Mobile

10/24/2017
01:30 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Samsung SDS America Adds BioCatch Behavioral Biometrics to Nexsign Platform to Enable Secure, Frictionless Mobile Experiences

Groundbreaking Fintech Partnership Addresses Market Demand For Continuous, Strong Identity Assurance Within Mobile Banking and Payment Applications

NEW YORK, NY (October 23, 2017) – BioCatch, the global leader in behavioral biometrics, announced today that it has teamed up with Samsung SDS, a global software solutions and IT services company, to integrate behavioral biometrics into its solution, creating an innovative, more powerful layer of fraud protection that works beyond the initial login process. The strategic partnership was made public during this year’s Money 20/20 conference in Las Vegas, NV.

BioCatch’s unique technology will be integrated into and complement Nexsign, Samsung SDS’s FIDO-certified, enterprise-grade biometric authentication software. The integration will fill the major security loopholes exposed when seamless interfaces of today’s most popular mobile applications don’t require a user to login multiple times to validate their identity.  BioCatch will use risk-based authentication to continuously monitor Samsung SDS’ users by mapping their behavioral patterns after log-in, to better distinguish between an authorized user, and that of an unauthorized user or an automated BOT or malware.

“Innovations in fintech have given ease to day-to-day tasks such as, banking, transactions, withdrawals and money transfers. Today’s leading brands have made managing finances a social and adoptable experience matching today’s digitally savvy consumers,” said Eyal Goldwerger, Chief Executive Officer at BioCatch. “However, given how sophisticated fraudsters are today, the consumer-grade authentication protocols that exist leave open the real possibility of account takeovers. In fact, all the fraud that BioCatch finds today, comes from within authenticated sessions, prompted by malware, social engineering and other sophisticated attacks that circumvent the login method entirely. As a result, security continues to be a major factor holding back the full potential of mobile banking and payments, especially when taking into consideration the equally important demand for a seamless user experience. Through Nexsign and our partnership, Samsung has created the platform that resolves this constant battle.”

Adding BioCatch behavioral biometrics complements the FIDO framework. The technology validates users by who they are via their interactions with an online application, rather than by what they know (e.g., passwords or security questions). At its core, the system analyzes more than 500 different behavioral parameters during a session to determine whether the user is in fact the genuine user and not a human imposter, malware or a bot. Now, once a user logs onto a mobile app, the system will be able to recognize if the session has been hijacked, and will require a step-up authentication, or an additional biometric test in order to complete the transaction. This could require the user to present one or more biometric modalities, such as fingerprint coupled with face or voice, depending on the transaction amount.

“The vision of Nexsign is to make passwords obsolete and give users a way to authenticate themselves safely and securely with biometrics. While physical biometrics provide an excellent way to do this at login, and other points within the app through step-up authentication, behavioral biometrics is the perfect complement to provide continuous authentication inside a session.  The BioCatch technology relies on a broad array of parameters, and is able to detect both human and non-human imposters inside a session that would otherwise be impossible to identify with traditional means. We are excited for this partnership and the combined offering that we can deliver to our customers,” said Richard Lobovsky, VP of Enterprise Solutions at Samsung SDS America.

Companies are relying on ineffective passwords or two-factor authentication by phone call, or text push notification to better validate users and are still being hacked.  The average fraudulent transaction is currently priced at around $130 for mobile transactions and $115 for tablets. Additionally, 55 percent of consumers use the same passwords for online banking, emails and social media accounts making it easier for fraudsters to guess the user’s credentials, bypassing authentication steps and other login defenses. This strategic partnership between two industry leaders will seek to minimize that impact.

 

About BioCatch

BioCatch is a cybersecurity company that delivers behavioral biometrics analyzing human-device interactions to protect users and data. Banks and other enterprises use BioCatch to significantly reduce online fraud and protect against a variety of cyber threats, without compromising the user experience. With an unparalleled patent portfolio and deployments at major banks around the world that cover tens of millions of users to date, BioCatch has established itself as the industry leader. For more information, please visit www.biocatch.com.

 

About Samsung SDS America

Samsung SDS America (SDSA) is the U.S. subsidiary of Samsung SDS, a global IT solutions company. SDSA provides purpose-built technology solutions in the areas of enterprise mobility, security, advanced analytics, mobile sales productivity, and training. We enable our customers in the public sector, finance, retail, and other industries to achieve greater freedom, more operational efficiency, and smarter decision making as the driving force for their competitive advantage. SDSA is headquartered in Ridgefield Park, NJ, with offices in Herndon, VA, and San Jose, CA. For more information on Samsung SDS Nexsign, please email [email protected]

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
Charlie Miller, Senior Vice President, The Santa Fe Group,  5/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11311
PUBLISHED: 2018-05-20
A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.
CVE-2018-11319
PUBLISHED: 2018-05-20
Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root). This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to ...
CVE-2018-11242
PUBLISHED: 2018-05-20
An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files.
CVE-2018-11315
PUBLISHED: 2018-05-20
The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonstrated by a tstat t_heat request that accesses a device purchased in the Spring of 2018, and sets a ho...
CVE-2018-11239
PUBLISHED: 2018-05-19
An integer overflow in the _transfer function of a smart contract implementation for Hexagon (HXG), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets by providing a _to argument in conjunction with a large _value argument, as exploited in the wild in ...