What is our primary use case?
The solution is primarily used for the account opening fraud journeys in retail banking and it's for the client account side. The use case was for catching any account opening fraud as the client, a bank, was losing a large amount of money previously. They had been opening accounts and suffered from a lot of financial crime. The bank wanted to catch bad behavior from potentially shady customers. Specifically, the solution was used to catch the fraudulent behavior of all kinds.
How has it helped my organization?
When I working with the solution, the tool was being implemented, and therefore, there were no stats readily available to prove the business benefit. That said, so far, other implementations in BioCatch supply a lot of business benefits at the financial institutions or the other institutions. They've typically been able to effectively reduce fraud. I don't have any score numbers on the top of my head, however, anecdotally, it's been quite effective.
What is most valuable?
One thing the customer behavior tracks is keyboard strokes and the specific shares along to go around with the BT level to catch the users of the function key and other special characters. It can track mouse movements as well as the actual oriental moments of such as the movement of devices, how they are held, and the angles which at they are held. All these are captured for customers and a behavioral profile is built for the customer over a period of time. This would be matched against any fraudulent behavior. If, for example, suddenly a customer account seems to be accessed by our profile, which is not one particular customer account, if the movements or habits are suspect, we can catch the fraud and shut it down.
The behavioral biometrics are the core of the solution. All the moments I've just spoken about, are valuable each of those movements is assigned a score and there is a range of the score, which can be fine-tuned to make a decision to say, if the score is out of a certain range, then it could be a fraud and the total sum of all these behavioral moments will come up with a decision making score and that is fed into another fraud mitigation tool within the banks. Typically, the information is sent to ARIC, which is the decision-making unit, and it will decide whether or not to allow this particular transaction or the account opening application to go through.
What needs improvement?
BioCatch is one of the fraud detection tools which also has machine learning capabilities and it has what is called a machine learning model feature. It is run in the background. The consequence of those machine models is it is complex to perform data functions and the activity and programming techniques. The decision-making for determining what's happening within those models is a little bit complex and not at all transparent. It's not easy for businesses to understand how the model is using the data of the bank customers in order to come to the assumption it does.
All of these things are background technologies and the business may not understand what's happening in the background. The customer will never know what tools are being used to monitor the fraud at all, however, the business manager should certainly be interested in knowing how this model is working. People in banks are very particular when it comes to approving these models, as they have to be accountable to the regulators on the other side. They need to understand and explain what customer data is being consumed, why it's being consumed and if it's consumption is endangering any privacy rights. There needs to be clarity in terms of how much anonymization of the data happens before BioCatch comes in.
I might have a gap in knowledge, and the solution may have been updated since I used it in December of last year.
For how long have I used the solution?
I've been using the solution for a while. It's been since at least mid-2019.
What do I think about the stability of the solution?
The solution is quite reliable. It's never let us down and we haven't had any issues using it. As embedded code, it's not something that crashes or freezes. It is stable. It just quietly runs in the background and keeps monitoring the momentum.
What do I think about the scalability of the solution?
The tool does not manifest itself in any of the front end or to the customer, the operational users, as such. The code is embedded in the handheld devices in some app. It is not as if there are a set number of users using any application. The business operations, for example, won't use it. They just come to know when an application has been rejected. Likewise, the customer will also not know that they are being monitored in terms of fraud. As such, when you think of how many people are using it, it's not the same as comparing it to the Microsoft Office or MS Word being used in a company. It's not comparable.
It is scalable, certainly as it's just a matter of embedding the code in more customer journeys. Each of the client's actions (from setting up accounts to making transfers to deposits, etc.) are the points where the code in one of these points can be embedded and the behavior of the customers can be monitored. Likewise, apart from retail banking, it can be done for insurance, it can be done for other financial items, and the use of other websites )like Netflix), those actions also can have biometrics embedded, just to be sure that the usage is from a generic customer. Therefore it's scalable in that it can also be applicable to different aspects or actions.
It's my understanding that the company does plan to increase usage in the future.
How are customer service and technical support?
Technical support was always very good. They would always only be on our front line. They were very helpful in providing feedback and giving an oral report regarding issues. They have an extensive language for the IRD installations and for self-help, etc. There's a very good sense of help even in cases regarding big volumes of data.
Which solution did I use previously and why did I switch?
I have worked in other banks, and have used ThreatMetrix as well, which is a device profiling tool, similar in BioCatch. The difference is it profiles the devices rather than the behavior of the person. It may profile the handheld devices or the devices from where the customer is accessing the bank application.
How was the initial setup?
The initial setup is straight forward in terms of sponsoring the initial set of rules and the wanted behavior record. The complexity comes on the side of the development of the models. BioCatch does not expose these models to its customers. It tells the banks to limit data or to create the bridges between the bank's data stores and BioCatch itself. They will consume the data, and they'll consider the model on their side and then they'll all put a stock score and send it back to the bank's IT systems. The models are not exposed to the customer.
What about the implementation team?
Every bank has its own tech team and they have the data science team and a model growing team which will actually be the governing body for all the models. There's a team detailed in the bank which is better for deployment.
What's my experience with pricing, setup cost, and licensing?
I wasn't part of the negotiating team when it came to dealing with pricing. It's my understanding that what is generally negotiated is terms that specify the number of calls per month or year. These would typically be in the per millions as the company was quite sizable.
What other advice do I have?
The solution is AWS-based and the installations are managed by BioCatch themselves. The solution supplies what is called an SDK for integration into the mobile journeys on the mobile phone apps, or handheld devices and closer supplies and can be integrated into the web pages of the account opening application forms of the bank. Once the customer starts hitting those points for inputting them, BioCatch can alert you.
I would recommend the solution. It's certainly an up-and-coming option that has worked well for us.
I would just warn that the implementation is quite complex and something to be aware of. That said, it's very effective in reducing fraud once it's set up.
Overall, I'd rate it eight out of ten.
I'd rate it higher if it had more integration on the IT, model scaling, and data usage side of things. They do need to practice better transparancy.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)