Fraud detection in online banking certainly represents a non-trivial task against the perennial problem of increasingly sophisticated fraudulent schemes. Authentication of the user in modern applications is one of the tasks where traditional fraud detection systems fail to provide reliable decisions leaving enough space for fraudsters to come in and commit their activity.
ThreatMark presents a new Digital Identity Sensing Technology – the BACArA sensing system which stands for Biometry-Augmented Continuous Adaptive re-Authentication. Machine learning significantly improves effectiveness of fraud detection while retaining or even boosting the user experience. Details will be presented at the conference SECURITY 2016, held in Prague on 17th February.
Biometry-Augmented Continuous Adaptive re-Authentication (BACArA) backed by solid architecture brings several benefits to digital banking clients
- A seamless client experience – no need for repeated authorization, more transactions, more confidence.
- Non-invasive to the client – nothing needed to install, nothing needed to take care of.
At its core, BACArA includes 3 different parts (models) for comprehensive analysis of user behavior biometrics. Namely, detection and subsequent analysis of users’ mouse movements, keyboard key logging and page navigation profiling. Such kinds of systems already exist on the market. What takes BACArA to a new level of fraud detection analytics is a brand new feature engineering system supported by state-of-the-art machine learning techniques.
For example, for mouse movement decision-making we have engineered up to 70 independent features that can describe each user session (see Fig 1).
Fig 1. Pearson correlation matrix of scaled mouse movement features.
These features allow us to effectively discriminate between users, even using linear methods (see Fig 2).
Fig 2. Linear discriminant analysis (LDA) of mouse movement features from 11 different users (using 4-5 sessions from each user).
In addition to advanced feature engineering, BACArA was designed not to classify by distinguishing between users, but rather by detecting anomalies in their current behaviour compared with their historical activity. Such an approach significantly decreases computational power needed for decision making and increases effectiveness and robustness of the model in general.
Details about logging of keyboard strokes and user page navigation profiling will be presented at the conference SECURITY 2016, held in Prague on 17th February.
Sleep well. We are watching.