The relentless headway made by digital transformation in increasingly critical areas is driving the cybersecurity industry to revise the identification process of citizens who use services that expose data as sensitive as their bank accounts.
In this respect, continuous reports of credential theft on a diverse array of platforms remind us that traditional “user plus password” identification, as the sole level of protection, became obsolete a long time ago.
Cybercriminals invest a great deal of time, money and effort into seeking alternative ways to steal credentials or take over someone’s bank accounts through the well-known tactics of phishing, malware, remote access Trojans, Account Takeover, …
In addition, the increasingly creative and disruptive social engineering tactics they apply to gain control of them force users to be constantly on high alert, something that cannot be achieved all the time. Once a cybercriminal has obtained a user’s credentials or taken over their account, they can put them to a wide range of uses:
Furthermore, the latest credential theft leaks reveal that users continue to use very weak passwords, such as the notorious “123456”, among other reasons because they are tired of having to create tens of credentials for every online platform. In fact, a 2015 Accenture survey showed that users would rather use easy-to-remember passwords and were even willing to use ones that could be easily compromised.
For some time now, discussions have been taking place on “physical” access control biometrics (digital fingerprint, face and iris recognition, etc.) as a new, safer, user identification system. But the biometrics field offers a whole host of possibilities, including behavioral biometrics.
This type of technology serves to analyze the behavior of users in real time in order to check whether they are themselves, not only on entering their access codes but also throughout the time the entire session lasts while they are logged on to the digital platform.
However strange it may seem, we human beings do not behave alike when interacting with the different devices at our disposal: the keyboard, the mouse, the touchscreen, etc. This behavior can be analyzed separately by using some of the following parameters such as, for example,
In order to analyze this behavior, one or several algorithms are applied that can be processed by using different technologies. In the case of bugFraud, Machine Learning and Deep Learning are our chosen techniques on account of the millions of fragments we analyze in real time every day for our customers.
Another advantage of this type of technology is that it evolves with the user; unlike robots our behavior is not always exactly the same. In this way, biometric analysis adapts accordingly in order to protect the user throughout the whole session.