A new approach to fighting online fraud before it happens

Synopsis: 

Consumers are more at risk of identity theft and online fraud than ever before. Revelock, previously buguroo, recently rebranded to reflect its change in direction as it pivots alongside constantly evolving fraud techniques. The company is focusing on not just revealing or detecting attacks, but continuously adapting and responding to the ever-changing threats in order to deter bad actors and increase the costs of committing fraud. Pablo explains to us what the company is seeing most often at the moment in terms of online fraud trends, and why the current fraud landscape is calling for a new approach based on knowing your user and an Active Defense.

The shift to a digital-first world accelerated by the pandemic has enabled bad actors to target more consumers using sophisticated means. Can you briefly tell us what is currently happening in terms of fraud and scams, tactics, techniques, types of fraud?

Since the start of the pandemic, the inboxes of millions have been filled with fraudulent emails promoting fake drugs, disinfection supplies, financial assistance packages or other services to help people get through lockdown. When combined with information from data breaches and information gleaned from social engineering, emails impersonating government and health authorities have been successful in getting people to click on malicious links. 2020 saw phishing-based attacks double from 100,000 per month in January 2020 to 200,000 in December 2020 as reported in APWG’s Phishing Activity Trends Reports 4th Quarter 2020.

When unsuspecting victims give out personal information voluntarily, it can be used to create synthetic identities and mule accounts. Clicking on malicious links can download software onto the user’s device which can intercept sensitive information such as usernames or passwords. Or they can download Remote Access Trojans or ‘RATs’, which are particularly insidious as they can be used by fraudsters to obtain complete and anonymous control of a user’s device. Once they’re in charge, the bad actors can access a user’s online bank account, or just hijack an online banking session and steal funds. 

Companies offering fraud-fighting solutions often talk about KYC, or Know Your Customer, but Revelock adds KYU, or Know Your User. Can you shed some light on the differences here?

Banking regulations require companies to Know Your Customer and verify customer identities before opening an account. The traditional method of verifying customer identities is based on a one-time check of information such as name, address, date of birth and an identification number, followed by the creation of an online account. Unfortunately, many people reuse the same username and password across many of their accounts and unfortunately, a lot of personal information including usernames and passwords have been exposed in data breaches of thousands of sites, including even breaches of KYC databases! Breached data is available on the dark web and bad actors are simply logging in and taking over accounts or using other people’s personal information to open new accounts. As a result, a one-time KYC verification of a person’s identity and one-time authentication using username and password at login, is no longer good enough. 

What we are doing is Know Your User or KYU, where we continuously observe how a person is typing or swiping, when and where the user is logging in from, what device they are using and thousands of other parameters to recognise the real person who is actually using the account. We use behavioural biometrics and hybrid-AI systems to create a BionicID for each and every user. This BionicID works like a digital fingerprint, as each one is unique to the user. This means Revelock can know every user on a granular level and identify even the smallest anomalies that indicate that this is not the true user.

If a bad actor uses a bot to create a new account or if a bad actor types in a customer’s username and password to login and takeover the account, or if through an mRAT or some other brand new attack vector a bad actor takes over an account, our system instantly knows that this is not the correct user and immediately takes actions to stop fraud.

So KYC is necessary, but not sufficient to stop fraud. Today, companies must also continuously KYU and block attempts to impersonate and take over accounts. 

Revelock recently rebranded, changing its name from buguroo. How is this move tied into your approach to fighting fraud and what is the connection with your Active Defense approach?

That’s right, we unveiled our new brand name and identity in April and enjoyed a fantastic reception to our new approach to fighting fraud that we announced alongside the rebrand. Our mission to not just reveal or detect, but also continuously adapt and help companies automatically respond to ever-changing fraud has really struck a chord in an industry where relentless cyber attacks require a relentless response. Clearly, the scope and scale of recent attacks show that perpetrating online banking fraud has become a low-risk, high-reward enterprise for cybercriminals. Our job as solution providers is evolving and now needs to include the ability to deter bad actors and increase the costs of committing fraud. This is where Active Defense comes in. 

Revelock Active Defense is a new approach to fighting online fraud in which fraud prevention systems don’t just send alerts when they spot suspicious activity, but also automatically block threats before fraud losses can occur. It proactively mitigates risk regardless of the type of identity-based attack, all without interrupting the customer’s online experience.

