NOW, HACK­ERS AT­TACK CEO EMAILS

The Economic Times - - Special Feature -

By the end of this year, mcom­merce-to-wal­let com­pany Paytm will have all its cat­e­gory pages made by ma­chines. Paytm wants to re­spond to each cus­tomer who vis­its its web­site look­ing for fash­ion wear or sports gear or iPhone cov­ers in a per­son­alised way. The web­site will of­fer cus­tomer choices based on past us­age and so­cial me­dia posts. For ex­am­ple, if you re­cently went to Goa on a hol­i­day and posted photos of the trip on Face­book, you might get ‘beach-themed’ iPhone cov­ers. The idea is to hook cus­tomers with what they pre­fer. Given that the choice of iPhone cov­ers run into sev­eral hun­dreds, a cus­tomer vis­it­ing an on­line mar­ket­place might not have the pa­tience to browse through all the pages and op­tions. But by throw­ing up just what he de­sires, the web­site might be able to coax him into buy­ing.

On­line mar­ket­places like Paytm call this con­ver­sion rates — the num­ber of vis­i­tors who end up buy­ing stuff. Help­ing them bump up con­ver­sion rates are al­go­rithms. Al­go­rithms are re­spon­si­ble for cus­tomers brows­ing for goods be­ing greeted with shop­ping rec­om­men­da­tions. Al­go­rithms de­cide what to dis­play for on­line mar­ket­places. They keep track of what cus­tomer are brows­ing and buy­ing. “The goal is to im­prove con­ver­sion rates and help the in­dus­try be­come prof­itable,” says Vi­jay Shekhar Sharma, founder, Paytm. How does it work? In­ter­net mer­chants are swamped with mind-bog­gling flow of data — for ex­am­ple, Paytm has about 30 lakh vis­i­tors ev­ery day with about 3 mil­lion page views daily. Al­go­rithms help it crunch data on cus­tomer pref­er­ences and in­crease sales.

“Al­go­rithms are the base for every­thing on­line — shop­ping, ship­ping, pack­ag­ing, pay­ments, price points etc,” says San­deep Ag­gar­wal, founder, Shopclues. com, an e-com­merce mar­ket­place. The im­por­tance of al­go­rithms be­comes stark look­ing at the cur­rent on­line mar­ket­place con­ver­sion rates. It is at less than 3% com­pared with that of off line re­tail at 22-25%.

Al­go­rithms will also un­der­pin the fu­ture of ecom­merce com­pa­nies. There was a time when th­ese com­pa­nies could live with that poor statis­tic. Not any­more. They are stack­ing up $150-200 mil­lion in losses ev­ery month, throw­ing good money at cus­tomer ac­qui­si­tions and deep dis­counts. Prof­itabil­ity was not a pri­or­ity. But now they face a fund­ing squeeze and pres­sure from in­vestors to show prof­its.

Pragya Singh, vice-pres­i­dent, re­tail, Technopak a re­tail con­sul­tancy, says the fo­cus un­til now was on topline growth. “In the last few months it’s about how to come out of deep dis­count­ing and show prof­its.”

Flip­kart has been down­graded twice $175-200 mil­lion per month eco­nom­ics <3% on dis­counts

in­tel­li­gent use of data in the last four months by in­vestors Mor­gan Stan­ley and T Rowe Price. In March, the De­part­ment of In­dus­trial Pro­mo­tion and Pol­icy, the nodal agency for in­vest­ments, while al­low­ing 100% FDI in pure mar­ket­places banned deep dis­counts, preda­tory pric­ing and ‘big bil­lion sales’.

With no room for ma­noeu­vring prices to at­tract buy­ers, the route to achieve bet­ter con­ver­sion and re­duce losses is big data anal­y­sis and al­go­rithms.

Praveen Bhadada, part­ner and prac­tice head, Zin­nov, a Ben­galuru-based man­age­ment con­sult­ing firm, sees the re­liance on al­go­rithms as the sec­ond wave of ecom­merce in In­dia. “The first wave was about get­ting the model right, get­ting peo­ple used to the idea of shop­ping on­line. Now, a size­able cus­tomer base is there (about 55-60 mil­lion in­ter­net users shop on­line) and in the sec­ond wave com­pa­nies are us­ing al­go­rithms to im­prove prof­itabil­ity,” says Bhadada.

At any given time, there are 3 to 4 mil­lion vis­i­tors on­line. They spend an av­er­age of seven min­utes view­ing 8-10 pages. By the end of the day, about 15 mil­lion records are gen­er­ated. ComS­core data for Fe­bru­ary for all etail­ers shows 52.98 mil­lion unique vis­i­tors, 4.42 bil­lion page views and about 55 min­utes a vis­i­tor a month.

