Biocatch and the process of continuous authentication
LAS VEGAS, Nev. – From a security perspective, the ultimate user experience involves both fraud protection and enabling legitimate users as unobtrusively as possible, BioCatch vice president Frances Zelazny said.
Ms. Zelazny was speaking at Money20/20 in Las Vegas about Biocatch’s new partnership with Samsung that sees Biocatch’s behavioural biometric technology incorporated into Samsung’s SDS Nexsign platform for use in mobile banking applications.
“Today Nextsign supports face, finger and voice biometrics to log in and any repeat authentications that are required throughout a session,” Ms. Zelazny said. “It runs in the background so there’s a continuous authentication over time, minimizing disruptions to the user while also providing a very high level of security inside the banking environment.”
There are two common reasons why continuous authentication is required, Ms. Zelazny explained. The first is when a behavioural anomaly occurs during a session such as someone or something taking over a session without the user’s knowledge. Malware is mistakenly downloaded and, through social engineering, the user is being tricked into giving access to their account.
“(Our) technology is designed to recognize when the legitimate user is no longer present inside a session,” Ms. Zelazny said.
Most account takeover techniques and there has been a major uptake in their frequency, she added. That means fraudsters have figured out ways to bypass older protection methods.
Continuous authentication is also needed because new technologies seeking to provide a top user experience, such as Venmo and PayPal, don’t ask the user to identify themselves because they’re already in the session. In this scenario, behavioural biometrics provide passive authentication that will trigger a response only when an anomaly is seen.
For a system to detect anomalies, it first has to know the actual user. Biocatch does this through a combination of close to 2,000 parameters, Ms. Zelazny said. Typing and scrolling styles, the way a user toggles between fields, traits related to the size and shape of their hand, the presence of a tremor. Biocatch once prevented an L1.6M fraud by noticing the fraudster was scrolling down the middle of the page instead of down the right side of the page, which was the user’s normal style.
BioCatch also introduces invisible challenges that stifle fraudsters without negatively impacting the user experience, Ms. Zelazny said. Think to when you enter data such as your birth month online. That wheel can be set to different speeds that elicit a response (fraudsters, who can apply for 10,000 credit cards every day, don’t use autofill either).
“A robot won’t be able to respond at all,” Ms. Zelazny said.