Stopping Account Takeover Fraud When Traditional Cyber Defenses Fail
Account Takeover (ATO) attacks are on the rise, driven by the incessant attempts of cyber criminals to take over accounts from afar and automate fraud. Despite traditional fraud detection measures and cybersecurity safeguards, malware and RAT attacks remain prevalent. Social engineering and technical subterfuge are also weapons of choice, as fraudsters gain access to victims’ machines and steal credentials, trick users, intercept consumers online, or monitor and intercept consumer activity. Undetected account takeover attacks can result in direct losses to account holders and have a long-term detrimental effect on business and customer confidence.
Today’s fraudsters are also patient and willing to leverage any opening to infect or attack. Savvy cybercriminals wait until after a user authenticates themselves and is logged in to commit fraud, bypassing traditional fraud prevention tools. By triggering malware well after it has been installed, a fraudster’s work can go undetected for an average of 170 days.
Fraud Detection for Today’s Cyberthreats
Traditional fraud detection solutions are solving yesterday’s problems, relying on passwords, two-factor authentication, and device ID to block cybercriminals at login. But today, 100% of fraud occurs within authenticated sessions. BioCatch’s Threat Detection Capability offers a new level of fraud detection and account takeover prevention that secures sessions from login to logout.
Biocatch’s technology detects malware, bots, aggregator, and other Remote Access Trojans that bypass login defenses. Each of these forms of attack behave differently than a human being would, meaning they exhibit their own unique behavioral patterns that BioCatch’s fraud detection technology can identify. Many of today's RATs are human as well, using social engineering to take over sessions by tricking victims into logging into their own accounts. BioCatch’s patented technology analyzes hundreds of human and non-human behavioral parameters every second to detect behavioral anomalies in a session and prevent advanced fraud tactics in real-time.
How Our Technology Detects Account Takeover Fraud
Create the User Profile: The BioCatch system collects and analyzes over 2000 behavioral parameters including hand-eye coordination, pressure, hand tremors, navigation, scrolling and other finger movements, etc. To create the user profile, the system detects the parameters that are most strongly associated with the user meaning that, for those parameters, the user does not behave like the rest of the population. Each person’s profile is made up of different unique parameters and can be linked across devices.
Generate Invisible Challenges™: Subtle tests are injected into an online session to elicit responses. Since the user is unaware of the invisible challenge, there is no way for a human or bot to mimic or predict the response.
Produce Actionable Risk Score: The system looks for different kinds of fraudulent activity – criminal behavior, malware, bots, RATs, aggregators, etc. – and analyzes the behavior in a session to compare against the user’s behavioral profile. A high risk score generates an alert in real-time.
Benefits of Our Fraud Detection Technology
Behavioral biometrics can identify RAT in the Browser, RAT in the Mobile, Social Engineering, Man in the Browser and Man in the App attacks, robotic and aggregator activity as well as malware manipulating data and spoofing attacks.
BioCatch identifies the sluggish responses common with network latency, overshoots and the delayed corrections characteristic of remote access attacks. BioCatch’s ability to detect RATs was confirmed by MRG Eighties, a UK-based, independent IT security research organization.