This blog post is excerpted from a white paper, entitled “Deconstructing the Cyber-Psychology Behind Behavioral Biometrics”. To access the full paper, click here.


In recent years, a body of literature has amassed on the promise of behavioral biometrics and various aspects pertaining to its potential applications: Identity Proofing, Continuous Authentication and Fraud Prevention.

To date, however, this literature has mostly overlooked one of the foundations of this technological approach: the cyber-psychological determinants (affective, behavioral, cognitive) that drive human behavior while interacting with computers and devices. As an emerging field, cyber-psychology relates to several psychological phenomena associated with or affected by technological applications and use. Essentially, research topics include human-computer interactions: operating systems, programming languages, cognitive psychology and human performance. While some researchers emphasize the computer in computer-human interactions, a defining characteristic of cyber-psychology is that the human takes precedence over the computer.  

To highlight this, we will discuss three cyber-psychological concepts that BioCatch has embedded in its technology and explain how they apply to the main use cases for behavioral biometrics.


Identity Proofing: Assessing Intuitive vs. Computational User Responses

Cognition is a tale of two systems of the mind, or what is known as Dual Process Theory.1 Cognitive psychologists have been intensely interested for three decades in two modes of thinking: Intuition and Computation, or also labeled as, System 1 and System 2.2 System 1 is the automatic, rapid, lacking a sense of voluntary control, intuitive-heuristic mode.  System 2 is the effortful, deliberate and demanding, computational-analytic mode.  In the activation of System 1, heuristics are employed to assess situations, probabilities and to predict values.3

CYBER table.png

When genuine users fill out online e-forms that ask for intuitive personal information like names, addresses, phone numbers, name on credit card, System 1 is in play. Hence, they respond very quickly in these fields.

On the other hand, fraudsters will most likely be guided by System 2, and their responses will be different. An in-depth analysis of fraud files and user behavior shows that fraudsters frequently make mistakes on details that should be intuitive and entering information in these fields is much slower than genuine users. Behavioral biometrics can detect these anomalies through data familiarity analysis in new account fraud attempts.


Fraud Prevention: Network Impatience and Responses to ‘Invisible Challenges’

Computer scientist Ramesh Sitaraman has asserted that internet users are impatient and are likely to get more impatient with time.4 In a large-scale study that was completed in 2012 involving millions of users watching videos on the internet, Sitaraman showed that users start to abandon online videos if they do not start playing within two seconds. Many commentators have since argued that these results provide a glimpse into the future: as internet services become faster and provide more instant gratification, people become less patient5 and less able to delay gratification and work towards long-term rewards.6

Since all users need instant gratification -- resulting in network impatience -- once we introduce ‘invisible challenges’ and specifically the ‘disappearing mouse’ challenge, we can expect immediate and unique responses. This turns our ‘invisible challenges’ into ‘invincible challenges’.


Continuous Authentication: Analyzing Handedness and Computer Mouse Control for User Authentication

Each handedness group has performance attributes that are unique when it comes to computer mouse movement. Since each user moves the mouse in a totally unique way, driven by handedness and other motor determinants, this becomes a powerful method of behavioral profiling and continuously authenticating users. When comparing different groups by performance measures like reaction time, time to reach a target, time to click on target and cursory trajectory, the differences become salient.7



The real power behind behavioral biometrics is that each individual exhibits very unique online behavior that can be profiled and used effectively for authentication and thwarting fraudulent activity. While data science and machine learning provide the necessary means to identify, collect and process extremely large datasets, the core of the profiling process begins with understanding the cyber-psychology that drives user choices, behavior and preferences.



1 J. Evans and K. Frankish, eds., In Two Minds: Dual Processes and Beyond. Oxford: Oxford University Press (2008); Evans, J. “Dual-Processing Accounts of Reasoning, Judgment, and Social Cognition.” Annual Review of Psychology, 59, (2008): pp. 255-278. 
2 D. Kahneman, Thinking, Fast and Slow. New York: Farrar, Straus and Giroux, (2011); Stanovich, K. E. and R. F. West, “Advancing the Rationality Debate.” Behavioral and Brain Sciences, 23(05), (2000): pp. 701-717.

3 D. Kahneman, P. Slovic and A. Tversky, A. Eds., Judgment Under Uncertainty: Heuristics and Biases. Cambridge: Cambridge University Press (1982).
4 R. K. Sitaraman, “Network Performance: Does It Really Matter to Users and By How Much?” In Communication Systems and Networks (COMSNETS), 2013 Fifth International Conference, (2013): pp. 1-10.

5 N. G. Carr, “The Patience Deficit”, Edge (Website), Accessed: 22.8.17, (2014).
C. Muther, “Instant Gratification is Making Us Perpetually Impatient”. Boston Globe (Website), Accessed: 22.8.17, (2013).

M. Peters and J. Ivanoff, “Performance Asymmetries in Computer Mouse Control of Right-Handers, and Left-Handers with Left-and Right-Handed Mouse Experience.” Journal of Motor Behavior, 31(1), (1999): pp.86-94.


Daniel Shkedi is the Product Marketing Manager at BioCatch. In his graduate studies, he focused on the nexus between technological preferences and decision-making.

Related Posts