BioCatch, the global leader in behavioral biometrics, announced today that it has teamed up with Samsung SDS, a global software solutions and IT services company, to integrate behavioral biometrics into its solution, creating an innovative, more powerful layer of fraud protection that works beyond the initial login process.
The strategic partnership was made public during this year’s Money 20/20 conference in Las Vegas, NV.
BioCatch’s unique technology will be integrated into and complement Nexsign, Samsung SDS’s FIDO-certified, enterprise-grade biometric authentication software. The integration will fill the major security loopholes exposed when seamless interfaces of today’s most popular mobile applications don’t require a user to login multiple times to validate their identity. BioCatch will use risk-based authentication to continuously monitor Samsung SDS’ users by mapping their behavioral patterns after log-in, to better distinguish between an authorized user, and that of an unauthorized user or an automated BOT or malware.
“Innovations in fintech have given ease to day-to-day tasks such as, banking, transactions, withdrawals and money transfers. Today’s leading brands have made managing finances a social and adoptable experience matching today’s digitally savvy consumers,” said Eyal Goldwerger, Chief Executive Officer at BioCatch. “However, given how sophisticated fraudsters are today, the consumer-grade authentication protocols that exist leave open the real possibility of account takeovers. In fact, all the fraud that BioCatch finds today, comes from within authenticated sessions, prompted by malware, social engineering and other sophisticated attacks that circumvent the login method entirely. As a result, security continues to be a major factor holding back the full potential of mobile banking and payments, especially when taking into consideration the equally important demand for a seamless user experience. Through Nexsign and our partnership, Samsung has created the platform that resolves this constant battle.”
Adding BioCatch behavioral biometrics complements the FIDO framework. The technology validates users by who they are via their interactions with an online application, rather than by what they know (e.g., passwords or security questions). At its core, the system analyzes more than 500 different behavioral parameters during a session to determine whether the user is in fact the genuine user and not a human imposter, malware or a bot. Now, once a user logs onto a mobile app, the system will be able to recognize if the session has been hijacked, and will require a step-up authentication, or an additional biometric test in order to complete the transaction. This could require the user to present one or more biometric modalities, such as fingerprint coupled with face or voice, depending on the transaction amount.
“The vision of Nexsign is to make passwords obsolete and give users a way to authenticate themselves safely and securely with biometrics. While physical biometrics provide an excellent way to do this at login, and other points within the app through step-up authentication, behavioral biometrics is the perfect complement to provide continuous authentication inside a session. The BioCatch technology relies on a broad array of parameters, and is able to detect both human and non-human imposters inside a session that would otherwise be impossible to identify with traditional means. We are excited for this partnership and the combined offering that we can deliver to our customers,” said Richard Lobovsky, VP of Enterprise Solutions at Samsung SDS America.
Companies are relying on ineffective passwords or two-factor authentication by phone call, or text push notification to better validate users and are still being hacked. The average fraudulent transaction is currently priced at around $130 for mobile transactions and $115 for tablets. Additionally, 55 percent of consumers use the same passwords for online banking, emails and social media accounts making it easier for fraudsters to guess the user’s credentials, bypassing authentication steps and other login defenses. This strategic partnership between two industry leaders will seek to minimize that impact.