Ready for the Latest Security Mandate Deadlines? We can get you there

July 17, 2019

Europe’s General Data Protection Regulation (GDPR), put into effect last year, dramatically changed the obligations of organizations to preserve individuals’ data privacy.  Spurred on by perceived security lapses regarding how many businesses collect and share consumer data, the directive requires companies to adequately safeguard this information or face steep fines. Most recently, following the compromise of huge amounts of customer data, both British Airways and Marriott have faced financial consequences, with privacy authorities levying the largest penalties yet since enforcement of the law began.

GDPR is hardly the only directive of which companies need to be mindful. California’s Consumer Privacy Act (CCPA) passed last year will go into effect January 1, 2020 and other states are following suit. In May of this year, New York introduced the New York Privacy Act and Nevada’s governor signed privacy legislation into law requiring website operators to give consumers the right to opt-out of the sale of their personal information. Hawaii, Massachusetts, and Washington states are also considering laws affecting how companies collect, share, and keep consumer data. Most immediate of these is the European Union’s PSD2 payment security mandate’s approaching September compliance deadline, which will introduce tougher, non-negotiable anti-fraud measures requiring strong customer authentication.

BehavioSec correctly anticipated the current trend of data protection and privacy regulation requirements, pioneering behavioral biometrics to give our customers an anti-fraud advantage. Using the inherent behavior of existing customers and account holders to positively confirm their identity, we’ve helped companies across some of the most frequently targeted industries – including financial services, fintech, and retail – break the chronic credential breach cycle. Instantly comparing login attempts and session behavior – like typing patterns and device handling – against previously built user profiles, BehavioSec rapidly increases account security, preventing the compromise of online credentials that can lead to potential data breaches, and record fines.

Today, we announced the availability of new technological capabilities to our BehavioSec Behavioral Biometrics Platform, helping companies quickly adapt to and remain compliant with preexisting and proposed privacy and security laws while improving the user experience. This latest update strengthens authentication, eases login friction, increases speed, recognition and performance, and gives organizations deeper visibility into attempted online fraud with features including:

  • New account fraud detection Population profiling technology compares a new account user’s behavior to institutions’ wider user population, giving crucial early warning of fraudster efforts to use new accounts or synthetic identities as cover.
  • Improved accuracy with Anomaly Detection Module Artificial intelligence software detects cases where legitimate users’ behavior might appear “suspect” – such as regularly connecting through a remote access tool – greatly reducing the instance of false positives.
  • Enhanced mouse recognition Sophisticated mouse gesture detection preventing attacks that seek to hijack sessions by mimicking users’ “normal” movements.

Digital transformation, newer devices, and 5G networks are driving more businesses to Web and mobile business models and greatly increasing attack surfaces. At the same time, passwords remain increasingly vulnerable; 80 percent of hacking-related breaches in 2018 abused compromised credentials, according to Verizon’s Data Breach Investigations Report. With passwords as the weakest link, and traditional fraud detection data sources – like user location data – cut-off by cellular carriers or outplayed by new spoofing techniques, businesses and mobile app developers are impatient for ways to rapidly increase account security. Meanwhile, users tired of credential theft, account lock-outs and HelpDesk calls demand secure, but simple, access to apps and other services. The BehavioSec platform is assertively and comprehensively addressing these identity, security and usability imperatives.

For an in-depth, illustrated review of how, read the hands-on product review from the SANS Institute, “The Algorithm of You: Defeating Attackers by Being Yourself.”