Behavioral biometrics pitched for Indian payments by BioCatch, long-term fraud prevention by Plurilock
Two recent publications focus on behavioral biometrics as the answer to secure an expanding space for fraud amid the global shift to digitization. BioCatch laid out a set of strategic suggestions to implement behavioral biometrics into large-scale operations. Similarly, Plurilock examined the need for behavioral biometrics to stop the illicit trade of stolen credentials in its tracks.
BioCatch proposes behavioral biometrics in a large-scale anti-fraud strategy
BioCatch addresses digital payment security through behavioral biometrics in a blog post responding directly to recent guidance by the Reserve Bank of India (RBI), which lays out the key guidelines for digital payment security control directions.
The company specifically points toward the section on fraud risk management and mobile payments application security controls, where behavioral biometrics are included among parameters that should be monitored to flag suspicious transactions. The direction that risk should be assessed to step up authentication for some sessions, rather than applying a one-size-fits-all approach, can be addressed with behavioral biometrics authentication methods.
Other parameters suggested for flagging for suspicious transactions include transaction velocity, first-time or irregular user detection, excessive new-account activity, IP geolocating or geofencing and hot-listing accounts.
Furthermore, RBI urges proper training to prepare staff how to investigate, set up rules, and understand false positives when using fraud controls. BioCatch seeks to address these concerns by applying behavioral pattern analysis to properly authenticate users and reduce fraud. The modality operates passively in the background of a device or application, and analyzes thousands of behavioral parameters that are unique to each individual. BioCatch believes that behavioral biometrics present a safe and accurate long-term solution that can ultimately contribute to a company’s profitability and customer experience.
Plurilock sees answer to credential theft
The report notes that so-called initial access brokers are profiting from selling stolen credentials at an average of $7,100 per piece and stolen credentials with RDP access for $9,800. The main reason for this lucrative business appears to be the absence of a proper human check to validate access credentials.
Plurilock notes that while behavioral biometrics is nothing new, it is still unknown to some. The company is optimistic, however, as most of the technology required for these checks already exists in current systems and hardware such as mobile devices, pointing devices and keyboards.
The shift to relying on behavioral analysis such as typing speed and patterns and pointing movements might alleviate most of the concerns that come with today’s fast rate of digitization. Stolen credentials would become virtually useless without their associated human owner’s behavioral patterns. This in turn would make the illicit trade of stolen credentials obsolete in the long-run.