On Alert for Anomalies

Physical Security

​​​

On Alert for Anomalies
 

Equens is one of Europe’s largest payment providers, serving banks, retailers, and a variety of other merchants throughout the continent and abroad. The company facilitates transactions for everything from ATMs to point-of-sale (POS) terminals, which adds up to billions of payments processed per year. For example, every time someone pays with a card at a retailer using its services, or when someone enters their debit card into a client ATM, Equens receives a log in its network.

All of those transactions coming in 24 hours a day, seven days a week have to be managed to support the vendors that rely on the company. Equens has a control center from which it monitors operations called the Centrale Operativa Allarmi (COA), or alarms control room. Located in Milan, Italy, the COA is where operators look at the data. If there is failure at some point in an application or a transaction, the center’s 20 engineers work to solve the problem. Operators are responsible for reviewing notifications and alerts, connecting with specialists to see what the problems are, and resolving the problem by interfacing with customers.

Mauricio Chiametti, team manager of the COA, says Equens implemented data-analytics software called Splunk a few years ago to be able to more easily view the transactions happening in the logs. Splunk is an application that monitors log data and aggregates it into different databases according to factors predetermined by the end-user. 

But Chiametti says that while Splunk was helping COA organize the information, it was customers who were still reporting when a transaction failed, and other errors. “Normally we have 10,000 POS transactions every hour. And during this hour, we may receive 90 percent successful and 10 percent failed transactions,” he says, “but we don’t see the failed transactions because Splunk doesn’t send those alerts,” he notes.  

Equens wanted to reduce the amount of time its engineers were working to solve problems, as well as prevent the issues from creeping up again. In April 2014, Equens found Prelert, a solution that works off of database configurators such as Splunk to detect anomalies. Prelert works by analyzing traffic, then building a baseline of what is normal through machine learning. It then compares incoming traffic against that baseline to detect anomalies. 

“In the life of an analyst, when something goes wrong, one of the first things they want to say is, ‘okay what is different? This worked yesterday, why didn’t’ it work today, what’s different between today and yesterday?’ And previously Equens had to do this manually,” says Mike Paquette, vice president of security at Prelert. But now he says Equens benefits from the anomaly detection service and can solve problems before a customer contacts them.

Chiametti says that a frequent issue is that the cardholder does not have money, or has entered an incorrect PIN, but the Equens team investigates every problem to be sure. “When there is a situation, first we have to verify if we’re the problem,” he notes. “If we see Equens is not the problem, we immediately call the bank.”  ​