The introduction of multi-factor authentication using behavioural verification is an official recommendation of the National Bank of Poland for all financial institutions.
We are Digital Fingerprints – a Polish company that specialises in creating solutions in the area of cyber security using behavioural verification technology. The standard model of logins and passwords currently does not pose any challenge to hackers, and the most popular MFA systems (such as SMS tokens) do not guarantee full security either. Today, something more is needed – solutions that can verify WHO and HOW is using a given device or account.
Behavioral Verification
A continuous authentication process that detects if an unauthorized person is using a given account
Device Fingerprinting
Trusted Device Manager that analyses every device connected to the system
PureSecure
an innovative solution which provides all 3 components of MFA already at logon without affecting the UX
Mobile behavioural verification
behavioural verification mechanisms implemented on mobile devices
Do you want your accounts, your employees’ accounts and your customers to stay secure? Do you want to invest in technology that will effectively protect all your company’s resources from cybercriminals’ attacks? This is how behavioural verification and related solutions developed by Digital Fingerprints work.
Behavioural verification is a technology that analyses the way you type on a keyboard – including how fast and how hard you press the keys. No two people in the world type in exactly the same way, so it’s a unique feature which can be used in the authentication process. In the traditional way of writing with a pen, everyone has an unmistakable handwriting character, often differing in small details from another – but still unique. The same is true when using a stationary or touch keyboard, what behavioural verification systems analyse.
Behavioural verification is a solution classified as MFA (multi-factor authentication) and 2FA (second factor authentication). Its use is compliant with RODO guidelines, as all acquired data is anonymised. Our solution is also in line with the AML (Anti-Money Laundering and Countering the Financing of Terrorism) Act, as online shop owners are required to identify and verify the identity of their customers.
The implementation of behavioural verification should be considered by all companies that care about protecting internal resources or customer data. Due to increasing cybercrime, it is recommended to use the so-called Zero Trust Model, which involves treating every user as a potential threat. And that’s what behavioural verification does – but what’s worth adding is that it runs in the background, so it doesn’t affect the UX at all.
An unpleasant , but unfortunately possible scenario – a cybercriminal steals a company’s bank account login details. Thanks to a duplicate SIM card, he also has access to authentication SMS codes that come to the company phone. What’s to stop him from stealing money from the account if he has all the information and resources to do so?
Behavioural verification – its mechanisms are what will stop a hacker. It works based on behavioural models created using machine learning. Each user has a unique way of pressing buttons on the keyboard, moving the mouse or using a mobile device thanks to readings from the touch screen and sensors (such as accelerometer or gyroscope). The mechanisms that create behavioural biometrics can detect even the slightest changes in user behaviour. If these are inconsistent with the model, the system will block access to the account. Login, password and SMS code match, but the user currently using the account is not its owner.
Behavioural verification is a solution that analyses the user’s behaviour while using a given device in real time. Using advanced mathematical calculations, the system transforms the collected data into more than 80 features that allow artificial intelligence to determine a standard model of user behaviour.
Digital Fingerprints’ core business is identity verification, but growing demand and new customer requests have us tailoring new solutions. PureSecure uses similar mechanisms to behavioural verification, but focuses only on the moment of logging in.
Device Fingerprinting, on the other hand, analyses all device components in a given network, and MobileSecure is the mobile version of behavioural verification – as our lives are moving more and more to smartphone screens, we also care about the security of their users.
Companies are increasingly using the Zero Trust model in the context of their cyber security policy – this involves not trusting all users, who need to be constantly vetted. This is made possible by our solutions, which at the same time operate in the background and therefore have no negative impact on the UX. Thus, they allow for full protection against potential dangers, but in a way that is not intrusive for the recipient.
We also protect against popular methods used by hackers such as:
Man-in-the-Middle
Internet of Things (IoT) attacks
Attacks using bots
Brute force
Exploits
Taking advantage of data leaks
DDoS attacks
Phishing
Account takeovers on social networks, email or other services.
Access data can be intercepted, SIM cards duplicated. But faking a user’s unique behaviour is virtually impossible. This is why we believe that our solutions based on machine learning and continuous authentication mechanisms are the future of cyber security. This is confirmed, among other things, by the trend of “passwordless authentication” – which is a set of authentication methods that allow a user to gain access to an application or IT system without entering a password or answering security questions. In the case of behavioural verification, a person claiming to be the account owner can be asked to type in a few random words so that an algorithm can compare their typing style with an assigned behavioural model.
Digital Fingerprints S.A. ul. Gliwicka 2, 40-079 Katowice. KRS: 0000543443, Sąd Rejonowy Katowice-Wschód, VIII Wydział Gospodarczy, Kapitał zakładowy: 4 528 828,76 zł – opłacony w całości, NIP: 525-260-93-29
Biuro Informacji Kredytowej S.A., ul. Zygmunta Modzelewskiego 77a, 02-679 Warszawa. Numer KRS: 0000110015, Sąd Rejonowy m.st. Warszawy, XIII Wydział Gospodarczy, kapitał zakładowy 15.550.000 zł opłacony w całości, NIP: 951-177-86-33, REGON: 012845863.
Biuro Informacji Gospodarczej InfoMonitor S.A., ul. Zygmunta Modzelewskiego 77a, 02-679 Warszawa. Numer KRS: 0000201192, Sąd Rejonowy m.st. Warszawy, XIII Wydział Gospodarczy, kapitał zakładowy 7.105.000 zł opłacony w całości, NIP: 526-274-43-07, REGON: 015625240.