Ryan Wilk, NuData Security: "Fraud rates continue to rise, and fraudsters are becoming increasingly sophisticated"

NuData Security has been a player in the anti-fraud environment for a while now; how do you differentiate yourselves from the other players in your field?

Rather than relying wholly on traditional, manually-specified and static PII that is constantly being devalued through rampant breaches, NuDetect constantly re-calculates which of the hundreds of detailed behaviours, biometric and data points, are significant to accurately verifying an individual user with a near 100% certainty – in real-time - using machine learning technology.

By connecting hundreds of completely unique biometric behaviours -- such as a user’s typing patterns, scrolling speed or the angle at which they hold their cellphone -- with measurable, unconscious habits (such as, the path users take as they journey through a website), NuDetect is able to create deeper and more robust digital identities than what fraudsters can stitch together from data leaks and stolen data.

NuDetect offers improved fraud capture rates and accurate detection of attacks that are evading detection by traditional tools that solely look at a piece one or maybe two pieces of the puzzle, like device ID, geolocation, static data, velocity checks or even active biometrics (such as retinal scans or fingerprints).

Behavioural signals are processed by the Machine Learning engine and are correlated in real-time (and also across multiple interactions) during that user’s lifetime against various identifiers to determine the legitimacy of the user. Because the machine is self-learning, it continually updates itself to become more powerful and accurate over time and can detect sophisticated emerging threats early.

Also, NuDetect is the only solution that operates in the very beginning of the user registration and authentication process, and follows the user all the way to the transaction, giving our clients the ability to detect changes in user behaviour over time -- alerting to stolen accounts or natural behaviour changes.

You have just won the MRC METAward, in the established catagory, with your new solution NuDetect. Can you tell us what this new service entails and how it is an innovation?

Data breaches are now a fact of life, and are an almost weekly occurrence that continues to supply an illegal market of online data. Fraud rates continue to rise, and fraudsters are becoming increasingly sophisticated. 

NuData Security’s solution, NuDetect, uses a combination of real-time predictive behavioural analytics, passive biometrics (zero user involvement or friction), and a non-PII behavioural network effect across the entire customer base to identify good and bad online users. NuData believes that greater security can be achieved without sacrificing the user experience.

To predict and protect our clients from online fraud, brand damage and financial loss caused by fraudulent or malicious attacks, NuDetect verifies the user behind the device with a high degree of certainty. Certainty that our Fortune 50 companies rely upon.

We are proud to say that NuData Security’s NuDetect solution is used by many of the Fortune 50 companies in the world and is deployed by four of the top 10 e-commerce companies in the world and several leading global banks.
For example, the passive behavioural biometric profiling module has the ability to detect 99% of imposters while maintaining a high user recognition rate of 80%.

From your point of view, what are the biggest threats in the fraud environment, currently?

A major trend that we have been seeing is the massive surge in fraudulent account creation (new account fraud aka NAF). Since February of 2015, we have observed a 100% increase in accounts created for nefarious purposes. Between May – June 2-15, nearly half a billion accounts were flagged as fraud, up 28% from the first quarter of 2015. This increase highlights the growing value fraudsters are seeing in using aged accounts in an effort to circumvent traditional fraud detection systems that place trust in an aged authenticated account.

SIM swap has also been an effective modus operandi for fraudsters all over the world. Any bank relying on SMS as a secure delivery channel for an authentication token is essentially outsourcing their online banking authentication to their local cell operators. Cell operators havent needed to deploy bank grade authentication in the past, which is exactly why the fraudsters are attacking the weakest link in the chain. Banks who have witnessed this type of attack in the past are looking to abandon SMS authentication in preference of more secure and reliable mechanism that doesn’t expose them to the risk of less rigorous third-party authentication processes.

“Smishing”, a twist on the “phishing” scam, is a scam that evolves each time new technology comes along. When banks started offering telephone services, fraudsters would impersonate a bank and call customers with criminal intent. As banks moved to providing online services and apps, fraudsters started emailing customer statements, fake websites popped up and phishing emails started to make the rounds. These SMS smishing scams are taking advantage of the consumer’s push for more mobile-friendly and innovative ways to communicate and interact with their financial institutions. With this specific wave of smishing attacks, hackers fool customers into downloading their malware by posing as a legitimate unrelated app. The malware then takes over a legitimate SMS communication between the customer and their bank -- effectively socially engineering the customer into giving away their PII information and providing access their account.

Fraudsters know that it is generally easier to take over an account by phishing, spear phishing (targeting an individual) or smishing, than to open a new account using a real or stolen credentials, which is why account takeover (ATO) is alarming and, as we’ve been saying, on the rise.

In what direction is NuData Security developing, in light of this? How are you adapting to the new fraud environment?

Organizations no longer have to rely on detecting fraud with Device, IP, Geography and two-factor authentication, which sophisticated fraudsters are finding easier to fool every day. These inflexible methods lead to giving good, trusted customers a negative experience when they are unnecessarily required to submit to two-factor authenticate and/or be rejected outright due to a false positive for fraud, leading to a serious erosion of customer loyalty and or outright customer loss.

NuDetect’s passive behavioral biometric profiling module has the ability to detect 99% of imposters while maintaining a high user recognition rate of 80%.

By harnessing the power of passive biometrics and understanding the behavioural attributes of the user, you can authenticate in ways that create less friction but is more secure. Behavioral biometrics gives you a front row seat as fraudsters try and fail to game the system with stolen data.

More personal data is stolen and sold on the Internet everyday, making it vital for companies to move away from less secure authentication methods that rely on PII towards behaviour-based methods to retain customer trust and defend the safety of the brand.

NuData fights fraud on a large scale with use of several biometrics. What biometrics are currently in the lift? Which biometrics have proven to be the most effective, and which show promise?

Physical biometrics are currently being used by several organisations across many industries. These include fingerprint scanning, retina scanning etc. The other, and more effective, type of biometrics is passive behavioral analytics, also known as passive biometrics.

While encryption and multi-factor-authentication have their place in user authentication, they aren’t generally user-friendly and present significant friction to legitimate transactions. NuDetect makes it possible to invisibly observe subtle signals generated by the user in their interaction with the digital world around them, making it possible to identify the actual human behind the device. NuDetect also has the benefit of being completely invisible to the end user, and to the fraudster trying to circumvent such protections.

About Ryan Wilk

Ryan Wilk is the Director – Customer Success at NuData Security. In his role at NuData, Ryan is responsible for ensuring the success of every NuData customer during the lifetime of the partnership. This includes guiding customers through the implementation process, in addition to managing the post-implementation relationship.

About NuData Security

NuData Security predicts fraudulent transactions by identifying good users from bad, based on their online behaviour. By analysing over 38 billion behaviours annually, NuData harnesses the power of behavioural and biometric analysis to empower its clients to predict fraud and verify the user behind the device. This allows clients to predict fraud before a critical decision, reduce customer insult, and investigate bad actors efficiently. NuDatas product, NuDetect, is trusted by some of the largest e-commerce and banking companies in the world to protect them from threats like automated account creation, manual account takeover and transaction fraud.