Identity theft protection is something many Americans are concerned with as more and more fall victim to tech savvy criminals each year. Even more devastating, however, can be the fraud that occurs after an identity is stolen. Each year, in the United States with more than 11.5 million cases of Identity fraud are reported. In 2014, one in 15 people reported being victims of identity fraud, with an average monetary loss of $4,930 per case. In the last three years, nearly $60 million in financial losses were reported due to identity fraud; it is a problem that needs a solution.
Thanks to BioCatch, an authentication and malware detection company, there may be a solution for curbing Identity Fraud early on. The company introduced Thursday an innovative new approach to detecting and preventing identity fraud using behavioral biometrics. The technology boasts the ability to detect fraudsters before they can do damage by analyzing and even influencing the way they interact with software or devices. The approach could mark a whole new territory in the field of information security and identity fraud prevention.
“We’ve introduced something we call ‘invisible challenges’,” BioCatch’s VP of Product Management Oren Kedem told iDigitalTimes. “These challenges are set to influence the behavior of the user, to authenticate identity.”
While banks and financial institutions have sought to harden their defenses against fraudsters, criminals have grown savvier, employing new and more sophisticated tricks for stealing identities and using them to acquire funds fraudulently.
With BioCatch’s latest technology, the company hopes to stop fraudsters in their tracks, before they can steal funds by identifying them for what they are. Using a sophisticated new system of identity authentication known as behavioral biometrics technology, fraudsters can be identified by the way they move a mouse or techniques they employ when inputting information. Analyzing more than 400 bio-behavioral, cognitive and physiological parameters, BioCatch’s technology builds user profiles and recognize authentic vs. fraudulent behavior. The parameters include nuances of behavior such as eye-hand coordination, response patterns, left or right-handedness, hand tremor and click pressure.
But while the use of behavioral biometrics for identity authentication is not entirely new (Google recently announced moving to this kind of technology for identifying human vs. robot users), BioCatch takes the technology a step further, introducing what they call “invisible challenges.” These challenges are meant to not only track user behavior, but also influence it.
“Say for example, you move your mouse to click on submit button. As you do it, our software changes the trajectory of the mouse by 2-3 degrees,” Kedem said. “What happen is, if you continue to move the mouse in the way you were, you’ll actually miss the submit button. This will cause you to respond impulsively to change the trajectory and get back on course. This kind of behavior will be unique to you.”
Though Biocatch’s technology was initially developed as a way to authenticate users, during testing the company realized the use case could be even broader.
“As we used the technology to build profiles, we found that we could track other things too,” said Kedem, “and those things could be used to identify the behavior of a fraudster during new account creation.”
According to Kedem, a fraudster’s behavior differs significantly from the way an authentic user would behave.
“When authentic users go to create a new account, it’s the first time they’ve seen the application so it takes them some time to orient themselves,” Kedem said. ”As they scroll through the page, they might be reading stuff, or analyzing things that are required or optional so behavior is erratic and unmethodical. In the case of a fraudster, however, he does this a hundred times a day, so he exhibits a lot more application skillfulness. This is one of the patterns we look for.”
Besides application skillfulness, BioCatch also discovered authentic users and fraudsters differ in how they input information.
“As users, there are certain kinds of information we are very intimate with,” said Kedem. “For example, our name, phone number, address. These are things we’ve been writing since the first grade. We have an intimate knowledge of this kind of data, and because of this intimate knowledge, we have a certain tone or rhythm for how we input it that’s almost musical.”
In the case of a fraudster, says Kedem, this rhythm or “music” is missing, throwing up another red flag that the user is not authentic.
Besides noticing differences in application skillfulness and input rhythm, Kedem asserts BioCatch can also catch criminal behaviors.
“Criminal behaviors can be things like copying and pasting your own name,” said Kedem. “Who would do that?”
BioCatch has identified a number of criminal behaviors like employing automation tools during the input process and other non-human or robotic behaviors.
“They work hard at this,” said Kedem. “For a fraudster, this is their day job, so they customize all kinds of tools to expedite the process. Using data analysis we can identify those tools and flag them as potentially fraudulent activity.”
All these strategies together make BioCatch a unique approach to identity fraud prevention. As current financial services’ security solutions only employ device and location-based monitoring, they fall short in detecting the advanced Malware often used in creating fraudulent accounts. BioCatch hopes that by protecting users from inception, it will reduce the number of identity fraud cases reported each year.
For more information about BioCatch and their products, visit www.biocatch.com.
For More OSX, iOS, Jailbreak And Infosec News
Follow Cammy on Facebook, Twitter, or Google Plus
Send tips to c.harbison@idigitaltimes.com
GPG Key ID: 56E784D9