Bob Cratchit's house. Except in this case, the goose was the source code to webOS, and the lucky recipient was the open source community.

It's certainly a magnanimous gesture on the part of HP, and it's likely to lead to any number of interesting spin-off projects. It will also provide an interesting contrast to the current open-source tablet darling, Android. Exactly who will administer the project and which license it will be released under is still uncertain. Hopefully, it will be a relatively permissive license so it can freely cross-pollinate.

For HP, this is definitely making the best of a bad situation. As readers may recall, I've harped on several occasions about how Oracle has been shedding itself of many of the assets it acquired when it purchased Sun. But as far as throwing away money, Oracle is bush-league compared to HP. It's taken less than two years for HP to relegate the $1.2 billion it paid for Palm to the "capital losses" column in its tax return.

Strata 2012 — The 2012 Strata Conference, being held Feb. 28-March 1 in Santa Clara, Calif., will offer three full days of hands-on data training and information-rich sessions. Strata brings together the people, tools, and technologies you need to make data work.

Save 20% on registration with the code RADAR20

And speaking of Oracle ...

Anyone who has ever been involved in the negotiations for an outside vendor to deliver a software solution knows that it's an inexact science, at best. There always turns out to be requirements that were missed or technical complications that turn up during deployment, and customers are usually (reluctantly) willing to pay the piper because they have already committed to the solution.

Montclair State University evidently decided to try plan B when Oracle went over budget and missed deadlines on the university's new ERP system. They are taking Mr. Ellison's yacht-funding enterprise to federal court, accusing Oracle of rigging the demo and trying (in the words of the university) to extort money by threatening not to complete the work unless paid millions more in fees.

It may be dicey to figure out if Montclair understated its requirements or if Oracle low-balled the bid since I've yet to see a requirements spec for a fixed-price contract that was worth the paper it was written on. Oracle can at least take comfort from the fact that Montclair doesn't have a law school, so there won't be any pro bono faculty members on the legal team.

On the other hand, T&M has its perils, too

Some companies prefer to bid contracts as time and materials (T&M), rather than fixed price. This is a good deal for the contractor because it won't get caught underfunded if things turn out to be complicated. For the customer, it offers the benefit of being able to pull the plug if things aren't working out or to add and remove requirements without having to renegotiate. The downside for the contractor is that it can't profit from finishing early.

Of course, this all assumes that the contractor is actually working on the project. In a recent case, your tax dollars (for all you American readers) were going to pay someone to watch movies, hang out in bars, and ride roller coasters. California-based Aerospace Corp just paid the Department of Justice a nice round $2.5 million to settle allegations that not only was it billing time for an employee who was moonlighting at another firm, but that he spent his days at leisure while billing both firms.

Incredibly, this went on for five years, despite such stunts as billing for more than 24 hours of work in a single day. You almost have to admire the chutzpah of Mr. William Grayson Hunter, who also inflated his high school diploma into a doctorate from Oxford. He also managed to die of natural causes before the long arm of the law could bring him to justice, presumably with a smile on his face and a Six Flags hat on his head.

Got news?

Please send tips and leads here.


March 01 2011

Dusting for device fingerprints

In a previous Strata Week post, I wrote about BlueCava, an Orange County, Calif.-based company that has patented a way of identifying the unique fingerprint of any electronic device connected to the Internet. Last October, they closed a $5 million round of series-A funding led by Mark Cuban.

Recently, BlueCava announced the formation of an advisory board, which includes executives from Facebook, MasterCard, HP, FirstData, Bill to Mobile, and Merchant Warehouse. I caught up with CEO David L. Norris to discuss device identification, reputation technology, online fraud, and consumer privacy.

Our interview follows.

Tell me a bit more about what BlueCava does and how it works.

David NorrisDavid Norris: BlueCava provides a platform that enables businesses to identify devices that are coming to their website. First, we identify the device and then we provide additional information about the device that would be useful to our customers in making decisions about how to interact with that device. One application is finding fraud. Another interesting area is social networking sites: a site may choose not to allow certain users to participate if they have a history of trollish behavior.

