Bio What, You Say?! Behavioral Biometrics, Fraud and You

Ever since I met Avi Turgeman, co-founder of BioCatch, who shared his vision for a fraud-free world through his very cool technology for authenticating people online by their “behavioral preferences” (it sounds more twisted than it actually is), I said, ”Alright! Ya gotta  show me! And I’m so glad he did.

We each fold our arms the same unique way every day (just try and change it and see what happens), we walk with a specific gait (our friends can discern us from the masses at a distance without even seeing our faces) and we consistently exhibit numerous other behavioral tics and traits. These consistent “microbehaviors” show up everywhere in our everyday lives – including our keyboard, mouse, tablet, phone or other “machine” interface.

 Behavioral Biometrics connects the “Say/Do” worlds

Once Avi convinced me he could “model my behavior” - that it really is doable and accurate - I did not know whether to be pleased that I grasped the idea, or scared that I am so “predictable” and identifiable. But - wow! I have to say Behavioral Biometrics is one bloody amazing technology. While you worry about the CIA/FBI/NSA and now your Samsung TV, iPhone, or Alexa watching you -  or someone stealing your fingerprint - think about this: why shouldn’t there be a better way to know it is really you in this dark world of “online” identity? Not just by what personal questions you can answer correctly, (what you know), or by a token (what you have), but rather by who you are, as modeled by the behavior you exhibit while doing everyday things.

 What’s fraud got to do with it?

Ultimately, Avi’s assertive persuasion tactics convinced me to join his Board, and help the company launch in the U.S. Given their traction in Europe and Latin America, the U.S. seemed like a natural opportunity, as we also have a “few“ banks and other large financial institutions plus a million other payments companies here. (Oh, and maybe a “few” online fraud and authentication issues in the U.S. as well.)

 Many banks in the U.S. could be faster to adopt the latest technology --- a challenge partly because of older internal tech stacks operating less than real-time systems, including payment systems, and partly because their focus is preventing reoccurrence of “known problems.”  This is now changing thanks to fraudsters, bad guys and other dreadful individuals who have been doing a bang-up job penetrating financial and other organizations with ever-increasing speed, “borrowing” your or my credentials and /or identity and profiting from it. (The list is actually quite long, and includes Anthem, Target, CVS, OPM and yes, the DNC),

 Why do all these bad things happen to banks, credit card companies and retailers? As Willie Sutton noted when asked why he robbed banks – “That’s where the money is.”

 And quite frankly, the ROI for this kind of fraud/theft is simply too good for the bad guys to ignore. 

 The regulators are doing their best. The NYS Dept. of Financial Services has made a solid start with its latest (and constructive) rules that just went into effect on March1, as has NIST, which is admirably trying to convince all financial institutions that they need to do more to protect their clients and customers, including augmenting MFA (Multi-Factor Authentication).

 It’s time to change the fraud prevention game

Now it’s time to try a new, more people-centric approach. Let us not forget that people are more than half the problem - either thru deliberate, malevolent actions or innocent victimization via phishing, identity theft, and other digital attacks. From an authentication perspective, do we really think that our childhood pet’s first name is our salvation? I don’t think so.

 It is time to change the game and change the dynamics of the way identities are manipulated, stolen and used online.  

 So I have decided to get involved with Avi and his team of really smart and dedicated people, a great company with some very cool, burgeoning technology and a very useful technique to protect banks and other financial institutions and their clients – aka, the general public; aka, you and your family.

 Over time, once one sees this kind of technique in action across the industry, then we will start asking questions like:

 ·        Why wouldn’t every bank and all the Know Your Customer (KYC), Anti Money Laundering (AML), and related businesses, including credit reporting agencies and the like, have “your behavior model” as part of your credit and identity file?

 ·        Why wouldn’t every bank and financial industry organization use this technique as an overlay to the traditional multi-factor authentication (MFA) they use today? 

 ·        Why wouldn’t the business folks and innovation groups at every U.S. financial institution have someone testing this technology in-situ, making sure that they have tried this kind of approach and measured the impact it has on their bottom line, not to mention client experience and satisfaction? 

 If nothing else, it is like having a large German shepherd in your yard—the bad guys move to less menacing targets.

If you find yourself dreading cyber threats on a daily basis, and if I’ve piqued your interest to learn more about Behavioral Biometrics, this article is also a recent and thoughtful piece on the subject that you might enjoy.  In addition, stay tuned for future posts, including details on how Behavioral Biometrics works for banks and financial institutions. What else would you like to know?