Continuous Authentication

Protecting the integrity of a session from login to logout, by matching more than 500 behavioral parameters and analyzing responses to Invisible Challenges.

Next Generation Cybersecurity

With 100% of fraud coming from authenticated sessions, the integrity of an online session is not assured simply at login. The BioCatch Continuous Authentication module develops behavioral biometric profiles of online users to recognize fraudsters, malware, remote access Trojans (RATs) and other cybersecurity threats. The solution proactively detects human and non-human behavioral anomalies to validate identities after the login and prevent account takeover and other cyberthreats.

The solution selects 20 unique features from its 500+ behavioral profiling metrics to authenticate a user — without any disruption in the user’s experience. The features are selected according to highly-advanced machine learning algorithms, which are employed to maximize the profiling process. After a few minutes of user activity, a robust user profile is built. Once established, the system can detect anomalies and suspicious behavior at an extremely high-level of accuracy and low rate of false positives.

The BioCatch behavioral profile is based on:

  • Cognitive factors such as eye-hand coordination, applicative behavior patterns, usage preferences, device interaction patterns and responses to Invisible Challenges.
  • Physiological factors such as left/right handedness, press-size, hand tremors, arm size and muscle usage.
  • Contextual factors such as transaction, navigation, device and network patterns.

Patented Invisible Challenges extract further behavioral information, immune to replay attacks, bots and malware. After comparing the session data to the genuine user’s profile, BioCatch provides a risk score in real-time that can be used as a standalone indicator, or combined with other threat detection systems.




BioCatch works passively in the background without disrupting the user experience. This means applying step-up authentication requirements based on risk, and de-escalating where there is a high assurance of the proper user inside a session. 


Provides actual fraud savings as well as significant operational savings due to fewer escalations to call centers.



Looks beyond static fraud prevention parameters like geolocation, device, token or other information to assure session integrity after the login. 
Learn More About Invisible Challenges