As we identify devices, we build information about each device. One of the things we can tell about a device is if it's a shared computer being used by multiples users. We can also determine the specific level of use — whether it's a household computer in the kitchen with a handful of users or an Internet cafe computer with hundreds of users.

It sounds like BlueCava is largely used to identify negative behavior. Can the technology also be used to identify devices or users with a positive history?

David Norris: In some ways it's better to identify a good device rather than the bad ones — it's much harder to mimic or fake a "clean" machine that has no history. So we've taken on the task of identifying a broad set of devices. This year, we'll identify more than 1 billion devices.

From there, among the partnerships we've signed up, we're going to assign direct financial benefits to those with a positive history, such as discounts and rewards. We'll be announcing further details soon. For site managers, it you have a historical reputation that's good, there's an opportunity to reduce some of the costs associated with interacting with you, like performing extensive background checks. So they can afford to pass some of those savings on to users who merit it.

What about the privacy issues associated with device identification?

David Norris: We do not collect any personal information. We don't collect Social Security numbers or email addresses. We identify devices and we characterize a device's behavior. For devices with GPS receivers built in, we collect information at a ZIP-code level, not a granular level. That would be a violation of privacy.

We've also implemented what the FTC is calling "do not track," so users can either opt out or set their preferences when it comes to online marketing.

There's a difference between being identified and being tracked: if you turn tracking off, we can still identify a device but we don't keep track of which websites it's been to.

Since no system is perfect, what are the remedies available to users whose devices or histories are misidentified?

David Norris: If a question comes up about a particular device, the user can go to the merchant or site owner, who can then escalate the issue in a review queue. It becomes a human process at that point.

So BlueCava is not making direct recommendations about user accounts?

David Norris: We're very careful not to position ourselves as a fraud solution. We are a tech company that can be part of an existing fraud solution, but device identification is only part of the story. We're gathering information that's already available and has been used for years by other companies. What we're doing differently is using it in a unique way.

Imagine that you're a store owner, and one day someone walks into your store and then walks out. The next day, they walk in again, and your recognize them. You'd do that naturally based on hair color, eye color, the shape of their face, etc. And you could recognize them even if they were wearing a different shirt, because you know that their shirt can change but their face won't. We do the same thing with devices. Our technology is adaptive, and allows for change to occur. But it's up to each individual client how to use that information.

Some users may find this kind of device identification intimidating because it seems like "magical spying." What would you say to them?

David Norris: Cookies used to seem magical too. But then people got used to the idea of them.

Our technology, I believe, will replace cookies eventually. It just observes your machine instead of reaching into it and dropping something there.

Device identification is an improvement over cookies in part because if you choose to opt out, you're opted out and that's it. If you opt out using cookies, the system actually drops an opt-out cookie on your machine — if you clear your cookies, then you're opted back in! Also, you have to opt out on multiple browsers. From a device identification standpoint, it's much cleaner: you opt out once and it's done.

This interview was edited and condensed.

February 08 2011

Big data thwarts fraud

A new O'Reilly/PayPal report on web-native payment platforms, "ePayments: Emerging Platforms, Embracing Mobile and Confronting Identity," is now available for download.

Among the topics covered in the report are the rise of payment platforms, the mobilization of money, and the advent of contactless payment in mobile commerce. This excerpt looks at the role big data is beginning to play in fraud detection for these services, and the new opportunities that development brings. Additional excerpts will be featured here on Radar throughout the week.

Web-native payment platforms have a tremendous challenge combating fraud — greater in complexity than that faced by traditional payment processors. But the solutions they have devised to deal with it have created some enormous new opportunities.

