In today’s digital world, most of us prefer passwords to be as simple as possible in order to remember them easily. Simpler passwords also contribute to less mental friction. Therefore, it’s unsurprising that statistics reveal 1234 and 0000 as the most common and preferred passwords. Given this situation, how difficult would it be for a fraudster to hack the password? In most cases, a few attempts would suffice.
Whenever there is a disruption (such as Covid-19 or even, in simple cases, a pending electricity bill), the sense of urgency may make even the most vigilant to do things that wouldn't normally be overlooked. With the above in context, let us look at two simple cases of prevalent fraud in India and developing nations.
Shoulder Surfing a User With a Simple Password
Satish does most of his transactions via a wallet and has a simple password. Let's say it’s 1111. Someone shoulder surfs the credentials and gains access to the mobile:
Satish may or may not be aware of the transactions; even if he does realise and gets in touch with the bank, the money is lost and it's tough to trace or retrieve it. Bank's fraud engine fails to catch these transactions as they look genuine (originating from the same device, location and similar volumes)
Authorising User to Commit Fraud
Satish, who does most of his transactions online, gets a message that his electricity bill is pending, and if it’s not paid, his connection will be cut. The message also comes with a tiny url for downloading an app to pay bills. Satish panics and hurriedly takes the following steps.
In the next few minutes, multiple transactions occur from Satish’s digital account, and he ends up losing his money. In this case, the transaction device changes quickly and potentially, the location is also different now. The bank's fraud engine might have raised an anomaly, but it fails to stop the transaction as the second-factor authentication (OTP) takes place as expected. The transaction goes through.
Tackling Fraud with Behavioural Biometrics
These frauds earlier used to go undetected, but with today's AI, they can now be detected. When banks implement Behavioural Biometrics, the simple SDK / Java script looks at non-traditional factors of interaction such as the keystroke patterns, mouse movement patterns, device intelligence, pressure patterns, accelerometer, gyroscope and other 100+ device and sensor data. When individually viewed, these data points don't make much sense, but when combined with a series of ML models, they unearth unique patterns that can help banks' fraud engines detect and stop fraud before they happen. Here's more on Behavioural Biometrics
Here’s how the above cases can be handled with the help of behavioural biometrics.
Scenario 1:
The fraudster used the same device from the same location. However, unlike Satish, the fraudster's typing pattern differs from Satish's. These can be the holding pattern, the pressure pattern, the keystroke pattern (typing speed), etc. These patterns, when captured and processed via a series of machine learning models, raise an anomaly. The anomaly score can be fed to the banks’ existing fraud engine as additional rules. The rules engine can take a call / raise a case for the fraud team to analyse.
Scenario 2:
The fraudster, in this case, changed the device, which in turn might have led to a possible change in location. Fraud engines working on these parameters would raise a device anomaly and, to prevent a fraudulent transaction, would initiate an OTP. Unfortunately, since Satish has downloaded the link, the fraudster can access the OTP.
However, with a system like Behavioural Biometrics, the AI would identify a modified typing pattern of the user, which, combined with device and location anomaly, would make a strong case for identity fraud. These transactions can be stopped immediately or given to a fraud analyst for further evaluation.
Key Takeaways
These are the simplest of frauds happening in India and Southeast Asia. Behavioural biometrics is a new-age proactive fraud detection engine that can detect new-age frauds much before it happens. All this without additional friction and being completely passive and always behind the scenes. Being a pure-play software-only solution, it can be implemented with a few lines of client-side code across all digital assets of a bank/fintech or any other digital application.
Behavioural biometrics is a powerful tool that can comprehensively view various behaviours and patterns when integrated with other detection capabilities. To find out more about Bureau’s biometric authentication solution, contact us.
Satish can be saved. For more such scenarios, watch this space.