The security issue is an acute concern for every company working with data. Modern tools allow attackers to successfully simulate the activities of a regular user. And protection mechanisms do not always recognize and prevent attempts of unauthorized access. As a result, information leaks, theft of funds from bank accounts, as well as other troubles.
The Spanish company Buguroo , which uses deep training and behavioral biometrics to identify fraudulent activities in the banking sector, has proposed its solution to this problem. She recently received $ 11 million from investors to expand her platform.
Founded in 2010 in Madrid, Buguroo aims to identify fraudsters trying to mimic the behavior of legitimate account holders. Using deep learning algorithms based on neural networks, the company receives information about what a typical session of using a bank account looks like. Using technology to detect and prevent fraud, combining behavioral biometrics, malware detection and device assessment, the platform successfully identifies potential threats from cybercriminals and bots.
Fraudsters can use many methods to bypass authentication processes: as malware for remote access (trojans), forms capture tools, web injections, etc. Representatives of Buguroo claim that their solution is able to detect previously unknown malicious scripts that the end user uses in a mobile application or browser. This means that the platform can adapt to new methods that are not yet blacklisted.
Principle of operation
Buguroo determines when fraud attempts are made by analyzing historical patterns and classifying each subsequent login session based on this data. The platform collects many behavioral patterns. In particular, finger size and pressure on the screen (on devices with a touch screen), typing speed and fluency, mouse movements, gyro position are taken into account. Subsequently, these data are used in the analysis of behavior when an intruder tries to enter the system.
How does it work in practice? Suppose a bank customer typically uses the vertical scroll bar on the side of their browser to navigate, and enters their account information using the side of the keyboard. But then the system notices that in one session the client uses the scroll wheel on his mouse and the horizontal digital bar at the top of the keyboard. Perhaps this is a sign that someone else is trying to access the account.
Using cross-analysis of information from different channels, the system is able to detect anomalies arising from fraudulent activity, which allows you to pre-recognize such attacks.
BugFraud Workspace
Buguroo also deals with fraudulent transactions with new accounts (NAF), that is, when a new bank account or credit card is opened using stolen credentials. It also offers assistance in identifying fraudsters already working in the banking system. For this, the company offers the Fraudster Hunter solution, which is part of its core BugFraud platform. The decision was initially aimed at identifying violators who had already entered the bank. It is important to note that BugFraud is available in various deployment options. Customers can choose a SaaS-based virtual private cloud or on-premises deployment.
By constantly monitoring the activity of users, devices, networks and sessions, Buguroo collects information about scam methods, creating a unique “cyber profile” for each user, a digital DNA built using thousands of parameters related to client’s behavioral biometrics (including smartphone and mouse movements, keystrokes , device profiling, geolocation and malware records), which recognizes with an accuracy of 99.2%. The effectiveness of the solution is confirmed by experts. In 2018 and 2019, the company was recognized as the winner in the Product of the Year Fraud Prevention nomination from the independent CyberSecurity Breakthrough organization.
Winner reward
Market situation
Already, Buguroo protects more than 50 million customers in Europe and Latin America in providing financial services from login to logout. With another 11 million dollars in the bank, he plans to expand his global presence in new regions, including the United States, Britain, France and Germany.
At the same time, Buguroo is not the only company working in the field of tracking behavioral biometrics in banks. Israeli BioCatch , offering similar services, received a $ 30 million investment a year earlier. These numbers show the real demand for this kind of technology.
However, Buguroo assures that its solution is different from others. For example, bugFraud's advanced behavioral biometric algorithms detect deviations in customer behavior in the fastest and most accurate way compared to other solutions offered by competitors. In addition, the company’s solution creates a unique profile for each user and compares it with previous sessions of the same user, while other services compare the profile with a wider cluster of “good” and “bad” behaviors. This is an important difference, since theoretically fraudsters can find out what “good” behavior looks like in terms of registering or entering a banking site. But it is almost impossible for an attacker to know the specific behavioral traits of individual users that they are trying to emulate.
Referring to RSA data, Buguroo indicates that approximately one third of all online banking fraud cases are linked to accounts of allegedly legitimate clients that are actually controlled by fraudsters. The company's decision (Fraudster Hunter) will help identify such profiles, making life difficult for cybercriminals.
What else is useful to read on the Cloud4Y blog
→ Configure top in GNU / Linux
→ Pentesters at the forefront of cybersecurity
→ Startups that can surprise
→ Ecofantasticism to protect the planet
→ Salty solar energy
Subscribe to our Telegram channel so as not to miss another article! We write no more than twice a week and only on business. We also remind you that you can test Cloud4Y cloud solutions for free.