Connect with us
Finance Digest is a leading online platform for finance and business news, providing insights on banking, finance, technology, investing,trading, insurance, fintech, and more. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.




By Iain Swaine, Head of Cyber Strategy EMEA, BioCatch

The chance of becoming a victim of cybercrime increases year after year.  In the first half of 2021 in the UK, criminals stole a total of £753.9 million through fraud, an increase of over a quarter (30 per cent) compared to the first half 2020.

With more sophisticated fraud prevention measures in place criminals increasingly targeting regular people, customers of banks and other financial institutions.  Cybercriminals take advantage of the weakest link in the security chain – people.

People are error prone and make the same mistake multiple times. The inability of financial institutions from preventing us from making mistakes, makes us the weakest link in the chain.  While this form of fraud has been implemented for years, mostly in the form of phishing and vishing (voice phishing), it is growing continually.

Behavioral biometrics-based technology can detect social engineering scam attacks and validate a person’s identification during a banking transaction without the need for further security layers.

Fraud detection in real-time

Real-time fraud, also known as authorised push payment (APP) fraud, is a form of social engineering that can cause considerable financial harm. To establish the necessary authenticity, cybercriminals utilise their victims’ personal data obtained through data breaches on the dark web or captured from social media profiles. The more information available to the perpetrators, the more authentic they can appear.

In doing so, they contact their victims via telephone and pretend to be a representative of a government agency, an employee of the bank or another official organisation. In this way, they can persuade the person called to transfer a certain amount of money to another account. The banks’ security processes can be bypassed because a real account holder triggers the transfer. Multi-factor authentication (MFA) thus offers no protection either.

The fraud is difficult to pinpoint because it is a real user who logs in from a legitimate location and completes the authentication procedure with their own end device. This is because the usual checks – for example, identifying the location, the end device, or the IP – are no longer sufficient. Even out-of-band methods such as authentication with a one-time password (OTP) via SMS can be circumvented.

Cybercriminals who carry out such attacks also usually have a sophisticated script and are familiar with a bank’s security practices and procedures. To make matters worse, cyber criminals use social engineering methods to elicit emotional response from their victim. Criminals will try to extract feelings of sympathy, guilt, or companionship from their victims. They will use a sense of urgency, flattery, an aura of authority or trusting dispositions.  These popular methods elicit feelings such as fear, anxiety, or ease, causing victims to behave hastily or without judgement, resulting in the attacker’s desired outcome.

How can you use Behavioural Biometrics to detect Authorized Push Payment (APP) Fraud?

APP fraud is gaining traction in the UK – victims have lost an estimated £479 million in total, averaging over £7K per victim. However, technologies based on behavioral biometrics can detect this type of fraud; it can be used to verify a person’s identity during the entire banking transactionBioCatch uses data-based insights to distinguish behaviors of “real” and manipulated users.  In collaboration with its customers, BioCatch has developed risk models that can be used to identify a variety of threats, as this collaborative effort is deemed essential in empowering clients and keeping consumers safe. In addition, there are clear behavioral patterns that can distinguish “real” from “fraudulent” activity during an online session and reveal manipulation by a cybercriminal:

  • Unusual duration of the session: the session lasts considerably longer than usual, and the account holder shows noticeable behavior patterns, such as aimless mouse movements. This may indicate that the person is nervous or under pressure while waiting for instructions from a criminal.
  • Segmented keystrokes: If there are interruptions in typing, this may be a sign that the account number is being read aloud by the perpetrator, preventing routine typing.
  • Hesitation: The time required to perform simple, intuitive actions such as confirming an entry increases significantly. 
  • Unusual handling of the terminal device: The orientation of the device changes frequently. This may indicate that the logged-in user repeatedly puts down or picks up his smartphone to accept the criminal’s instructions.

Cybercriminals that use social engineering to defraud enterprises are determined and skilled, regardless of how complex a bank’s systems and controls are. After a successful social engineering fraud, there is usually no way to track down the victim’s money. Therefore, to protect customers from financial loss, it is imperative to detect fraud the moment it occurs. The use of behavioral biometrics can prevent significant losses, while comprehensively protect customers and company assets. It must form the bedrock of any financial institutions anti-fraud protection.


Continue Reading

Why pay for news and opinions when you can get them for free?

       Subscribe for free now!

By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Posts