Help wanted: New BioCatch CEO plots international behavioral biometrics expansion
BioCatch is looking to fill dozens of positions after an eventful 2021, in which the company released two separate behavioral biometrics products, completed multiple key hires, and added a number of clients, particularly in the banking sector. The company also has a new CEO in Gadi Mazor, who spoke to Biometric Update about these topics and BioCatch’s future plans in an interview.
Growth in certain key markets drove the company’s success over the past year, and as Mazor revealed, close relationships with investors are a part of that story.
Looking forward to the future, Mazor said BioCatch has three main goals.
“[The first one is that] we are absolutely focused on delivering the best quality of fraud detection with behaviors at the center and with network effect in the financial industry.”
To this end, Mazor says the company is very focused on getting as many of the top banks as customers and to build a network effect between them.
“So we believe that behavior needs to be the center, but also the collaboration of customers with us and between themselves.”
Secondly, Mazor says BioCatch is starting to look at the visual verticals, particularly telcos.
“Especially with account opening [projects]. We’ve had initial successes in those cases all across the world.”
And the third direction, Mazor explains, will build on the company’s partnership with Alkami’s Gold Partner Program, and target smaller banks.
“So we are pursuing those types of partnerships globally. We will serve not just the top customers, the top few hundreds of banks in the world, but also the ten thousand other ones.”
BioCatch’s growth in APAC
According to a recent post on the company’s website, BioCatch reported a 335 percent annual recurring revenue (ARR) growth in Asia-Pacific (APAC).
“We established the team in late 2018 in Australia, which was responsible for the whole APAC region.”
National Australian Bank (NAB) was BioCatch’s first customer in the region.
“We built a great relationship with them, they became an investor in 2020, they’re part of our customer innovation board, so we work very closely with them,” Mazor says.
The partnership with NAB also helped BioCatch close 2021 with three of the top four banks in Australia. “Hopefully, very soon we’ll have all of them. We also hold a similar position in the UK.”
Mazor explains that BioCatch is now looking at expanding in specific countries across the globe, and is already established in countries in Latin America, Europe and North America.
Most of its customers are in the banking industry and financial institutions, Mazor says. More generally, the CEO says BioCatch now counts 25 of the top 100 largest global banks as customers.
Innovating behavior analysis applications
BioCatch released two new standalone products in 2021: a PSD2 Strong Customer Authentication (SCA) solution and a Mule Account Detection tool.
The company provides PSD2 compliance as part of its Strong Customer Authentication (SCA) offering. SCA is now a requirement of the EU Revised Directive on Payment Services.
“There are multiple ways to kind of enhance the security of the transactions, ” Mazor says. “One of them, which we are working on with UK banks, is that dialogue that pops up that is on the bank side. […] We work on augmenting that with behavioral biometrics to increase the protection in that flow further.”
At the moment, the technology is primarily utilized in the UK market, but Mazor said the company is seeing initial interest for it outside the UK.
As for its mule account detection tool, Mazor defined such accounts as the “infrastructure of fraud on the bank side.”
“Those are the accounts that money is funneled through”, the CEO explains. “It can be all the way from terrorism and human trafficking to petty scams, so it could be more or less kind of grandiose in usage and a type of money that funnels through that.”
Biocatch is currently working with multiple banks in the world on mule detection and has carried out substantial investigation using behavioral biometrics.
“The research that we’ve made shows mules don’t come in one flavor. There are cases in which this is an actual account that was created for the purpose of muling money, fraudsters opening with a fake ID or with stolen ID, opening a mule account and of course, we know how to detect that with our account opening capabilities.”
On the other side of the spectrum are genuine accounts, which fraudsters take over and then use to funnel money.
“But in the middle you also have three other flavors,” Mazor warns. “So for instance in the UK and elsewhere we saw cases in which it was a genuine account of a student who finished studying the UK and flying back home and they got this offer from someone saying to leave them their account in exchange for some money.
“That account was an absolutely genuine account. Everything was fine and all of a sudden the behavior changes to someone else, and from the type of dynamics over what happens in an account, we know how to identify that.”
There are also cases in which the end user allows and knows that other people are logging in and doing things in their account, and in cases like this BioCatch is able to see two different types of behavior at the same time.
“We call these behaviors ‘personas’ of mules, and then for each one of them we know how to identify the types of behaviors that you would see.”
The process is fully automated, Mazor adds. When the company spots one of these behaviors, it warns the bank, saying it has identified them as a high risk of being mule accounts.
Exploring behavioral biometrics
When asked about the history of behavioral biometrics, Mazor said he felt very passionate about it.
“Historically, if you look at the evolution of behavioral biometrics it follows specific trends.For the last five years, we have been using behavioral biometrics for the protection of the end-users.”
In order to do so, companies have focused on developing technologies capable of preventing fraudulent attacks of different types.
These technologies have become more and more sophisticated, for instance, in identifying remote access, malware and account takeovers.
“[In these scenarios], it’s a relatively easy thing to distinguish between a human and a bot or programmatic tool. But even just the artifacts of remote access of a human to a different machine, we know how to identify that.”
However, Mazor believes that, as banks put up more defenses against those tools, what happened to fraud in the last two years is that it went back to the basics, back to scams.
The CEO mentions a report the UK government released in 2020, which showed several types of new fraud types.
“So banks took defenses against the tools, against remote access, against malware etc. And then fraudsters found the weakest link, [which is] holding the end user to do something thinking that they’re genuinely protecting themselves.”
This, Mazor explains, enables fraudsters to circumvent high-tech defenses related to device, transactions, and location blocks.
“Now take this model, these kinds of trained scams and social engineering, and augment it with COVID. Everything that has to do with the time of transactions, location, and the devices. These are all completely changed. People are working from home, remote access is now common.”
Because of this, Mazor says that all defenses against fraud are now weaker, so the best way to defend oneself and corporate networks is using behavioral biometrics.
“To identify that [individuals] are being socially engineered during a specific session has been a main focus for us since 2019.
“So we know all kinds of things to look at: movement of a phone to an ear doing those sessions, signs of hesitation by the user, we measure how quickly they click on a button.”
Two layers of protection
Talking about BioCatch’s behavioral biometrics, in particular, Mazor explains the company’s algorithms work on two different layers.
One of them is based on an individual user behavior, which is created as an individual uses the software, while the second one contains a baseline of fraudsters’ behavior, (e.g. the aforementioned mule personas).
“Typically we say that in a few minutes (five to eight minutes) we have a mature profile of behavior.”
However, the CEO clarifies that having a mature user profile is not always possible.
“For instance, we have a product that does account opening protection,” he explains. “American Express was the first customer of that, and that was where we actually looked at the way an applicant interacts with a submission of a credit card.”
Thanks to that deployment, BioCatch is now reportedly able to tell with a high-level accuracy whether a user is genuine or a fraudster.
However, in scenarios like those, there’s never a mature profile because users participating are ones the company did not see before and will not see again.
“But still you have those two models. The first one is what fraudsters do and second is for genuine users. For instance, how you would have typed your postcode in the UK, from your long term memory, or users would enter the social security number in the U.S. nine digits continuously from local memory.”