White Paper – How Behavioral Biometrics Prevents Fraud While Ensuring Positive Customer Experiences
Fraud dates back as far as 300 B.C., when a Greek sea merchant named Hegestratos took out a sizable insurance policy on his ship and cargo. Through the policy (known as a bottomry), he borrowed money and agreed to pay it back with interest when he delivered his cargo – which was corn.
Hegestratos, however, carried less-than-honorable intent when making the arrangement. His plan was to empty his ship of the corn and then sink it so he could sell the corn while also keeping the loan – effectively doubling his profit. But alas for Hegestratos, it didn’t go as planned or end well. The crew and passengers caught him as he tried to sink the ship, and he drowned while attempting to escape.
Since then, fraudsters and thieves have continued to flock to where the money is. For example, in the historic US ‘Wild West’ and into the 20th century, they focused on stately banks in towns and cities, where massive amounts of cash were stored in vaults. In the second half of the 20th century, they turned to paper checks and both debit and credit cards. Now, in the digital age, their “faceless” fraud schemes leverage online commerce and interactions to steal cash and valuable personal information.
In his recent white paper, fraud prevention and financial crime expert Mark Tingey provides historical, modern and forward-looking insights into the evolution of fraud – and how banks, corporations and other institutions can best protect themselves and their customers through behavioral biometrics. Currently an independent consultant, Mr. Tingey has represented the Royal Bank of Scotland (RBS) Group and Metro Bank at numerous industry committees, including Mastercard, Visa and UK Finance. In 2018, he was invited to join the Payment Services Regulator-APP Scam Steering Group, which designed and implemented the Contingent Reimbursement Model Code for Authorised Push Payments scams. More recently, he represented Metro Bank at the Treasury Select Committee’s Economic Crime Inquiry for the UK Government.
In the paper, Mr. Tingey also reveals the wide range of creative ways in which criminals plot to separate consumers and companies from their cash, such as:
- Social engineering. Through phishing and other methods, cyber con artists gain the trust of victims to obtain security credentials and personal information and/or convince the victims to unwittingly download malware or click on an infected, phony web link.
- Conducting purchase and investment scams. In a purchase scam, a victim pays in advance for promised goods and/or services that are never received. In an investment scam, the victim moves money to a bogus fund to pay for a fake investment.
- Impersonating the “big boss.” By posing as a CEO or high-level executive in a company, cyber crooks will send authentic-looking business emails to employees and convince them to make “urgent” payments to an account which the crooks have set up and control.
- Promising “romance.” Because “all’s fair” in love, fraudsters have no reservations about posing as an online object of affection via a dating website, and then persuading would-be suitors to make an “emergency” payment for, say, made-up claims of overdue rent or a large utility bill.
The technically sophisticated nature of crime today demands a technically sophisticated response, and Mr. Tingey contends that ongoing advancements in behavioral biometrics are rising to this standard. “(Behavioral biometrics verifies) the genuine customer through their unique behavior allowing them to transact freely and quickly with minimal friction,” he writes. “Knowing the genuine customer’s behavior enables fraud teams to more quickly identify the difference between genuine customers and fraudsters, and between legitimate engagement and financial crime.”
BehavioSec has emerged as a global leader in behavioral biometrics. Its intuitive technology establishes profiles for individuals based on their typing patterns, touchscreen activity, cursor movements, etc. The solutions accurately and seamlessly authenticate users “in the background” without the need for vulnerable passwords, proprietary hardware or tokens – freeing them from taking multiple, tedious security “steps” and thus ensuring more positive customer experiences.
As a result, BehavioSec enables financial organizations to effectively address the following top requirements of modern fraud detection, prevention and response, as presented in Mr. Tingey’s white paper:
- Proactively prevent incidents. It’s critical to stop scams before they happen. Reactive controls turn customers into victims, leading to negative experiences. By using BehavioSec to identify physical movements/interactions with devices that deviate from established user profiles, financial institutions thwart fraud attempts without customers even realizing they were targeted.
- Identify social engineering. BehavioSec solutions will alert security teams to anomalous behaviors that users exhibit when unwittingly falling prey to social engineering schemes, such as typing more slowly than normal. When security team members see this, they assess the risk level to determine if intervention is needed in the form of warning the user and/or blocking the activity.
- Adhere to regulations. BehavioSec technology allows organizations to satisfy the “inherence” factor to help them comply with Strong Customer Authentication (SCA) requirements as specified by the revised Payment Services Directive (PSD2). As opposed to controls based upon what a user “knows” (passwords, answers to questions such as “Where did you go to elementary school?”) or what they possess (tokens), inherence is about the unique attributes of an individual – which only behavioral biometrics can completely capture.
- Support innovation. Financial organizations are constantly seeking newer, better and more efficient ways to engage with their customers. They want to remove security barriers and endless “hoop jumping” in the form of passwords, multi-factor authentication, etc. to create frictionless customer experiences. As indicated, BehavioSec solutions “invisibly” provide “positive list” approval of users without cumbersome onboarding processes.
At BehavioSec, we are honored to present Mr. Tingey’s white paper and hope you enjoy reading it. At the same time, we are dedicated to helping organizations effectively respond to fraud by achieving an entirely proactive, accurate and frictionless state of authentication that doesn’t arrive at the expense of positive customer experiences. If you’d like to know more about what our behavioral biometrics solution can do for you, please contact us.