This post has been updated since its original March 2022 publishing date. As much in our industry (and the world) has changed in the last four years, we’ve also published a new piece expanding on this one and asking: What is behavioral intelligence?

Behavioral biometrics analyzes a user’s physical and cognitive behavior to distinguish between criminal, legitimate, and manipulated activity on digital platforms. It focuses on how users interact rather than just who they are.

In digital banking journeys, behavioral biometrics allows financial institutions to identify fraud, scams, and financial crime in real time, before any money leaves the would-be victim’s account. Criminals, genuine customers acting under their own volition, and genuine customers transacting under the influence of criminals interact with digital banking platforms in different ways.

Where legitimate customers enter usernames, passwords, and more one key at a time, criminals are more likely to copy and paste their way through a form. Genuine accountholders exhibit typing patterns, mouse movements, touchscreen pressure and gestures, and more that both differ from other genuine accountholders and, especially, fraudsters.

At BioCatch, we specialize in taking thousands of these behavioral datapoints and, with our AI and machine-learning models, continuously assessing user intent and any signs of coercion throughout every millisecond of every digital banking session. By analyzing patterns in human activity, we help banks detect whether someone really is who they claim to be when they interact online and whether the activity is driven by a human or part of an automated attack.

A key benefit of behavioral biometrics is that it works passively in the background of a user web or mobile session to monitor thousands of parameters, such as the way a person holds the phone or how they scroll or toggle between fields, thereby minimizing friction in the user experience.

Whether as a standalone solution or as part of a layered fraud management plan, behavioral biometrics is delivering extraordinary results and exposing even the most advanced fraud and scams attacks.

Why do we need behavioral biometrics?

Why do we need a new way to distinguish between a good user and a cybercriminal? First, it has become far too easy for cybercriminals to find, steal, or purchase personal data such as email and physical addresses, phone numbers, birth dates, and other personally identifiable information to gain access to or open a fraudulent account.

Second, malware, remote access tools, and other technologies used by cybercriminals have exposed the weaknesses of passwords, device ID, one-time passcodes, and other authentication tools when taken on their own.

It would be an understatement to say that fraud is a problem for financial institutions — the FTC fraud cost seniors in the U.S. between $10.1 and $81.5 billion in 2024 alone; Nasdaq Verafin’s 2026 Global Financial Crime Report puts annual illicit financial activity at $4.4 trillion, with banking fraud and scams accounting for $579.4 billion; UK Finance’s Annual Fraud Report 2025 documented UK fraud losses of $1.58 billion in 2024.

Across the board, cybercriminals are becoming bolder and more numerous. Digital and mobile banking has revolutionized the financial industry, but it has also given criminals more ways to attempt fraud. Legacy, rule-based controls aren’t enough to stop the fraud and scams of today or tomorrow — or even slow them down. Now for the good news: The good guys are catching up by turning to newer, more efficient methods of tracking down cybercriminals, and the one that’s shown the most promise is behavioral biometrics.

Finally, as digital experience has taken center stage, fraud prevention technology must work to introduce a frictionless journey for a majority of good users.

Defending digital banking sessions with behavioral biometrics

Behavioral biometrics can be implemented across a variety of industries with a digital presence and are poised to play a major role in building digital trust and safety. Financial institutions have been among the first to adopt the technology and are seeing game-changing successes.

Digital banking has become the single most effective channel for financial institutions to drive growth, increase revenue, and attract new customers. But financial institutions have a dilemma on their hands: How can they pursue innovation in digital channels and improve the customer experience while also keeping a strong handle on fraud management and risk?

The conundrum is not new, but to date, the remedies have fallen short. The introduction of behavioral biometrics technology is a powerful tool for tackling advanced threats while enabling innovation and growth — and it couldn’t have emerged at a better time. The adoption of digital banking and payments continues to accelerate.

