Stop playing whack-a-mole, use Behavioral Biometrics,
Avert any Zero-day Malware or new ATO scam.
With every new day, comes a new malware variant, a new phishing scam or some other zero-day threat vector. Instead of playing whack-a-mole, behavioral biometrics can be used to shift the focus to the user and to detecting any signals – from any threat vector – that may indicate an account takeover attack.
Behavioral biometric technology is a highly accurate authentication technology that can identify users based on their behavior patterns.
It identifies unique, individual characteristics in how people type and interact with their mobile device or computer, instead of other common technologies that identify users based on their physical attributes (fingerprints, facial recognition), what they have (key fobs or phones), or what they know (passwords or out-of-wallet questions).
The fundamental building block of a BionicID™ is behavioral biometrics.
Revelock collects thousands of non-PII parameters starting with behavioral biometrics – how a user handles a device – and layers on behavioral analytics – when from where and what the user accesses as well as which device and network and all the associated data about that device and network that is used to access a protected website or mobile application server.
Revelock takes a unique approach to verify users at every point in the customer journey by continually asking, “are you really you?”.
Other behavioral biometrics companies compare users against a database of known bad, or segments of good actors, trying to answer the question “do you look like a bad or good actor?”. This approach can be effective.
Still, in many cases, it is not granular enough. It does not provide complete coverage – leaving open the possibility that sophisticated bad actors will slip through early on in a new account signup process or at other points in the user journey.
The “do you look like a bad actor?” method of determining legitimate users vs. bad actors does not work in scenarios where insiders – people who have verified identities and are not part of the larger universe of cybercriminals – attempt unauthorized access to bank accounts.
Revelock BionicID™ are based on full user context and built to recognize every single user. They are established quickly and can start answering the question “are you really you?” accurately, in just a couple of interactions.
 |
Revelock’s BionicID™ is a “cyber-DNA” or a digital fingerprint, built using thousands of parameters about the user’s context, based on behavioral biometrics, behavioral analytics and device profiling, network data, geolocation, malware patterns, and other threat intel data. As a result, it recognizes the real person behind each user in as little as two interactions, with a 99.2% accuracy in just milliseconds! |
BionicID™ data collection and analysis is the foundational technology in Revelock’s multi-channel fraud prevention solution. Revelock’s Fraud Detection & Response Platform is unique. It does not just detect anomalies, score risks and raise alerts; it also empowers fraud teams to simply configure the system to handle a number of fraud events automatically.
This Active Defense approach protects users without them even knowing about threats, reduces call center costs of having to respond to confused users, and reduces the burden on fraud analysts.
It frees fraud teams from handling routine alerts and instead uses Revelock Hunter to investigate more complex cases.
With Revelock, analysts can take a Pre-emptive Defense approach, take down bad actors and mule accounts and stop fraud before it happens.
Impersonation Attacks start with stolen credentials, and Revelock Active Defense prevents malware or phishing attacks from stealing user credentials in the first place. Revelock Active Defense also allows banks to determine the appropriate actions to take when malware or phishing attacks are detected on user devices – and immediately, automatically, and silently protect those users as well as alert the bank’s fraud teams.
In today’s post-breach world, stolen credentials are readily available for bad actors to use to impersonate legitimate users. Stolen credential attacks require a different approach to stop since they are executed by credential stuffing bots and manually by humans. These kinds of attacks are detected, and account takeovers are prevented by Revelock BionicID™ analysis.
Manipulation Attacks utilize remote access software, either by fraudulently manipulating legitimate remote access software or having a victim execute a form of malware called a Remote Access Trojan. Either attack is designed to gain control of a victim’s device or, more typically, control a user’s banking session. This attack is easier to execute because it bypasses traditional account security, allowing a bad actor to control a victim’s account temporarily.
Revelock’s Active Defense BionicID™ analysis can detect and defeat both attack types stopping attempted session takeovers – protecting users and notifying the bank. Revelock analyzes thousands of users, network, and system parameters collected during every online interaction or operation to protect users from impersonation and manipulation attacks.
This data is processed in the cloud using hybrid AI models including Deep Learning to create a BionicID™ for all users, legitimate or bad actors at sign-up. From that point, the BionicID™ is continually updated and analyzed at every interaction, and a holistic risk score is calculated for each customer.
Depending on the risk, the system silently allows user access or stops bad actors. The bank has access to risk scores and can configure when to be alerted, and can also automate appropriate action to be taken.
For example, Revelock provides banks with two flexible response paths if an impersonation or manipulation attack is detected. The first is to immediately protect users at the point of attack. The second is to simultaneously:
Stopping fraud before it happens.
BionicIDs™ are most commonly used for anti-fraud or user verification applications but have primarily been used by financial institutions to avert any zero-day malware or new ATO scams.
In online behavioral biometrics in banking applications, BionicID™ analysis can provide effective fraud protection against manipulation or impersonation-based attacks such as Account Takeover (ATO) fraud, as well as malware-based ones such as Remote Access Trojan (RAT).
Besides online banking access, BionicID™ analysis can also be applied to other use cases such as detecting New Account Fraud, Card Not Present, or when 3D Secure verifications are required.
BionicID™ data collection is entirely transparent for end-users, and the data analysis is invisible without requiring users to take any extra steps. Furthermore, it works in the background and provides passive biometric verification to confirm the person behind the online session is always the genuine user.
When a BionicID™ anomaly is detected, it generates the need for additional authentication (multi-factor authentication). Similarly, during a 3D Secure stepped-up verification, users may be required to take additional steps to verify their identity.
Deep learning algorithms continuously evaluate the incoming flood of behavioral biometric data on the financial institution’s side. This evaluation will result in a seamless and secure user experience or, in the case of anomalous activity, trigger an automated response to stop an attack and follow-up alert to notify the bank of the attack and the actions taken to prevent it.
Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.
We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.
Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.
Please click the button below which relates to the issue you’re having.
Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association
Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.
For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.
The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.
Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.
Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.
For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.
