What is behavioral intelligence?

My colleagues on our marketing team tell me one of the most viewed pages on this site is a blog from 2022 that asks: What is behavioral biometrics?

There’s some good, high-level stuff in that post, but much has changed — at BioCatch, in banking, and in the world — over the last four years (Ayelet definitely wasn’t using any LLM tools to help her author that piece then; no comment on my own AI-writing reliance now).

The timing seems right for us to publish a follow-up.

A review: What is behavioral biometrics?

We spent more than 2,000 words answering that question in the aforementioned blog, so I’m not going to go too deep on this one here.

While traditional rule-based fraud detection systems focus on user identity, behavioral biometrics analyzes user intent: how we do things rather than who (or what) we are.

There are many advantages to this approach:

It works continuously and, for the accountholder, invisibly in the background, throughout every millisecond of every session, persistently re-establishing whether the session can be trusted well beyond when and how the user logs in.
It improves the user experience for genuine accountholders, allowing them to log in and transact without unnecessary authentication steps.
It’s vastly more difficult for attackers to fool.
It detects fraud, scams, and financial crime in real time, allowing institutions to take meaningful action before any money leaves the would-be victim’s account.
And, crucially, it detects not only unauthorized fraud (where the fraudster breaks into the user’s account) but also authorized fraud (where the scammer manipulates the victim into willingly transferring away their money). More on this later.

In the years since that first “What is behavioral biometrics?” post, we’ve seen rapid adoption of this technology. As of this writing, more than 350 financial institutions in 21 different countries on five continents deploy BioCatch’s behavioral solutions. We analyze 18 billion user sessions every month, protecting more than 680 million accounts accessed from 1.7 billion unique devices.

We’ve also seen both new players and existing fraud vendors scramble to offer solutions promising behavioral insights, which is why it’s increasingly important to understand that not all behavioral solutions are created equal.

How does behavioral biometrics differ from behavioral intelligence?

If behavioral biometrics has come to encompass any number of behavioral indicators (typing cadence, swiping pressure, phone orientation, hesitation, copy and pasting, etc.) bolted onto any old fraud solution, we need to differentiate between those platforms offering only a smattering of behavioral features and those for which behavioral biometrics is the foundation of an entire risk-detection ecosystem.

At BioCatch, we think of the latter as behavioral intelligence. Neuroscientists designed and built this company from the ground up around human behavior more than 10 years ago, allowing us to refine and exact our understanding of what’s genuine versus what's malicious, going beyond merely offering visibility into individual threats and instead mapping entire constellations of criminal behavior across accounts, teams, and institutions.

If we think of behavioral biometrics offerings as boxes of crayons, with packages of eight, 16, 24, 48, 64, etc., behavioral intelligence is that deluxe box with 96 different colors, allowing the institution using it to create the most complete and accurate picture of risk.

BioCatch collects more behavioral signals (3,000-plus) from more user sessions across more institutions than any other company, transforming millions of fine-grain micro behaviors, recorded constantly throughout every millisecond of every step of every single digital banking session, into risk scores in real time.

That is the foundation of true behavioral intelligence.

How fraud has changed

Four years ago, malware, phishing, and credential theft dominated the fraud landscape. Instant payments existed in many markets and social engineering (again, where scammers manipulate genuine accountholders into logging in and willingly transferring away their money) posed an already significant threat.

By comparison, fraud today functions like it’s just guzzled a cocktail of espresso shots and rocket fuel for a game speed chess:

Large language models have revolutionized scam scripting, allowing scammers anywhere in the world to craft messages in flawless versions of their prospective victims’ native languages.
Organized crime has erected hundreds of sprawling scam compounds around the world, staffed by an estimated 300,000 human trafficking victims, who earned their criminal overlords more than $63 billion in 2023 alone.
Deepfakes and other AI tools now allow bad actors to convincingly impersonate officials, employers, law enforcement, and even loved ones.
Advocacy groups, regulators, and politicians demand action, mandatory reimbursement, and consumer protections.
Scams increasingly seek to exploit not technological systems but human psychology.
Consumers executed 266.2 billion instant payments (sent through networks like UPI, Pix, Zelle, SEPA Instant, Faster Payments, and others) in 2023, an increase of more than 42% from the year before. ACI Worldwide estimates that figure to more than double to 575.1 billion transactions by 2028.
Once distinct threats (and addressed by banks that way), fraud, scams, and mule networks now operate as interconnected systems, exploiting the same gaps in bank defenses on the same digital channels.

The game (parting consumers from their hard-earned money) remains the same, but the playing field is both brand new and more uneven than ever before.

Legacy defenses cannot comprehend much less reliably address the threats of today and tomorrow, making true behavioral intelligence more valuable than ever before — especially when deployed at scale across teams, institutions, and geographic borders.

A network that learns as it grows

Behavioral intelligence has proven more successful than any other defense yet invented at identifying those social engineering scams that have typically eluded bank defenses. One of the largest banks in the UK detected 75% of voice scam attempts and saved £500,000 in fraud losses per month by deploying behavioral intelligence. A credit union in the U.S. used behavioral intelligence to reduce fraud from Zelle impostor scams by 95%.

