The sixth episode of Digital Tells: A BioCatch Podcast examines the market for behavioral biometrics. What are the top challenges in preventing fraud in digital channels, and what technologies are on the radars of fraud practitioners? How do organizations like BioCatch partner and innovate with financial institutions to identify and isolate the Digital Tells that can help detect fraud? And how may behavioral biometrics evolve in the metaverse?
Digital Tells’ host Peter Beardmore opens with an account of his recent conversation with Billy Beane from The Oakland A’s baseball organization. His discussion draws parallels between the evolution of baseball in the 21st Century with the game-changing digital analytics that have changed nearly every industry. Tom Field, SVP of Information Security Media Group, discusses the 2021 Fraud Transformation Survey: Detecting and Preventing Emerging Schemes. BioCatch Chairman, Howard Edelstein and BioCatch Co-founder, Uri Rivner share stories of innovating with customer development partners. And Peter Beardmore reflects on future opportunities for gleaning emotional insights in impassive online transactions.
When first introducing the concept of Behavioral Biometrics back in episode 1 of this podcast, we drew a parallel to the story of Billy Beane - the Oakland Athetics baseball team general manager whose adherence to Sabermetrics, a statistical and analytical approach to the game, revolutionized the sport. A few weeks ago, shortly after recording episode 1, I actually had the opportunity to speak with Beane in an event BioCatch hosted. I blogged about it shortly thereafter, there’s a link in the shownotes.
Anyway, I took the opportunity to challenge Beane a bit. Because while he became famous following multiple division championships, a best-selling book and a hit movie (starring Brad Pitt) ~ there’s been a lot of criticism about Sabermetrics kind of - well ruining the game of baseball. There’s this pace of play problem, games are running longer, attendance is down, the fan base is older than those of other sports.
And Beane was - unapologetic. He said look - data analytics is revolutionizing everything. It’s not just baseball. It’s every industry. And the game is different. Everyone has access to the same data he has. So a part of the game is now the analysis of every minute decision he and his in-game managers make / on the internet, on sports talk radio. And while Beane didn’t mention them - there’s also fantasy sports and sports betting. In fact in 2019, the last full season before the pandemic, Major League Baseball earned record revenues ~ despite the complaints of purists that attendance is down 14% from its highs.
The game of baseball didn’t end in the early 2000’s and start anew. It evolved, and continues to. And so too does human engagement with the digital world continue to evolve.
In this, the final episode in Season 1 of Digital Tells - we’re taking a look at how the market that BioCatch serves - the business of preventing fraud - is evolving. What are their greatest needs? How are their needs changing? And how is BioCatch innovating to meet some of those evolving needs? And finally, how might behavioral biometrics be applied to future opportunities and requirements that stem from the metaverse.
That’s a lot to do, so let’s jump right in with a recent discussion I had with Tom Field. Tom is head of editorial operations with Information Security Media Group. Since launching their original property, Bank Info Security about 15 years ago ~ ISMG has expanded to 34 media properties and an audience of 950 thousand security leaders.
ISMG recently published a study that BioCatch sponsored, there’s a link in the show notes, about the latest fraud trends, and the top priorities and challenges for fraud practitioners.
I asked Tom about the challenges fraud practitioners are dealing with ~ particularly around choosing and implementing technology that prevents fraud ~ while ensuring that that same technology isn’t also preventing business.
Tom Field [00:03:07]
Well, great question, because we asked, what are your top challenges in preventing fraud attacks, particularly in the digital channels and tied for number one, were the lack of resources or budget to be able to adopt new fraud prevention tools? And that's no surprise. Nobody ever has enough financial resources and there are more tools out there now than anyone could can hope to account for. So lack of resources, number one. Tied with that limited visibility into the risks introduced by new digital technology, for instance, faster payments platforms. And again, so much of this comes back to the digital transformation where your employees and your customers alike are more remote, more digital than ever before, and you're just challenged to be able to understand which users, which devices, which applications you're dealing with. So no surprise with visibility that's consistent. But coming right behind that, a percentage point behind that was increased customer friction due to multifactor authentication or other controls. And it tells the story that our respondents are challenged because they do want to add extra controls, but they're extremely concerned about putting off their users to the point where they abandon a transaction or abandon the company altogether. So it's a top three challenge.
So that friction issue is a recurring one, right? We seem to be at this point in the evolution of our digital lives where it’s easy to apply technology to stop the bad stuff, but if you can’t apply it with some degree of surgical precision, you can easily kill the patient / or perhaps to be less dramatic / ruin the relationship.
Tom Field [00:05:09]
You know what doesn't come out in the survey, but we understand is that the landscape has changed considerably. Customer expectations now are whether I'm dealing with my bank, whether I'm dealing with my grocery store, whether I'm dealing with my favorite Chinese restaurant. I expect the same digital experience I get from Netflix, Hulu and Amazon.
So are these problems insurmountable? Are financial institutions confronting the challenge?
