An ever growing number of people apply for new credit cards and shop online during the holiday season. According to the National Retail Federation in the U.S., 36 percent of consumers planned to shop online in 2016, up from 34 percent in 2015. Regrettably, the increased volume of digital transactions means increased risk of fraud and account takeover.

Digital transactions are increasingly at risk, especially during high-volume times such as Cyber Monday. Consumers are getting flooded with emails, many of them filled with links to fraudulent apps and sites that install malware on their devices or redirect their information to fraudsters to skim for future use. As it is, 11% of digital sales are at risk of being fraudulent. In fact, The Global Fraud Attack Index (GFAI) states $7.60 of every $100 in sales was at risk in Q2 2016. That’s a 55% increase from the prior year. In addition, The GFAI noted a 62% growth in rate of fraud attacks overall between Q3 2015 and Q2 2016. In the U.S. in particular, they noted a 42.6% increase in fraud attacks since EMV moved the liability shift to merchants in October 2015.

What can institutions and e-commerce sites do to combat the threat? Many are turning to behavioral biometrics.

What is Behavioral Biometrics?

Behavioral biometrics secures web and mobile applications by transparently and continuously authenticating users based on their behavior. Traditional authentication techniques rely on information that can be obtained via social engineering and phishing, or circumvented via Remote Access Trojans and malwareToday’s industry-leading behavioral biometrics technologies incorporate cognitive, physiological and contextual factors to create a unique form of user identification that cannot be lost, imitated or stolen and at the same time can recognize criminal behaviors in a session. Better yet, these profiles don’t infringe on user privacy and are nonintrusive to the user (so as to not negatively impact customer experience).

Using behavioral biometrics, one of the largest e-commerce sites in Latin America was able to prevent more than $500,000 in fraud in one of the busiest shopping weekends of the year.

Behavioral Biometrics and New Account Fraud

The holiday season is an active time for fraudsters as consumers open new credit card accounts at great discounts. Assuming the target will be less likely to identify the fraudulent activity due to increased transaction volumes, cybercriminals leverage the opportunity.

Identifying a user’s unique cognitive behavior so subtly the user is unaware they are being challenged can flag suspicious behaviors and alert institutions of possible fraudulent activity. For instance, cyber criminals might use keyboard shortcuts to enter sensitive information, make mistakes when entering information real users memorize, or might demonstrate over-familiarity with the purchasing process that is atypical of the regular user.

Behavioral Biometrics and Botnets

In retail, the GFAI found 74% of fraud attacks were deployed by botnets that hit the networks of infected computers. Additionally, 5% of fraud attacks are account takeovers.

By recognizing fraudulent human as well as non-human behaviors, behavioral biometrics can help counter identity theft and other malware threats. For instance, the cybercriminal might bank on the onslaught of marketing in consumers’ email inboxes to attempt social engineering techniques to trick victims into installing a Remote Access Tool (RAT). Once installed, the RAT is able to trick device recognition tools so that the bank or other institution sees a genuine user with proper certificates and no traces of proxy, JS code injections, or automated code. Nevertheless, behavioral biometrics can analyze hundreds of behavioral parameters every second to separate direct and remote users and sends alerts when a malevolent RAT is present.

The Risk of Mobile Transactions

Always connected, on-the-move customers today interact with the Internet more often through mobile devices. This shift has had a profound impact on website security, loss prevention, and fraud.

Approximately 2/3 of the J. Gold Associates study said they could quickly detect and remediate fraud on their sites. Yet the 2015 survey of 250 organizations found only 8% had no losses due to fraudulent activity in the past year. In fact, 34% had lost as much as 5% of revenues. Some 14% had lost as much as 10% of revenues and 15% had lost as much as 25% of revenues. Perhaps even more concerning is the rate of false alerts that result in additional lost revenue.

Mobile security’s potential payback is 10-20 times return on investment — J. Gold Associates.

With cybercriminals evolving their fraud attacks at pace with the technological advances in digital transactions, institutions need to be ready for the worst. Proactive prevention and detection using behavioral biometrics can mitigate the costs to banks, credit card issuers, merchants and more. The financial institution or online merchant must see risk from many different perspectives to ensure systems are secured and they are at their most vigilant against risk of fraud and account takeovers.

Download White Paper: Preventing Fraud in Mobile Era


Forter. (2016). Global Fraud Attack Index — Q4 2016.
J. Gold Associates. (2015, February). Mobile E-Commerce: Friend or Foe? A Cyber Security Study.
National Retail Federation. (2016, November). Holiday 2016.
Symantec. (n.d.). Banks likely to remain top cybercrime targets.

Related Posts