You talk about being one step ahead of fraudsters and blocking attacks before they can take place. Can you give a practical example of how this works?

Firstly, because we Know Your User and continuously analyse BionicIDs, no matter what the attack vector is, we can immediately recognise signs of an account takeover attempt or other identity attacks. Secondly, our Fraud Detection & Response (FDR) platform doesn’t just detect fraud once it has happened, it can automatically trigger defensive actions that block fraud and stop it from happening in real-time.

A practical example of this is when a user clicks on a malicious link that takes them to a cloned website and prompts them to input their log-in details. This may look exactly like the bank’s online interface, so – without the necessary fraud defences in place – the user would have no reason to suspect it was fraudulent. But in fact, behind the scenes, fraudsters are monitoring everything the unsuspecting user does and sees. With Revelock Active Defense, cybercriminals are stopped before the user ventures into dangerous territory. When malware or phishing is detected, the solution can automatically block an offending web inject or stop a cloned page redirect by redirecting the user back into the safety of the legitimate website, or, in the case of RATs, it can deploy defensive overlays to avoid page overlay attacks in the case of a mobile attack.

And this is just Active Defense. The other key element of our FDR platform is Pre-emptive Defense utilising what we call Revelock Hunter that provides a comprehensive fraud prevention capability to discover bad actors and stop them from committing fraudulent attacks at the point of discovery. To give just one example, Revelock Hunter helped fraud analysts at one of Europe’s top digital banks identify links between fraudulent accounts, sessions, and devices in the bank’s internal system. Recognising similarities in suspected users’ modus operandi, the bank was able to uncover and block over interconnected 400 mule accounts.

What role does AI and automation play in the new Fraud Detection and Response platform? Is there any need for human intervention?

Artificial intelligence is an integral part of our solution. By utilising hybrid-AI to analyse behavioral biometrics, device, network and threat signals, the FDR platform not only allows financial services providers to know each user at a granular level and pinpoint the smallest of anomalies in their behaviour, but it also evolves alongside the user to make their BionicID ever-increasingly specific to them. This helps avoid false positives, false negatives, and fraud alerts in the case of friendly account takeover.

AI also underpins the pioneering Active Defense approach to fraud prevention, as responses to attempted fraud attacks are automated, blocking bad actors from perpetrating fraud in real time as soon as the threat is detected. The platform recognises an attempted attack, and risk mitigation immediately takes place, ranging from automatically deploying customisable defensive overlays to stepped up authentication to session termination or even account lockout, when phishing, malware or Remote Access Trojan (RAT) attacks are detected. 

At the same time, fraud analysts have total control over this automated risk mitigation. Automatic responses are completely customisable, and configured rules can be stored and combined to create personalised, AI-powered fraud prevention campaigns, built to address any combined set of attacks. For example, as I mentioned before, analysts can use our Pre-emptive Defense capabilities to detect networks of mule accounts. Once identified, rules can be configured to automatically block the creation of new mule accounts or block attempts to turn existing customer accounts into mule accounts.

In this way, the FDR Platform effectively reduces fraud team workloads by allowing them to maintain full control over the fraud detection and response process -all the while putting time back in their day to focus on more important or urgent tasks. We give financial institutions full autonomy in the fight against online fraud and all the tools to comprehensively reveal and block it.

About Pablo de la Riva

Revelock co-founder and CEO Pablo has over 20 years’ experience working to protect financial institutions and their customers from cybersecurity attacks and online fraud. First at Telefónica and then at Deloitte, Pablo gained first-hand knowledge researching malware, tracking adversaries, investigating fraud, and standing up and operating cyber security and fraud operations for some of the largest banks.

About Revelock

Revelock enables financial services and fintech companies to reveal and respond to online identity impersonation and manipulation attacks without hindering the customer experience. Protecting more than 50 million banking customers worldwide, the Revelock Fraud Detection & Response (FDR) Platform combines behavioural biometrics, network and device assessment with hybrid AI and Deep Learning to create a BionicID and continuously Know Your User (KYU), spot bad actors and mitigate risk regardless of the type of attack.