BioCatch’s Frances Zelazny expands on Money20/20’s big behavioral biometrics news
Today at the Money20/20 conference in Las Vegas, behavioral biometrics specialist BioCatch announced the integration of its continuous authentication technology into Samsung SDS’s Nexsign solution. FindBiometrics is at Money20/20 this week too, reporting live, and we got all the prescient details on this major authentication industry announcement from Frances Zelazny, VP, BioCatch. The conversation covers the scope of the company’s partnership with Samsung SDS, the necessity for continuous authentication even after secure login, the increasing demand for behavioral biometrics in FinTech, and a rundown of what else to expect from BioCatch at Money20/20 this week.
Read our full interview with Frances Zelazny, VP, BioCatch:
FindBiometrics (FB): BioCatch just announced at Money20/20 that it has entered a major strategic partnership resulting in the integration of its behavioral biometrics technology into Samsung SDS’s Nexsign software. What can you tell us about the scope of this partnership?
Frances Zelazny, VP, BioCatch: Our partnership with Samsung SDS is truly groundbreaking because we are working together to address the grey area between security and accessibility. Through this partnership, BioCatch’s technology will be integrated into and complement Nexsign, Samsung SDS’s FIDO Certified biometric authentication software. This means that applications built on the Nexsign platform will be able to deploy risk-based authentication protocols to continuously monitor users after the login, ensuring the integrity of a session from beginning to end. Fraudsters have figured out how to bypass popular P2P payment applications, or traditional banking apps, because you are only required to validate your identity once. Now, by analyzing behavioral patterns, like mouse movements, the use of computer shortcuts and responses to what we call Invisible Challenges, the system will be able to recognize if the session has been hijacked, and will require a step-up authentication or an additional biometric test in order to complete the transaction. This could require the user to present a one or more biometric modalities, such as fingerprint coupled with face or voice, depending on the transaction amount.
FB: When do you expect a rollout of the BioCatch-enhanced NexSign solution?
BioCatch: We are actually on track to announce our first joint customer very soon and can expect our initial implementations in early 2018.
FB: Samsung SDS’s Nexsign is FIDO Certified. How does BioCatch’s behavioral biometrics solution work within the FIDO paradigm?
BioCatch: Samsung has a FIDO certified platform that supports fingerprint, face and voice biometrics for on-device biometric authentication. Our partnership with Samsung SDS enables the integration of behavioral biometrics into their already aggressive approach. After doing a survey of the market, Samsung came to us because they recognized our traction in the marketplace and our unique ability to not only recognize human impostors using many elements, but also address non-human risks, coming from malware, robotic activity and other Trojans which are not recognizable using traditional solutions. The FIDO framework allows intermittent authentication throughout the transaction, but given the importance of a seamless customer experience, it is important to have a risk-based factor running in the background to know when to call for the step-up authentication.
FB: Nexsign uses physical biometrics for login, and BioCatch technology runs invisibly in the background of a user’s session. Why is it important to continuously authenticate a user after the login process?
BioCatch: Almost all fraud today comes from within authenticated sessions, prompted by malware, social engineering and other sophisticated attacks that circumvent the login method entirely. Our experience shows that cybercriminals are able to usurp the initial login authentication – whether a PIN, password, token, or physical biometric – and the only way to combat this without disrupting the user experience in a mobile session is to implement continuous and passive authentication with behavioral biometrics. While physical biometrics is a good way to do this at login, behavioral biometrics is the perfect complement to provide continuous authentication without asking users to constantly re-authenticate themselves. BioCatch technology relies on a broad array of parameters, and is able to detect both human and non-human imposters inside a session that would otherwise be impossible to identify with traditional means. Today, fraudsters can have access to sensitive information at the click of a button, especially with the rise and accessibility of today’s mobile applications. It is imperative that we constantly authenticate users in a way that isn’t annoying to the consumer.
FB: Should we expect to see more integrations like BioCatch in Nexsign, in which behavioral biometrics strengthens the biometric login on a post-password solution?
