We’ve written previously about the differences between behavioral analytics and behavioral biometrics and why behavioral biometrics is the better solution for identity fraud and defending against cyber threats. But as behavioral biometrics goes mainstream, it’s worth noting that emerging approaches have significant differences in how they address identity fraud, eCommerce fraud, and more.
Traditionally, behavioral biometrics focused on matching user profiles to solve the authentication problem: Are you who you claim to be? But this required a baseline profile to match against. Today’s identity challenges need a more in-depth and continuous approach.
Advances in technology can address the challenges. By extracting thousands of parameters and leveraging deep domain expertise to analyze the cyberpsychology behind behavioral interactions, powerful insights can be gained and then applied to many non-traditional use cases, like identity proofing, vishing and other scams, and determining user intent.
7-Eleven Japan and British Airways Learn the Hard Way
A week after launching a payment capability for its mobile app, 7-Eleven Japan was forced to suspend accepting new users or to allow existing users to add money to their mobile app. This action was taken following a slew of account takeover attacks in which a fraudster accessed various accounts and purchased items at its convenience stores, including cigarettes, which could be sold on the black market. Approximately half a million dollars was stolen from 900 customers.
The account takeover was done via an automated script that requested a password reset; by knowing the user’s date of birth, email and phone number – details readily available on the dark web – fraudsters were able to circumvent the login process.
Another version of this type of scam is opening a new account using a stolen credit card and then redirecting a refund to a different account, as we reported with the case of the 740,000 straws being shipped to Tuvalu, an island with a population of 11,000.
Finally, the British Airways breach involved a website redirect that compromised the personal details of about 500,000 customers, resulting in an unprecedented £183M fine per Europe’s new privacy protection rules.
The above examples represent a variety of online retail fraud and types of identity theft, which necessitate an equally varied and nimble response. According to Javelin’s latest Identity Fraud Study, online retail accounts are now the third most popular types of accounts targeted by cybercriminals, following bank accounts and credit card accounts, making the growth rate of online shopping fraud twice that of the growth of online sales.
BioCatch’s Broad IP Portfolio Addresses the Entire Digital Identity Lifecycle
Recently, BioCatch was awarded its 42nd patent, an unprecedented milestone among our peers in the behavioral biometrics world and beyond. In addition to the patents already granted, the company has an additional 23 patent applications that are pending.
The BioCatch patent portfolio addresses a wide range of scenarios, including:
- Remote access (RAT) - Traditional fraud detection tools are not capable of recognizing most remote access attacks because fraudsters know how to take over authenticated sessions. On the other hand, BioCatch has very differentiated IP on its process of detecting the presence of a remote access user or multiple users in a session.
- Device spoofing and emulator detection - Fraudsters harvest data via malware to make their own device appear to use the same browser extension, OS attributes, and more to further impersonate a victim. With nearly 10 patents addressing just this threat alone, BioCatch behavioral biometrics provides an added layer of visibility, looking at the user behind the device, not simply the device or its attributes alone.
- Password recovery and resets – This is traditionally done via KBA questions or sending SMS codes, methods which are easily circumvented by fraudsters. BioCatch patents use techniques like Invisible Challenges™ and other methods of extracting and analyzing human behavior to prevent an account takeover.
BioCatch’s intellectual property portfolio has translated into a robust product offering that enables the company to extract more behavioral parameters, tackle more use cases, and go beyond a point solution at login. Today, BioCatch provides a market-leading solution for identity and eCommerce fraud. The technology protects against new account fraud and provides continuous authentication from login to logout for more than 90 million users by recognizing a variety of cyberthreats and very sophisticated social engineering scams without compromising the user experience.
Find more information about our technology here.