The min­utes spent on e-shop­ping leave a trail and clues that com­pa­nies want to dive into. What was the shop­per look­ing for? What are his pre­vi­ous pur­chases? What de­vice did he use? How many times has he vis­ited the web­site? “We have to use this ba­sic data — what did a per­son do — for strate­gic ad­van­tage. So, if a user has not logged in for 3-4 days the list­ing might be stale and the al­go­rithm re­freshes it. If a cus­tomer does a lot of can­cel­la­tions, the cash on de­liv­ery op­tion for GMV to im­prov­ing unit eco­nom­ics

& pub­lic data to im­prove rec­om­men­da­tions

Uber like, real time an­a­lyt­ics and prof­itabil­ity

im­prove con­ver­sion rates to off­line re­tail level (25%)

end com­pa­nies like Paytm, Shopclues aim to cre­ate fully au­to­mated sys­tems him is au­to­mat­i­cally dis­abled (the cus­tomer might be do­ing it just for fun),” says Ag­gar­wal. Gen­er­at­ing traf­fic is not the prob­lem for etail­ers. Get­ting cus­tomers to buy is. “We are su­per am­bi­tious about us­ing data to help a per­son find what he is look­ing for. This will in­crease con­ver­sion rate and im­prove prof­itabil­ity,” says Ra­jiv Mangla, CTO, Snapdeal. “We want to de­tect pat­terns in user be­hav­iour to im­prove con­ver­sion.” A num­ber of com­pa­nies are al­ready us­ing al­go­rithms to im­prove con­ver­sion rates. Ugam So­lu­tions is a Ben­galuru based data an­a­lyt­ics com­pany whose clients in­clude lead­ing ecom­merce plat­forms such as eBay, LG and Sta­ples. The com­pany anal­y­ses data for clients and of­fers sig­nals—what in­ven­tory to carry, what mod­els are trend­ing, what are users search­ing for and what com­pe­ti­tion is car­ry­ing. Say a mar­ket­place wants to dom­i­nate lux­ury watches seg­ment, should it carry the whole in­ven­tory from Rolex to Rado or fo­cus on brands like Bre­itling or Chopard which have the more like­li­hood of sales. Mihir Kit­tur, co -founder & CEO, Ugam So­lu­tions, says In­dia is a growth mar­ket where the belt has tight­ened. To be sure, com­pa­nies are look­ing at data with re­newed in­ter­est. Sau­rabh Vashishtha, vice-pres­i­dent Paytm says his com­pany “stores every­thing”. “There’s a huge push to dy­namic con­tent from static a year back.” So if six months back all vis­i­tors saw the sim­i­lar con­tent on each cat­e­gory page, now Paytm has a bet­ter idea and dis­plays con­tent based on what the al­go­rithm picks up. Deepali Tamhane, se­nior di­rec­tor, prod­uct man­age­ment, Flip­kart, says the com­pany is work­ing to­wards achiev­ing the next level of per­son­al­i­sa­tion. “We want to pro­vide our users with what they want, even be­fore they know they want it, of course with their con­sent to use their data.”

Adds Bhadada, “in the small win­dow the user logs in the goal should be to un­der­stand what she wants and not car­pet bomb. At fur­ni­ture e-tailer Pep­perfry, if a pop­u­lar prod­uct, like the Dis­ney almi­rah for kids be­comes too com­mon, more peo­ple may not buy. “There comes a point when it should be moved out. That point is not de­ter­mined by hu­mans but ma­chine learn­ing soft­ware,” says San­jay Ne­tra­bile, CTO, Pep­perfry.

Pric­ing is an­other asp e c t where a l gor it h ms b e - c o me h a n d y. C o n s u l t a n c y Pricewater­house­Cooper’s (PwC) leader data and an­a­lyt­ics Sudipta Ghosh says hu­mans de­cide on pric­ing prod­ucts for off line re­tail­ers. In the on­line world, with mil­lions of si­mul­ta­ne­ous trans­ac­tions, this de­ci­sion is taken by data an­a­lyt­ics. “If price point is too low peo­ple might per­ceive it as too cheap to buy and aban­don pur­chase. This point is de­ter­mined by al­go­rithm,” says Ghosh.

Ac­cord­ing to Bhadada, all types of data is use­ful and out­side the plat­form as well, in lo­gis­tics, ship­ping, ware­houses 5-10% can be saved if data is cor­rect. Al­go­rithms help a lo­gis­tics firm to de­cide on the best de­liv­ery route.

Most com­pa­nies use Hadoop hbase (server soft­ware) to an­a­lyse big data, ma­chine learn­ing tools like R & Paython, which use data to cre­ate busi­ness mod­els and web traf­fic data an­a­lyt­ics from Alexa, Google

for the com­pany, “noth­ing im­por­tant was com­pro­mised”.

