Bio catch

Confidential , not for distribution1

Frictionless Authentication and Advanced Threats Detection

Benny Rosenbaum | CEO


Agenda

Introduction What is BioCatch? Product Details Summary


Who are we?

Israeli-based company

(RSA, Trusteer, Israeli defense

forces veterans)

Gartner Cool Vendor

2013

Installed in US/Canada

banks

Our technology: Cognitive

Behavioral Analytics

Authenticates the user

in online/mobile banking

Catches MITB, Remote

Access Trojans (RATs)

in the act

Offering quick-ROI

Deployment


What’s special about BioCatch?

Gartner Cool Vendor 2013

Analysis by Avivah Litan

“Why Cool: BioCatch provides invisible, continuous biometric authentication of a user on a PC or mobile application by using a novel technology that goes beyond the current approaches of monitoring keystroke dynamics, mouse movements, speed patterns and other physical actions“.


What business do we solve?

Friction

We’re able to strongly authenticate without a friction cost

SMS

One time codes

OTP123456

Smart Card

ReadersTokens

123456


What business do we solve?

Fraud operations cost

MITB (Man in the Browser)

We’re able to accurately catch MITB, RAT live attacks in the act


The Science Behind BioCatch

Neural Motor Control

Or: how does our brain control movement?

It involves:Information Processing

CoordinationMechanics

PhysicsCognition

-0.05

-0.1

-0.15

-0.2

-0.25

-0.3

-0.35

-0.4

-0.45

-0.5

-0.55-0.7 -0.6 -0.5 -0.4 -0.3 -0.2 -0.1 0

βx

βy


Our Innovative Twist

Invisible ChallengesOr: how can we accelerate learning and detection?


Use case and demo

Mobile 2FA(various designs)

PC/Mobile Invisible

http://www.youtube.com/watch?v=JwWxFY4QwyQ&feature=youtu.be


Triggering a Response | Pro-Active Example

Say you’re using a mobile app, and drag an item to the right.

Now say we introduce a subtle challenge…A 5° rotation to your move.

This is what would happen if you don’t offset the rotation: you’ll end up a bit off target…

But your brain won’t let this happen. You will spontaneously start correcting as soon as your mind picks up the off-target move, because your brain will work on completing the task.

You won’t sense any change to the user experience, as it’s a low-volume effect (our research team tests it scientifically).

And here’s the beauty of the BioCatch approach: Different people respond differently.Left: sharp, single correction (red)Right: complex, multiple corrections (blue)

Colin | Fraud Director Shanee | QA Manager


The tall guy

Meet Alon, our 6’7” tall iOS developer.When he thumps the device, it’s very visible (blue spike)

Red/Green: x-y movement of deviceBlue: vertical movement (up/down)

How do you hold the device? What happens when you tap it


Acceleration Patterns | Passive Example

When moving mouse to the right, how fast do you ‘close loops’?

Very high in all moves

Very slow in short moves

Moderate in long moves


Selection wheel

One small element… And we can learn so much

Passive traits:

Rotation speed

Cognitive choice: what do you spin first?

# of corrections at the end of spin

Final selection strategy (tap vs. spin)

Pro-active, subtle challenges:

Slight Increase / Decrease Rotation speed

Slight change of speed during correction spins

Various small effects during final selection


Benefits over traditional behavioral analytics

Property BioCatch Passive Behavioural

Behavioural Parameters + +

Cognitive Parameters + -

Device Dependency Low High

Time for building profile Short Long

Excel at Free Form Usage Repeat Tasks (e.g. password, PIN typing)

Remote Access Detection + -

No Reply Attacks + -

a a

a

a

a

X

X

X


CyberCatch deployment

Top 10 Canadian Bank Objective: reduce friction of High Risk

.2,000,000 Users of online banking since Sep 15th

30% access from tablets Up and running in 5 days (2 days JS Integration+3 days QA) 3-month learning, 3-month operation

Top 50 US bank

.500,000 Users of online banking Finished testing


Our Project Heatmap

CommercialConsumer

Online

Mobile

CognitiveBehavioralAnalysis

Authentication

Threat Detection


Technology & Deployment

Q&A


Product Overview

BioCatch for Web• Biometric Frictionless

Authentication

• RAT Detection

• MitB Detection

BioCatch for Mobile• Biometric Frictionless

Authentication (Touch)

• Multi-Factor Authentication

Cognitive Behavioral Analytics Platform• BioCatch Management Application

• BioCatch Integration Tools

• BioCatch Rule/Alert Setting Tool (Roadmap)

• BioCatch Visualizer Tool (Roadmap)


Online fraud detection

Risk AlertsSession Data

ManagementApplication

FraudTeam

Bank’s Risk Engine

BANK

BioCatchEngine

User Behavior(>350 Params)

Frictionless Challenges

JavaScript SDK

Online Banking

PayeeAmount

MobileBanking

Payee

Amount


BioCatch Application Management


Online Banking Fraud Detection

Detecting Man-in-the-Browser Attacks

Human-in-the-Middle

James 1st session

James 2st session

Automated Transactions (MitB)

Time User Transaction

10:22 FBorn None

10:22 FGreen Add Payee

10:26 JamesL Wire Transfer

10:31 LinaP Wire Transfer


Product Overview

Detecting Remote Access Sessions

RAT

Fraudster's Computer Genuine User’s Computer


Cognitive Behavior “Genuine?”“Human?”“Remote?”

Product Overview

VS other Fraud Detection Approaches

ApplicationData“New Payee?”“Suspicious Navigation?”“High Amount?”

DeviceAttributes“Known Device?”“Infected Device?”“Device IP Geo Location?”

FraudDetection

Approaches


Less high risk Less fraud

Product overview

Application data?Device

attributes?

High Risk Transactions

4%-8%

Cognitive Behavior?

>0.8%

Risk Engine


Send BioCatch Fraud Feedback/ Whitelisting & Activity Data

Fraud Feedback/Whitelisting - BioCatch Management Application, Flat Files

Activity Data (for MitB detection) – API, Flat Files

BioCatch Product overview

Integration tools

Receive Alerts & Behavioral Data from BioCatch

Alerts - eMail, JavaScript Alert + Data - Flat Files, API (web Service)


Thank you!To learn more: www.biocatch.com

Bio catch

Internet

Transcript of Bio catch