BioCatch is highlighting the utility of behavioral biometrics in the fight against Authorized Push Payment (APP) fraud. APP fraud is a form of social engineering fraud in which a cybercriminal poses as a representative of a trusted institution like a bank or the government, and then tries to trick the victim into transferring money from their account to one opened by the fraudster.
According to BioCatch, APP fraud is so difficult to detect because the victim goes through the same steps that they would if they were making a legitimate transaction. The fraudster will walk them through the process over the phone, but the victim nevertheless logs into their own account on their own device, and clears any additional security hurdles like a one-time code.
However, there are several behavioral indicators that can distinguish a fraudulent transaction from a legitimate one. That’s where behavioral biometrics comes into play. In most cases, the fraudster will tell the victim that there is an issue with their account, and that they need to take action to rectify the situation. That usually creates a degree of uncertainty, since the victim is forced into an unfamiliar situation.
That uncertainty gets reflected in their behavior during the transfer session. For one thing, APP fraud sessions tend to run longer than regular sessions because the victim is not acting on their own, and is instead following the instructions of a cybercriminal. The mouse will often move idly or the position of a device may change more frequently in between each step. The user could also display a segmented typing pattern, which indicates that they are entering an account number that is being read to them by the cybercriminal.
BioCatch noted that APP fraud can be particularly devastating for victims because fraudsters can clean out someone’s entire savings in a single attack. The Contingent Reimbursement Model Code offers some compensation for victims: APP fraud losses in the UK alone came to £456 million in 2019, making it a top priority for financial institutions.
BioCatch has previously argued that behavioral biometrics can enable faster payments while still providing a high level of security. It has also pushed the technology as a potential solution to more sophisticated forms of fraud, such as remote access attacks and new account fraud, in addition to authorized push payment fraud.
January 7, 2021 – by Eric Weiss