In an­other case, a well-known CEO of a big In­dian com­pany, who is now re­tired, was tar­geted. Last Oc­to­ber, the CEO got a threat­en­ing mail from a per­son who claimed to pos­sess pri­vate emails. Some mails were sent as proof. The sender de­manded money for not mak­ing pub­lic the emails. The CEO called a cy­ber-se­cu­rity ex­pert who found that a hacker had man­aged to ac­cess his emails while he was in Europe. The cy­ber se­cu­rity ex­pert be­lieved that this was a tar­geted at­tack. The se­cu­rity ex­pert re­fused to share the de­tail whether or not the money was paid to the hacker or what were the contents of the email.

“While glob­ally BEC (busi­ness e-mail com­pro­mise) is on the rise In­dia has been among the top tar­gets for hack­ers in the last one year,” says Burgess Cooper, part­ner - in­for­ma­tion & cy­ber se­cu­rity at EY.

Wig says the govern­ment too is vul­ner­a­ble to hack­ing. “If I want to make money as a hacker I can just hack into 15-20 mail IDs and carry out stock mar­ket trad­ing us­ing in­sider in­for­ma­tion,” says Wig, who works with govern­ment and pri­vate com­pa­nies to com­bat hack­ing.

There have been sev­eral cases in the past of govern­ment agen­cies com­ing un­der the glare of hack­ers. Re­cently, the e-mail ac­count of a fi­nance min­istry spokesper­son was hacked. Last year, fear of Lalit Modi’s email hack­ing spooked crit­i­cal govern­ment of­fi­cials who were re­ported to be grow­ing rapidly averse to elec­tronic com­mu­ni­ca­tion for fear of be­ing in­ter­cepted or hacked into.

In 2014, In­dia ranked sec­ond on a list of coun­tries most tar­geted for cy­ber­crimes through so­cial me­dia, fol­low­ing the US. The Na­tional Cy­ber Se­cu­rity Pol­icy of In­dia, an­nounced in 2013, aims to cre­ate 500,000 skilled work­ers in the field of cy­ber se­cu­rity in In­dia by 2018.

“Over 100 bil­lion emails are ex­changed ev­ery day, and not one of us has got any for­mal train­ing about us­ing them re­spon­si­bly. CEOs are no dif­fer­ent. Tar­get­ing them es­pe­cially be­comes easy as they are gen­er­ally pub­lic faces,” said Saken Modi, CEO, Lu­cideus Tech, a cy­ber-se­cu­rity firm. An­a­lyt­ics or Adobe’s Om­ni­ture. Be­sides the big data an­a­lyt­ics tools, in­house teams write codes for spe­cific out­comes. Snapdeal has a 25 peo­ple data engi­neer­ing team—which es­sen­tially de­ter­mines what kind of data to col­lect and a 25 peo­ple data sci­ence team which anal­y­ses the data col­lected and tweaks the al­go­rithm.

At a broad level, it could be to push cricket mem­o­ra­bilia or IPL gear in the cur­rent sea­son and at mi­cro level, it could mean woo­ing a Kolkata Knight Riders fan with a KKR T-shirt, a taste picked up from Face­book.

“We have to cre­ate that in­tel­li­gence in con­ver­sion; else it could mis­fire,” says Mangla of Snapdeal. For ex­am­ple the goal could be to max­imise sales. So “shop­pers see prod­ucts from sellers whose re­turns are lower. The soft­ware could also note that cer­tain brand of shirts at a price point of ₹ 800 are sell­ing fast, but all sellers are not get­ting or­ders. It could de­ter­mine the rea­son as poor qual­ity of the cat­a­logue and alert the seller”, says Vashishtha. He says con­ver­sion rate has gone up 50% in the last six months due to bet­ter in­tel­li­gence. Adds Ag­gar­wal of Shopclues, “Data an­a­lyt­ics is sci­ence and de­liv­ers bet­ter re­turn on in­vest­ment than any other sys­tem like mar­ket­ing or ad­ver­tis­ing.” Shopclues trans­ac­tions have im­proved ten times in the last 12 months thanks to al­go­rithms com­pared with the tra­di­tional ap­proach of mass ad­ver­tis­ing.

Pep­perfy uses a sort­ing al­go­rithm that de­tects a po­ten­tial shop­per in Mum­bai or Delhi who have dif­fer­ent needs based on the char­ac­ter of the cities they re­side in. The for­mer gets to see con­tem­po­rary

Prob­lemis­man­yIn­di­an­com­pa­nieshave­be­come big­ger, the hack­ers are go­ing af­ter the emails of the top guns, say in­dus­try track­ers.

