The promise of behavioral biometrics – and the top 3 things businesses must consider prior to adoption
This is a guest post by Ben Goodman, VP of Global Strategy and Innovation at ForgeRock.
A recent drumbeat of significant data breaches and privacy infringements have put the issue of personal security at the forefront of the consumer conscience like never before. In particular, the public is beginning to realize that traditional usernames and passwords are no longer enough to protect their online information, and that they (and the companies they trust) must take a stake in protecting their digital identities (PDF). Running parallel to this demand for more secure access to services and devices, however, is an expectation of seamlessness. While there are methods, like two-factor authentication, to make traditional logins more secure, many consumers find the process tedious, and are reluctant to adopt such measures despite their desire for personal information protection. While this may seem like a cybersecurity catch-22, there are protective-yet-intuitive security methods that are beginning to go mainstream. Enter behavioral biometrics.
Behavioral biometrics take the traditional biometrics process a step further by relying on unconscious actions – how you walk, hold a device, or even how fast you type – to deliver a confidence score, or a percentage indicating to what degree a user is likely to be who they say they are. While the technology can’t always identify users with full certainty, it can provide an informed guess that, when combined with other contextual clues (the WiFi network the request is being made from, the GPS location of the other person, or even the time a request was made), is often sufficient enough to determine whether to trust the end-user you’re interacting with. Combining seamlessness with behavioral idiosyncrasies that are roughly as accurate as a fingerprint to enable access, behavioral biometrics are, by many indications, an ideal form of authentication and verification. Given their unique combination of convenience and security, behavioral biometrics are an increasingly essential instrument in one’s security toolkit.
Industry wonks may not consider this technology ‘new’ per se, though consumer- and enterprise-facing companies have only recently begun unveiling its potential to customers – an advent made possible by the unprecedented ubiquity of sophisticated smartphones. Equipped with touch-sensitive screens, accelerometers and gyroscopes, the sensor-filled devices in our pockets are poised to interact with and interpret outside stimuli like never before – a true sea change when it comes to the widespread adoption of behavioral biometrics.
With the use of mobile, direct payment services on the rise as a result of these newer, better phones, the banking industry in particular has taken notice of the targeted use cases behavioral biometrics have to offer. If a customer’s mobile phone is compromised by malware or is physically stolen, banks like Lloyds Banking Group and Deutsche Bank have employed measures that, from behavior with the phone alone, will offer a score that indicates a level a certainty that the person you’re sending money to – or receiving money from – is who they say they are. This score, in tandem with other security context clues, provides customers the information they need to determine whether they trust the end-user they’re interacting with – helping to prevent unsafe transactions or account takeovers.
As the benefits of behavioral biometrics become more clear, and companies increasingly integrate the tech into their services, the question now becomes – where are behavioral biometrics headed next? What do businesses need to consider as behavioral biometrics grow increasingly commonplace?
The ‘smart city’ will become the ‘secure city’
The idea of ‘smart cities’ has floated around business and technology publications for the better part of the last decade, often postulating on ideas more likely to be found on The Jetsons than real life. In reality, though, a smart city is simply one that relies on the Internet of Things (IoT) and electronic sensors to make urban living more manageable for citizens, and more operationally efficient for those in charge – by definition, then, smart cities already exist in spades. But with the proliferation of cheap sensors (like those found on the smart devices we all carry), these cities will inevitably move away from just being ‘smart,’ and more so towards being ‘secure’ – providing new ventures for companies to tap into. As sensors that measure and monitor temperature, movement and computer vision systems grow increasingly available, there will be more opportunity to naturally and accurately validate, in real-time, a person’s identity through behavioral biometrics – providing ample investment opportunity for organizations that rely on authentication, including bike/car shares, app-based home/child/pet sitters, package deliveries, mobile payments/check-ins, and more. As security continues to evolve from a nice-to-have to must-have, savvy businesses will look to capitalize on high-tech urban environments in a way that moves beyond efficiency and into customer verification and protection.
Security will move from an ‘either/or’ to a true ecosystem
The perceived newness of behavioral biometrics will likely usher in a rush of companies who make the technology their hero offering, but behavioral biometrics are not a panacea. They are, more accurately, one of the many components that should ideally comprise a larger, more-comprehensive authentication system, including encryption, tokenization, and other forms of granting and revoking access. Just as one might use both a lock and alarm to protect their car, more than one authentication tool is needed to offer optimum security. In the same vein, behavioral biometrics must be optional, one of a series of choices for customers to select when deciding how to protect and share their information. In the Age of GDPR and Consumer Consent, there is no one size fits all security system. To be successful, businesses must also be agile, creating a security ecosystem that provides the best security, no matter the configuration of measures selected.
Access to real-time, transparent authentication will drive economic reward
In a time of ‘fake news,’ doctored media and phishing scams, it’s never been more difficult to validate what’s real online. But for businesses handling countless data points – both for customers and themselves – authenticating outside sources and users has also never been more important. Through behavioral biometrics, companies can embolden their employees with the confidence to know whether to accept files or emails sent to them. And, if a CEO’s social media accounts are hacked to share malicious content, businesses can leverage behavioral biometrics to show with a degree of certainty who was actually behind the messages. With trust at the center of all successful business relationships, it’s essential for customers to know that organizations they partner with are acting responsibly, and aren’t inadvertently putting their information in the wrong hands – companies who succeed at earning and maintaining this trust will reap the financial rewards.
Behavioral biometrics offer promise to companies and consumers alike, and will likely continue to grow mainstream. Businesses who understand the technology’s role as part of a comprehensive security program will help in driving innovation, seamlessness and trust for the internal and external stakeholders they serve.
About the author
As ForgeRock’s Vice President of Global Strategy and Innovation, Ben Goodman is responsible for helping build and evangelize ForgeRock’s innovation agenda and product direction.
DISCLAIMER: BiometricUpdate.com blogs are submitted content. The views expressed in this blog are that of the author, and don’t necessarily reflect the views of BiometricUpdate.com.