Buguroo is the developer of bugFraud, a comprehensive online fraud prevention solution for banks and retailers. It uses deep learning and behavioural biometrics, alongside device assessment and advanced malware detection, to enable anti-fraud protection at each stage of a customer’s online journey.
Vice President Sales at Buguroo, Tim Ayling, spoke to Retail Banker International about the background of the company and the birth of the bugFraud online fraud prevention solution.
Q: How did the bugFraud solution come about?
Buguroo has been around since 2004, and in that time our offering has included lots of different cybersecurity and fraud prevention services. However, over time we’ve gravitated towards online fraud prevention as the market went in that direction and our clients demand it.
We became a fully specialised provider in online fraud prevention in 2015, so much so that we sold off the other parts of our business to focus on it, and in particular on bugFraud.
From our previous experience, we wanted to bring a new approach to the market. Our approach to online fraud prevention is to look at it more holistically and ask how fraud is achieved. It’s usually done by manipulating and impersonating users. We’ve designed bugFraud specifically to try and prevent those two fundamentals.
Q: How does bugFraud work?
bugFraud creates a so-called ‘bionic identity’ for customers. Studying thousands of behavioural biometrics parameters, such as the rhythm and cadence with which the user types, how they typically move the mouse, and the angle at which they hold their phone, is central to that, but we also look at the risks associated with your devices and the networks you’re on and the combination of thousands of other parameters.
We also examine user-specific behaviours to uncover fraud, such as whether a journey taken through a particular site would be considered normal for that user. We’d look at anomalies, such as a user progressing through the site so fast that it couldn´t possibly be a human, or why a user was in Madrid one minute and London the next, for example.
A huge advantage of using behavioural biometrics for authentication is that the patterns of behaviour that make up these profiles cannot be stolen, duplicated or reused. In fact, the very act of attempting to re-create someone’s behaviour patterns would be recognised as suspicious when compared to their typical profile.
Q: What is the solution’s key attributes?
The core aspect of bugFraud is this concept of a bionic identity. We look at multiple factors around behaviour biometrics, device behaviour and user networks, to create unique cyber profiles for every single consumer. Then we look for changes, behaviour differences, and any other suspicious activities for continuous authentication.
In terms of detecting fraud in real time, there are two elements. The first is around malware detection. bugFraud is very good at spotting zero-day malware. It takes a baseline of your site and mobile app, and looks for content changes. If we spot something suspicious, rather than give customers false positives we manually check it for them. So, we’re strong at reducing false positives.
The other key attribute of the bugFraud solution is the link analysis tool, Fraudster Hunter, which allows us to do post-fraud analysis. While we focus on fraud prevention in real time, this tool also helps us spot fraud patterns for customers, and identify compromised accounts before fraud occurs. This puts bugFraud ahead of the curve. Many of our competitors are looking to stop fraud at the point it occurs, by which time it can be too late.
Q: Who stands to benefit most from using bugFraud?
We think that everyone will benefit from using it. But, in terms of which people at banks or retailers will find bugFraud most interesting and useful, it’s those on the online fraud prevention and cyber security teams.
The guys running the digital banking side – those with responsibility to drive customers to the bank’s site and their personal banking portals – they really like what we do, because it’s a security that’s completely invisible to consumer. It doesn’t impact the user experience.
The industry calls it ‘frictionless’, meaning that the security we’re doing is completely hidden. The consumer has no idea they’re being ‘cyber profiled’. They have no idea we’re looking for their normal behaviour, or biometric patterns. And so digital banking people really like it because they want frictionless, user friendly experiences, and thanks to bugFraud they are able to reduce security challenges as bugFraud is an element of Strong Customer Authentication.
Another important point is that bugFraud does not store any personally identifiable information (PII), and is therefore compliant with all privacy regulations.
Q: What are Buguroo’s values, and what gets you excited about working with your customers?
We are living in the era of banking industry digitalisation, but with digitalisation comes more risk exposure. The result has been a cat-and-mouse game over the past two decades in which banking fraud teams are usually playing catch-up. Every time an innovative new approach is pioneered, the bad guys switch tactics to outwit it.
Everything we do, and every euro we spend, is focused on a holistic approach to fraud prevention. We want to be one step ahead of fraud. We’re not selling a particular solution that will become obsolete in two years’ time.
I get excited when our customers see what is actually possible by using our tools and techniques. In many cases, they’ve not seen anything like it before. Behaviour biometrics is a really cool technology, and when customers try it for themselves, you can almost see them having a ‘wow’ moment.
Other fraud prevention solutions will simply tell customers when they spot a known threat. With bugFraud, regardless of the type of attack or threat you’re facing, we’re able to actually react to that risk and respond by identifying the user and guaranteeing they are who they claim to be.
If we know there’s malware, for example, we can get rid of it without it going back to our customer. Likewise, if we spot a phishing attack, we can re-direct its victims back to our customer’s site. These kinds of capabilities aren’t normal in our industry, and that’s exactly why they’re the kinds of innovations that excite me every day.