What Is Behavioral Biometrics?

Apr. 26, 2018 | by BioCatch

As we move into the 2020s, no question is more pressing than how to secure customers’ against online fraud and cybercrime. Data breaches have compromised the factors traditionally used to verify digital identity. As a result, typical authentication methods are falling short, leaving customers vulnerable even as they expect to be able to complete most of their transactions online. 

Stronger digital identity solutions can’t wait. That’s where behavioral biometrics come into play. According to Frost & Sullivan, behavioral biometrics “will become the main identity authentication/verification element in two factor or multifactor authentication” and “businesses will increasingly use AI to aid decision-making as well as for greater behavioral pattern analysis of anomalies.”

What Is Behavioral Biometrics?

Behavioral biometrics is a breakthrough cybersecurity technology that identifies people by how they do what they do rather than by static information or physical characteristics, like what they know or what they have access to. Static information includes passwords, social security numbers, phone numbers, and device ID. Physical characteristics include the type of biometrics most people are familiar with, like face, fingerprint, and iris scanners. Reading this list, red flags are probably going off in your mind. Countless news stories over the years have shown the weaknesses of passwords, facial recognition, and more. 

Behavioral biometrics, however, is a solution driven by artificial intelligence that goes beyond traditional authentication to help answer the question of whether someone really is who they claim to be when they transact online. The technology works passively in the background of a user web or mobile session to monitor thousands of parameters, including the way a person holds the phone, the pressure they use when they type,and how they scroll or toggle between fields. Because each person’s interactions with a device are unique, behavioral biometrics can differentiate between the activities of a genuine user and the activities of a human fraudster or automated attack. 

Banks have implemented the technology with great success, stopping fraudulent transactions in real-time. Other industries, like insurance and ecommerce sites, are also adopting behavioral biometrics to improve authentication and address the challenges of securing digital identity. 

Behavioral Biometrics Examples

The most prominent use cases for behavioral biometrics include:

  • Detecting the use of synthetic identities for new account fraud, also known as application fraud
  • Preventing account takeover fraud in online sessions through continuous authentication that verifies identity throughout a session, not just at the entry login point.
  • Detecting social engineering scams, where a person is taking instruction from a fraudster to conduct a transaction.
  • Improving user experience by making authentication painless for online customers.

In one example, a British corporate bank added behavioral biometrics to their online banking application to address targeted cyberattacks that were circumventing their existing authentication controls. One of the most notable cases involved a £1.6 million attempted fraudulent transaction involving an advanced remote access Trojan. Despite having other solutions in place, such as transaction monitoring, anti-malware, device recognition, and location analysis, behavioral biometrics was the only control that generated a fraud alert in this instance. The technology uncovered several anomalies in the way the fraudster interacted when scheduling a transaction in comparison to the actual user. Taken together, those behavioral preferences translated to a high risk score and a real-time alert to the bank’s fraud team.

Read more examples of behavioral biometrics at work in these case studies.

Delivering Greater Accuracy and Addressing More Use Cases Across the Digital Identity Lifecycle

BioCatch takes a unique approach to applying behavioral biometrics, leveraging deep domain expertise to help resolve the digital identity question. Our solution passively collects more than 2,000 behavioral parameters in the background of an online session, revealing powerful insights that support various use cases across the digital lifecycle.

Using advanced machine learning and AI, BioCatch runs in the background of a website or mobile application session, picking up on the attributes that make a person unique. Patented techniques make it possible to identify sophisticated cyberattacks like social engineering scams, device spoofing, malware, bots and remote access attacks. In addition, by understanding how legitimate users and fraudsters behave in the broadest sense, the system can identify anomalies in a session even when no profile exists, such as when a person is applying for a credit card under an assumed identity.

We go beyond authentication: Most behavioral biometrics companies focus only on creating and matching behavioral profiles. BioCatch goes beyond traditional biometrics applications, maintaining generic behavioral repositories of both fraudster and legitimate users to address situations where no user profile exists (i.e., identity proofing) or when behavioral anomalies belie the intent of the authenticated user (such as in vishing scams).

We offer superior performance: With more than 2,000 parameters and a broad patent portfolio, the BioCatch solution extracts more data points and unique types of behavioral data than competing solutions. As a result, we achieve greater accuracy with less false positives and more fraud recognized for a 10x-15x return on investment, according to customer provided estimates.

We deliver superior service: The BioCatch system is deployed as a cloud-based service, generating real-time risk scores, insights, and indicators that are returned via a real-time API. Deployment into web and mobile applications is easy, with seamless integration into rule engines and other third-party platforms. A front-end Analyst Station allows session activity to be viewed offline, along with the capability to generate reports, conduct queries and more.

Interested in learning more about BioCatch behavioral biometrics? Get in touch with our team to talk further or schedule a demo.

Topics: Behavioral Biometrics