Help Wanted: New BioCatch CEO Sets Up International Expansion of Behavioral Biometrics
BioCatch is looking to fill dozens of positions after a turbulent 2021, in which the company launched two separate behavioral biometrics products, made several key hires and added a number of customers, particularly in banking. The company also has a new CEO in Gadi Mazor, who spoke with Biometric update about these topics and BioCatch’s future plans in an interview.
Growth in certain key markets has driven the company’s success over the past year and, as Mazor revealed, close relationships with investors are part of that story.
Looking ahead, Mazor said BioCatch has three main goals.
“[The first one is that] we absolutely focus on providing the best quality of fraud detection with behaviors at the center and with a network effect in the financial industry.
To that end, Mazor says the company is very focused on getting as many big banks as it has customers and creating a network effect between them.
“So we believe that behavior should be at the center, but also the collaboration of customers with us and with each other.”
Second, Mazor says BioCatch is starting to look at visual verticals, particularly telecommunications.
“Especially with opening an account [projects]. We have had initial success in these cases all over the world.
And the third direction, says Mazor, will build on the company’s partnership with Alkami’s Gold Partner program and will target smaller banks.
“So we’re pursuing those kinds of partnerships globally. We will serve not only the best customers, the few hundred largest banks in the world, but also the other ten thousand.
Growth of BioCatch in APAC
According to a recent article on the company’s website, BioCatch reported 335% annual recurring revenue (ARR) growth in Asia Pacific (APAC).
“We created the team at the end of 2018 in Australia, which was responsible for the entire APAC region.”
The National Australian Bank (NAB) was BioCatch’s first client in the region.
“We’ve built a great relationship with them, they’ve become an investor in 2020, they’re part of our client innovation committee, so we work closely with them,” Mazor says.
The partnership with NAB also helped BioCatch close out 2021 with three of Australia’s four largest banks. “I hope very soon we will have them all. We also occupy a similar position in the UK.
Mazor explains that BioCatch is now looking to expand into specific countries around the world and already has a presence in countries in Latin America, Europe and North America.
Most of its clients are in the banking sector and financial institutions, says Mazor. More generally, the CEO says BioCatch now counts 25 of the top 100 global banks among its clients.
Innovative behavior analysis applications
BioCatch launched two new standalone products in 2021: a PSD2 Strong Customer Authentication (SCA) solution and a Mule account detection tool.
The company provides PSD2 compliance as part of its Strong Customer Authentication (SCA) offering. SCA is now a requirement of the revised EU Payment Services Directive.
“There are several ways to improve transaction security,” says Mazor. “One of them, which we are working on with the UK banks, is this dialogue that appears on the side of the banks. […] We are working to augment this with behavioral biometrics to further increase protection in this stream.
At the moment the technology is primarily used in the UK market, but Mazor said the company sees initial interest in it outside of the UK.
As for its mule account detection tool, Mazor defined these accounts as the “bank-side fraud infrastructure.”
“These are the accounts through which the money is channeled,” explains the CEO. “It can range from terrorism and human trafficking to petty scams, so it could be more or less grand in its use and kind of money going through it.”
Biocatch is currently working with several banks around the world on mule detection and has conducted an extensive survey using behavioral biometrics.
“The research we’ve done shows that mules don’t taste the same. There are cases in which it is a real account that has been created for the purpose of stealing money, fraudsters opening with a fake ID or with a stolen ID, opening a mule account and of course we know how to detect that with our account opening capabilities.”
On the other side of the spectrum are genuine accounts, which fraudsters take over and then use to funnel money.
“But in the middle you also have three other flavors,” warns Mazor. “So, for example, in the UK and elsewhere, we have seen cases where it was a genuine account of a student who has completed their studies in the UK and returned home and they received this offer from someone saying let them have their account in exchange for some money.
“This account was an absolutely authentic account. Everything was fine and all of a sudden the behavior changes for someone else, and from the kind of dynamics on what is happening in an account, we know how to identify it.
There are also cases where the end user allows and knows that other people are logging in and doing things in their account, and in cases like this BioCatch is able to see two different types of behavior at the same time time.
“We call these behaviors mule personas, and then for each of them we know to identify the types of behaviors you would see.”
The process is fully automated, adds Mazor. When the company spots any of these behaviors, it notifies the bank, saying it has identified them as high risk of being mule accounts.
Explore behavioral biometrics
Asked about the history of behavioral biometrics, Mazor said he was very passionate about it.
“Historically, if you look at the evolution of behavioral biometrics, it follows specific trends. For five years, we have been using behavioral biometrics for end-user protection.”
To do this, companies have focused on developing technologies that can prevent fraudulent attacks of various types.
These technologies have become increasingly sophisticated, for example in identifying remote access, malware and account takeovers.
“[In these scenarios], it is relatively easy to distinguish between a human and a bot or programmatic tool. But even just the artifacts of remote access from a human to another machine, we know how to identify it.
However, Mazor believes that as banks have put in more and more defenses against these tools, what has happened to the fraud over the past two years is that it has come back. essentially, to scams.
The CEO mentions a report published by the British government in 2020, which showed several types of new types of fraud.
“So banks took up defenses against tools, against remote access, against malware, etc. And then the fraudsters found the weakest link, [which is] compel the end user to do something in the belief that they are genuinely protecting themselves. »
This, explains Mazor, allows fraudsters to circumvent high-tech defenses related to device, transaction and location blocks.
“Now take this model, these types of driven scams and social engineering, and augment it with COVID. Everything to do with transaction timing, location and devices. These are all completely modified. People are working from home, remote access is now common.
Because of this, Mazor says all defenses against fraud are now weaker, so the best way to defend yourself and corporate networks is to use behavioral biometrics.
“To identify this [individuals] are socially engineered in a specific session has been a priority for us since 2019.
“So we know all kinds of things to look at: the movement of a phone towards an ear during these sessions, signs of hesitation by the user, we measure how quickly they click a button.”
Two layers of protection
Speaking of BioCatch’s behavioral biometrics, in particular, Mazor explains that the company’s algorithms operate on two different layers.
One is based on individual user behavior, which is created as an individual uses the software, while the second contains a baseline of fraudster behavior (e.g. aforementioned mule personalities).
“Usually we say within minutes (five to eight minutes) we have a mature behavior profile.”
However, the CEO clarifies that having a mature user profile is not always possible.
“For example, we have a product that protects account opening,” he explains. “American Express was the first customer of this, and that’s where we actually looked at how an applicant interacts with submitting a credit card.”
With this rollout, BioCatch would now be able to tell with high accuracy whether a user is genuine or a fraudster.
However, in scenarios like these, there is never a mature profile because the participating users are those the company has not seen before and will never see again.
“But you still have those two models. The first is what scammers do and the second is about genuine users. For example, how you would type in your UK postal code, from your long-term memory, or users would type in the nine-digit US social security number continuously from local memory.
authentication | behavioral analysis | behavioral biometrics | BioCatch | biometrics | cybersecurity | digital identity | financial services | fraud prevention