Buguroo, a Spanish cybersecurity startup that leverages deep learning and behavioral biometrics to help banks spot fraudulent activity, has raised $11 million in a series A round of funding led by Silicon Valley’s Ten Eleven Ventures and Spain’s Seaya Ventures, with participation from Conexo Ventures and Inveready Technology Investment Group.
Founded out of Madrid in 2010, Buguroo’s core raison d’être is to identify fraudsters trying to imitate legitimate account holders. The company said that it uses deep learning algorithms powered by neural networks to learn what a normal session looks like so it is better equipped to spot fraudulent activity in the future, which may stem either from human cyber criminals or automated bots.
Fraudsters use countless techniques to circumvent authentication processes, such as remote access trojan (RAT) malware, form-grabbers, web-injections, and more. Buguroo said that it can also detect previously unknown malware campaigns that the end-user is viewing inside a mobile app or browser, meaning that it can adapt to new techniques that haven’t yet been added to any blacklists.
Buguroo attempts to identify when such attempts are made through analyzing historical patterns and then classifying each subsequent login session based on this data. The platform gathers behavioral patterns, such as finger size and screen pressure (on touchscreen devices), typing speed and fluency, mouse movements, gyroscope position, and more, to paint a picture of what a legitimate online session looks like, and then compares this to when a bad actor enters the fray.
For example, let’s suppose a hypothetical bank’s customer normally uses the vertical scroll bar at the side of their web browser to navigate their screen, and the little number pad at the side of the keyboard to enter their account details. But on one session, a bank notices that the customer instead uses the scroll wheel on their mouse and the horizontal number bar across the top of their keyboard — this could be a sign that someone else is trying to access the account. That is where Buguroo is striving to help.
While Buguroo covers new account fraud (NAF), which is when a new bank account or credit card is opened using stolen credentials, it also targets fraudsters already at work inside a bank’s system. Indeed, the company offers a feature called Fraudster Hunter, part of its main BugFraud platform, which is specifically aimed at identifying bad actors that have previously found their way into a bank unfettered.
By constantly mapping users, devices, networks, and sessions, Buguroo said that it garners intelligence on the “modus operandi” of fraudsters — this “cyberprofiling” can then be used to spot attempts to infiltrate accounts in the future, regardless of whether pasts attempts were ultimately successful.
It’s worth noting that Buguroo isn’t the only company operating in the behavioral biometrics tracking sphere — by way of example Israel’s BioCatch offers a very similar proposition, and it raised $30 million last year. But what this shows is that there is a real appetite to bring more automation to the security mix, enabling features and services hat would otherwise be impossible with mere humans alone.
Citing data from RSA, Buguroo said that roughly one third of all online banking fraud stems from accounts of supposedly legitimate customers that are in fact controlled by fraudsters. And as online fraud proliferates the digital sphere, the global fraud prevention and detection market is shaping up to become a $57 billion industry by 2025, up from a $17 billion in 2018.
Previously, Buguroo had raised $3.3 million in a seed funding back in 2015, and today the startup claims that its technology protects more than 50 million banking customers in Europe and Latin America. With another $11 million in the bank it said that plans to expand its global reach into new regions including the U.S., U.K., France, and Germany.