Have you ever noticed that when you are visiting your bank’s website or checking out at an ecommerce site, the cursor inexplicably vanishes and you have to move your mouse to get it back? This “trick” is part of how an award-winning Israeli fraud-busting startup is keeping users safe online.
BioCatch calls the missing cursor maneuver and similar techniques it employs “behavioral biometrics.” Biometrics is usually associated with unique identifying information such as a fingerprint, iris scan or DNA. But the way one behaves online is also unique. In the cursor example, users will respond in their own ways to a missing prompt – some will move the mouse in circles; others will quickly scan the corners of their screen.
BioCatch logs all this and creates user profiles for their clients, marketing communication manager Karine Regev tells ISRAEL21c. If, during a subsequent cursor “challenge,” a user responds in an unexpected way, that’s a clue the user isn’t who she or he claims to be. BioCatch tracks some 500 different parameters – for example, is the user left- or right-handed? Does the user generally use the mouse or the keyboard to navigate?
On a smartphone, BioCatch employs the device’s compass and accelerometer to track the angle at which the device is being held. It even knows how hard a user taps on the phone’s virtual keys. If the hacker is using an automated program, the pattern will look different than if a human is using the device. And users never know they’re being “watched.”
BioCatch is intended to provide extra protection on websites after the login process. It’s easy for hackers to steal someone’s username and password. But their nefarious intentions can be thwarted by studying how they behave once they are logged in.
A dog or a person?
BioCatch has snagged a slew of awards since it was founded four years ago. In the past year, the company received a New Product Innovation Leadership Award from Frost and Sullivan, and in April was named to Red Herring’s Top 100 list for Europe. In 2014, the company was listed as one of 10 “FinTech companies to watch” by American Banker and the Bank Administration Institute.
The accolades come in part because the company has few direct competitors. Only one, BehavioSec out of Sweden, is doing similar behavioral biometrics. Yet the need is huge: Regev cites figures showing that online banking fraud in the UK, for example, jumped 48 percent in 2014 to $90 million, while fraud losses on British credit cards were up to $725 million in the same year.
The Gartner consulting group thinks that the kind of solutions BioCatch offers are the future. Gartner predicts that a full 30% of online fraud prevention will be via behavioral biometrics by 2017 and that by 2020, “new biometric methods will displace passwords and fingerprints… across 80 percent of the market.”
Last month, BioCatch received another boost, announcing a strategic alliance with Early Warning, a consortium owned by five of the biggest banks in the United States (Wells Fargo, Bank of America, JPMorgan Chase, BB&T and Capital One) to fight fraud online. BioCatch’s biometric user profiles will be shared across the 1,100 financial institutions with which Early Warning works.
BioCatch was founded by Avi Turgeman, a graduate of the IDF’s elite 8200 intelligence unit, who says he took the jokey web adage “On the Internet nobody knows you’re a dog” seriously. “BioCatch was founded…with the goal of eliminating the ability of dogs to masquerade as people,” the company’s website proclaims.
The idea wasn’t unique – analyzing keystrokes and mouse movements was first proposed in academic circles more than 20 years ago – but engineering a practical real-time solution that wouldn’t result in too many false positives took the company a solid two years to develop, Regev explains.
BioCatch started with a focus on authenticating users, adding checkout capabilities for ecommerce sites last year. The company has only eight clients – a mix of banks, ecommerce firms and enterprises in the US, UK, Italy, Spain and Brazil (where, Regev says, the banks are very aggressive about routing out malware) – and is still officially testing its solution. That hasn’t stopped BioCatch from raising more than $10 million, from Blumberg Capital, Janvest and OurCrowd.
Most of the company’s 30 employees are in Tel Aviv and Regev says there are no plans to move elsewhere. “It’s in our DNA,” she says. And more than that, “to be an Israeli company in cybersecurity is a door opener. And we use it.”
BioCatch may have a high profile in the industry, but the company is betting that online consumers will never recognize its name – or notice that their cursors have momentarily vanished.
For more information, click here.