The role of digital services has proven more pivotal than ever as a result of the pandemic. For financial institutions, this has meant putting years of investment in digital transformation to the test by serving customers almost entirely through digital channels. For cybercriminals, this has created an opportunity to grow their illegitimate business when the use of digital channels is at an all-time high. One way in which they are doing this is through account takeover.
Account takeover is a form of identity theft in which a cybercriminal gains access to a victim’s account and uses it to make unauthorised transactions. These attacks are growing as the increased reliance on digital services offers cybercriminals a greater number of potential victims. Phishing and mass data breaches have also contributed to an abundance of identity data that is now readily available for sale in the black market and helps to fuel these attacks.
The most sophisticated type of account takeover is social engineering voice scams such as authorised push payment fraud. These scams start with a phone call from a cybercriminal posing as a representative from a trusted organisation asking a victim to urgently make a payment or funds transfer. What makes these scams so hard to detect is that the transaction is being conducted by the genuine user who is logging in from their own device and valid location.
Behavioural biometrics takes a fresh approach to detecting all types of account takeover fraud by analysing a user’s real-time physical interactions such as keystrokes, mouse movements, swipes and taps and looks for patterns associated with ‘good’ and ‘bad’ behaviour. For example, a pattern that often indicates fraud is a disruption in hand-eye coordination, which is immediately visible when observing scrolling patterns and suggests a session is being conducted by malware or a remote access tool.
In other cases, such as social engineering voice scams, behavioural biometrics provide a deeper level of insight to help determine a user’s intent or emotional state. For example, segmented typing patterns can indicate dictation such as someone reading an account number for a fund transfer.
These are only a few examples of thousands of indicators where digital behaviour can be used to detect account takeover and other types of fraud. By singling out deviations in digital behaviour, organisations gain an extra layer of visibility into risk where traditional fraud detection tools leave blind spots. When you know how cybercriminals behave, you’ll always be ahead of the next attack.
Ayelet Biger-Levin is vice president of market strategy at BioCatch
This article was originally published in the Spring 2021 issue of The Record. To get future issues delivered directly to your inbox, sign up for a free subscription.
Share this story