UK bank NatWest has chosen behavioural biometrics firm BioCatch to help secure its online banking. BioCatch has been deployed at NatWest subsidiary Coutts since the start of 2016. The bank has now decided to go with a larger roll-out across the business.
The decision to go with BioCatch will come as a blow to IBM who has been a long-term security partner to NatWest. It currently provides its Trusteer Rapport to NatWest customers free of charge and has its own behavioural biometric solution. It will be interesting to see how IBM responds to this lost business.
According to Simon McNamara, Chief Administrative Officer of NatWest: “The technology that we’ve been able to deploy with the help of BioCatch has played a crucial role in strengthening our security systems. The breadth of behavioural biometrics that BioCatch technology can monitor is really impressive and we’ve already seen many examples of it alerting us to suspicious activity and protecting our customers from fraud.”
What does BioCatch do?
BioCatch monitors up to 500 different points of interaction between the user and the website. It looks at things such as how the user navigates the site and the way they scroll through pages. On mobile devices it looks at things such as finger movements and the pressure they use when tapping on the device.
The data is categorised into three different layers of security:
- Cognitive traits typical of eye-hand coordination, applicative behavior patterns, usage preferences, device interaction patterns, and responsiveness to Invisible Cognitive Challenges
- Physiological factors include left/right handedness, press-size, hand tremor, arm size, and muscle usage.
- Contextual factors like device ID, network, geolocation, transaction and navigation behaviors.
All of these build into a single unique profile of the user making it hard for a hacker to emulate. Replaying a user session will not recreate the physiological factors for example.
According to the press release BioCatch has already managed to stop a number of attacks against NatWest customers. These include:
- Fraudulent attempts to transfer funds
- Identification of remote access Trojans during an online session
- Identifying fraud attempts across online and mobile sessions
A blow to IBM
Last month, IBM announced a new set of updates for its Trusteer security product called Trusteer Pinpoint Detect. As with the BioCatch product these updates are designed to create a behavioural profile of the user. They come from research that IBM has carried out at the IBM Cyber Security Center of Excellence in Israel. However it seems that this update came too late for NatWest.
The success of the BioCatch solution inside NatWest will have played a major role in the decision to adopt it over long-term security partner IBM. It will be interesting to see if NatWest now looks to integrate BioCatch and the IBM Trusteer solution. One of the challenges of having security solutions from multiple providers is integrating them seamlessly. Any gaps will be quickly exploited by cyber criminals.
This is a big win for BioCatch and shows how competitive the cyber security market is becoming. With this type of high profile win it will be interesting to see how long they are able to stay independent. There will certainly be a lot of security companies suddenly paying a lot of attention to them. Many of those companies have deep pockets and are willing to buy in technology to bolster market share.
For now, NatWest customers can be happy that the bank is moving to improve its cyber security offering.