Behavioural biometrics for 3D Secure

  • Product Reviews
  • 19.11.2020 02:31 pm

buguroo’s behavioural biometrics and deep learning-driven customer authentication technology is traditionally used by banks to stop online banking fraud such as account takeover, new account fraud and phishing, and cut off future fraud attempts at the root. buguroo helps banks verify the user’s identity in real time, throughout the entire online session by analysing the user’s unique set of behaviours and creating cyber profiles for them. The company’s behavioural biometrics capabilities now power buguroo’s offering for card issuers to stamp out e-commerce, Card Not Present (CNP) fraud in the 3D Secure process.

Who needs the product?

Card issuers have long struggled with e-commerce transaction fraud. While the PSD2-compliant 3D Secure payment authentication system should help them with this, close to 10 percent of all 3D Secure transactions still require a step-up verification step where an additional authentication capability can make the difference between successful business or chargeback liability for the issuer.

Traditionally, risky transactions are either approved or denied following a two-factor authentication process including a one-time password challenge. But with one-time passwords (OTP) the prime target for SIM swappers and other user manipulation techniques, this method is far from failproof. With buguroo, the process can be improved to benefit card issuers, merchants and customers alike.

What does the product do?

buguroo’s 3D Secure solution introduces behavioural biometric analysis into the verification step of the 3D Secure process to enable card issuers to accept legitimate transactions initially deemed too risky with utmost certainty, thereby limiting chargeback liability and not losing the sale for the eCommerce business or the transaction processing fee. It does so without burdening the customer, compromising customer loyalty or adding friction to their online transaction experience.

With buguroo’s unique behavioural biometric 3D Secure offering, card issuers can rapidly determine customers from fraudsters and safely approve or deny risky CNP transactions to:

  • Avoid chargeback liabilities due to compromised card information
  • Minimise lost revenue for card issuers and merchants
  • Improve customer experience and satisfaction with transparent, rapid verification
  • Provide Strong Customer Authentication

What other background features are relevant?

Specifically, buguroo’s fraud detection analysis within 3D Secure focuses on keystroke analysis, collecting biometric data from the customer at the point the OTP challenge which is entered along with an additional short string of characters such as an email address. By applying deep learning technology to analyse this data a user can quickly be identified as a customer or a fraudster. The resulting assessment is then reviewed by the card issuer to approve or deny the transaction.

What awards have recognised the product?

Buguroo’s behavioural biometrics technology is widely recognised and celebrated by analysts, industry bodies and awards. In July 2020, buguroo was recognised for its “unique approach for online fraud prevention that no other competitor currently offers” when it received The Frost & Sullivan 2020 European Behavioural Biometrics Solution for Online Fraud Prevention Technology Innovation Award. More recently the company has been named to the latest ECSO Cybersecurity Market Radar alongside the biggest players in the market.

At the 2020 Finovate awards, buguroo won the title of Best ID Management Solution, gaining acknowledgement for its sophisticated identity management and authentication capabilities, rooted in behavioural biometric analysis. A similarly focused event, SC Awards named buguroo as a Finalist for Best Authentication Technology and its technology was recognised thrice on the 2020 Payments Awards shortlist.

Case in point: Stopping SIM swapping fraud during the holiday shopping season

As a record number of consumers are shopping online this holiday season – some, for the first time ever – card issuers will be faced with the complex challenge of authenticating a large number of risky transactions in a way that both maximises their revenue and limits the cost of fraudulent transactions. The rising case of SIM swapping, or simjacking scams shows that a simple one-time password challenge during the 3D Secure verification step is no longer enough to stop evolving fraud tactics.

When a mobile phone is lost, stolen or users switch services over to a new phone, the mobile service provider can seamlessly port the user’s number to a different device. Exploiting this capability, sophisticated fraudsters can call the mobile service provider of a legitimate user, impersonate them – using data acquired through malware, phishing or from organised criminals – and convince the provider to switch the phone number over to the fraudster’s SIM. This allows the fraudster to intercept any one-time passwords sent to the victim via SMS and circumvent any security features of accounts that rely on text messages or telephone calls, rendering two-factor authentication powerless.

Using buguroo’s behavioural biometrics-based 3D Secure offering, card issuers can require cardholders to enter a one-time password as well as a short string of characters into the verification page to determine if it matches the cyber profile, or ‘bionic ID’ of a legitimate customer or a known fraudster. Since buguroo builds a complex ‘cyber DNA’ for each user – including fraudsters – it can compare all collected data against known good and fraudulent users to deliver an additional transaction risk determination to the card issuer.

Other Product Reviews