BioCatch: Yes, I believe we will. It finally appears that the era of the password is coming to an end, and the recognition that two-factor authentication also can be bypassed is forcing companies to look for new solutions. Passive, continuous authentication changes the game by analyzing how a person does what they do naturally inside a session as opposed what they know or what they have at a single point in time. Companies that have adopted behavioral biometrics can attest to the significant returns they have experienced, in reducing fraud, minimizing operational costs in dealing with the fraud, but also with false alerts coming from traditional solutions – which is some cases can be as high as 30-40 percent – and also establishing trust with customers.
FB: Behavioral biometrics are becoming increasingly popular, especially in the realm of FinTech. What is driving this demand?
BioCatch: Innovations in FinTech have given ease to day-to-day tasks such as, banking, transactions, withdrawals, and money transfers. However, given how sophisticated fraudsters are today, the consumer-grade authentication protocols that exist leave open the real possibility of account takeovers. In fact, all the fraud that BioCatch finds today comes from within authenticated sessions, prompted by malware, social engineering and other sophisticated attacks that circumvent the login method entirely. As a result, security continues to be a major factor holding back the full potential of mobile banking and payments, especially when taking into consideration the equally important demand for a seamless user experience. There is a massive problem in the industry surrounding back office escalation calls – so every time a transaction is stopped, there is a whole back office operation that exponential services need to deal with making emails, calls, etc. to customers. Behavioral biometrics eliminates this friction out of the equation and creates a much better user experience.
FB: 2017 saw some of the most high profile and compromising data breaches of all time. Are behavioral biometrics the solution?
BioCatch: Behavioral biometrics not only help to minimize fraudulent activity to begin with, but perhaps more important at this stage, helps organizations that rely on database searches to validate identity, to use another dimension that cannot be copied or stolen in order to ascertain whether an application is being done with stolen or synthetic data. Nothing is 100 percent foolproof, and so the key to protecting consumers is to build risk, response, and resilience into the equation. The fact is that our credentials are already out there on the black market for fraudsters. There is already an enormous amount of personal information on the internet from past breaches and its possible the information could be reused by fraudsters. Behavioral biometrics provides the resilience element, adding a layer of protection for users that is cannot be stolen or copied by anyone.
FB: The BioCatch and Samsung SDS partnership was unveiled at Money20/20. What makes Money20/20 the ideal venue for an announcement like this?
BioCatch: Money 20/20 is the perfect venue for this announcement – with leaders of every sector of the industry. Money 20/20 brings together the world’s largest marketplace for ideas, connections and deals in Payments and Financial services.
FB: What else can we expect to see from BioCatch at Money20/20 this week?
BioCatch: We will have a joint demonstration with Samsung showing in real time, how the integrated solution stops fraud using behavioral biometrics inside an authenticated session. The demo will show this by asking a user to initiate a session via choice of biometrics (face, fingerprint, or voice recognition); if a behavioral anomaly in the session is detected, the user and will be asked to do a step-up authentication confirming their identity, essentially simulating an account takeover via malware or robotic activity or a human impostor.
We’ll also be talking a lot about identity proofing and the ways that behavioral biometrics can help financial institutions deal with the big challenge of onboarding customers in a world where so much personal data is proliferating on the dark web. By looking at how information is entered into an application, and how well users know the information they are entering, it is possible to separate out legitimate users from fraudsters. As the first link to the broader identity chain, this is a critical problem to solve, and it will become even more important as the use moves towards Real Time Payments in 2020.
FB: Has 2017 been a good year for BioCatch? What can we expect from BioCatch in 2018?
BioCatch: 2017 has been a great year for BioCatch. We have announced great partnerships with companies like Nuance Communications, Experian, LexisNexis and now Samsung SDS. We have also continued to bolster our intellectual property by growing our portfolio of patents – which is more than 50 and still growing. The usage of our technology has grown considerably, to more than 5 billion transactions per month and as mentioned above and today’s announcement shows, we have gone beyond fraud prevention to applying behavioral biometrics to new use cases like identity proofing and risk-based authentication. As you predicted last December, this modality is going mainstream. Looking to 2018, we will continue to see further use cases, partnerships and deployments as more and more institutions look for ways to address sophisticated cyber-attacks without disrupting the user experience.
October 23, 2017 – by Peter B. Counter