What’s the
best way to make sure that cyber-crooks don’t have the opportunity to raid bank
or credit card accounts belonging to legitimate customers? By keeping them out
of the system in the first place, according to Oren Kedem, VP of products at
cyber-security start-up BioCatch.
The newest
release of the Tel Aviv start-up’s technology now enables banks and online
financial sites
“In today’s
cybersecurity environment, it’s crucial that financial services institutions
have the most advanced protection allowing them to combat the increasingly
sophisticated attacks we are seeing,” said Kedem. “This is exactly the reason
we have zeroed in on using behavioral biometric authentication to identify
threats such as malware and new account fraud.”
BioCatch’s
take on security gives it an advantage for a proactive approach to catching
cyber-criminals before they actually do anything, BioCatch CEO Benny Rosenbaum
told The Times of Israel. “Online finance and banking sites, among others,
require users to enter names and passwords to gain access, but that still
doesn’t guarantee security. Our system provides a much better level of
protection, checking over 400 bio-behavioral, cognitive and physiological
parameters to create unique user profiles for visitors to banking and eCommerce
sites.”
Similar to
handwriting, said Rosenbaum, each user has an individual “web presence” — a
certain way of moving their mouse, how fast they move it on the page, which
links they click on and in what order, etc. BioCatch calls this the Cognitive
Signature, a sum total of all the factors that go into an interactive session.
BioCatch’s technology can record all this information, associating it with the
specific user who is logged in and interacting with the site.
When a user
interacts with a BioCatch-powered site for the first time, the system records
their behavior, adding it to their user profile along with username and
password information. When the user returns, the site’s authentication system
checks the login information — while BioCatch checks to see if the user’s
Cognitive Signature matches the one in their profile. If it doesn’t, that user
is barred from accessing the online account and information — even if they have
the right password.
BioCatch has
been doing this for about four years, long enough for the company to have built
up a significantly large database to compare legitimate online behavior with
its opposite. It thus has a good sense of what fraudsters do at any stage of
their online activity, including their behavior when opening an account.
One tactic,
for example, is the use of a bot – an automated software system – to open
multiple accounts at online banking sites, on the theory that if most of the
accounts are eventually flagged for suspicious activities, hackers will be able
to immediately switch to their other heretofore “clean” accounts. Another
tactic hackers use could include a spoofed IP address – a fake Internet address
that masks hackers’ location, enabling them to avoid detection by authorities.
Yet another
sign that a bank site is dealing with an automated fraudster is if the process
is too smooth – if forms are filled in too quickly, indicating that the entity
on the other side is not a person (who would presumably have to think about
some of the answers before filling in a form).
BioCatch’s
technology picks up on all these, and much more, and with the company’s
solution installed, a bank site will automatically shut down an account or a
transaction to open an account. On the slight chance that the customer is
legitimate, they will presumably contact the bank directly, enabling the
institution to verify and approve them, despite their suspicious online
behavior.
With mobile
banking becoming more popular, BioCatch recently introduced a new version of
its platform geared specifically to that sector, and last month the company was
granted a patent for “confirmation of the identity of a mobile device user. The
system creates a cognitive biometric signature which takes into account
physiological factors such as left/right handedness, hand tremor and eye-hand
coordination, device ID and geolocation, and other smartphone-specific factors,
in addition to the behavior-based measurements the system uses in its web
interface.
“BioCatch is
pleased to be awarded this patent as an acknowledgement of our innovations in
cybersecurity technology,” said Avi Turgeman, CTO of BioCatch. “Our customers
deserve the most advanced technology on the market capable of protecting
against increasingly complex and hostile cyber-attacks, which is why we are
continuously driven to innovate and stay ahead of cyber criminals.