Buguroo, a Spanish cybersecurity startup that leverages deep learning and behavioral biometrics to help banks spot fraudulent activity, has raised $11 million in a series A round led by Silicon Valley’s Ten Eleven Ventures and Spain’s Seaya Ventures, with participation from Conexo Ventures and Inveready Technology Investment Group.
Founded out of Madrid in 2010, Buguroo aims to identify fraudsters trying to imitate legitimate account holders. The company said it uses deep learning algorithms powered by neural networks to learn what a normal session looks like so it is better equipped to spot future fraudulent activity, which may stem from human cyber criminals or automated bots.
Fraudsters use countless techniques to circumvent authentication processes, such as remote access trojan (RAT) malware, form grabbers, web injections, and more. Buguroo said it can also detect previously unknown malware campaigns that the end-user is viewing inside a mobile app or browser, meaning it can adapt to new techniques that haven’t yet been added to any blacklists.
Buguroo attempts to identify when such attempts are made by analyzing historical patterns and then classifying each subsequent login session based on this data. The platform gathers behavioral patterns, such as finger size and screen pressure (on touchscreen devices), typing speed and fluency, mouse movements, gyroscope position, and more to paint a picture of a legitimate online session. It then compares this to activity when a bad actor enters the fray.
For example, let’s suppose a bank’s customer normally uses the vertical scroll bar at the side of their web browser to navigate and the little number pad at the side of the keyboard to enter their account details. But then a bank notices that in one session the customer is using the scroll wheel on their mouse and the horizontal number bar across the top of their keyboard — possibly a sign that someone else is trying to access the account.
While Buguroo covers new account fraud (NAF), which is when a new bank account or credit card is opened using stolen credentials, it also targets fraudsters already at work inside a bank’s system. Indeed, the company offers a feature called Fraudster Hunter, part of its main BugFraud platform, which is specifically aimed at identifying bad actors that have previously found their way into a bank unfettered.
By constantly mapping users, devices, networks, and sessions, Buguroo said it garners intelligence on fraudsters’ methods, “cyberprofiling” that can then be used to spot future attempts to infiltrate accounts, regardless of whether past attempts were successful.
It’s worth noting that Buguroo isn’t the only company operating in the behavioral biometrics tracking sphere. Israel’s BioCatch, which offers a very similar proposition, raised $30 million last year. This and others in the space demonstrate a real appetite to bring more automation to the mix, enabling features and services that would be impossible for humans alone.
For its part, Bugaroo says it has a number of features that set it apart from similar tools on the market. For example, it creates a unique profile for each user and compares it against previous sessions for that same user, whereas other services compare the profile against a broader cluster of “good” and “bad” behaviors. This is an important distinction, because fraudsters could theoretically learn what “good” behaviors look like in terms of registering or logging into bank websites, but it’s nearly impossible for them to learn the specific traits of the individual users they’re trying to emulate.
Citing data from RSA, Buguroo said roughly a third of all online banking fraud stems from accounts of supposedly legitimate customers that are in fact controlled by fraudsters. And as online fraud proliferates, the global fraud prevention and detection market is shaping up to become a $57 billion industry by 2025, up from a $17 billion in 2018.
Buguroo had raised $3.3 million in seed funding back in 2015, and today the startup claims that its technology protects more than 50 million banking customers in Europe and Latin America. With another $11 million in the bank, it plans to expand its global reach into new regions, including the U.S., U.K., France, and Germany.