Overcoming false positives with behavioral biometrics
This is a guest post by Ryan Wilk, vice president of customer success at NuData Security.
I believe that 2016 will be the year that passive behavioral biometrics really takes off. There are two reasons why I believe this. First, the market is demonstrating a continued weak spot in terms of PII-based risk prevention techniques – stolen personal data has never been more plentiful on the dark Web. Second, more and more people are adopting a mobile-first lifestyle. This has created the expectation of a fast, frictionless transaction experience.
The only way to protect customer data and accounts and also offer a painless user experience is with passive behavioral biometrics. In fact, the mobile space is a perfect pairing to biometric and behavioral analytics technologies because of the increased number of biometric measurement tools built in to every tablet and every smart phone.
The Hidden Cost of Fraud Prevention
The cost of fraud plays out in two directions. Actual fraud costs retailers $9 billion – no small sum. However, cost of false positives, where legitimate consumer purchases are canceled due to overzealous traditional fraud prevention methods, is upwards of $118 billion in lost revenue, according to the Javelin Strategy & Research report, “Future-Proofing Card Authorization.” And as criminals become more adept at successfully jumping Knowledge Based Authentication (KBA) hurdles, legitimate customers push up against ever-greater levels of friction. Risk management leaders need to find a better way to identify their valued customers and identify those who present elevated risk.
Behavioral biometrics is the key to accurately identifying and verifying customers. This method enables business to become better predictors of risk while minimizing the friction legitimate users face. Biometric and behavioral analytics greatly increases industry efforts to devalue stolen data, eventually reducing the number, scale and impact of data breaches worldwide. This greatly benefits users, allowing them a frictionless and safe online experience, while continuing to protect their accounts even if their logins and passwords have been compromised. Allowing good customers to continue to interact safely online will be the most important issue in 2016.
Three Goals to Reduce Risk
As users anticipate that fast, no-hassle experience we’ve come to expect on our tablets and smart phones, eliminating false positives and removing friction across the mobile ecosystem will be the key focus going forward. By harnessing the power of behavioral and biometric analysis, organizations can predict fraud with a very high degree of accuracy by identifying the real user behind the device. Focusing on the good users— and decreasing customer abandonment and attrition—can put billions back into merchants’ pockets, The ability to move beyond the machine and truly know your customer will be the differentiator that allows companies to bypass the knowledge-based authentication arms race with frausters and and leap ahead in terms of customer satisfaction and retention.
Here are three main goals that Chief Security Officers (CSOs) everywhere should focus on in the new year to achieve this goal of frictionless user authentication:
• Don’t block business – facilitate it. Security through valid user identification will strengthen brand loyalty and increase conversion while protecting brand assets at the same time.
• Use intelligent prevention. Make sure that you are using an intelligent multi-layer risk prevention platform that measures behavior over time and gives you accurate, real-time scoring to let you know exactly who your user is.
• Learn about the device AND its owner. Know the user on the other side of the machine through passive biometric and behavioral analytics.
The “intelligent prevention” goal listed above deserves a closer look. A layered approached—using device and connection, analyzing biometrics, measuring and comparing behavior across networks and over time—goes beyond standard fraud detection checks to truly understand the user behind the device. By deploying a continuous evaluation of the user, this empowers organizations to:
1. Let legitimate customers self-resolve risk triggers in-session and complete their online experience without additional delay
2. Determine how to respond in real time with all the necessary context and data to make the best decision
3. Identify anomalous and high-risk activity earlier than ever before
4. Redirect suspicious users into a different Web experience
As fraudsters up their game, merchants are cranking up the fraud detection. If that detection method is overzealous, though, it can lead to substantial losses – both in terms of finances and good will on the good user’s part. Today’s trends of ongoing data breaches and increasing mobility lead me to conclude that behavioral biometrics is the way forward. This method of fraud detection and prevention enables merchants to more fully know and understand their users, whether good or bad, with the least friction possible.
DISCLAIMER: BiometricUpdate.com blogs are submitted content. The views expressed in this blog are that of the author, and don’t necessarily reflect the views of BiometricUpdate.com.