BioCatch Highlights Limitations of Device ID Security

BioCatch has detailed some of the limitations of device ID in a new post on the company blog. In the post, the company acknowledges that device ID is a useful security tool when used in conjunction with other technologies, but nevertheless argues that it creates several blind spots that make it inadequate as an organization’s primary fraud prevention strategy.

As BioCatch explains it, device ID is a “what you have” form of authentication that links a device to an individual user based on factors like browser data and IP address. The system will then approve future authentication requests as long as those requests come from a trusted source.

While that information is useful, it does not provide any insight (or ongoing security) beyond the login window. As a result, cybercriminals are able to operate unimpeded if they are able to get past the device ID check, and that can now be accomplished in several different ways. For example, a fraudster can use social engineering to trick a customer to log in and transfer funds, and the interaction will appear to be legitimate because the user did in fact use their regular device to access their account.

By the same token, a hacker can use a Remote Access Tool (RAT) to take over someone’s computer and initiate a fraudulent transaction from that device without the owner’s knowledge or consent. Device ID can also be spoofed remotely with methods like proxy IP addresses and Man-in-the-Browser attacks.

Device ID similarly struggles with new account fraud, largely because a new user does not yet have any device history. A fraudster and a new customer will both appear to be using an unfamiliar device, so device ID cannot intervene without creating barriers for genuine users.

With that in mind, BioCatch pushes behavioral biometrics as a solution for both problems. The company’s technology can identify suspicious behavioral patterns during the registration process, and can then continue to monitor the account after the user has logged in. The solution is able to spot and stop multiple forms of fraud that would slip past device ID alone.

BioCatch recently made the CB Insights FinTech 250 list as one of the industry’s fastest-growing financial security providers.

–

September 30, 2020 – by Eric Weiss

Related News

Sponsored Links

FaceTec’s patented, industry-leading 3D Face Authentication software anchors digital identity, creating a chain of trust from user onboarding to ongoing authentication on all modern smart devices and webcams. FaceTec’s 3D FaceMaps™ make trusted, remote identity verification finally possible. As the only technology backed by a persistent spoof bounty program and NIST/iBeta Certified Liveness Detection, FaceTec is the global standard for Liveness and 3D Face Matching with millions of users on six continents in financial services, border security, transportation, blockchain, e-voting, social networks, online dating and more. www.facetec.com

TECH5 is an international technology company founded by experts from the biometrics industry, which focuses on developing disruptive biometric and digital ID solutions through the application of AI and Machine Learning technologies.

TECH5 target markets include both Government and Private sectors with products powering Civil ID, Digital ID, as well as authentication solutions that deliver identity assurance for various use cases.

Learn more: www.tech5.ai

Mobile ID World is here to bring you the latest in mobile authentication solutions and application providers. Our company is dedicated to providing users with the best content and cutting edge information on technology, news, and mobile solutions for your mobile identity management needs.

Related News

Footer

Follow Us