IBM Security Adds Cognitive Behavioral Biometrics to Help Protect Banking Customers from Cybercrime
October 27, 2016 No CommentsSOURCE: IBM
ARMONK, NY — October 27, 2016 — IBM (NYSE: IBM) today announced new behavioral biometric analysis capabilities in its digital banking fraud prevention technology, IBM Security Trusteer Pinpoint Detect, usingpatented analytics and machine learning for real-time cognitive fraud detection. The new behavioral biometric capabilities incorporate the use of machine learning to help understand how users interact with banking websites, creating gesture models based on patterns of mouse movements that become increasingly more accurate over time.
Through cognitive analysis of the gesture models, IBM Security Trusteer Pinpoint Detect can help determine when unauthorized users try to take over a bank account using stolen credentials by detecting anomalies from the real customer’s interaction with a banking website. The technology understands the context and meaning of subtle mouse movements and clicks, and uses this information to develop increasingly more accurate gesture models through machine learning.
According to IBM’s X-Force Research, financial services is one of the top three targeted industries for cybercrime.1 In fact, nearly 20 million financial records were breached in 2015.2 Cybercrime organizations continue to develop malware and social engineering techniques to target financial websites and customers, typically with the goal of obtaining credentials to take over user accounts.
For example, malware like the GozNym Trojan, recently found by IBM’s X-Force Research team, uses redirection attacks where an unsuspecting customer is hijacked to a fake site where they are made to enter their banking credentials for the hacker to steal. These fake websites are set up by criminals to look precisely like the bank’s site, including the correct URL and SSL certificate in the address bar. Once the criminal has those credentials, they log in as the user and attempt to move as much money as possible through fraudulent transactions.
With IBM Security Trusteer Pinpoint Detect, banks can help spot when an unauthorized user is attempting to log into a customer account, help prevent fraudulent transactions, and determine when devices are infected with high-risk malware. Using technology developed in partnership with the IBM Cyber Security Center of Excellence at Ben-Gurion University, Israel, IBM Security Trusteer Pinpoint Detect is designed to seamlessly build gesture models in real-time and analyze these behavioral biometric patterns against learned user behavior and known fraud patterns. At the same time, it gathers threat intelligence and adapts protection automatically, providing financial institutions with customizable levels of response.
The new behavioral biometric analysis features of IBM Security Trusteer Pinpoint Detect enable real-time risk assessment based on gesture modeling. When users access their online banking site, IBM Security Trusteer Pinpoint Detect is designed to collect user behavior, detect potential device spoofing, identify access with compromised credentials, and correlates various other device attributes. Through the addition of cognitive fraud detection, IBM Security Trusteer Pinpoint Detect is designed to also provide real-time evaluation of behavioral biometric indicators – with no additional costs, entitlements, or implementation requirements.
“Given enough time and resources, cybercriminals can defeat passwords and security questions,” said Ravi Srinivasan, Vice President, Strategy, IBM Security. “Behavioral biometrics is about what the user does, not what the user knows. IBM Security Trusteer Pinpoint Detect now can now better differentiate real users from fraudsters using gesture models, giving banks and other organizations the power to protect the interests of their customers, and ultimately determine the sources of financial fraud.”
IBM Security Trusteer Pinpoint Detect protects hundreds of global financial institutions and banking websites against account takeover and fraudulent transactions and helps detect end user machines infected with high risk malware. IBM intends for customers to start receiving the behavioral biometric and cognitive fraud detection capabilities at no additional charge via system updates as early as December 2016. Learn more about IBM Security Trusteer Pinpoint Detect and behavioral biometrics here.
About IBM Security
IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM X-Force® research, enables organizations to effectively manage risk and defend against emerging threats. IBM operates one of the world’s broadest security research, development and delivery organizations, monitors 35 billion security events per day in more than 130 countries, and holds more than 3,000 security patents. For more information, please visit www.ibm.com/security, follow @IBMSecurity on Twitter or visit the IBM Security Intelligence blog.
1 IBM Cyber Security Intelligence Index, 2016
2 IBM X-Force Interactive Security Incidents