Behavioral Monitoring for Fraud Protection

Mobile and online banking apps have brought a whole new world of convenience to the lives of many. Being able to deposit checks, pay bills, and move money between accounts without having to go to a bank branch or write a check has really made personal finance a lot easier. It has become commonplace to see vendors encourage online bill pay, or to see people using mobile payment apps to split the bill at a restaurant. However, by adding this easy access to personal banking, an avenue has also been provided for attackers.

Mobile and Online Banking Convenience

In the before times when social gatherings were the norm, money transfer apps removed the anxiety I had about fairly splitting the bill at the end of the night. Having worked in the service industry in high school, I knew the inconvenience of having to deal with customers paying bills with multiple credit cards, and I always felt guilty throwing my card on the pile at the end of the night. It’s therefore probably not surprising that when mobile payment apps first arrived, I was one of the early adopters and advocates.

As I started using the mobile payment apps and switched to a bank account centered around online banking, I also started working in the cyber security industry. I became very paranoid about my financial data security and had questions about what would happen if my phone were stolen or lost, and if I was opening up too many attack vectors into my personal finances. At the time, my bank balance was low enough that this paranoia didn’t outweigh the convenience of the apps, so my concern simply became a constant anxiety buzz in the back of my mind rather than preventing me from using the apps. Luckily as my personal finances slowly grew, my job in cyber security also exposed me to more of the tools and strategies that financial institutions used to protect my assets when I accessed them with mobile and online apps. This new knowledge allowed me to use the mobile and online banking applications with more confidence.

More consumers these days are becoming security savvy, especially around financial information. Public security breaches in financial institutions have unfortunately occurred too frequently, and many are starting to ask the same questions around their financial security that I did. While banks have always had fraud protection for their customers, traditional strategies are ineffective against today's attackers who use identity-theft and social engineering-based techniques to bypass protective measures.

Behavior-based Identity

The design of mobile banking apps to be convenient allows provides an avenue for attackers to commit fraudulent activity. Once logged in, there are typically no restrictions or further challenges to the user when performing any banking action which means once an attacker compromises an account, they have free reign. TAG Cyber recently sat down with a fraud prevention company, ThreatMark, that validates user identity through behavioral biometrics, and detects payment fraud using machine learning and business rules in real-time.

ThreatMark gathers user behavior information and usage telemetry from their Javascript probes that are embedded into webpages or embedded into mobile apps via their SDK. ThreatMark uses these probes to distinguish legitimate users from fraudsters by looking for anomalies in user behavior. Information such as login location and time, actions taken during a session, and even keyboard typing patterns are used to develop a behavior model which can, with reasonable amount of data and proper processing, uniquely characterize any individual user.

The contextual understanding of a user that the behavioral biometry provides then allows ThreatMark to identify anomalous behavior such as suspicious payments, high risk payments, or logins from high risk devices. Each detection is assigned a configurable risk score and summed together to provide a risk-based approach to identifying fraud. The analysis can then be accessed by other tools, such as an authentication service, to decide if additional identification challenges need to be delivered to the user.

As more and more financial services are delivered through online or mobile applications, security focused around preventing fraud is going to increase in importance. ThreatMark is looking to be a leader in the fraud prevention space with their contextual, behavior biometry approach that helps to limit the effectiveness of identity-theft information being used to commit fraud. By adding direct remediation capabilities and step-up authentication challenges other than SMS or OTP, ThreatMark will be able to set themselves apart in an increasingly crowded space.