I-Corps: Behavioral Biometrics for Preventing and Detecting Digital Frauds

The broader impact/commercial potential of this I-Corps project empowers eCommerce owners, digital bankers, and healthcare service providers alike with a behavioral biometrics-based solution and service to more effectively prevent and detect fraudulent activities after account takeovers. The demand for online fraud detection is strong due to the continuing growth of eCommerce, banking, and healthcare, and the rising of account takeovers and related fraud.

Moreover, industrialized fraudsters can weaponize a vulnerability in matters of minutes once a breach is exploited, and exponentially scale it to cause high financial loss for organizations and more importantly, undermine their credibility and reputation. Unfortunately, currently organizations rely on dedicated fraud detection teams to perform manual reviews to handle fraudulent cases, which is both time consuming and costly; they also rely on simplified, rules-based approaches for fraud detection, which unfortunately result in a high number of false positives and ultimately hurt customer experience and retention.

Leveraging behavioral biometrics collected unobtrusively when a user conducts online business, the proposed innovation will provide additional user authentication and thus help businesses prevent and detect more fraudulent activities in a more reliable and effective fashion.

This I-Corps project seeks to perform customer discovery of business entities such as eCommerce owners, digital bankers, and healthcare service providers, to identify the most valuable product parameters before formulating the proposed innovation into a market-ready product. A common problem is that these businesses are all obligated to safeguard user data and online transactions but are plagued by the continuous stream of account takeover attacks on their IT systems and the ensuing financial fraud.

The proposed innovation produces a software solution and service that provides additional capability of user authentication to help businesses to significantly reduce such fraud despite of account takeovers. This innovation distinguishes between users by leveraging behavioral biometrics that unobtrusively capture a user's unique computing behavior, such as how they type on keyboards or how they move the mouse.

The proposed software product packages state-of-the-art authentication algorithms so that existing business applications can access them via API calls. In addition, the end user is provided with full control over their own biometric data for privacy protection. The technological implementation of the proposed approach uses JavaScript in the web browsers and integrates with legacy applications at the server end.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.