While online banking tends to use two-factor authentication, making logins relatively secure, what happens if you walk away from your device and someone else hops on to wreak havoc with your money? What happens if a remote access trojan hijacks your session?
BioCatch uses clever analysis of how you interact with banking apps to make sure that you’re the same person who logged in. There’s more to biometric security than fingerprint readers and retina scanners; there are all sorts of ways your body can betray your true identity, and these can be used to catch criminals in the act.
From the angle you hold a device at, to the way you browse around an app, BioCatch captures a profile of legitimate users and tracks how the app is used later in a session to make sure it stays consistent. Does the amount of tremor in your hand stay the same? Do the ways you tap and swipe in apps stay the same? If suspicious behavior is detected, you’ll be asked to log in again.
BioCatch promo video
On desktop, behaviour like the way you work with a mouse can help identify you, and the company even has subtle tests to check how you deal with a certain situation; if the pointer disappears, do you wiggle the mouse clockwise or anti-clockwise? Maybe you do something completely different. That behavior becomes part of your profile that can be tested against later.
BioCatch says it’s working with four of the five largest banks in the UK, plus banks in Spain, Italy, Brazil and the USA, with plans to expand further. Its product also has strong use cases in the e-commerce world.
However, don’t expect this kind of technology to replace passwords. CEO Ron Moritz says his technology is less ‘front door lock’ and more ‘in-home motion sensor.’
At the Web Summit in Dublin last week, I met Moritz to hear more about his company’s product. You can listen to the full interview below.