IBM (NYSE: IBM) today announced new behavioral biometric analysis capabilities in its digital banking fraud prevention technology, IBM Security Trusteer Pinpoint Detect, using patented analytics and machine learning for real-time cognitive fraud detection.
The new behavioral biometric capabilities incorporate the use of machine learning to help understand how users interact with banking websites, creating gesture models based on patterns of mouse movements that become increasingly more accurate over time.
Through cognitive analysis of the gesture models, IBM Security Trusteer Pinpoint Detect can help determine when unauthorized users try to take over a bank account using stolen credentials by detecting anomalies from the real customer’s interaction with a banking website. The technology understands the context and meaning of subtle mouse movements and clicks, and uses this information to develop increasingly more accurate gesture models through machine learning.
According to IBM’s X-Force Research, financial services is one of the top three targeted industries for cybercrime.1 In fact, nearly 20 million financial records were breached in 2015.2 Cybercrime organizations continue to develop malware and social engineering techniques to target financial websites and customers, typically with the goal of obtaining credentials to take over user accounts.
For example, malware like the GozNym Trojan, recently found by IBM’s X-Force Research team, uses redirection attacks where an unsuspecting customer is hijacked to a fake site where they are made to enter their banking credentials for the hacker to steal. These fake websites are set up by criminals to look precisely like the bank’s site, including the correct URL and SSL certificate in the address bar. Once the criminal has those credentials, they log in as the user and attempt to move as much money as possible through fraudulent transactions.
With IBM Security Trusteer Pinpoint Detect, banks can help spot when an unauthorized user is attempting to log into a customer account, help prevent fraudulent transactions, and determine when devices are infected with high-risk malware.
Using technology developed in partnership with the IBM Cyber Security Center of Excellence at Ben-Gurion University, Israel, IBM Security Trusteer Pinpoint Detect is designed to seamlessly build gesture models in real-time and analyze these behavioral biometric patterns against learned user behavior and known fraud patterns. At the same time, it gathers threat intelligence and adapts protection automatically, providing financial institutions with customizable levels of response.
The new behavioral biometric analysis features of IBM Security Trusteer Pinpoint Detect enable real-time risk assessment based on gesture modeling. When users access their online banking site, IBM Security Trusteer Pinpoint Detect is designed to collect user behavior, detect potential device spoofing, identify access with compromised credentials, and correlates various other device attributes. Through the addition of cognitive fraud detection, IBM Security Trusteer Pinpoint Detect is designed to also provide real-time evaluation of behavioral biometric indicators - with no additional costs, entitlements, or implementation requirements.
“Given enough time and resources, cybercriminals can defeat passwords and security questions,” said Ravi Srinivasan, Vice President, Strategy, IBM Security. “Behavioral biometrics is about what the user does, not what the user knows. IBM Security Trusteer Pinpoint Detect now can now better differentiate real users from fraudsters using gesture models, giving banks and other organizations the power to protect the interests of their customers, and ultimately determine the sources of financial fraud.”
IBM Security Trusteer Pinpoint Detect protects hundreds of global financial institutions and banking websites against account takeover and fraudulent transactions and helps detect end user machines infected with high risk malware. IBM intends for customers to start receiving the behavioral biometric and cognitive fraud detection capabilities at no additional charge via system updates as early as December 2016.