Natia Golan, BioCatch: "About behavioural biometrics and online users"

This year, your company has won the METAward at the MRC annual conference in Las Vegas. Could you elaborate a bit on the degree of innovation that BioCatch brings within the ecommerce payments and fraud community?

BioCatch develops behavioural biometrics solutions for mobile and web applications. We collect and analyze over 500 parameters of user interaction on websites and apps of banks and merchants to generate a unique user profile. The solution enables us to understand how the user is typing, what keyboard he is using, how is he moving the mouse cursor, how is he holding his mobile or tablet, how is he swiping - basically everything the user does online. Our solution is a machine-based learning product and the core technology is algorithmic and mathematics-based.

One of the common use cases for our product is account takeover. For example, in online banking, when a certain customer logs in, we have a training period (which varies depending on the amount of users) during which we start to build the user’s profile. Following this training period, we will be able to test each person that accesses the account to check if he is the genuine user or a fraudster.

It is important to understand that our tool is a statistical one. If we are presented with a certain behaviour and profile, we will not be able to actually identify the person, but instead we can say if the other person entering the website is the same person as the genuine user. Unlike existing traditional biometrics solutions, BioCatch is using behavioral (= next generation) biometrics in order to authenticate online users. By introducing behavioral biometrics, BioCatch is able to authenticate users based on their online interaction and preferences rather than on what they know (password, secret question) or what they have (tokens).

For the ecommerce use case, instead of profiling a certain user, BioCatch profiles the overall fraudster population. Our technology has been able to determine the different between fraudsters and genuine users, and by several behavioral parameters we were able to lower chargebacks and review rates dramatically.

We consider our entire product to be innovative, as there is nothing similar today on the market. Most of the fraud solutions available are based on device ID, IP location or proxy detection, with new products coming on to the market that conduct a social media analysis. All of these tools are based on something that one has and not on something that one is. Our product is about what you are, the things that define you as a person and what makes you different from others.

As BioCatch’s product runs in the background, there is no friction, reducing the amount of text messages and calls usually needed to authenticate users.

This is the main reason fraudsters will have difficulty trying to outsmart our solution.

BioCatch recently announced a partnership with Early Warning, a provider of fraud prevention and risk management services. What does this partnership bring to banks?

As fraudsters are getting more sophisticated, partnerships and collaborations have become key in the fight against cyber-attacks. Even competing solution providers have started to collaborate, understanding that this will make fraud prevention better and easier.

As a result of the alliance we signed with Early Warning, the typical signs of fraud or specific behavioural signatures can now be shared across the entire bank consortium, as opposed to being limited to a single financial institution. In the US, Early Warning has recently announced an agreement between banks to fight fraud together – and per the partnership, if one bank has behavioral data about a fraudster or a specific criminal activity, then with the consortium model, all of the banks should be exposed to these data and benefit from it.

What is the impact on users? Does a bank/merchant need to inform their customers that biometric technology is used?

As already mentioned, our tool is statistical and we have no way of connecting it to a certain person. Moreover, we have no identification of the actual account ID, login, or the password of a certain user. BioCatch only collects the behavioural data and the information about a specific account and this information remains only in the possession of the bank or merchant. When BioCatch receives information from our customers, all we see is a string of numbers to identify a user: for example, if we are given “user 12345”, we will check this user and give back a certain score. We will not know who “user 12345” is and the bank has no idea what the behavioral pattern is because it remains in our servers - our customer only receives the score from us.

If a bank or a certain provider chooses to disclose the kind of data it is collecting, it is that individual financial institution’s choice entirely. Currently, most banks do tell their customers that a third-party may be collecting more data. The same goes for device ID or any data that is collected on the device, the IP, or location of the person, meaning that if a bank is collecting that data, there is technically no difference between collecting behavioral prints. The data we collect is not unique in the sense of a fingerprint, but it does have statistical uniqueness.

What does BioCatch have in plan as future endeavours in the market?

BioCatch has established itself as a leading provider in the banking area, and our next move would be to also establish ourselves in the e-commerce field. We already have consumers in this market, but we plan to grow much further and also to move in the online transactions and payments solutions. The same problems that we are helping our banking customers overcome are what we are also seeing in these other industries, specifically new account fraud, something that is very relevant to PSPs (payment service providers?). We are also going to start working with acquirers as another technology that can be offered in addition to device ID, geolocation and proxy solutions.

About Natia Golan

Natia is a senior product manager at BioCatch, and comes with over 9 years of experience in product and project managing in the security field. Natia served in the IDF Intelligence Unit and lead numerous cyber security projects and products. She became well versed in system vulnerability, network surveillance and data analysis. Prior to BioCatch Natia worked as IT and Cyber Security consultant for several Governmental offices. Natia holds a B.A, in Political Science from Bar-Ilan University.

About BioCatch

BioCatch is a leading provider of cognitive biometric, authentication and malware detection solutions for mobile and web applications. Available as a cloud-based solution, BioCatch proactively collects and analyzes more than 500 cognitive parameters to generate a unique user profile. The Company was founded in 2011 by experts in neural science research, machine learning and cyber security and is currently deployed in leading banks across North America, Latin America and Europe.