Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
1
WHITEPAPER|InvisibleChallenges:BioCatch’sGame-ChangingTechnologyforOnlineFraudPrevention
WhitePaper
GLOBALTRENDSINONLINEFRAUD(2016)UseCasesforBehavioralBiometricsintheBankingIndustryMarch2017
2
WHITEPAPER|InvisibleChallenges:BioCatch’sGame-ChangingTechnologyforOnlineFraudPrevention
TableofContents
ExecutiveSummary..................................................................................................................3
IntroductiontoBehavioralBiometrics&InvisibleChallenges.................................................2
RotationofMovement.........................................................................................................5
SpinningWheel....................................................................................................................6
DisappearingMouse.............................................................................................................7
InvisibleChallenges,InvincibleChallenges...............................................................................8
ResultsandConclusion–LessFriction.LessFraud................................................................10
AboutBioCatch......................................................................................................................11
CopyrightThiscontentiscopyrightofBioCatchTM2017.Allrightsreserved.Anyredistributionorreproductionofpartorallofthecontentsinanyformisprohibitedotherthanthefollowing:
• youmayprintordownloadtoalocalharddiskextractsforyourpersonalandnon-commercialuseonly• youmaycopythecontenttoindividualthirdpartiesfortheirpersonaluse,butonlyifyouacknowledgethe
documentasthesourceofthematerialYoumaynot,exceptwithourexpresswrittenpermission,distributeorcommerciallyexploitthecontent.Normayyoutransmititorstoreitinanyotherwebsiteorotherformofelectronicretrievalsystem.
3
WHITEPAPER|InvisibleChallenges:BioCatch’sGame-ChangingTechnologyforOnlineFraudPrevention
ExecutiveSummary
BioCatchisacybersecuritycompanythatdeliversbehavioralbiometrics,analyzinghuman-deviceinteractions,toprotectusersanddata.BanksandotherenterprisesuseBioCatchtosignificantlyreduceonlinefraudandprotectagainstavarietyofcyberthreats,withoutcompromisingtheuserexperience.OneofthekeyaspectsthatdistinguishesBioCatchasthemarketleaderinbehavioralbiometricsisitspatentportfolio,whichasofthiswritingismadeupof46patents,17ofthemgrantedorpublic.Amongthem,isagroupthatpertaintoacapabilitycalled“InvisibleChallenges™”.InvisibleChallengesrefertoteststhatareinvokedintoanonlinesessionwithouttheuser’sknowledge,butthatelicitsubconsciousresponsesthatcanbeusedtodistinguishafraudsterfromalegitimateuser.Thispowerfulmechanismrepresentsthelatestgenerationoffraudpreventiontools,thataddressestheweaknessoftraditionalapproachesthatrelyonmalwarelibraries,two-factorauthentication,deviceIDandothermeansthatthesophisticatedfraudstersoftodayhavefiguredouthowtocircumvent.InvisibleChallengesalsoseparatesBioCatchfromotherbehavioralbiometricsprovidersthatarefocusedontraditionalkeyboard,mousemovementsandgestureanalysis,intermsofaccuracyandbeingabletodealwithdifferenttypesofreplayattacks,humaninteractionsimulationandadvancedmalwareinjections.
4
WHITEPAPER|InvisibleChallenges:BioCatch’sGame-ChangingTechnologyforOnlineFraudPrevention
IntroductiontoBehavioralBiometrics&InvisibleChallenges
TheBioCatchsystemauthenticatesusersbywhotheyare,ratherthanbywhattheyknow(e.g,passwords,securityquestions).Employingcutting-edgebehavioralbiometrictechnology,thesystemanalyzesmorethan500differentbehavioralpatternsduringasession(post-login)todeterminewhethertheuserisinfactthegenuineuserandnotahuman/non-humanimposter.Theseparametersinclude:
• Cognitivefactorssuchaseye-handcoordination,applicativebehaviorpatterns,usagepreferencesanddeviceinteractionpatterns.
• Physiologicalfactorssuchasleft/righthandedness,press-size,handtremors,armsizeandmuscleusage.