First, the problem: payment platforms have to process orders from many more sources than do credit card companies. "Traditional processors have to deal with tens of thousands of sources of fraud at each individual point-of-sale or merchant site," said Matthew Mengerink, VP of Platform at PayPal. "PayPal has to be able to identify potential sources of fraud from the almost 90 million browsers and mobile phones that are constantly connecting to our payment processing services. We're dealing with a much larger challenge, and we've designed systems to identify and manage fraudulent activity often before it has started."

PayPal, Amazon, and Google have all developed sophisticated analytical tools and infrastructure to identify patterns of fraudulent activity. Paypal, for example, has a series of Fraud Management Filters that screen payments and sort out transactions that warrant review because of their amount, their origin, or other factors that can be set by a merchant. But the opportunity to identify fraud reaches far beyond this virtual point of sale. PayPal and Amazon have developed fraud detection tools that depend on massive datasets containing not only financial details for transactions, but IP addresses, browser information, and other technical data that will help these companies refine models to predict, identify, and prevent fraudulent activity. PayPal and Amazon have had years to amass databases of the transaction details for hundreds of millions of customers across thousands of merchants.

These tools vastly improve on the periodic, offline analysis that has been the norm. Institutions traditionally sampled existed data and ran nightly or weekly analyses using fraud-detection models. The newer approaches perform continuous, real-time analysis on large datasets, applying some of the lessons that Google and others have learned for indexing the web to the problem of calculating the risk of fraud for individual consumers or merchants. There's a swarm of activity around a new crop of "big data" tools like Hadoop, MapReduce, and BigTable that can deal with huge amounts of data. The fraud question is a large driver of all this activity.

"Sampling is dead," said Abhishek Mehta, a big data lead at a large U.S. bank institution. "When banks stored petabytes of information on magnetic tape, it was impossible for them to develop appropriate models to measure risk without resorting to sampling techniques. Today we can run analysis on upwards of 50 petabytes of data to more accurately calculate risk. Technologies such as Hadoop allow us to do things that were previously impossible."

Mitigating risk is just one use for all this data. With everything that payment platforms know about their customers — transactions, searches, messages, likes and dislikes — they can increasingly use this information to devise sophisticated advertising models or predictive analytics for selling products and services. Privacy advocates might be alarmed, but the payment providers are just continuing a model pioneered by financial institutions decades ago for identifying consumer preferences and identifying fraud risks. The emergence of tools for processing big data creates new opportunities for payment platforms and vendors to get better at what they already do.

A payment system built on top of systems that facilitate real-time analytics creates some interesting possibilities. Consider the architecture of a modern advertising network like Google's DoubleClick. DoubleClick and other ad networks have refined real-time auctions that deliver targeted ads to users in milliseconds. When a request for an ad comes in from a browser, it's quickly passed to one or more advertisers, each of whom has between 10-20 milliseconds to match that user to a profile and assign a potential value to its bid. The high bidder gets to place its ad — and it all happens in under a second. These interactions are happening with every click, generating a massive amount of real-time modeling and calculations that drive an efficient market for advertising.

Imagine a similar system for electronic payments in which a payment platform offers potential transactions to competing credit issuers. As you browse an e-commerce site, your browsing history and the item you're considering come together to create a risk profile. The site or payment platform may offer that profile and the details of the transaction to a handful of competing lenders so that at checkout you receive several offers for financing from different banks. If you have previously chosen to pay automatically with the most advantageous offer, the site could automatically select the credit source offering the best terms. From your perspective, your funding sources and credit card don't have a fixed APR; the rate is variable and can change depending on your evolving real-time risk and the risk of the merchant.

Real-time analysis like this was, until recently, an impossible idea. But the innovations of ad networks like DoubleClick and Google AdSense have shown their potential and created an efficient market for advertising. A real-time approach to analytics in payment will undoubtedly lead to a wave of innovation among merchants and banks at the point of sale.

Excerpts from "ePayments: Emerging Platforms, Embracing Mobile and Confronting Identity" will be published throughout the week. You can download the full report here.


April 28 2010

Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.
Get rid of the ads (sfw)

Don't be the product, buy the product!