Tom Field [00:05:42]
You know, I think there's a couple of things you can be encouraged about. One is that of all the respondents we had, only three percent reported that they would see a decrease in funding for anti-fraud in 2022. So 97 percent of respondents are expecting at least level funding, if not significant increases. So I celebrate that, first of all. Next, when you look to what they want to add in the next 18 months, transaction analysis and monitoring tools, behavioral biometrics and analytics, device ID and intelligence, cross-channel fraud detection, physical biometrics, voice, facial fingerprint. And so that tells me that there's a much smarter approach to anti-fraud controls, looking less at what somebody knows and more who somebody is.
Financial institutions are moving forward. They are confronting challenges. They’re looking beyond the limitations of historically binary account data and credentials (what somebody knows - inherently stealable information) - and bridging that data with ‘who somebody is’ - for purposes of preventing fraud - yes - but there’s much more opportunity that comes with understanding your customer. Speaking of customers ~
How do organizations like BioCatch evolve to meet customer needs? How can behavioral biometrics evolve to identify new opportunities and solve new problems for financial institutions and digital channels.
You may recall meeting Uri Rivner in our first few episodes. Uri is one of BioCatch’s founders. When I interviewed Uri he told me a story that illustrates how BioCatch and our customers collaborate, share relevant data, and use that information to zero-in on the Digital Tells that indicate out-of-the-ordinary behavior.
In this case, BioCatch was working with a new customer, a big online payments provider, It was the early stages of implementation, and we were fine-tuning behavioral biometrics on an ecommerce platform servicing small business websites. One of those businesses was a manufacturer of paper straws. Here’s Uri.
This was an e-commerce company in San Diego selling paper straws. And of course, in California, you have to use paper straws rather than plastic straws. Right? Normally you buy a pack. You know, if you're a restaurant, you can buy a crate. Full crates, OK? Ten thousand straws. There was a huge order that was made using that platform. I'm talking about twenty five thousand dollars worth of straws, all sorts of straws. Sixty two crates. And all of these crates had to be shipped very urgently with a huge shipping bill. Ten thousand dollars of shipping to the island of Tuvalu. Where is Tuvalu? It's an island in the Pacific Ocean. It is eleven thousand people. They don't need that many straws.
Ok, so once you know where and what Tuvalu is, any human being can deduce that there may be fraud afoot, right? But for non-intelligent IT and ecommerce systems, not so much. And, well, I should cut to the chase, this wasn’t a success story, initially anyway. The transaction went through.
They allowed the money to move and then they actually were curious about that specific case. So they called the merchant and asked the merchant, this paper company can tell us about this interesting order to Tuvalu said, yeah, the guy told us that they have like a resort in this Pacific Ocean Island and they need a lot of straws. And, you know, the shipping bill was like crazy, like ten thousand dollars. But they give us a corporate credit card and it went through. So once the money was inside their accounts, our account, the merchant account, we got a phone call from from that person. And they were saying that they made a mistake, a terrible mistake. Like they didn't realize that the shipping is so expensive. Ten thousand dollars for the shipping. This is way too expensive. There's another company that could do it in like two thousand dollars. Can we do as can we do them a favor and move the 10000 to that shipping company and they'll do that specific shipping and then anything else that we need and all that. And we already got the money. So we said, OK, fine, we'll do it. So we move ten thousand dollars to that shipping company. Of course, it was all a hoax. There has never been that shipping company was just a fraudster's bank account in the US. So that's the result of the fraud. So the fraudster has a credit card, a stolen credit card, OK, they do all of these elaborate scam. And at the end of the day, the merchant moves ten thousand dollars from their own money, of course, to because they have to they have to move the money back. Right. It's a chargeback. Right. They have to return all of that. So from their own money, they move it to the bad guys. And this is a perfect example of a scam, right. Scam social engineering. You know, there's there's no end to it.
So what did we learn? Well, in addition to hearing a well told story about a classic chargeback scam that small businesses are constantly encountering… when BioCatch went and looked at the session we discovered something interesting. In this case, the user didn’t know anything about the credit card they were using. It was all cut and paste. And for credit card numbers that’s actually not all that unusual in business transactions - often that number is stored somewhere and just copied. The expiration number was also pasted in. That’s actually a bit more unusual. I mean, who needs to copy/paste a 4-digit number? Right? But the Digital Tell in this case though was the zip code. It was also pasted in - and in a shipping field too. I mean who copy/pastes their own zip code? Turns out, pretty much nobody.
But it’s this kind of information sharing and learning that leads to new solutions and use cases. The process of innovation that BioCatch shares with its development partners is continuous. This zip code variable today informs a lot of BioCatch use cases, an is literally one of hundreds that’s now being used for BioCatch’s Strong Customer Authentication solution (or SCA). We haven’t discussed SCA on the podcast yet ~ maybe more to come on that in season 2 - but basically, it’s about ensuring that ecommerce credit card transactions are genuine.
To put a finer point on I asked Uri River specifically about how these new ideas and projects come up with BioCatch customers, particularly those customers who eventually become BioCatch development partners.
