In the non-stop battle between criminals and the security systems which they attempt to hack, the two parties are driven to develop increasingly complex and advanced solutions in an attempt to thwart the other.
This was evident when IBM recently announced new href="http://www-03.ibm.com/security/trusteer/behavioral-biometrics/" target="_blank">behavioral biometric analysis capabilities in its digital banking fraud prevention technology.
Its Trusteer Pinpoint Detect system incorporates the use of machine learning to help understand how users interact with banking websites, creating gesture models based on patterns of mouse movements that become increasingly more accurate over time.
According to IBM’s X-Force Research, financial services is one of the top three targeted industries for cybercrime. In fact, nearly 20 million financial records were breached in 2015. Cybercrime organizations continue to develop malware and social engineering techniques to target financial websites and customers, typically with the goal of obtaining credentials to take over user accounts.
For example, malware like the GozNym Trojan, recently found by IBM’s X-Force Research team, uses redirection attacks where an unsuspecting customer is hijacked to a fake site where they are made to enter their banking credentials for the hacker to steal.
These fake websites are set up by criminals to look precisely like the bank’s site, including the correct URL and SSL certificate in the address bar. Once the criminal has those credentials, they log in as the user and attempt to move as much money as possible through fraudulent transactions.
The new behavioral biometric analysis features of IBM Trusteer Pinpoint Detect enable real-time risk assessment based on gesture modeling. When users access their online banking site, IBM Trusteer Pinpoint Detect is designed to collect user behavior, detect potential device spoofing, identify access with compromised credentials, and correlates various other device attributes.
With IBM Security Trusteer Pinpoint Detect, banks can then help spot when an unauthorized user is attempting to log into a customer account, help prevent fraudulent transactions, and determine when devices are infected with high-risk malware.
“Given enough time and resources, cybercriminals can defeat passwords and security questions,” said Ravi Srinivasan, Vice President, Strategy, IBM Security.
“Behavioral biometrics is about what the user does, not what the user knows. Trusteer Pinpoint Detect now can now better differentiate real users from fraudsters using gesture models."
IBM intends for customers to start receiving the behavioral biometric and cognitive fraud detection capabilities at no additional charge via system updates as early as December 2016.
Learn more about Trusteer Pinpoint Detect and behavioral biometrics here.