Making Life Impossible for Financial Fraudsters

Q: What led BioCatch to implement behavioral biometrics for financial fraud detection and what are the advantages? 

A: BioCatch was founded in 2011 in Tel Aviv, Israel. At that time, cybersecurity and fraud prevention focused mainly on transaction details, such as amounts and geolocation, but fraudsters found ways to bypass these controls. To address these issues, BioCatch focused on individual behavior, creating unique profiles based on about 2,000 parameters. By analyzing factors like left or right-handedness, pressure on the device and network preferences, BioCatch developed a behavioral profile that proved almost impossible for fraudsters to replicate. This innovative approach provided our financial clients with actionable insights, effectively driving data-driven decisions and differentiating our solution from conventional methods.

Q: What challenges has BioCatch encountered in the process of integrating biometric solutions into financial fraud detection measures?

A: It is crucial to understand that fraud is not limited to individual actors; it is a massive global industry worth trillions of dollars. In the aftermath of the pandemic, BioCatch observed a shift in fraudsters' strategies. Like any platform fighting fraud, the key challenge BioCatch faced was staying ahead of the curve. Fraudsters constantly innovate, leveraging technology, innovation and expertise to perpetrate their schemes. To tackle this, BioCatch adopted a proactive strategy, establishing an innovation group comprising major global banks, which involved identifying emerging threats in real time by closely monitoring the financial fraud trends these banks observe as global entities. This collaboration not only helps BioCatch foresee new types of fraud but it also reduces the response time between the identification of a new attack and the implementation of countermeasures

Q: How does BioCatch employ emerging technologies like machine learning and AI to bolster its fraud detection capabilities?

A: BioCatch operates as a SAS platform, using cloud computing to gather data. Behind the scenes, we generate biometric profiles in collaboration with our clients, serving as the foundation for creating intricate models employing artificial intelligence (AI). This strategic approach empowers BioCatch to extract valuable insights and patterns from both genuine users and potential criminals. By developing patterns associated with criminal behavior, BioCatch provides crucial information to banks in real time. For example, if someone is detected using an unprotected iOS device with specific associated devices, BioCatch swiftly identifies these patterns as potentially criminal. Thus, through the implementation of AI, BioCatch enables banks to take preemptive measures even before a potential threat is fully realized. This timely data empowers financial institutions to make highly accurate decisions promptly, effectively setting it apart from other emerging platforms.

Q: What specific digital behaviors typically indicate the presence of a cybercriminal?

A: Mexico has seen instances of voice scams in which fraudsters impersonate authorities and attempt to engage the victim. The approach hooks the user, encouraging them to provide sensitive information. BioCatch analyzes multiple indicators to detect a fraudster, such as: speed of interaction, malware activities and atypical financial transactions. For example, genuine users typically exhibit a deliberate pace when conducting transactions. When accessing online banking, individuals usually go through a series of steps, such as checking balances, reviewing statements or making payments. Fraudsters, on the other hand, tend to rush, initiating transactions rapidly without the usual thoughtful steps. BioCatch constantly monitors for any signs of malware activities, especially booting or remote access tools. 

When a fraudster manages to install specific applications, their goal is to prompt the user into performing unusual financial operations. BioCatch recognizes these irregularities by comparing the current transaction with the user's historical behavior. If the user’s behavioral patterns deviate significantly from their norm, BioCatch activates these indicators, allowing for informed, real-time decisions. 

Q: With over 8 billion individual user sessions analyzed monthly, how does BioCatch collect and process such vast amounts of data efficiently?

A: Our approach involves embedding a few lines of code in various scenarios or flows on the web platform, such as third-party logins, transfers and payments. On mobile platforms, we incorporate a library that serves the same purpose. The placement of these trackers is determined by the bank: it could be during login, high-value transactions or other critical interactions. Once integrated, we start gathering a wide array of data points, including geolocation, typing speed and even user habits. We also consider demographic information, such as age. All this data is anonymized; we do not collect sensitive information like email addresses, phone numbers or identification documents. 

BioCatch focuses solely on raw behavioral data. This behavioral pattern is then processed and stored as a profile. This data is similar to a puzzle and only the bank possesses the key to decipher the puzzle pieces, ensuring user privacy and data security. 

