illustration of a lock and chain around a computer monitor
As payment technology gets more advanced, both fraudsters and cyber security firms also grow more sophisticated. PHOTO: Blue Coat Photos

Fueled by new payment platforms such as mobile wallets and mobile points of sale (mPOS), digital payments are experiencing high growth and acceptance rates.

For instance, 54 percent of Europeans regularly used a mobile device for payments in 2016, up from 18 percent in 2015, according to Visa.

However, as payment technology gets more advanced, so do fraudsters. Last year, the use of stolen card data in ecommerce, mcommerce and call center fraud increased 40 percent, according to Javelin Strategy and research.

Security Is a Growing Issue

It's no wonder the fraud detection and prevention market is poised to witness 18.2 percent compound annual growth between 2016 and 2021. It will expand from around $14.36 billion last year to $33.19 billion in 2021, according to estimates from Markets and Markets.

Cybertech companies are consistently developing advanced technologies to combat the growing threats.

Juniper research claims ecommerce companies and financial institutions will increase their annual investments in online fraud detection solutions by 30 percent between 2016 and 2020, improving the security of their online, mobile payment and financial systems.

The number of security technology startups in the market is increasing. Here are six to watch.

Entersekt

Entersekt, founded in 2010, provides a push-based authentication technology. Protecting more than 12 million end users and millions of daily transactions, Entersekt offers a two-way, real-time communication channel between financial institutions and customers via the customer’s mobile device.

The technology uses digital certificates on the user’s mobile device to authenticate service providers and the device, independent of the user’s phone number or SIM card.

Users respond to authentication prompts by accepting or rejecting real-time requests for communication via Entersekt’s mobile-powered app. Communications are protected by end-to-end encryption, preventing man-in-the-middle and other common fraud attacks.

Entersekt offers four authentication suites to its customers:

  • Online bank authentication
  • Mobile bank authentication
  • Mobile app authentication
  • Card not present authentication

BehavioSec

BehavioSec analyzes users’ behavioral biometrics, such as touch and mouse motion, keyboard strokes, swipes, and how users hold their devices to create user profiles for authentication.

Users’ dynamic activities are compared to their earlier interactions, providing a continuous, non-intrusive authentication technology.

Based on user behavior and anomalies, each session receives a session ticket and risk score. That data is fed into a risk engine, enabling customers to increase security if necessary. The system identifies changes in devices or IP addresses during a session, presenting fraudulent activity on its dashboard.

With its continuous machine learning technology and real-time feedback, BehavioSec offers an adaptive security approach, which stays up to date with user behaviors and skills, enabling user identification even as behavior changes, securing over 1.5 billion transactions annually.

Case

Case is a digital device which stores and transfers bitcoins securely. The device is small enough to fit in the users’ wallets and is GSM powered so that Internet connections are not required.

Case uses two out of three authentication keys to prevent fraud. The first is a cryptographically secure random number embedded in the device and secured by possession of the device.

The second is the user’s fingerprint, which is stored on Case’s servers and acts as the biometric authentication of a transaction. And the third is an offline vault used only if the Case is lost or stolen.

Case does not store fingerprint images, but rather a geometric template of relative locations of unique fingerprint elements. Those are used to validate the signature scan over the device.

The template and other sensitive user data are protected via encryption and stored on the device itself. Communication between the device and Case’s servers is secured by Transport Layer Security.

Case’s multi-signature, multi-factor architecture, with no single point of failure, is the basis of the highly secure Case wallet, now available in more than 60 countries, with buy/sell and send/receive functionality, via a simple QR code scan and fingerprint authentication swipe.

SayPay Technologies

SayPay Technologies provides a patent-pending, three-factor authentication system. Its biometric voice authentication system uses both speech and speaker recognition, which some find highly convenient, particularly as payments and banking move to small mobile screens.

SayPay transmits a unique code, which is cryptographically calculated from its algorithm, using merchant and transaction data to prevent replication and reuse and man-in-the-middle fraud.

The user simply repeats the code received into the phone, and SayPay verifies the code, the phone, the transaction and the user. Processing is verified within a limited time, after which the token expires. It can be used instead of, or in addition to, other authentication methods, providing an added layer of security to financial institutions, merchants and corporations.

UnifyID

UnifyID uses machine learning and sensor data from multiple devices such as mobile phones, computers, wearables and more, to authenticate users. Its product includes an app which runs on the users’ devices and a cloud service.

The app periodically collects user data from the devices and transmits it to the cloud service. Over 100 attributes, including gait, typing characteristics and GPS location are combined from sensors such as accelerometers, gyroscopes, barometers, and even Wi-Fi and Bluetooth signal telemetries, to create the unique profile of each user.

When taken together, the multiple factors create an authentication system with over a 99.999 percent true rejection rate. As each person has a different build, a different walk, and different routine, UnifyID offers a strong authentication technology, when compared to password or PIN-based alternatives, and even when compared to typical biometric technologies.

Recently out of stealth mode, and unanimously voted RSA Conference 2017’s most innovative startup in February, UnifyID is a company to watch for continuous authentication, and fraud detection and prevention.

ThisIsMe

ThisIsMe has developed a platform to combat online identity fraud. Users upload various documents which are used for proof of identity, verifying their names, physical address and government-issued identification number.

Users can add personal data such as their various phone numbers and internet profiles, to their authenticated accounts. Bank accounts are verified to ensure optimal protection against fraud.

ThisIsMe offers institutions its Identity Assurance via multiple sources, including biometrics, document scanning and analysis, social media account association and mobile authentication.

It authenticates and verifies an individual’s real online identity, enabling the person to transact online with the knowledge that others interacting with them are confident in their online persona. Similarly, they will know that the individual they are meeting with, selling to, buying from and engaging with, is real, as well.

Before connecting with someone, either physically or virtually, users can request verification by entering the party’s mobile number and tapping verify.

The app sends a verification request to that person. When the recipient replies, his or her ID number is checked against a government database, providing assurance the person is correctly identified. Currently in use in South Africa, ThisIsMe plans on expanding globally in 2017.