So the idea is you respond from time to time to emerging needs. This is the creativity and the more experimental phase of research. New detection is another good example or anything to do with scams because they’re also evolving and where the existing products simply doesn’t help. So you need to do some research, work with a design partner, create a model, make sure that it’s running and then it’s repeatable and scalable, then make it a part of your product offering. It is important to put it inside the product offering because then everyone can benefit from this, not just the specific project of course, but that’s the way things are being done. You know, typically in this line of work, you don’t have smart people sitting in the room designing something and then launching it and asking people to use it. It’s more like, you know, it’s working fine. And if it’s not working fine, you want to know why it’s not working fine. What is it that it’s not detecting. Let’s actually figure it out and let’s build some functionality around it. Sometimes it’s something that does not detect well, sometimes it’s something like a new type of, let’s say, insight that the industry is interested in. I think it’s a 2-way conversation by the way. It’s not just that it’s coming from the market. Sometimes it’s the data science team coming up with all sorts of very interesting insights and then talking to the banks and saying hey, will you be interested in that? So I wouldn’t categorize it as a one-sided streat mof information. You know BioCatch has smart people. The banks have smart people. And typically it’s the combination of the two to develop these sort of new offerings.
When I first came to BioCatch, this development process, and the way the product roadmap works as a result ~ came as something of a revelation to me. Having spent most of my career in product marketing for security and hardware companies ~ I’ve been involved in all sorts of customer interaction, thousands of trade show floor conversations, given hundreds of executive and user briefings, been behind the 1-way glass for focus groups ~ and usually found ways to bring valuable insights from these interactions to the product lifecycle management process ~ but at the end of the day ~ product teams build products and hopefully… customers buy them. But when it comes to working with behavioral data, you REALLY need to work with live data, and share insights and tweak UI’s, get the ‘truth data’ - the results of investigations into fraud and customers’ intentions - to really understand what these Digital Tells are, where to find them, how to interpret them, and then apply them. The term “Development partner” has taken on a whole new, much more literal meaning for me.
These partnerships and conversations with our customers also reveal other pressing business issues. A few minutes ago Tom Field talked about the importance of customer experience. You also met Howard Edelstein, BioCatch’s chairman in earlier episodes. When he and I spoke he also shared some experiences about working with our customers and development partners to uncover other potential benefits of behavioral biometrics.
And I'll give you one. I was just on the phone with 10 days ago. They actually brought a bunch of their high end executives who are interested in innovation and differentiation in the bank to a discussion that we had and what else behavior can do for them. All of a sudden you see the ideas flowing out because they just didn't have any exposure to the technology that could help them. Because in this particular case, it was, quote unquote, locked up or focused on fraud prevention and risk mitigation, not in customer experience or tuning, you know, products, you know, like, for example, you know, who did you give more credit faster? You don't have to frustrate them. I mean, there are a million things you can do if you have comfort, knowing that the person who walked to the bank is X, Y and Z.
Knowing the person, it turns out, may reap benefits far beyond detecting fraud or determining if users are involved in scam or money mule activity. Imagine the potential commercial benefits if digital merchants could read the digital tells of a customer in the same way a salesperson at a jewelry counter or a car dealership can read the body language and tone of a prospective customer. Emotional insights into customer behavior may be the next holy grail of ecommerce. What does it take to build trust with a customer, to put them at ease, to communicate the right message at the right time? I recently wrote a blog on this topic and BioCatch published a paper called Creating Trust and Ease with Emotional Insight in The Digital World. We’ll share a link in the show notes.
Before we wrap up this season of Digital Tells, I just wanted to share some thoughts about what else may be coming. What forms might behavioral biometrics take in the future? The week before recording this episode, Facebook announced it’s namechange to Meta, which came with all sorts of futuristic messaging and CGI visual backdrop that resembled the futuristic dystopian movies like Tron and Ready Player One.
It got me thinking, will behavioral biometrics have a role to play in a future where AR, VR, and wearables are ubiquitous in our daily lives?
I asked Uri Rivner if he thought Behavioral Biometrics will have a place in that world.
Yea, definitely. It’s only a matter of time. And I think also inside cars. So the way you drive the car and or your behavior inside all sorts of, you know, situations. Yea, definitely. That’s another thing that behavioral biometrics at some point will evolve into. At the end of the day, you track human behavior. Right. And you try to understand the way they normally behave in order to see if there's any kind of anomaly, their behavior, to see if there’s any known criminal behavior or other types of behaviors that are likely undesired. So yeah, I would say that today we operate using certain types of channels. But as time goes by, there’s going to be new channels and behavioral biometrics will evolve with those channels as well.
So as we learned at the beginning of this episode, while the market is clearly communicating a need for the benefits of behavioral biometrics today - there’ll almost inevitably be a need to understand Digital Tells so long as digital evolves.
Digital Tells is written and narrated by me Peter Beardmore, in partnership with my producer Doug Stevens of Creative Audio and Music, and with the unwavering support and sponsorship of my employer, BioCatch.
Special thanks to Tom Field, Uri Rivner, and Howard Edelstein.
For more information about this episode, behavioral biometrics, or to share a comment or idea, visit biocatch.com/podcast.
This is the final episode of the first season of Digital Tells, but please subscribe if you haven’t already to Digital Tells on Spotify, iTunes, or wherever you listen to podcasts. You may find us back in your feed with a bonus episode in the not-too-distant future.
Until then, take care.