In dystopian science fiction novels, the powers-that-be know everything. Data from billions of sources gets silently collected, neatly collated and then stored in omnipotent networks.
The New York Times ran a great story Tuesday about present-day software tools designed to do just that. To prevent fraud, banks and retailers are tracking how we type, tap and swipe when interacting with computers.
Science fiction has become reality. They are watching us as we leave our digital fingerprints. And that is a good thing for investors.
You Can Get Passive Fraud
Protection, Just by Being You
It makes sense that banks and retailers would want to do everything in their power to keep customers safe. Nefarious hackers want to rob us of our identity, then our money.
An extra set of eyes on the lookout for bad actors seems like a benefit. So, companies are now systematically building our digital identities based on our everyday gestures. Things like:
• Typing cadence
• Mouse movement
• A preference for the numbers above the keyboard vs. the number pad
• Pressure exerted while tapping or swiping digital buttons on smartphones
• What fingers are used, and more.
It is a field of data science called behavioral biometrics. It is a really big advance that goes miles beyond static metrics like passwords and fingerprints.
That’s because it is frictionless. Users never know the data is being collected or analyzed.
Software working silently in the background serves another purpose …
Fraudsters have found ways to slip past every barrier erected by traditional cyber defenders. They have cracked PINs, passwords and tokens with phishing attacks. They have even spoofed device IDs and geolocation verification with malware.
|RBS uses software to record and analyze your fingerprint, hand movements and the way you hold your device. It’s the first British bank to use biometric security.|
Alisdair Faulkner, a founder at ThreatMetrix, a fraud-detection software company, puts it bluntly:
“Identity is the ultimate digital currency, and it’s being weaponized at an industrial scale.”
Behavioral biometrics works when the bad guys, and their bots, have already penetrated the first line of defense. Then it shuts them down from the inside.
The Royal Bank of Scotland (RBS) flagged a fraudster when the mouse scroll wheel and the number strip above the keyboard were used after a login. When the grifter attempted to make a large transfer out of the account, the process was shut down in real time.
The architecture is every bit as complex as you might expect. Software companies must first build detailed digital profiles for all users within the database, then meticulously run tests in the background against every new login.
It takes a lot of computing might to crunch through the mountains of data. Machine learning has helped.
RBS tapped New York-based BioCatch, a pioneer in the field, to help it build these biometric-based customer profiles.
BioCatch is a U.S./Israeli startup. It was founded in 2011 when a group of neural science, security and machine-learning experts thought they could stand traditional cybersecurity on its head. Avi Turgeman, one of the co-founders, cut his teeth in Israeli military intelligence.
The concept was simple: Since all identity fraud occurs after authentication, why not begin there?
|BioCatch recently closed $30M in funding to help financial institutions detect and shut down threats. With 56 patents granted or pending, it plans to expand into insurance, healthcare, cryptocurrency and more.|
Today, to catch bad actors in real time, BioCatch uses cloud computing, machine-learning algorithms, and some 2,000 metrics it collects from mobile devices.
It is a continuous authentication that changes the calculus of financial transactions.
How to Play the Biometric Security Boom
You won’t find BioCatch trading on a major stock exchange. Not yet, anyway. But that doesn’t mean the opportunity for investors isn’t large.
Behavioral biometrics means declining rates of fraud and materially better profits. American Express (AXP), for example, is an early BioCatch investor. It’s also a client.
However, the public company best-positioned to benefit is Mastercard (MA).
In March 2017, the credit and debit card processing company acquired NuData Security. As a leading behavioral analytics firm, its NuDetect software was analyzing 80 billion online transactions annually. It had become a trusted partner to Amazon Web Services, the largest public cloud computing company.
The NuData transaction was the most significant in what has become Mastercard’s continuous stream of cybersecurity and digital technology investments.
In November 2017, the company named the ex-director of cybersecurity at the Central Intelligence Agency, Jeanne Tisinger, as a senior adviser.
In June, Mastercard filed a patent with the U.S. Patent and Trademark Office to verify payments using blockchain, the distributed ledger system. The goal is to learn everything it can about every customer by collecting and analyzing more data.
In 2017, Mastercard logged $12.5 billion in sales, up 16% year-over-year. Net income was $3.92 billion, despite record investments of $5.1 billion.
Shares have recently pulled back to within pennies of $200. The stock appears buyable at current levels.
Jon D. Markman