Bio catch
description
Transcript of Bio catch
Confidential , not for distribution1
Frictionless Authentication and Advanced Threats Detection
Benny Rosenbaum | CEO
Confidential , not for distribution2
Agenda
Introduction What is BioCatch? Product Details Summary
Confidential , not for distribution3
Who are we?
Israeli-based company
(RSA, Trusteer, Israeli defense
forces veterans)
Gartner Cool Vendor
2013
Installed in US/Canada
banks
Our technology: Cognitive
Behavioral Analytics
Authenticates the user
in online/mobile banking
Catches MITB, Remote
Access Trojans (RATs)
in the act
Offering quick-ROI
Deployment
Confidential , not for distribution4
What’s special about BioCatch?
Gartner Cool Vendor 2013
Analysis by Avivah Litan
“Why Cool: BioCatch provides invisible, continuous biometric authentication of a user on a PC or mobile application by using a novel technology that goes beyond the current approaches of monitoring keystroke dynamics, mouse movements, speed patterns and other physical actions“.
Confidential , not for distribution5
What business do we solve?
Friction
We’re able to strongly authenticate without a friction cost
SMS
One time codes
OTP123456
Smart Card
ReadersTokens
123456
Confidential , not for distribution6
What business do we solve?
Fraud operations cost
MITB (Man in the Browser)
We’re able to accurately catch MITB, RAT live attacks in the act
Confidential , not for distribution7
The Science Behind BioCatch
Neural Motor Control
Or: how does our brain control movement?
It involves:Information Processing
CoordinationMechanics
PhysicsCognition
-0.05
-0.1
-0.15
-0.2
-0.25
-0.3
-0.35
-0.4
-0.45
-0.5
-0.55-0.7 -0.6 -0.5 -0.4 -0.3 -0.2 -0.1 0
βx
βy
Confidential , not for distribution8
Our Innovative Twist
Invisible ChallengesOr: how can we accelerate learning and detection?
Confidential , not for distribution9
Use case and demo
Mobile 2FA(various designs)
PC/Mobile Invisible
Confidential , not for distribution10
Triggering a Response | Pro-Active Example
Say you’re using a mobile app, and drag an item to the right.
Now say we introduce a subtle challenge…A 5° rotation to your move.
This is what would happen if you don’t offset the rotation: you’ll end up a bit off target…
But your brain won’t let this happen. You will spontaneously start correcting as soon as your mind picks up the off-target move, because your brain will work on completing the task.
You won’t sense any change to the user experience, as it’s a low-volume effect (our research team tests it scientifically).
And here’s the beauty of the BioCatch approach: Different people respond differently.Left: sharp, single correction (red)Right: complex, multiple corrections (blue)
Colin | Fraud Director Shanee | QA Manager
Confidential , not for distribution11
The tall guy
Meet Alon, our 6’7” tall iOS developer.When he thumps the device, it’s very visible (blue spike)
Red/Green: x-y movement of deviceBlue: vertical movement (up/down)
How do you hold the device? What happens when you tap it
Confidential , not for distribution12
Acceleration Patterns | Passive Example
When moving mouse to the right, how fast do you ‘close loops’?
Very high in all moves
Very slow in short moves
Moderate in long moves
Confidential , not for distribution13
Selection wheel
One small element… And we can learn so much
Passive traits:
Rotation speed
Cognitive choice: what do you spin first?
# of corrections at the end of spin
Final selection strategy (tap vs. spin)
Pro-active, subtle challenges:
Slight Increase / Decrease Rotation speed
Slight change of speed during correction spins
Various small effects during final selection
Confidential , not for distribution14
Benefits over traditional behavioral analytics
Property BioCatch Passive Behavioural
Behavioural Parameters + +
Cognitive Parameters + -
Device Dependency Low High
Time for building profile Short Long
Excel at Free Form Usage Repeat Tasks (e.g. password, PIN typing)
Remote Access Detection + -
No Reply Attacks + -
a a
a
a
a
X
X
X
Confidential , not for distribution15
CyberCatch deployment
Top 10 Canadian Bank Objective: reduce friction of High Risk
.2,000,000 Users of online banking since Sep 15th
30% access from tablets Up and running in 5 days (2 days JS Integration+3 days QA) 3-month learning, 3-month operation
Top 50 US bank
.500,000 Users of online banking Finished testing
Confidential , not for distribution16
Our Project Heatmap
CommercialConsumer
Online
Mobile
CognitiveBehavioralAnalysis
Authentication
Threat Detection
Confidential , not for distribution17
Technology & Deployment
Q&A
Confidential , not for distribution18
Product Overview
BioCatch for Web• Biometric Frictionless
Authentication
• RAT Detection
• MitB Detection
BioCatch for Mobile• Biometric Frictionless
Authentication (Touch)
• Multi-Factor Authentication
Cognitive Behavioral Analytics Platform• BioCatch Management Application
• BioCatch Integration Tools
• BioCatch Rule/Alert Setting Tool (Roadmap)
• BioCatch Visualizer Tool (Roadmap)
Confidential , not for distribution19
Online fraud detection
Risk AlertsSession Data
ManagementApplication
FraudTeam
Bank’s Risk Engine
BANK
BioCatchEngine
User Behavior(>350 Params)
Frictionless Challenges
JavaScript SDK
Online Banking
PayeeAmount
MobileBanking
Payee
Amount
Confidential , not for distribution20
BioCatch Application Management
Confidential , not for distribution21
Online Banking Fraud Detection
Detecting Man-in-the-Browser Attacks
Human-in-the-Middle
James 1st session
James 2st session
Automated Transactions (MitB)
Time User Transaction
10:22 FBorn None
10:22 FGreen Add Payee
10:26 JamesL Wire Transfer
10:31 LinaP Wire Transfer
Confidential , not for distribution22
Product Overview
Detecting Remote Access Sessions
RAT
Fraudster's Computer Genuine User’s Computer
Confidential , not for distribution23
Cognitive Behavior “Genuine?”“Human?”“Remote?”
Product Overview
VS other Fraud Detection Approaches
ApplicationData“New Payee?”“Suspicious Navigation?”“High Amount?”
DeviceAttributes“Known Device?”“Infected Device?”“Device IP Geo Location?”
FraudDetection
Approaches
Confidential , not for distribution24
Less high risk Less fraud
Product overview
Application data?Device
attributes?
High Risk Transactions
4%-8%
Cognitive Behavior?
>0.8%
Risk Engine
Confidential , not for distribution25
Send BioCatch Fraud Feedback/ Whitelisting & Activity Data
Fraud Feedback/Whitelisting - BioCatch Management Application, Flat Files
Activity Data (for MitB detection) – API, Flat Files
BioCatch Product overview
Integration tools
Receive Alerts & Behavioral Data from BioCatch
Alerts - eMail, JavaScript Alert + Data - Flat Files, API (web Service)
Confidential , not for distribution26
Thank you!To learn more: www.biocatch.com