08.11.2016 12:57 pm
Here's a paradox of the Internet age: Even as IT departments ramp up cybersecurity measures, hackers continue to get away with mass attacks on databases, harvesting user information and bank account data, which is successfully used by online crooks to clean out the bank accounts of innocent victims. It seems that no matter how much cybersecurity companies throw at hackers, they're always behind the eight-ball.
The folks at BioCatch have noticed this as well – and in response they have taken a different approach to security. The global leader in behavioral biometrics, BioCatch’s technology for both desktop systems and mobile devices checks hundreds of the biometric characteristics of users who interact with banking and other sites, determining whether or not they are whom they claim to be. BioCatch bases its security system on site-based biometric authentication, where the way a user interacts with a site is compared to an existing online profile of that interaction.
A Better Biometric Measuring System
Throughout a session, users are constantly “tested” against that profile, which contains hundreds of data points describing how a user scrolls on a site, the pressure used to click on a link, which data field they fill out first, the way a person uses their device based on how they move their fingers when touching the screen, the way they scroll, and the way the accelerometer behaves in response to movements, and much more.
The system has proven to be a major success with sites, and BioCatch currently protects more than 1 billion transactions per month, helping to significantly reduce fraud and identity theft. While other biometric solutions measure only a few aspects of user behavior, BioCatch measures hundreds – creating a unique user profile for each user that makes it impossible for hackers to imitate.
Now, BioCatch has announced that it is releasing an updated, next-generation version of the system – with fast processing of risk-score calculation (which indicates whether a user is legitimate or not), providing real-time behavioral insights, as well as a new graphical user interface for the “Analyst Station”, BioCatch’s flagship analytics tool, enabling fraud teams to further investigate and analyze fraud cases.
New Features, Faster Detection
While the current system is being used at hundreds of banks and enterprise organizations, BioCatch 2.0 will allow organizations to more easily and quickly scale the solutions. The new system provides richer data collection of behavioral parameters, and significantly broader identification of remote access Trojans, bots, aggregators, and malware.
In addition, data for a session is now collected not just on an individual page, but between pages as well, ensuring a more complete profile against which to compare a user's session behavior. Failed login sessions are also stored, in order to allow the system to track bots or fraudsters performing multiple attempts at login with different credentials – providing a layer of protection to thwart cybercrooks even before they interact with a site. Search capabilities have also been expanded to cover more parameters, and analysis of search results has been improved as well. Also expanded and enhanced are mobile app analytics, including analysis of mobile users’ tap and acceleration behaviors. And, the system includes built-in protection against various aggregators and malware, including Ramnit.
Fighting and Winning the Losing Battle
That current cybersecurity protection is ineffective is clear. “45% of online users experience malware and 25% experience account hacking according to a Kaspersky Lab Consumer Security Risks Survey issued in 2015,” said Eyal Goldwerger, CEO of BioCatch. “Compounded further by threats that are relentless and constantly changing, it is important to go beyond traditional fraud prevention and authentication methods and look for ways to ensure that a person is who they claim to be throughout an entire session, without creating friction in the user experience. Our customers require a solution which can passively and seamlessly distinguish a legitimate user from an imposter, providing information in real-time while preventing false alerts. BioCatch 2.0 is designed to stay ahead of the curve, capturing maximum data points and providing the tools that make it easier for fraud and security analysts to do their job.”