We can amplify this impact further still if financial institutions collaborate with one another, sharing behavioral intelligence across organizations. Sending institutions involved in inter-bank transfers have historically had zero visibility into the destination accounts at receiving institutions. That all changed in the fall of 2024, when Australia and New Zealand Banking Group (ANZ), Commonwealth Bank of Australia (CBA), National Australia Bank (NAB), Suncorp Bank (Norfina Limited), and Westpac announced they’d joined BioCatch Trust™ Australia, the world’s first inter-bank, behavior- and device-based, fraud and scams intelligence-sharing network. Three Argentinian banks launched a similar network a little more than a year later.

These networks identify any risks associated with the receiving account involved in a transaction (often telltale signs of mule activity) and then communicate those risks to the sending account, arming that institution with crucial intel it can pair with its sending-side evaluation of risk to more precisely and efficiently evaluate whether the transaction is legitimate or fraudulent and decide whether or not to let it proceed. Our most recent Digital Banking Fraud Trends in Australia report includes a nice case study showing how this works in practice.

The effectiveness of these networks compounds with every new member that joins. As more banks contribute account, behavioral, transactional, and device intelligence, the system grows smarter and more effective, offering deeper insights and broader coverage against existing, unknown, and emerging threats.

True behavioral intelligence draws on insights gleaned from across the vast network of institutions deploying it, providing context on whether a device has previously been used for mule, scam, or account takeover activity, preventing rogue devices seen at one bank from accessing accounts at another, preparing banks to recognize fraudulent behavioral patterns identified at other institutions and/or in other geographies, and sharing receiving account intelligence with sending institutions. Behavioral biometrics add-ons might only analyze what happens within a single session at a single institution. Behavioral intelligence allows banks to map criminal behavior across accounts, devices, banks, and borders in real time. When a new type of fraud emerges, our customers across the globe benefit from the learnings of our work with their peers.

Criminal organizations increasingly operate as interconnected networks. Behavioral intelligence allows financial institutions to do the same.

Why behavioral intelligence will soon be more crucial than ever

As of March of 2026, web traffic from agentic browsers — that’s internet activity conducted by autonomous AI agents capable of filling out application forms, opening new accounts, purchasing goods and services, and more — still represents a tiny percentage of all internet traffic, but it’s growing rapidly. HUMAN Security’s 2026 State of AI Traffic report finds that automated web traffic grew 7,851% in 2025. Gartner expects AI agents will autonomously resolve 80% of all customer service issues by 2029.

Most of those non-human hands in the online pot will be legitimate. Consumers will soon authorize AI agents to pay their bills, move money between accounts, shop for better interest rates, and handle the tedious financial chores that nobody wants to do manually.

Banks seem likely to either allow customers to use any agent, allow customers to use only certain approved agents, or forbid the use of any agentic banking altogether. Agents might also handle customer service requests for the institution, flag unusual activity, and process routine transactions at a scale and speed no human team could ever match.

The same agentic tools that help a customer automate their finances might also help a criminal automate an attack, opening hundreds of fraudulent accounts simultaneously, probing defenses at machine speed, or executing social engineering scams more convincing to their victims than anything a human scammer might devise.

Legacy systems were built to answer a binary question: Is this a legitimate user? In a world where the user can be a genuine accountholder conducting legitimate activity, a genuine accountholder manipulated by a scammer, a fraudster who’s taken over a customer’s account, an AI agent acting on behalf of a legitimate user conducting legitimate activity, an AI agent acting on behalf of a legitimate user manipulated by a scammer, or an AI agent acting on behalf of a criminal lone wolf or enterprise, that binary question becomes much harder (and probably much less useful) to answer. And we’re intentionally not going down the Terminator rabbit hole of rogue AI agents acting on their volition.

A stolen credential hands a fraudulent agent the same access it would grant a genuine one. Device signals that banks rely on to understand session activity get separated from the actions an agent actually takes. The old frameworks simply don't fit.

Behavioral intelligence was built around a different question: Can this session be trusted? That reframe matters enormously in an agentic world. Rather than relying on static identity signals captured at login, behavioral intelligence continuously evaluates the entire session, analyzing patterns of interaction, flagging anomalies, and distinguishing the signatures of genuine authorized activity from those of fraudulent intrusion — whether the actor behind the screen is human or not.

As AI agents become standard fixtures in digital banking, the institutions best equipped to manage that future will be the ones that already understand behavior isn’t just a login check or monitoring of a transaction but is instead a continuous conversation.

To learn more about BioCatch’s agentic browser-detection capabilities, click here.

—

Key takeaways:

Behavioral biometrics analyzes how users interact with their devices, continuously evaluating whether a session can be trusted long after login.
Not all behavioral solutions are created equal. Vendors offering a handful of behavioral features bolted onto a legacy fraud tool are a far cry from ecosystems built from the ground up around behavioral intelligence to collect thousands of microbehaviors in real time.
Today's fraud landscape looks nothing like it did four years ago. LLM-powered scam scripts, AI deepfakes, sprawling criminal scam compounds, and hundreds of billions of more annual instant payments have transformed the global threat environment entirely.
Behavioral intelligence is most effective to detect and stop authorized fraud — scams where the criminal never touches the victim's account but instead manipulates the victim into sending the money themselves.
The power of behavioral intelligence multiplies as more institutions deploy it. Inter-bank intelligence-sharing networks like BioCatch Trust™ give sending institutions real-time visibility into the risk profile of receiving accounts, catching scam and mule activity that single-institution defenses cannot see.
The agentic AI era will force banks to retire the binary question “is this a legitimate user?” in favor of the one behavioral intelligence was built to answer: “Can this session be trusted?”