Cybercrime generated at least $1.5 trillion in profits in 2018, and over 4.1 billion records were exposed via data breaches in 2019. While cybercrime does not discriminate, as over 300,000 complaints are received each year by the FBI Internet Crime Complaint Center alone, certain sectors are more vulnerable to the attacks.
In 2018, more than 25 percent of malware attacks—the most expensive cybercrimes to deal with as an organisation, at an average cost of over $2.6 million each—targeted banks and financial services.
Based in Madrid, cybersecurity startup Buguroo is “cyber profiling” criminals to protect bank accounts worldwide.
To learn how to profile a criminal, be it an automated bot or a human, the company uses deep learning algorithms powered by neural networks to figure out what a normal session on the banks’ platforms looks like for every customer. This way, it’s in a better position to discover fraud in the future—regardless of whether the criminal’s past attempts were successful.
“For example, let’s suppose a bank’s customer normally uses the vertical scroll bar at the side of their web browser to navigate and the little number pad at the side of the keyboard to enter their account details,” Venture Beat explained in an example. “But then a bank notices that in one session the customer is using the scroll wheel on their mouse and the horizontal number bar across the top of their keyboard — possibly a sign that someone else is trying to access the account.”
Criminals use a lot of tactics to get around a bank’s authentication processes, including remote access trojan malware, form grabbers and web injections, Venture Beat reported. Buguroo can also uncover unknown malware campaigns that users are currently viewing while using their banks’ platforms and adapt to new tactics that haven’t been added to any blacklists yet.
“Online fraud is a growing and constantly evolving phenomenon with increasingly sophisticated attacks,” CTO Jose Carlos Corrales said in a statement. “Traditional fraud prevention technologies are focused on identifying the attack and are not proving to be completely effective against online fraud. The solution also involves identifying the attacker responsible for such attacks, so that we can combat the problem from the root.”
Setting itself apart from the competition, Bugaroo creates a unique profile for each user and compares it against previous sessions for that same user, whereas other services typically look at broad “good” and “bad” behaviours. While criminals could learn what “good” behaviours look like for a particular platform, they’d have essentially no way of knowing about the specific behaviours of each person they’re trying to copy.
The startup covers both new account fraud (NAF), when a new bank account or credit card is opened using stolen credentials, and criminals that have previously found their way into a bank’s system undeterred and are already at work through its “FraudsterHunter” feature.
“This new functionality is a great opportunity for Buguroo, as it allows us to stay ahead of innovation in the fight against online fraud, providing our solution with an extra capacity that positions us ahead of our competitors in terms of fraud detection,” CEO and founder Pablo de la Riva said in June 2019. “We are the solution with the highest number of cases of online fraud detection and accuracy in the biometric profiling of users.”
Founded in 2010, Buguroo is protecting over 50 million customers throughout Europe and Latin America. In its recent funding round, which earned 11 million euros (about $12.1 million) for the company, Buguroo plans to expand sales and marketing efforts and break into new markets, such as the US, UK, France and Germany. The funding was led by Ten Eleven Ventures and Seaya Ventures, with participation from Inveready Technology Investment Group and Conexo Ventures.