Consumers executed 266.2 billion instant payments (sent through networks like UPI, Pix, Zelle, SEPA Instant, Faster Payments, and others) in 2023, an increase of more than 42% from the year before. ACI Worldwide estimates that figure to more than double to 575.1 billion transactions by 2028, representing 27% of all electric payments. In the U.S., total ecommerce sales grew from $815 billion in 2020 to $1.23 trillion in 2025. While these digital trends are positive for both financial institutions and their customers, they have not gone unnoticed by cybercriminals. By moving away from point solutions and putting the emphasis on user experience, behavioral biometrics enables financial institutions to meet their fraud management and digital business goals.

Behavior tells all: Examples of behavioral biometrics use cases

Four of the most prominent use cases for behavioral biometrics in banking and financial services are for account opening protection, account takeover protection, social engineering scam detection, and mule account detection.

Account opening protection: When new customers are mules

Identity theft cases reported to the FTC increased by 114% between 2019 and 2020, growing to more than 1.38 million per year. They’ve remained at that level ever since, with 1.35 million cases reported in 2024. Stolen and synthetic identities are often used to open new bank accounts, which criminal organizations use to launder money.

The opening of fraudulent accounts is a serious problem, costing banks time and money and requiring additions to security that hurt the customer experience. The question is: How can you trust a new customer you’ve never seen before?

During account opening, typing speed, swipe patterns, and every click of the mouse tell a story — one of cybercriminal activity or genuine user behavior. Even when a bank has never seen a user before, behavioral biometrics technology quickly spots trusted behaviors to create a smooth customer journey during the account opening process. The power of machine learning identifies statistically observed norms for “good” and “bad” behavior.

In one case, a top-five U.S. card issuer realized a $10 million annual uplift by deploying behavioral biometrics in their account opening process, an estimated ROI of 12x. More than 99.9% of applicants approved by BioCatch were confirmed genuine, increasing the issuer’s fraud detection rate to better than 90%.

A top-five Canadian bank that saw a 4x increase in application fraud during the pandemic implemented BioCatch solutions and saved $7.7 million in projected losses by detecting new account fraud, achieving a 67% reduction in manual reviews.

Account takeover protection: Before cash disappears

Scammers continue to innovate their preferred methods of taking over user accounts, whether through malware, automated attacks, social engineering, or other methods.

Behavioral biometrics prevents account takeover through a continuous monitoring process that verifies the user’s identity throughout a session, not just at the entry login point. With visibility into the entire session, financial institutions can stop fraudulent transfers before they occur.

One financial institution was able stop a sustained account takeover cyberattack, stopping a £1.6 million fraudulent transaction in real-time.

In another case, a top bank in Asia used behavioral biometrics to stop more than 90% of fraudulent payments before they occurred.

A large Latin American bank boosted its fraud detection rates from the 50% it achieved with transaction monitoring alone to better than 90% with behavioral biometrics, also decreasing the number of fraud alerts requiring investigation by 70% and reducing false positives by 66%.

ORNL Federal Credit Union leveraged BioCatch’s behavioral biometrics to prevent more than $1 million in attempted fraud in just six months.

Social engineering scam detection: Who’s really on the line?

Fraudsters today increasingly leverage social engineering techniques to convince accountholders to willingly share personally identifiable information and authorize fraudulent transactions themselves. Behavioral biometrics provides a window into a scam-in-process and stops it right in its tracks.

The most common social engineering scam often starts with a phone call or text message. A fraudster will obtain legitimate information through a data breach or phishing attack. Then, impersonating an official, acquaintance, hiring manager, or loved one, the scammer will call or text their potential victim with a fabricated urgent or time-sensitive ask to con the accountholder into willingly transferring over valuable data or money.

Authorized push payment (APP) fraud is one example of a social engineering scam that is difficult to detect without behavioral biometrics because the transaction or payment is often conducted by a legitimate user who is logging in from their own device, from a recognized location, and with access to a one-time passcode.