• Contextualfactorssuchastransaction,navigation,deviceandnetworkpatterns.Eachuserprofileisbasedonthe20parametersthataremostuniquetothem.Aftercomparingthesessiondatatothegenuineuser’sprofile,BioCatchprovidesariskscoreinreal-timethatcanbeusedasastandaloneindicatororincombinationwithotherthreatdetectionsystems.Oursolutionisdesignedtoreducefrictionassociatedwithauthentication,savecostsassociatedwithescalationstocost-centersbecauseoffailedauthenticationsandfalsealarmsandreduceoverallfraudbyrecognizingfraudsterbehaviorasopposedtofixedmeansofidentitywhichmaybelost,stolenorcircumvented.Attheheartofwhatmakesthispossiblewithveryhighaccuracy,aretheInvisibleChallenges.Thesearepatentedtechniquesthatintroducesubtletestsintotheonlinesessionthatuserssubconsciouslyrespondtowithoutsensinganychangeintheirexperience.Theresponsecontainsbehavioraldatathatisusedtodistinguisharealuserfromanimposter,whetherhumanornon-human(roboticactivity,malware,aggregator,etc.).ItisimportanttonotethatBioCatch’steamofresearcherstesteachchallengeanditscorrespondingdeviationtodeterminethethresholdatwhichusersnoticeachangeinexperienceonthemobileorwebsite.
5
WHITEPAPER|InvisibleChallenges:BioCatch’sGame-ChangingTechnologyforOnlineFraudPrevention
ThefollowingaresomeexamplesofInvisibleChallenges.NotethatthislistisprovidedsolelyforillustrativepurposesanddoesnotrepresentthefullrangeofInvisibleChallengesthatmaybeemployed.
RotationofMovement
Challenge:Introduceadeviationinthemousemovement.Theexamplebelow(leftimage)showsauserreactingtotheInvisibleChallengebymakingasmallcorrectiontoaright-sidedeviationthatwouldhavemadehimmisshistargetwithoutcompensating.Whengiventhischallengerepeatedly,thisusertypicallymakesonesmallcorrectionata60-80degree(redhook)madeduringthelast10%ofthemovement.Butotherpeopleresponddifferentlytothesamechallenge.Inthemiddleimage,aQAmanagerrespondswithmultiplecorrections(bluelines).Shebeginshercorrectionduringthelast20%ofthemovement.Bothusersreportedthattheydidnotsensethechallengeornoticeanythingdifferentintheuserexperience.Arobot(rightimage)wouldnotneedtocompensateatall,becausesuchmovementdoesnotinvolvehand-eyecoordination.
User1User2Robot
ThisexampledemonstratesaniPadtouchinterfacechallenge-responsebyleveragingadrag-and-dropeffect,withoutanychangetotheuserexperience.Additionalchallengescaninvolvescrolling,swiping,typingandpinching/zooming.
InvisibleChallengesFacts
• Proactiveandpassive• Injectedatspecificpoints
withinasession• Changeeachtimeina
randomizedway• Elicituniquebehavioral
andcognitiveparameters• Donotaltertheuser
experience
6
WHITEPAPER|InvisibleChallenges:BioCatch’sGame-ChangingTechnologyforOnlineFraudPrevention
SpinningWheel
Challenge:Introduceafluctuationinthewaytheselectionwheelspins.Acommonuserinteractionelementinmobileappsisthespinningselectionwheelfordates,time,numbers,etc.Thisisoftenusedwhenenteringinformationsuchasanewdestinationaccountformoneytransactions.BioCatchcollectspassivemeasuresrelatedtospinningthewheel(speed,stoppingstrategy,correctionstowardstheend),butalsointroducessubtlefluctuationsthathelpusseehowtheusersubconsciouslyreacts.
User1 User2
User1:Thechallengeisinjected,andthewheelspinsslowly(notkinetically).Theusercompensatesbyafewlongandcontinuous"pushes"tospinthewheel,andaddstwopowerfulstrokesintheotherdirectionforfine-tuningandfinaltargeting.User2:Thechallengeisinjected,andthewheelspinsslowly(notkinetically).Theusercompensatesbymanysmallandshort"pushes"tospinthewheel.Afterwards,theuseraddsseveralshort,concentratedandpowerfulstrokesinthesamedirectionforfinaltargeting.
