As credit card chips drive fraud online, behavioral biometics become latest line of defense

Initially intended to cut down on credit card fraud, the EMV chip-and-signature switch for credit cards in the U.S. has had an unintended consequence: It has driven scammers to the web, where they are thriving on lax security and poor user habits.

Akin to a predator in the wild, like a shark sensing a drop of blood in the ocean, fraudsters will frequently prey on weak and easy targets to make a quick buck. As roadblocks are put in place, they will look elsewhere for the path of least resistance.

Since credit card companies began pushing chip-and-signature secure transactions in late 2015, fraud with physical cards has become more difficult. And yet identity fraud is on the rise in the U.S., as ripoff artists develop new and easy ways to commit fraud.

In particular, scammers are using the internet to apply for fraudulent credit cards under stolen identities as well as synthetic identities. Stopping those illegal efforts is where BioCatch comes in.

Post-EMV switch, new application fraud on the web is “going through the roof,” BioCatch Vice President Frances Zelazny said on the latest episode of the State of Identity podcast. Her company uses what it calls “behavioral biometrics” to detect and prevent fraud.

“We’re looking at a variety of things that have to do with the way that a person is engaging with an online application, as opposed to just knowing the information itself,” Zelazny explained.

In particular, BioCatch’s technology is based on three key factors: application fluency, navigational fluency, and data familiarity.

“Time is money” for professional fraudsters, Zelazny said. That’s why they tend to know online application processes very, very well.

Application fluency determines how well a fraudster knows the online form. A regular user simply wouldn’t navigate through it as quickly, because they are unfamiliar.

It’s a similar strategy with navigational fluency: A scammer will know certain shortcuts to expedite the process that a legitimate customer wouldn’t know or use.

Finally, with data familiarity, fraudsters will enter information in a way that’s very different from a regular person. BioCatch’s technology can help determine when a mistyped name is the result of a “fat finger,” vs. a blatant misspelling that may come from stolen information.

For more, subscribe to the State of Identity podcast, and stay tuned for new episodes published every week.