According to a recent study, up to 15 million Americans had personal and financial information stolen in 2016, despite the rise of two-factor authentication (2FA) and credit cards using EMV chip technology. While 2FA and EMV chips provide an added layer of security over older methods, hackers and cyber criminals have demonstrated an increasing ability to overcome even these more stringent security methods, using social engineering to obtain credentials and fooling call centers and other operators into changing necessary information that would allow them access online.

In our announcement this week of our partnership with Nuance, BioCatch introduces the concept of combining risk scores from one channel in order to reduce risk and fraud in another channel.  As mobile fraud continues to rise, it is imperative for organizations to have the most complete picture of all their consumer interaction points:

The Voice Channel

Voice biometrics involves analyzing voice patterns to positively identify someone. Financial institutions use voice biometrics to analyze incoming customer calls and compare their voices against known cyber criminals and fraudsters.

The Digital Channel

Behavioral biometrics is the only practical way to detect fraud on the digital session after the login. Behavioral biometrics is the process of mapping and monitoring over 2000 behavioral parameters unique to a certain individual.

These behavioral biometrics fall into three basic categories:

  • Cognitive traits such as eye-hand coordination, behavior patterns, usage preferences, even device interaction patterns, such as how an individual interacts with their mouse or keyboard.

  • Physiological parameters such as left or right-handedness, tremors and muscle usage.

  • Contextual factors such as navigation, as well as device and network patterns.

Unlike a traditional password-based approach which relies on information that can be acquired through social engineering or theft, and which provides no further protection, behavioral biometrics can be used to continuously authenticate users by their ongoing activity. Because the entire process happens passively and transparently, it has the added benefits of not interfering with a legitimate user and being difficult for a criminal to discover and disable.

Combining the Risk Scores of the Two Channels

Fraudsters will typically employ a variety of different techniques to overcome a bank’s security layers. Calling a customer center using a false identity to change the details associated with an account enables them to receive the SMS code required to access the victim’s online banking account. Banks will be able to more effectively handle sophisticated multi-channel attacks by having synchronized monitoring of the user across both voice and behavioral channels. This simplifies case management at the call center level while saving time and money for the business and consumer.

 

For more information on the combined solution, contact us.

Related Posts