Page 32 - index
P. 32
Cognitive Biometrics: The Final Frontier of Authentication
Reducing fraud, eliminating friction and enabling more functionality are just a few of the
benefits awaiting companies that make the switch
By Oren Kedem, VP Product Management, BioCatch
Most companies that enable users to perform Web transactions (e.g. banks and eCommerce
sites) have implemented security controls to address online and mobile fraud. These
controls fall into two main categories: transaction-focused intelligence, which looks for
anomalous actions, and device-focused intelligence, which look for a new device, unusual IP
geo location, or signs that the device is infected with financial malware.
With a growing number of reports of major hacks into companies like Bank of America,
LinkedIn, Groupon, and Target, these authentication methods continue to be thrust into the
spotlight as unreliable for catching all fraud.
Passwords, the most popular form of authentication, are easy to steal with 90% of user-
generated passwords in existence subject to malicious activity.
Other types of authentication mechanisms are equally ineffective, as more than 20% of
genuine users fail. Security questions are often so “secure” that the real user doesn’t know
(or remember) the answer. Questions can be subjective with multiple possible correct
answers, and some answers change over time. SMS one-time-code verification requires the
end user to have a cellphone on them.
The simple truth is that “traditional” authentication is taking a toll on banks, eCommerce sites
and companies protecting data. Each time an online banking user fails to authenticate, for
example, it can cost a bank upwards of $10 to resolve the issue over the phone or at the
local branch, without even factoring-in the customer frustration that negatively impacts their
willingness to continue doing business with the bank.
As the technology continues to advance, cognitive biometrics is a solution that provides an
effective alternative to standard authentication measures. It requires no user enrollment or
involvement, while running “behind the scenes” comparing a user’s active behavioral
parameters with those exhibited in previous sessions.
It records the general behavioral patterns of an online user while they interact with a website
or mobile application. This includes hundreds of metrics, such as the speed with which
somebody types and clicks, how the device is held, how the cursor is moved, etc.
Cognitive biometrics offers an additional security measure with invisible challenges that are
inserted to test how a user responds to them. These test alterations are so slight that users
do not consciously register them. For example, the system will add a slight sideways motion
to the mouse movement when the user moves towards the "Submit" button. The user
spontaneously reacts, adjusting his/her movement and offsetting the alteration.
32 Cyber Warnings E-Magazine – July 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