7
WHITEPAPER|InvisibleChallenges:BioCatch’sGame-ChangingTechnologyforOnlineFraudPrevention
DisappearingMouse
Challenge:Hidethecursor.Userssearchforthecursor/mouseinverydifferentanduniqueways.Someusewidesearchpatterns,othersusesmallones,somearehorizontalwhileothersarediagonal,andcertainusersalwayssearchcounter-clockwise.Sometimesusersmoveonacertainlearningcurveandtheirresponsesvaryaccordingtotheirlocationonthecurve.Allthesecanbecapturedasuniqueparameters,however,typicallythisisnotpractical,becausethetimerequiredfortheusertoprovideenoughrelevantmousemovementstoaccuratelyauthenticatethemselvesistoolong.InvisibleChallengesunconsciously“forces”theusertomakevariousmousemovementsinaveryshorttime,allowingBioCatchtocaptureadequatedatafromtheuserin500milliseconds.Thismakesitusefulfordetectinganomaliesinuserbehaviorinnearreal-time.Theexamplebelowshows25users,eachwithaslightlydifferentsearchpatternfora
missingcursor.
8
WHITEPAPER|InvisibleChallenges:BioCatch’sGame-ChangingTechnologyforOnlineFraudPrevention
InvisibleChallenges,InvincibleChallenges
Asaclassoftechnologies,behavioralbiometricsoffersdistinctadvantagesoverotherauthenticationmodalities.Itispassive,seamless,worksinthebackgroundanddoesnotrequireactiveenrollment.Ontheotherhand,allthesecharacteristicsalsomakeshighaccuracyhardtoobtain.Intheworldofonlinetransactions,itiscriticaltokeepfalsepositivesanduserfrictiontoanabsoluteminimum,whileensuringveryaccuratefraudalerts.Invisiblechallengesmakethispossible.InvisibleChallengeshelpdeliverthepromiseofbehavioralbiometricsforcontinuousauthenticationandovercomemanyofthechallengesthattraditionalbehavioralandfraudpreventionapproachesdonotaddress:
• Accuracy:Invisiblechallengesgeneratemoredata,whichcannotbecapturedinotherways.ThedatacapturedviaInvisibleChallengesisintimateinthesensethatitdivulgescognitiveandphysiologicalparameters.Intheworldofmachinelearninganddeeplearning,theamountofdataandthequalityofdataiswhatdeterminesaccuracy.InvisibleChallengesnotonlyspeedupthedatacollectionprocess,buttheoveralldetectionandfalsepositiverates.
• RATanddevicespoofingdetection:InvisibleChallengescandetectanunnaturalresponseordelayindicatingaremoteconnectionorVirtualMachineattack;forexample,iftherearetworesponsestoasinglechallenge,thiscanbeindicativeofaRemoteAccessTrojanorManintheBrowserattack.WithBioCatch,thismethodofdetectioncanbedonewithoutanyactiveenrollmentorindexingofthemalicioustool,atanEqualErrorRate(EER)of0%.
• Roboticdetection:Traditionalbotdetectioninvolvesdevicefingerprinting,IP
addressverification,useranalytics,andendupbeingacatandmousegamethatrequireslearningthebehaviorofbotsandclassifyingthemasharmfulornot.InvisibleChallengescircumventsallthisbyrequiringtheusertocompensatesubconsciouslyviahand-eyecoordination.Giventhatbotsareautomatedtools,bynaturetheyignorethechallenges.
9
WHITEPAPER|InvisibleChallenges:BioCatch’sGame-ChangingTechnologyforOnlineFraudPrevention
• Malwaredetection:Traditionalbehavioralapproachestomalwaredetectionsimulateshumaninteractionandcomparesittothemalwareinteractionforagivenactivity.Thisisproblematicbecauseitrequiresthesystemto“know”themalwareandthelearningphasetakessometime.ByusingInvisibleChallengesinarandomizedway,themalwarewillnotknowhowandwhentorespond,anditisthereforenotnecessarytomaintainmalwarelibrarieswhichareinevitablyobsoletethemomenttheyareupdated.Thismethodhashadperfectsuccesstodate.