Q: Given the challenges of new account protection due to lack of historical data, how does BioCatch use behavioral intelligence to identify fraudulent account creation attempts?

A: We focus on two pivotal stages in the digital user’s journey. During the account opening phase, BioCatch employs specific parameters to differentiate genuine human interactions from virtual machines, bots or malware. By assessing behaviors typical of specific age groups and identifying potential risks in connections or devices, BioCatch determines the authenticity of the interaction. This information is shared with the bank, indicating low risk and enabling a seamless registration process for the user. The second crucial stage arises when a user is already registered and becomes a formal customer. Here, BioCatch faces the challenge of preventing account takeover attempts, where fraudsters exploit the user’s credentials for illicit activities. BioCatch collaborates with the bank to counter these threats, as it is imperative for the bank to grant BioCatch access to key points where it can observe and learn from the user’s behavior. These moments are prime opportunities for fraudsters and by analyzing specific behavioral patterns during these events, BioCatch can effectively pinpoint fraudulent attempts. 

Q: How does BioCatch analyze user behavior to counteract fraudsters' tactics in social engineering scams, especially when users initiate payments personally?

A: This is one of the most complex threats to detect given it involves the actual user. However, we achieved detection rates of up to 90% in social engineering scams in a Mexican bank that adopted BioCatch. We meticulously analyze user behavior and once profiles are established, BioCatch monitors patterns, such as login times, locations and transaction methods. When a scammer attempts to coerce the user into unusual actions, like urgent account creation or uninstalling applications, BioCatch compares these actions with the user's typical behavior. When discrepancies arise, the bank intervenes, contacting the client, securing the session and implementing additional security measures. 

Q: What role does knowledge sharing and collaboration play in the fight against global digital fraud networks? 

A: We firmly believe that no single company, no matter how efficient or innovative, can combat fraud in isolation. We do not adopt a silver bullet approach; instead, we rely on a collaborative mindset. With around 35 banks generating data in Latin America, BioCatch promotes the Network Effect vigorously. If a criminal is detected engaging in fraudulent activities at a bank in one country, our system notes this behavior. Thus, if the same criminal attempts similar activities in another country or at another bank, this information is shared within our network. By leveraging this collaborative approach, we make it incredibly challenging for fraudsters.  While it is impossible to completely eradicate fraud, we strive to make their operations as difficult as possible. By presenting a formidable challenge, we force fraudsters to seek easier targets elsewhere, ultimately enhancing the security of our clients' operations. 

Q; What ongoing research projects or upcoming features will help BioCatch revolutionize the field of digital fraud prevention? 

A: Our innovation committee, comprising major global banks, has been instrumental in shaping our future endeavors. One of the groundbreaking outcomes of this collaboration is our approach to tackling mule accounts. We extended our ability to discern genuine user behavior from fraudulent activities to scrutinize accounts. Mule accounts pose a significant challenge, not just in Latin America but globally. Fraudsters execute a scam in one bank and then disperse the funds across multiple accounts, deploying the money for various purposes, such as crypto investments and money laundering. BioCatch has stepped up to this challenge by innovatively detecting account behavior patterns. For example, mule accounts often exhibit distinct characteristics, including periods of dormancy interrupted by sudden and atypical influxes of funds, followed by swift outbound transactions to various destinations. Leveraging the existing data, we can swiftly identify and thwart mule accounts, not only at the source but also at their intended destinations in other banks. This multipronged approach disrupts the flow of funds right from the outset of the fraud.

Are you ready to set yourself up for success in 2024? Join us at Mexico Business Summit 2023, the must-attend B2B conference for Mexico’s business leaders!

Taking place on Nov. 28-30, 2023, at Expo Santa Fe in Mexico City, this high-level multi-industry conference offers unmatched opportunities to get inside perspectives on key industry trends, access actionable business intelligence, generate pre-qualified leads and identify new opportunities in a unique cross-industry networking environment.

Mexico Business News offers you an exclusive MX$2,000 ticket discount by using this code: MBS2023MBN2000. 
Don't miss this opportunity and get your tickets here: https://mexicobusiness.events/MBS/2023