Security

03:45 PM
Becca Lipman
Becca Lipman
Commentary
Connect Directly
Facebook
Google+
Twitter
RSS
E-Mail
50%
50%

Behavior Biometrics a Popular Defense Against Cyberthreats

Banks are capturing behavioral data like swipes, typing cadence, and mouse patterns to identify fraudulent account activity.

At Finovate this week, BioCatch, a firm specializing in capturing and analyzing cognitive biometrics, demonstrated a new trend in mobile security. This concept has been rapidly adopted and wildly effective among major banks and e-commerce firms to stop fraud at the point of sale.

Behavioral authentication tools are capturing the behavioral footprint or cognitive DNA we all use when interacting with a device, be it a PC or a mobile application. A mobile device's gyro can capture the tilt of the user's hold, and the accelerometer captures swipes, pinches, zooms, and typing cadence. It takes only an application upgrade to start capturing subtle bio-behavior data and relaying it back to the bank to build user profiles.

If the sensors and signals show enough divergence in behavioral genetics, it can indicate an account takeover, even if all other elements -- like username, passwords, IP address, and device identification -- appear legitimate.

Malware also has DNA of its own in the scripts that are meant to go in and populate credentials in accounts and execute wire payments or whatever it is designed to do. The scripts are meant to look human, but they can look too perfect, or maybe too efficient. Even with malware scripts that have been made anonymous and developed to be polymorphic (coded to do things differently each time), there's still an underlying behavioral DNA.

This is helping to address one common scenario. Hackers often hire people to go through a stack of identities, compromised or synthetic, to open or enter online bank accounts. Understandably, someone whose job is to hammer out as many new accounts as possible gets good at jumping from field to field, and the mouse movements are more or less the same. Patterns emerge. Now that banks are leveraging biometric identification and machine learning analytics, they are flagged when a number of new accounts appear innocent but have an underlying human behavior that points to a single common user.

[Learn more about the Internet of Things at Interop's Internet of Things Summit on Monday, September 29].

Jens Hinrichsen, senior vice president of business development for NuData Security,which employs behavioral biometrics and predictive analytics as part of its NuDetect solution, says extraordinarily large organizations have already deployed passive behavioral biometric capture technology on mobile and PC channels. It's proven effective every day, minute by minute, in detecting tens of thousands of accounts that appear suspicious based on their behavioral genetics.

"Banks would never have correlated these acts of fraud and false accounts being opened without looking into the behavioral biometrics data," Hinrichsen says. "This kind of ability is opening up doors of how financial institutions and others deal with risk."

The next wave of how security teams can get ahead of the fraudsters is through a real-time non-PII network effect across the industry, he says. If one bank has found that 50 accounts are being opened by the same person, there might be four other financial institutions that have seen the same behavioral footprint attack them and interact with their online applications. Ideally, banks want the ability to correlate that biometric data across institutions in real-time, so damage can be avoided.

At the end of the day, institutions want good people to do more and keep bad guys out. The ability to passively pick up on aspects of what users are doing on multiple channels, and to monitor the underlying biometrics in real-time, is helping firms predict and protect across the lifecycle of their clients.

"You can't get rid of your DNA," says Hinrichsen. "The data is in the device. We just have to make sense of it and make use of it."

Becca Lipman is Senior Editor for Wall Street & Technology. She writes in-depth news articles with a focus on big data and compliance in the capital markets. She regularly meets with information technology leaders and innovators and writes about cloud computing, datacenters, ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
IvySchmerken
50%
50%
IvySchmerken,
User Rank: Author
10/1/2014 | 10:39:50 AM
Re: are banks using this already?
That is deceptive and very Orwelian.
Becca L
50%
50%
Becca L,
User Rank: Author
10/1/2014 | 10:33:21 AM
Re: are banks using this already?
Agreed, and I expect that's why these banks/institutions prefer to stay anonymous.
IvySchmerken
50%
50%
IvySchmerken,
User Rank: Author
10/1/2014 | 10:31:40 AM
Re: are banks using this already?
Even though this isn't personal identifiable information in the traditional sense, storing someone's biometric DNA - mouse swaps, patterns of gestures,  malware etc., is linked to a person's behavior and is being used to trace them for their future actions.  I realize this is meant to be used to prevent cyber crime, but like anything else,  it can be abused. It's a bit freaky that a company can be storing our biometric patterns without our knowing it and without needing to ask permission.

 
fstechexec
50%
50%
fstechexec,
User Rank: Moderator
9/26/2014 | 5:34:36 AM
Re: are banks using this already?
Thank you!
Becca L
50%
50%
Becca L,
User Rank: Author
9/25/2014 | 4:47:58 PM
Re: are banks using this already?
They are, unfortunately NuData's clients do not want to be publicaly identified. However they are large global players. I asked if the capture of biometric data would be mentioned in terms of service on their sites and their mobile apps, but it isn't. This is apparently not personally identifiable information (non-PII) so it does not have to be disclosed to users.
fstechexec
50%
50%
fstechexec,
User Rank: Moderator
9/25/2014 | 4:32:42 PM
are banks using this already?
Are banks using cognitive biometrics already? The beginning of the article suggests that they are, but which banks are doing it?
More Commentary
A Wild Ride Comes to an End
Covering the financial services technology space for the past 15 years has been a thrilling ride with many ups as downs.
The End of an Era: Farewell to an Icon
After more than two decades of writing for Wall Street & Technology, I am leaving the media brand. It's time to reflect on our mutual history and the road ahead.
Beyond Bitcoin: Why Counterparty Has Won Support From Overstock's Chairman
The combined excitement over the currency and the Blockchain has kept the market capitalization above $4 billion for more than a year. This has attracted both imitators and innovators.
Asset Managers Set Sights on Defragmenting Back-Office Data
Defragmenting back-office data and technology will be a top focus for asset managers in 2015.
4 Mobile Security Predictions for 2015
As we look ahead, mobility is the perfect breeding ground for attacks in 2015.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - Elite 8
The in-depth profiles of this year's Elite 8 honorees focus on leadership, talent recruitment, big data, analytics, mobile, and more.
Video