Behavioral biometrics analyzes a user’s digital physical and cognitive behavior and is most commonly used today as a fraud prevention solution. Behavioral biometrics distinguishes between legitimate users and cybercriminals and identifies people by how they behave and interact online rather than by static information or physical characteristics, like what they know or what they have access to.
Why do we need a new way to distinguish between cybercriminals and users online? First, it has become far too easy for cybercriminals to find, steal, or purchase personal data such as email and physical addresses, phone numbers, birth dates, and other personally identifiable information to gain access to or open a fraudulent account. Second, malware, remote access tools and other technologies used by cybercriminals have exposed the weaknesses of passwords, device ID, one-time passcodes and other authentication tools when taken on their own. Finally, as digital experience has taken center stage, fraud prevention technology must work to introduce a frictionless journey for a majority of good users.
Behavioral biometrics solves these problems by leveraging machine learning to analyze patterns in human activity and detect whether someone really is who they claim to be when they interact online and whether the activity is driven by a human or part of an automated attack.
Behavioral biometrics works passively in the background of a user web or mobile session to monitor thousands of parameters such as the way a person holds the phone, the pressure they use when they type, and how they scroll or toggle between fields. Because each person’s interactions with a device are unique, behavioral biometrics can differentiate between the activities of a genuine user and the activities of an imposter.
Whether as a standalone solution or as part of a layered fraud management plan, behavioral biometrics is delivering extraordinary results and exposing the most advanced fraud attacks.
Defending Digital Banking Sessions with Behavioral Biometrics
Behavioral biometrics can be implemented across a variety of industries with a digital presence and are . Financial institutions have been among the first to adopt the technology and are seeing game-changing successes.
Digital banking has become the single most effective channel for financial institutions to drive growth, increase revenue and attract new customers. But financial institutions have a dilemma on their hands: how can they pursue innovation in digital channels and improve the customer experience while also keeping a strong handle on fraud management and risk?
The conundrum is not new, but to date, the remedies have fallen short. The introduction of behavioral biometrics technology is a powerful tool for tackling advanced threats while enabling innovation and growth — and it couldn’t have emerged at a better time. The adoption of digital banking accelerated during the peak of the COVID-19 pandemic. Financial institutions saw a 250% increase in digital channel usage on average. At the same time, advanced fraud attacks have become an even bigger thorn in the side with 85% of financial institutions reporting fraud in the account opening process and authorized push payment fraud increasing by 29% over the previous year.
By moving away from point solutions and putting the emphasis on user experience, behavioral biometrics are enabling financial institutions to meet their fraud management and digital business goals.
Behavior Tells All: Examples of Behavioral Biometrics Use Cases
Three of the most prominent use cases for behavioral biometrics in banking are for account opening protection, account takeover protection, and social engineering scam detection.
Account Opening Protection: When New Customers Are Not
In a 2020 study conducted by the FTC, there was an 88% increase in new credit card accounts activated and a 33% increase in new bank accounts opened through the use of identity theft compared to the year before. The opening of fraudulent accounts is a serious problem, costing banks time and money and requiring additions to security that hurt the customer experience. The question is: How can you trust a new customer you have never seen before?
During account opening, typing speed, swipe patterns, and every click of the mouse tell a story – one of cybercriminal activity or genuine user behavior. Even when a bank has never seen a user before, behavioral biometrics technology quickly spots trusted behaviors to create a smooth customer journey during the account opening process. The power of machine learning identifies statistically observed norms for “good” and “bad” behavior. In one case, a top-5 U.S. card issuer realized a $10 million annual uplift by deploying behavioral biometrics to their account opening journey. The issuer gained a new layer of visibility that enabled them to decipher between legitimate applicants and cybercriminals with a greater level of confidence.
Account Takeover Protection: Before Cash Disappears
Scammers are getting creative about taking over user accounts, whether through malware, an automated attack, social engineering, or other methods. In a 2019 survey, $6.8 billion in total losses occurred due to account takeover fraud in the U.S and the global average loss per incident of a business wire transfer fraud was $80,000. Account takeover attacks are also up nearly 300% since 2019, which puts both individuals and businesses at risk.
Behavioral biometrics prevents account takeover through a continuous monitoring process that verifies the user’s identity throughout a session, not just at the entry login point. With visibility into the entire session, financial institutions can stop fraudulent transfers before they occur. One financial institution was able to put the brakes on a sustained account takeover cyberattack, stopping a £1.6 million fraudulent transaction in real-time. In another case, a top bank in Asia used behavioral biometrics to shut down 90% of mule accounts before payment fraud could occur.
Social Engineering Scam Detection: Who’s Really on the Line?
Social engineering, by far the most prevalent of scams in today’s modern age, is when fraudsters leverage human psychology to appear to be legitimate in order for them to hook victims into providing important details, or even transferring money to “respectable” institutions. Behavioral biometrics provides a window into a scam-in-process and stops it right in its tracks.
The most common social engineering scam is often through a phone call. A fraudster will obtain legitimate information through a data breach or phishing attack and then call the victim pretending to be an authority figure from either their bank or government agency and provide an urgent or time-sensitive excuse that requires the victim to take action now. The victim, thinking they are in danger, completes the task and willingly transfers valuable data or money to the fraudster.
Authorized push payment (APP) fraud is one example of a social engineering scam that is difficult to detect without behavioral biometrics because the transaction or payment is often conducted by a legitimate user who is logging in from their own device, from a recognized location, and with access to a one-time passcode. Behavioral biometrics instead looks at differences in digital behavior that, in this case, indicate a user is acting under duress or the coercion of a cybercriminal. That could be the length of the user’s session or that the user is displaying segmented typing patterns (as in, are they stopping and starting as they read off account numbers). Behavioral biometrics helped save one UK bank £500K per month in fraud losses by detecting these real-time social engineering scams in action.
Build Trust, Banish Friction
The role of digital services in our lives has never proven more essential, from banking and shopping to how we work and learn, the most routine activities we do every day are taking place online. The bottom line for organizations is that they must be able to build trust with customers and eliminate friction in digital interactions. BioCatch has been pioneering the field of behavioral biometrics to deliver just that for over a decade. As financial institutions expand their risk appetite and offer more digital services to their customers, this exposes them to unforeseen threats like malware, remote access trojans, and sophisticated social engineering schemes. Fortunately, in our digital world, behavior tells all.
Access Gartner’s recent report, “How to Create a Payment Fraud Strategy at the Organizational Level” to find out how technology, such as behavioral biometrics, have become pivotal to improve customer experience and profitability or get more examples of behavioral biometrics at work in these case studies.