buguroo | Online Banking Fraud Blog

How does buguroo’s behavioral biometrics help banks to comply with regulations?

Written by Tim Ayling | Dec 11, 2020 1:07:23 PM

Banking customer loyalty is formed and maintained when financial institutions can guarantee cardholders two things – the highest level of security for their finances and a continued, frictionless customer experience. 

Historically, the challenge for banks has been to reconcile these two. On the one hand, stepped-up security can often create roadblocks in legitimate customers’ journey, leaving many to abandon the bank in frustration.

On the other hand, overlooking safety leaves the door open to fraudsters to infiltrate the bank and carry out their operations from within the bank’s system undetected. 

The internet is full of dark pockets where cybercriminals trade know-how, malware and stolen identity data, including banking credentials. This allows them to move from one target to the next, making profit as easily and elegantly as bees collect pollen from flower to flower.

To protect customers’ personal data and hard-earned money from fraud, newer, stricter regulations are coming into force around the world – and so the balancing act between security and experience becomes increasingly complicated. 

The good news for banks is that behavioral biometrics analysis technology is becoming pervasive within anti-fraud systems today to take the pain out of the equation. Here, we look at three ways financial institutions can leverage BionicIDs to block fraud and keep online experiences simple and smooth for legitimate end users.

GDPR and behavioral biometrics – what can’t be seen, can’t be stolen

Data leakages and impersonation attacks go hand in hand in the world of cybercrime as many of us use the same emails and even passwords across multiple services.

To force a tighter lid on the data individual organizations hold on past and present customers, the European Union’s General Data Protection Regulation (GDPR) requires organizations to demonstrate that their data subjects (people they store personal data on) have given their explicit consent to data processing and can ask for said data to be erased.

Since banks handle extremely sensitive personal information, it’s only reasonable that people demand the highest levels of data protection from them.

Behavioral biometric analysis complies with GDPR as it distrusts personal data by default and treats it as invisible.


Since personal information can be easily stolen, people can be impersonated and fraudsters can even hijack online banking sessions midway (account manipulation attack), these identifiers are ineffective for continuous fraud prevention.

Instead, buguroo’s technology continuously scans users’ ‘cyber DNA’, their BionicID, rooted in their unique behavioral biometric patterns – the way they swipe the screen, the speed at which they type and even the angle at which they hold their device.

The complex BionicIDs buguroo builds for users cannot be replicated, imitated, or stolen from its users.


buguroo undertakes non-intrusive checks during a customer’s online session without storing confidential or private user data, while providing banks with the guarantee that users are who they say they are.

PSD2: A smarter way of customer authentication

The EU’s Revised Directive on Payment Services (PSD2) aims to improve safety and customer protections. One of the ways it’s doing this is through Strong Customer Authentication (SCA) rules – the final implementation deadline of which is looming heavily over organizations, 31 December 2020.

SCA

Under the multi-factor authentication requirement of SCA, users must present at least two separate factors of authentication between three categories: possession (something the user has e.g. their device), knowledge (something the user knows e.g. a password or PIN) and inherence (something the user has e.g. behavioral biometrics).

While the SCA is a welcome development in the industry for consumer protection, setting up multiple hoops for cardholders to jump through can introduce friction into the process. And even so, two-factor authentication can leave surface area for fraudsters to hit.

For these measures to be really robust, security must be upheld throughout the entire online banking session. Static security checks at login or when a transaction takes place only tell banks that a seemingly legitimate customer is accessing their systems and approving a payment – not that the actual customer is still in control of their session.

buguroo’s behavioral biometric analysis technology, combined with deep learning, helps banks comply with PSD2 and SCA by continuously authenticating users and providing non-stop, passive fraud protection.


Since it works behind the scenes at all times, it actually reduces the number of authentication challenges customers are asked to complete and so improves the experience of genuine customers.

Malware

Additionally, PSD2 requires malware to be detected at the user end-point.

Banks can’t tell customers to install anti-virus software on their devices, but it isn’t easy to find an agentless solution that has the ability to detect unknown malware.

bugFraud can identify devices and online sessions infected with malware – both known and unknown – whether it’s code modifications or injections executed during a user session, or a malicious app or piece of software that cybercriminals installed on an unsuspecting user’s device. 

Maintaining customer trust and safety

In addition to complying with regulation and maintaining customer trust and security through keeping customers and their money safe, initiatives like the UK’s Contingent Reimbursement Model also mean that it is becoming increasingly common for banks to be liable for losses due to fraud.

In fact, this trend means that if banks don’t admit responsibility for fraud – whether technically at fault or not – customer trust will be diminished regardless. Although banks want to offer a frictionless experience, security has to be a priority too.

Behavioral biometrics helps banks do both – authenticating users in the quickest and most unobtrusive way possible and thereby keeping customers safe from fraud attacks without adding hurdles.