• Replayattacks:Traditionalbehavioralapproachesrecognizereplayattacksby
comparingthebehaviorinagivensessionagainstthebehaviorinapriorsession.Thisisnotidealbecausereplayattackscontainnatural“noise”whichinvariablymakesthemdifferentfromprevioussessionsbutstillsimilarenoughtobemarkedasvalid.InvisibleChallengesarerandomintiming,intensityandflavor,sonopastactivitycanbeusedtoproducealegitimateresponsetothechallenge,makingBioCatchimmunetoreplayattacks.Seefigurebelow.
• Risk-basedauthentication:Bydefinition,risk-basedauthenticationisamethodofapplyingvaryinglevelsofstringencytotheauthenticationprocessesbasedontheriskprofileofthepersonorthesensitivityoftheapplicationbeingaccessed.BecauseInvisibleChallengesarecompletelytransparenttotheuser,theycanbeintroducedatdifferentjunctures,andindifferentflavors,toincreasetheaccuracyofthedetectionrate.Thismakesiteasytoestablishdifferentbusinessruleswithinanapplication,sothathigherriskactivities,likeaddinganewpayee,changingthe
10
WHITEPAPER|InvisibleChallenges:BioCatch’sGame-ChangingTechnologyforOnlineFraudPrevention
phonenumberfortheaccount,makinglargetransfers,etc.canhavespecificchallengesassignedtotheminarandommanner,whilekeepingfrictionandfalsepositiveslow.
ResultsandConclusion–LessFriction.LessFraud.
Asstatedearlier,maintainingthebalanceofidentifyingrealfraudwhilemaintaininglowfalsealarmratesandlowuserfrictionisthecatch-22forbehavioralbiometricswhicharepassiveinnatureanddonotrequireanactiveenrollment.BioCatchInvisibleChallengesoptimizethisbalance.IntroducingasinglechallengeintoasessioncanlowertheEERofanyby3%;addingmorechallengesdrivesperformanceexponentially1.CriticaltothisisthetiminginwhichtheInvisibleChallengesareinjected.Usingadvanceddatascienceandmachinelearningmethods,thechallengesareintroducedasaformofrisk-basedauthenticationpriortocrucialonlinetaskssuchas:changingpayees,transferringlargesumsofmoney,updatingpersonaldetails,cardactivationanddeactivation.Moreover,challengesmayalsobeinjectedwhenthesystemrequiresmorebehavioraldatatocalculateamoredeterministicriskscore.Thisapproachensuresveryhighdetectionrateswithextremelylow-ratesoffalsepositivesbydefinition,anddifferentiatesBioCatchfromotherbehaviorialbiometricsapproaches,deliveringimmediateresultsandreturnoninvestment,withoutbeinghostagetothecat-and-mousegameoftraditionalfraudpreventionapproaches.
1Thesefiguresarebasedonrealdatacomingfromthe2milliontransactionspermonththataremonitoredby
theBioCatchsystem,togetherwithnumeroussimulatedtransactionexperiments.
11
WHITEPAPER|InvisibleChallenges:BioCatch’sGame-ChangingTechnologyforOnlineFraudPrevention
AboutBioCatchTMBioCatchisacybersecuritycompanythatdeliversbehavioralbiometrics,analyzinghuman-deviceinteractionstoprotectusersanddata.BanksandotherenterprisesuseBioCatchtosignificantlyreduceonlinefraudandprotectagainstavarietyofcyberthreats,withoutcompromisingtheuserexperience.Withanunparalleledpatentportfolioanddeploymentsatmajorbanksaroundtheworldthatcovertensofmillionsofuserstodate,BioCatchhasestablisheditselfastheindustryleader.Thecompanywasfoundedin2011byexpertsinneuralscienceresearch,machinelearningandcybersecurityandiscurrentlydeployedinleadingbanksande-commercewebsitesacrossNorthAmerica,LatinAmericaandEurope.Formoreinformation,pleasevisit:www.biocatch.com
ContactUs
www.biocatch.com
@biocatch
www.linkedin.com/company/biocatch
BioCatchandInvisibleChallengesaretrademarksofBioCatchLtd.ThisreportreferstoBioCatch'sregisteredpatents:US9069942,US9418221,US9450971,US9477826,US9483292,US9531733,US9531701,US9547766,US9558339.Copyright2017.Allrightsreserved.