What is Behavioral Biometrics Anyway…?

Apr. 3, 2017 | by BioCatch

This blog post was written by BioCatch's Chairman of the Board, Howard Edelstein, to share his background with the business and how he became a believer of behavioral biometrics.

Ever since I met Avi Turgeman and he shared his vision with me for an amazing technique/technology for authenticating people online by their “behavioral preferences,” I was a bit skeptical. I said: “OK, I am from NY (or perhaps Missouri)—ya gotta SHOW ME!”

We each fold our arms the same unique way every day, walk with a specific gait in the street, and consistently exhibit numerous other behavioral traits. This is why our friends can discern us from the masses at a distance without even seeing our faces. In fact, our behavioral traits are so ingrained that we aren’t even aware of the consistent behavior we exhibit when using a keyboard, mouse, tablet, phone or other machine interface.

In a nutshell, this is what makes behavioral biometrics such an amazing technology. In an era when you worry about the CIA/FBI/NSA, connected TV, iPhone or Alexa watching you, or someone stealing your fingerprint, think about this: why isn’t there a better way to know it is really you in this dark world of online identity? Not by what personal questions you can answer correctly, (what you know), or by a token (what you have), but rather by who you are, as modeled by the behavior you exhibit while doing everyday things.

Once Avi convinced me that he could accurately model my behavior, I didn't know whether to be pleased that I grasped the idea, or scared that I am so identifiable.

He was so persuasive that ultimately I was convinced to join his board and help the company launch in the U.S.  Given their traction in Europe and Latin America, the U.S. seemed like a natural opportunity since we have so many banks and other large financial institutions, not to mention a plethora of other payments companies as well. Not surprisingly, there are also a plethora of online fraud and authentication issues in the U.S.

Many banks in the U.S. have not been as fast as their European counterparts to adopt the latest technology, in large part because of older internal tech stacks operating less than real-time systems—including payment systems—and partly because their focus is on preventing reoccurrence of “known problems.” This is now changing thanks to fraudsters, bad guys and other malicious individuals who have been doing a bang-up job penetrating financial and other organizations with ever-increasing speed, “borrowing” people's credentials and/or identity and profiting from it. Organizations such as Anthem, Target, CVS, OPM and the DNC have all fallen victim to such attacks.

Why is this happening?

Why do all these bad things happen to banks, credit card companies and retailers? As Willie Sutton noted when asked why he robbed banks—that’s where the money is. The unfortunate truth is that the ROI for this kind of fraud/theft is simply too good for bad guys to ignore. 

That’s not to say that regulators aren’t doing their best. The NYS Department of Financial Services has made a solid start with its latest—and constructive—rules that just went into effect on March 1, as has NIST, which is admirably trying to convince all financial institutions that they need to do more to protect their clients and customers, including augmenting Mullti-Factor Authentication (MFA).

In spite of these efforts, it is time to try a new, more people-centric approach. Let us not forget that people are more than half the problem, either through deliberate, malevolent actions or innocent victimization via phishing, identity theft and other digital attacks.  From an authentication perspective, do we really think that our childhood pet’s first name is our salvation? It is time to change the game and change the dynamics of the way identities are manipulated, stolen and used online.   

So I have decided to get involved with some really smart and dedicated people, a great company with some very cool, albeit nascent, technology and a very useful technique to protect financial institutions and their clients—the general public, you and your family.

Why isn't Behavioral Biometrics more common? 

Over time, once one sees this kind of technique in action across the industry, then we will start asking the right questions:

  • Why wouldn’t every bank and all the KYC, AML and related businesses, including credit reporting agencies and the like, have your behavior model as part of your credit and identity file?
  • Why wouldn’t every bank and financial industry organization use this technique as an overlay to the traditional MFA they use today?  
  • Why wouldn’t the business folks and innovation groups at every U.S. financial institution have someone testing this technology in situ, making sure they have tried this kind of approach and measured the impact it has on their bottom line, not to mention client experience and satisfaction? 

 If nothing else, the technology is like having a large German Shepherd in your yard—the bad guys move on to those yards that do not.  

For more information, read this thoughtful article published on Nanalyze that explains more about how behavioral biometrics can prevent fraud with some real-life examples of the technology in action. You can also download BioCatch's fact sheet titled "What is Behavorial Biometrics?"

 

More from our blog:

Is 2017 the year for Behavioral Biometrics?

Introducing BioCatch Next-Generation Platform

 

Sources:
http://www.dfs.ny.gov/legal/regulations/adoptions/dfsrf500txt.pdf
https://www.nist.gov/cyberframework
http://www.nanalyze.com/2017/03/biocatch-behavioral-biometrics/

Topics: Fraud, Behavioral Biometrics, Mobile