The capital markets are replete with talk of artificial intelligence, machine learning, etc.
So, what’s next?
Behavioral biometrics.
What is behavioral biometrics and what is it used for?
Science fiction writer Arthur C. Clarke said that any sufficiently advanced technology is indistinguishable from magic. And you have to suspend disbelief for just a few minutes when it comes to behavioral biometrics.
Behavioral Biometrics is a digital identity technology that is based on the fact that we all have unconscious personal preferences and habits in life – the way we walk, the way we talk, comb our hair and so forth. For example, if I asked you to cross your arms, you would do it the same way every time. If I then asked you to do it the opposite way, it would feel very awkward, very abnormal. Because you have a preference when it comes to how you cross your arms, something you may not have even realized.
In the same way, BioCatch Chief Executive Officer Howard Edelstein explained everyone has preferences that uniquely identify them when they interact with technology, be it their computer, mouse, keyboard or phone. The speed of their typing is one example. Their use of the scroll bar as opposed to the arrow keys is another. The firm is able to identify and measure around 2,000 of these preferences in total. In speaking with Traders Magazine editor John D’Antona Jr., Edelstein explained that these are signals within the noise. Every individual has many behavioral traits that, when found in combination, point very strongly to them. In a conversation, Edelstein explained how these preferences are used to create behavioral profiles that allow the firm to identify someone online and prevent fraud.
TRADERS MAGAZINE: How is what BioCatch does different from traditional authentication solutions?
Howard Edelstein: Usernames and passwords are very 1990’s and today are freely available for sale on the Internet, so they have outlived their usefulness as a security methodology. In fact, they were never actually designed or intended for security. They were invented by an MIT researcher named Fernando Corbato as an accounting mechanism to allocate the costs of running the hugely expensive mainframe computer systems of the 1960s.
Two-factor authentication has lately been embraced as a password-only alternative, but this has also proven to be weak, because fraudsters have found ways to circumvent the process. 2FA also comes with an enormous amount of so-called friction, or inconvenience, for the user.
Meanwhile behavioral biometrics is frictionless and invisible. It operates in the background, monitoring online sessions, seamlessly and transparently. It compares what you do online with a personalized model of your past behavior and to our existing data set of 90 million behavioral profiles. And if it turns out your online behavior does not match your existing profile, or matches the typical profile of a fraudster, we send an alert in real time to your bank.
TM: We hear so much today about AI. What role, if any, does AI play in the BioCatch solution?
Edelstein: Artificial Intelligence is actually a very important component of what we do at BioCatch. If it weren’t for AI and more specifically machine learning, we couldn’t do any of the things that we do. Machine learning can take thousands of behavioral data points, chew them up in real time, and provide a risk profile and associated score – a probability that the user is who they claim to be. Machine learning also allows us to learn from new types of fraud cases as they happen and fine-tune our behavioral model.
TM: What is a typical use case?
Edelstein: The typical use case for a financial institution is what we call account takeover. This most often happens remotely but it can also occur physically as well when people leave their computers unattended. If you logged into your bank account and had a friend sit down at your machine, within five seconds the bank would know that it’s no longer you operating the computer based on your friend’s online behavior alone, even though you initiated the session. That’s the beauty of monitoring behavior and what separates it from a static biometric mechanism like a fingerprint. Behavior monitoring is dynamic – it is monitoring the operator of the device throughout an entire online session, protecting you and your assets, and it is frictionless fast, and friendly to the user.
TM: Can you tell us who some of BioCatch’s major customers are?
Edelstein: Willie Sutton, the legendary bank robber, once said he robbed banks because that’s where the money is. Fraudsters are drawn to banks and other financial institutions for the same reason. So we serve financial institutions of all sizes including many large global banks, credit card issuers, and so forth. In the U.K. for example, pretty much all of the top banks are BioCatch clients. Royal Bank of Scotland in particular has spoken quite a bit publicly about how they use BioCatch technology, in order to show that they are a forward-thinking industry leader that uses the latest technology available to fully protect their clients and their clients’ assets.
In the U.S., we also have some of the top universal banks and major credit card companies such as American Express as BioCatch clients. Also, Principal Financial, a leading retirement services provider and asset manager. But most of our clients prefer to remain anonymous and stealthy, just like the technology. It is after all colorless, odorless and invisible. Most clients prefer to keep it that way.
TM: What is the typical ROI on the BioCatch service?
Edelstein: The return on investment for most financial institutions is very significant. The technology pays for itself in as little as 1-3 months and total return, we’ve been told by clients, can be as high as 10 to 15 times over. So It Is not really a budget issue per se; it not only pays for itself in fraud and cost reduction but it increases customer service quality without increasing costs.
TM: What kind of role can behavioral profiling play in the capital markets arena?’
Edelstein: Behavioral biometrics ensures that a customer is who they say they are, rather than an imposter who has taken over that customer’s account. These checks will, of course, prevent problems at the point of account origination but they are dynamic and continuous too, so there is an operational risk management benefit for capital markets to be gained. When deployed later on to vet account users, behavioral biometrics protects against potential market manipulation through the generation of fraudulent orders, spoofing and so forth. It also protects the customer from having assets siphoned from their account. Establishing proper digital identification, therefore, is not only beneficial as an initial checkpoint but could potentially help reduce the significant strain on the market when customer orders need to be unwound.
TM: How do you foresee behavioral biometrics augmenting future capital markets applications—for instance, to enhance trade monitoring or fraud detection?
Edelstein: While still relatively young, behavioral biometrics will eventually become a new and powerful source of alternative data that has deeper applications in an investment banking and asset management context. For now, the primary application lies in vetting users, but as the technology matures there is ample reason to think that it could be applied—and indeed overlaid with other compliance-generated data and analytics—to help more accurately detect and investigate rogue trading, or other even complex, nefarious schemes we have seen hit financial services hard in recent years. Knowing who a user is and how they tend to behave is a crucial first step to understanding the moves they are making in real time, and in the future biometrics may serve to further enable these kinds of important (though also typically reactive) monitoring processes.