Hackers beware: passive biometrics is turning the tables on cybercrime
This is a guest post by Robert Capps, vp and authentication strategist at NuData Security, a Mastercard company.
Halloween or not, black-hat hackers don’t typically require clever costumes to hit their targets. That’s because most companies’ authentication systems rely on Personally Identifiable Information (PII) or usernames and passwords as a way to identify returning customers. This method, which used to create a real barrier against fraud, is no longer good enough. Constant data breaches over the years have proven that almost everyone’s PII may have been exposed and is now available to fraudsters.
Stolen data is not only easy for bad actors to access, but also straightforward to leverage; using it is as simple as snagging infected candy in October. This certainly isn’t comforting for companies, who must flank their user accounts while allowing transactions and purchases to happen seamlessly.
Cutting-edge technologies on the market are changing the way users are verified online. Passive biometrics and behavioral analytics are an integral part of the way this landscape is evolving to help businesses unmask fraudsters. This multi-layered security approach identifies people by their online behavior.
There’s been a big problem with passwords for a long time, and it’s not even that people can hardly remember them when bouncing from one account to another. The real password conundrum lies in the fact that too many of them are woefully weak. It’s not a shocker that many people use simple passwords, no matter how clever some may seem. Yet, despite their inadequacy, passwords remain the go-to solution for ultimate account authentication.
Passive biometrics, however, aims to solve some of these failings by preferring personal behaviors over randomly chosen words and numbers. Companies are starting to use inherent identifiers that are impossible to replicate and that can be combined with physical biometrics such as fingerprints, retinal scans or facial scans.
To understand this better you can think of passive biometrics as your barista; someone who deals with customers on a daily basis. The barista learns the habits and regular orders of his customers – he knows who wants a skinny vanilla latte and who always orders a medium caramel macchiato – and so does passive biometrics, which understands how people perform specific activities.
Passive biometrics monitors different types of patterns, like the speed with which users type or press down on their keypads, how they hold their device, how fast they go from page to page within the account while they are browsing, along with hundreds of other identifiers. Companies utilizing these tools can cross-reference the behaviors with known user data, allowing them to better estimate the risk and to determine whether the users are legitimate or not.
These detailed, unique, and impossible-to-replicate metrics avoid reliance on passwords and usernames as the only barrier between account data and fraudsters. When passive biometrics are combined with other layers such as behavioral analytics, they provide unparalleled levels of trust between customers and businesses. Multi-layered solutions that include passive biometrics and behavioral analytics are designed to increase trust, not only between customers and organizations, but also between employees and employers.
Smart and evolving tools like these are especially important in the era of mega breaches. By moving from systems that rely on credentials to using tools that verify users by their behavior, businesses are building a strong trust foundation and providing better services to loyal customers.
About the author
Robert Capps is a recognized technologist, thought leader, and advisor with over twenty years of experience in the design, management, and protection of complex information systems.
DISCLAIMER: BiometricUpdate.com blogs are submitted content. The views expressed in this blog are that of the author, and don’t necessarily reflect the views of BiometricUpdate.com.