Behavioral biometrics instead looks at differences in digital behavior that, in this case, indicate a user is acting under duress or the coercion of a cybercriminal. That could be the length of the user’s session or that the user is displaying segmented typing patterns (as in, are they stopping and starting as they read off account numbers). Behavioral biometrics helped save one UK bank £500K per month in fraud losses by detecting these real-time social engineering scams in action.

Mule account detection: Finding the go-betweens

Money mules sit at the junction between organized crime syndicates and real-world financial institutions. When we say money mules, we’re referring to the accountholders who transfer illicit funds between one bank and another to help launder it. They are a critical part of fraud, scams, and financial crime operations. If financial institutions can weed out mules, criminal organizations must find another way to turn their stolen funds into spendable money, or else the whole criminal supply chain falls apart.

This isn’t a new problem. Mules have been digital as long as banks have. BioCatch’s Global money mule networks report identified nearly 2 million mule accounts from the 257 financial institutions on five continents deploying the company’s anti-fraud, -scams, and -financial crime solutions in 2024 alone.

These mules may be able to change accounts and aliases, but they can't change how they behave (the average customer does not use 92 separate banking applications), which means behavioral biometrics can help to identity them.

National Australia Bank used behavioral biometrics to improve its mule detection rate to better than 99%.

A leading bank in Europe stopped €12.4 million in mule-related transfers in the second half of 2025 with behavioral biometrics, reducing false positives by 30%.

With this approach, mules can be detected any time they commit fraudulent activity. Instead of waiting on someone to slip up and make an obvious error, behavioral biometrics technology remains in play at every step of the transaction process, meaning that it can be used to catch the mules making their first transfer and the ones making their 100th. It’s an efficient means of finding the people wreaking havoc on our financial institutions without doing any invasive or privacy-infringing data collection.

Create a world of trust and ease

The role of digital services in our lives has never proven more essential. From banking and shopping to how we work and learn, the most routine activities we do every day are taking place online. The bottom line for organizations is that they must be able to build trust with customers and eliminate friction in digital interactions.

As financial institutions expand their risk appetite and offer more digital services to their customers, this exposes them to unforeseen threats like malware, remote access trojans, and sophisticated social engineering schemes.

Fortunately, in our digital world, behavior still reveals all.

For more on the practical applications of behavioral biometrics, view this report to learn what 800 fraud management, anti-money laundering, and compliance team leaders at financial institutions across North America, Europe and the Middle East, Latin America, and the Asia Pacific region had to say about the financial and non-financial impacts of fraud over the last year, the top business challenges in preventing digital fraud, and the primary areas of investment in 2025.

To see more examples of behavioral biometrics at work, check out these case studies.

—

Key takeaways:

• Behavioral biometrics focuses on user behavior instead of just user identity, analyzing how users type, swipe, scroll, click, and navigate to distinguish legitimate customers from fraudsters, bots, and users acting under coercion.
• By continuously monitoring digital sessions, banks can detect suspicious activity during the customer journey rather than relying only on static checks at login or after a transaction is completed.
• Traditional controls are insufficient to detect and stop the fraud of today and tomorrow.
• Behavioral biometrics supports growth without adding unnecessary friction, working passively in the background to strengthen fraud defenses while also preserving smooth digital experiences for genuine customers.

Resources:

• Case study: How Wells Fargo utilizes Biocatch to prevent fraud
• Report: Malware attacks on Brazilian bank accounts triple in six months
• Report: Protecting older consumers 2024-2025
• Report: UK Finance Annual Fraud Report 2025
• Report: Nasdaq Verafin 2026 Global Financial Crime Report
• Blog: The hidden value of friction
• Report: It’s prime time for real-time global payments
• Story: New name, new account, same crime
• Case study: Top-five Canadian bank realizes $8 million in fraud and operational savings
• Case study: Top-five U.S. card issuer realizes $10 million annual uplift by detecting new account fraud
• Report: The Dark Economy Survey
• White paper: From onboarding to aftermath: Why mules are everyone’s problem