What’s the best way to make sure that cyber-crooks don’t have the opportunity to raid bank or credit card accounts belonging to legitimate customers? By keeping them out of the system in the first place, according to Oren Kedem, VP of products at cyber-security start-up BioCatch.
The newest release of the Tel Aviv start-up’s technology now enables banks and online financial sites to detect fraudsters during the account-opening process, so that they can be booted off the site before they have an opportunity to steal anything.
“In today’s cybersecurity environment, it’s crucial that financial services institutions have the most advanced protection allowing them to combat the increasingly sophisticated attacks we are seeing,” said Kedem. “This is exactly the reason we have zeroed in on using behavioral biometric authentication to identify threats such as malware and new account fraud.”
BioCatch’s take on security gives it an advantage for a proactive approach to catching cyber-criminals before they actually do anything, BioCatch CEO Benny Rosenbaum told The Times of Israel. “Online finance and banking sites, among others, require users to enter names and passwords to gain access, but that still doesn’t guarantee security. Our system provides a much better level of protection, checking over 400 bio-behavioral, cognitive and physiological parameters to create unique user profiles for visitors to banking and eCommerce sites.”
Similar to handwriting, said Rosenbaum, each user has an individual “web presence” — a certain way of moving their mouse, how fast they move it on the page, which links they click on and in what order, etc. BioCatch calls this the Cognitive Signature, a sum total of all the factors that go into an interactive session. BioCatch’s technology can record all this information, associating it with the specific user who is logged in and interacting with the site.
When a user interacts with a BioCatch-powered site for the first time, the system records their behavior, adding it to their user profile along with username and password information. When the user returns, the site’s authentication system checks the login information — while BioCatch checks to see if the user’s Cognitive Signature matches the one in their profile. If it doesn’t, that user is barred from accessing the online account and information — even if they have the right password.
BioCatch has been doing this for about four years, long enough for the company to have built up a significantly large database to compare legitimate online behavior with its opposite. It thus has a good sense of what fraudsters do at any stage of their online activity, including their behavior when opening an account.
One tactic, for example, is the use of a bot – an automated software system – to open multiple accounts at online banking sites, on the theory that if most of the accounts are eventually flagged for suspicious activities, hackers will be able to immediately switch to their other heretofore “clean” accounts. Another tactic hackers use could include a spoofed IP address – a fake Internet address that masks hackers’ location, enabling them to avoid detection by authorities.
Yet another sign that a bank site is dealing with an automated fraudster is if the process is too smooth – if forms are filled in too quickly, indicating that the entity on the other side is not a person (who would presumably have to think about some of the answers before filling in a form).
BioCatch’s technology picks up on all these, and much more, and with the company’s solution installed, a bank site will automatically shut down an account or a transaction to open an account. On the slight chance that the customer is legitimate, they will presumably contact the bank directly, enabling the institution to verify and approve them, despite their suspicious online behavior.
With mobile banking becoming more popular, BioCatch recently introduced a new version of its platform geared specifically to that sector, and last month the company was granted a patent for “confirmation of the identity of a mobile device user. The system creates a cognitive biometric signature which takes into account physiological factors such as left/right handedness, hand tremor and eye-hand coordination, device ID and geolocation, and other smartphone-specific factors, in addition to the behavior-based measurements the system uses in its web interface.
“BioCatch is pleased to be awarded this patent as an acknowledgement of our innovations in cybersecurity technology,” said Avi Turgeman, CTO of BioCatch. “Our customers deserve the most advanced technology on the market capable of protecting against increasingly complex and hostile cyber-attacks, which is why we are continuously driven to innovate and stay ahead of cyber criminals.”