In March, Flip­kart’s fi­nance chief got an email from an ac­count that looked sim­i­lar to that of co­founder Binny Bansal, with an in­struc­tion to trans­fer $ 80,000 to a

ven­dor pay­ment lo­ca­tion by adding a two-fac­tor au­then­ti­ca­tion such as hav­ing a sec­ondary sign-off by com­pany per­son­nel

post­ing fi­nan­cial & per­sonal in­for­ma­tion to so­cial me­dia and com­pany web­sites

pro­ce­dures that in­clude a two-step ver­i­fi­ca­tion process for wire trans­fer pay­ments

third-party ser­vice providers, en­sure they are thor­oughly com­ply­ing to your se­cu­rity poli­cies and pro­ce­dures styles and space sav­ing fur­ni­ture while the lat­ter gets op­tions in solid wood, with less con­cern on space sav­ing de­signs. “The goal is to get to know the sweet spot,” says Ne­tra­bile.

Kit­tur of Ugam So­lu­tions be­lieves data an­a­lyt­ics can lead to 3-7% im­prove­ment in bot­tom line and at least 40% im­prove­ment in con­ver­sion rates in the short term. At present there are 50-60 mil­lion on­line shop­pers and 400 mil­lion in­ter­net

Vis­its & Views

26.12 23.96 14.16 13.50 11.41 7.96 52.98 563 1,174 154 381 113 125 4,428 19 18.2 6.1 11.4 6.8 8.0 55 Note: Data is for Feb 2016; To­tal eRe­tail is for top 20 sites; UV is unique vis­i­tors and m is mil­lion; *Ama­zon Sites Source: comS­core users. With ris­ing in­ter­net users, more shop­pers are ex­pected to come on­line.

Karthik Bet­tada­para, CEO, Dataweave, says, “The in­dus­try is shift­ing from blind dis­count­ing to tar­geted anal­y­sis. Now fund­ing is tight, mar­ket­places have to be smart about spend­ing money.” Dataweave, funded by Google hon­cho Ra­jan Anan­dan, Blume Ven­ture and oth­ers, looks at even ex­ter­nal data to cre­ate in­tel­li­gence—like what is the com­pe­ti­tion sell­ing, at what price points, what prod­ucts are peo­ple buy­ing and so on. As com­pa­nies like Paytm move to com­pletely au­to­mated sys­tems, the goal is to be like Uber—do real time an­a­lyt­ics to pre­dict where de­mand is and mul­ti­ply the chance of suc­cess. Sharma of Paytm says Uber has among the best data sci­ence teams in the busi­ness. “We would even­tu­ally like to do it real time—meet a buyer’s de­mand at al­most all times.” bank ac­count. Flip­kart said it was a spoof — where the email orig­i­nates from an out­side source with a fal­si­fied name and ad­dress — and that its email ac­counts were se­cure. “Data se­cu­rity is of ut­most pri­or­ity for Flip­kart... We use Ad­vanced En­cryp­tion Stan­dard (AES) to en­sure data se­cu­rity,” says a com­pany spokesper­son. While Flip­kart, a new-age com­pany, may have put up safe­guards against cy­ber threats, many oth­ers may not be pre­pared to han­dle such is­sues, with cy­ber crim­i­nals be­com­ing more and more so­phis­ti­cated.

Ex­perts say that of­ten the top man­agers are quite care­less. In one in­stance, the top boss of one of the big­gest banks in the country was sit­ting in the lobby of a Mum­bai five-star ho­tel and check­ing his bank state­ments in his emails af­ter us­ing the ho­tel’s WiFi. “When I pointed out to him that this could be dan­ger­ous, he just dis­missed the whole thing say­ing I was be­ing para­noid,” says a part­ner with a cy­ber-se­cu­rity con­sul­tancy who met the boss to ex­change pleas­antries. Ex­perts say though there is con­cern among com­pa­nies that their emails are prone to at­tack most of them are still quite ca­sual about deal­ing with it in a planned man­ner. Many CEOs main­tain more than one email think­ing that se­cu­rity of one is not im­por­tant. The op­po­site is true. “If a hacker can get into one ac­count whose pass­word your sec­re­tary knows, rest as­sured they can hack into all your emails,” claimed an eth­i­cal hacker.

Ac­cord­ing to Lu­cideus Tech’s Modi, it just makes the job of a hacker eas­ier to force their way into an ac­count. If that doesn’t work, the next step gen­er­ally is to send a tar­geted spear phish­ing email from the sales/mar­ket­ing head with an ex­cel sheet ti­tled say, “Pro­jec­tion Plan - Q1”, which if clicked is enough to give a hacker a life­time ac­cess to the CEO’s sys­tem. “Most would fall for it. There is clearly a large gap in the aware­ness and de­pen­dency on emails.”

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.