• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
  • Our Services
  • Contact Us
  • Newsletter
  • Top Nav Social Icons

FindBiometrics

FindBiometrics

Global Identity Management

  • Biometrics
    • What are Biometrics?
    • FAQ
    • Biometric Associations
    • Companies
    • Premier Partners
  • News
    • Featured Articles
    • Interviews
    • Thought Leadership
    • Podcasts
    • Webinars
    • Year in Review
  • Applications
    • Biometric Security
    • Border Control and Airport Biometrics
    • Consumer and Residential Biometrics
    • Financial Biometrics
    • Fingerprint & Biometric Locks
    • Healthcare Biometrics
    • Justice and Law Enforcement Biometrics
    • Logical Access Control Biometrics
    • Mobile Biometrics
    • Other Biometric Applications
    • Physical Access Control Biometrics
    • Biometric Time and Attendance
  • Solutions
    • Behavioral Biometrics
    • Biometric Sensors and Detectors
    • Facial Recognition
    • Biometric Fingerprint Readers
    • Hand Readers & Finger Scanners
    • Iris Recognition
    • Biometric Middleware and Software
    • Multimodal Biometrics
    • Physiological Biometrics
    • Smart Cards
    • Vein Recognition
    • Voice and Speech Recognition
  • Stocks
  • Events
  • Companies
  • Podcasts

BioCatch Warns About More Advanced Credential Stuffing Techniques

May 14, 2021

BioCatch is warning that financial institutions need to be prepared to deal with a more sophisticated kind of credential stuffing attack. In that regard, the company noted that fraudsters are no longer concerned only with raw volume, and are instead modifying their techniques in an effort to get around the latest bot detection tools.

BioCatch Warns About More Advanced Credential Stuffing Techniques

In a credential stuffing attack, fraudsters will try to log into an account using compromised user names and passwords taken from another source. The attacks are effective because many people reuse passwords for multiple accounts, and because there is a wealth of personal information available on the dark web that can be used to power the attacks. There are also automated tools that make it easy to test multiple credentials and execute attacks at scale.

The problem (as far as fraudsters are concerned), is that those bots can move faster than any human, which makes them more visible to malware detectors. Financial institutions are getting better at spotting volume attacks, giving them an opportunity to step in when they occur.

With that in mind, fraudsters are tweaking their bots to better simulate real human behavior. For example, one recent credential stuffing attack was carried out with a bot that was programmed to wait 25 seconds between each password attempt. The fraudsters then instructed the bot to input usernames with individual keystrokes and navigate with mouse clicks to add more depth to the illusion.

BioCatch was able to identify the activity as a brute force attack because the number of attempts was still far greater than what would be expected from an actual user, and because the rate of failed logins was consistent with credential stuffing. However, they still pose a serious threat for financial institutions. Instead of carrying out one massive attack, fraudsters are now testing credentials in smaller batches, and doing so more frequently, to raise their success rate (which was as high as 23 percent in some cases). The attacks themselves originated from a trusted third-party service provider, which further masked the fraudulent activity.

For its part, BioCatch argued that behavioral biometrics can help guard against those more intelligent fraud attacks. The company’s solution analyzes factors like typing speed and mouse movement to build user profiles. As a result, it can thwart bot attacks that appear human in a more general sense because they cannot replicate the unique behavior of each specific user.

Illustrating the scope of the issue, BioCatch cited a PYMNTS study that recorded 85.42 billion credential stuffing attacks between December 2017 and November 2019.  The company has since patented a new authentication system built for mobile devices.

–

May 14, 2021 – by Eric Weiss

Related News

  • BioCatch Explains How to Spot Fraudsters Before they Commit a CrimeBioCatch Explains How to Spot Fraudsters Before they Commit a Crime
  • Behavioral Biometrics Can Spot Fraudsters’ Unfamiliarity with Personal Data: BioCatchBehavioral Biometrics Can Spot Fraudsters’ Unfamiliarity with Personal Data: BioCatch
  • BioCatch Details Danger of Mule AccountsBioCatch Details Danger of Mule Accounts
  • Behavioral Biometrics Specialist BioCatch Names New CEOBehavioral Biometrics Specialist BioCatch Names New CEO
  • Alkami Adds BioCatch to Gold Partner ProgramAlkami Adds BioCatch to Gold Partner Program
  • Latest Update Lets BehavioSec Generate Behavioral Profiles FasterLatest Update Lets BehavioSec Generate Behavioral Profiles Faster

Filed Under: News Tagged With: anti-fraud solutions, anti-fraud technology, behavioral biometrics, BioCatch, bot detection, credential stuffing, credential stuffing attacks, fraud, online fraud, typing analytics

Primary Sidebar

EXCLUSIVE MEMBERS ONLY CONTENT:

Become a FindBiometrics Member and gain easy access to specialty content, including the ID Tech column, replays of virtual events, and Identity School educational checklists:

ID Tech: America’s Most Murderous City Reverses Its Facial Recognition Ban [NEW]

ID TECH: What Role Will Biometrics Play in the Cyber Cold War? We’re About to Find Out

Identity School: Facial Recognition Cheat Sheet

Sponsored Links

TECH5 showcase logo

TECH5 is an international technology company founded by experts from the biometrics industry, which focuses on developing disruptive biometric and digital ID solutions through the application of AI and Machine Learning technologies.

TECH5 target markets include both Government and Private sectors with products powering Civil ID, Digital ID, as well as authentication solutions that deliver identity assurance for various use cases. 

Learn more: www.tech5.ai

Onfido logo

Onfido is building the new identity standard for the internet.Our AI-based technology assesses whether a user’s government-issued ID is genuine or fraudulent, and then compares it against their facial biometrics. That’s how we give companies like Revolut, Zipcar and Bitstamp the assurance they need to onboard customers remotely and securely. Our mission is to create a more open world, where identity is the key to access.. For more information, please visit www.onfido.com

ThreatMark brings trust to the digital world by providing cutting-edge fraud prevention solutions. Major banks use ThreatMark’s AI-powered technology and behavioral biometrics to build secured banking experience to precisely verify their legitimate users, seamlessly across all digital channels. All while securing the users’ most precious assets and keeping the fraudsters away. Learn more: www.threatmark.com/

With its secunet border gears product portfolio and specialised consulting expertise, secunet supports police forces and security authorities in their sovereign tasks. Whether ABC gates, self-service kiosks or biometric middleware – each component helps to strengthen identity protection and to accelerate verification – in mobile and stationary scenarios.

Mobile ID World Logo

Mobile ID World is here to bring you the latest in mobile authentication solutions and application providers. Our company is dedicated to providing users with the best content and cutting edge information on technology, news, and mobile solutions for your mobile identity management needs.

Recent Posts

  • NEXT Biometrics’ $2.2M India Deal Is Now ‘Irrevocable’
  • The FTC Wades into the Privacy Discourse: Biometrics News Digest
  • Liveness, Lawsuits, and TikTok: Biometrics News Digest
  • Eyeing EU Digital Wallet Opportunities, iProov Gets LoA High Certification
  • Authentication, Border Screening, Surveillance – Biometrics News Digest for August 10, 2022

Biometric Associations

IBIA and fido

Tweets

Footer

  • About Us
  • Company Directory
  • Advertise With Us
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • Archives
  • CCPA: Do not sell my personal info.

Follow Us

Copyright © 2022 FindBiometrics