On Thursday, April 6th, the Strauss Center hosted Allison Miller, cybersecurity expert and former Reddit Chief Information Security Officer, as she discussed cybersecurity in the realm of financial services. This talk was part of Strauss’ Tales from the Cybersecurity Front and Brumley Speaker Series.

Miller has built her career as a cybersecurity leader by focusing on three areas: 1) Consumer privacy protection, 2) Incorporating artificial intelligence into security, and 3) The incentive structures inherent in cybersecurity. She spent much of her talk discussing this final category.

Miller started her talk by laying out the development of and major players in digital payments. This system, which we use every day when we swipe our credit card at the grocery store or checkout from an e-commerce platform, began as a collaboration between the large banks that represented consumers and merchants. Their collaboration led to the creation of large credit card networks such as Visa and Mastercard, originally established as non-profits to promulgate and monitor the policies and protocols behind credit transactions. From their establishment in the 1990s until 2010, the networks relied almost exclusively on physical security technologies to prevent fraudulent transactions. Miller displayed her own credit card to show that many of these physical technologies, such as holographic logos and embossed numbering, remain in use today.

With the rise of e-commerce, however, merchants were forced to approve purchases without verifying these physical security measures, leaving them exposed to higher rates of fraud. The networks responded by shifting to a model in which the network itself authenticated purchasers and authorized purchases in real-time over the internet. This created a more even distribution of the cost of fraudulent transactions, with purchasers and their banks also playing a part in preventing fraud. Miller noted that these changes in the digital payments industry led to the emergence of companies like PayPal and Square. 

Miller pointed out that while e-commerce was realigning the incentive structure behind covered transactions, the payments industry was also grappling with a rise of computer-enabled fraud. In another act of collaboration, major credit networks came together to set cybersecurity standards. The Payment Card Industry Data Security Standard (PDI-CSS) remains in place today and has inspired similar industry-specific attempts at self-regulation.

Miller closed her talk by answering audience questions, including one about the future of payments and how cryptocurrency will influence it. After admitting that she is a “crypto-skeptic,” Miller stated that the technology, at present, does not offer a technological advantage over the current system that is sufficient to justify a broad-scale transition.

In addressing how incentive structures shape approaches to digital security, Miller delivered a talk perfectly tailored to an audience of future policymakers and lawyers.

This event was free and open to the public. Special thanks to Strauss Center Senior Cybersecurity Fellow Wendy Nather for moderating. For more information on this event, contact Brittany Horton at [email protected].

Biography

Allison Miller is a recognized innovator and business leader, having spent the last 20 years scaling Fortune 500 (and startup) teams and technology in cybersecurity, e-commerce, and financial services. Allison is known for her expertise in designing and implementing real-time risk prevention and detection systems running at internet-scale, with a proven track record of building and protecting customer-facing platforms and services (both B2C and B2B). 

Most recently, Allison was CISO and VP of Trust at Reddit where she led the cybersecurity, privacy, risk, and safety teams. She has also held technical and leadership roles in security, risk analytics, and payments/commerce at Bank of America, Google, Electronic Arts, Tagged/MeetMe, PayPal/eBay, and Visa International. Miller speaks internationally on security, fraud and risk, is an advisory board member at YL Ventures, and previous board appointments include ISC2 (Treasurer, Chair of Audit Committee), the Society of Information Risk Analysts, and Keypoint Credit Union. Miller was also a Trustee for the Center for Cyber Safety and Education.

Add to My Calendar