Behavioral biometrics – securing digital banking without compromising on user experience
This is a guest post by Sam Bakken, Senior Product Marketing Manager at OneSpan
Digital banking has grown rapidly in recent years. Juniper Research forecasts that by 2021, one out of every two adults in the world will use a smartphone, tablet, PC or smartwatch to access financial services. Unfortunately, fraudsters always follow the money, so as consumers conduct more of their financial transactions through mobile banking apps and smart devices, cybercriminals are increasingly targeting the mobile channel. Mobile malware nearly doubled in 2018 and mobile account takeovers increased 79 percent. As a result, financial losses are on the rise. Global fraud losses are estimated to have cost banks more than $31 billion at the end of last year.
Facing these growing cybersecurity threats and fraud losses, financial institutions are seeking to strengthen their user authentication methods in digital channels. The rise in application fraud and account takeover fraud means it is no longer sufficient to only authenticate users at the start of their digital banking session – financial institutions need continuous multi factor authentication. However, at the same time, today’s consumer has high expectations for a frictionless and convenient digital banking experience and mobile users do not want to be burdened by additional, cumbersome, authentication steps. Financial institutions need strong security to ensure they’re dealing with a legitimate applicant or customer, but without negatively impacting the user experience. To solve this challenge, they are increasingly turning to the emerging technology of behavioral biometrics.
What are behavioral biometrics?
Traditional biometric authentication techniques, such as fingerprints and facial recognition technology, have been commonplace in digital banking for several years now, but behavioral biometrics are the next frontier and are poised to transform FinTech. Whereas traditional biometrics authenticate customers using static biometric markers (e.g. a fingerprint or retina pattern), behavioral biometrics analyze the way a user interacts with their mobile device. It compares the information to a previously developed user profile, or “behavior fingerprint”, to continuously authenticate the user throughout the entire digital banking session.
Behavioral biometrics can measure and analyze a variety of user behaviors, from the way they hold their mobile device, to finger pressure, swipe patterns, keystroke dynamics and more. It can look at the user’s navigation behavior both within the application and on the device, examining their typical speed of browsing and accuracy of movement. Behavioral biometric data can also be combined with server-side analytics, enabling the financial institution to draw insights from data collected from different sources, including groups of other users, events and third-party partners.
Behavioral analytics — a different concept — uses data from multiple sources to understand when and how a user normally interacts with their bank account – such as the time of day they normally log in, the typical transaction amounts and more. Any deviations from the user’s typical behavior are detected in real-time by comparing that behavior to historical data. By combining behavioral biometrics and behavioral analytics, the financial institution is able to create a multi-layered, context-aware approach to authentication and risk assessment. This, in turn, helps the organization’s risk analytics engine decide whether the user should be allowed, challenged (by requesting additional authentication measures), or blocked, when deviations from the user’s typical behavior are detected.
Because behavioral biometrics is continuously working behind the scenes and is invisible to the user, it is often described as passive. As opposed to active methods of authentication, behavioral biometrics do not require any additional actions from the user, which improves the customer’s digital banking experience. At the same time, there are no privacy concerns because a user’s behavioral data is converted to a mathematical representation within their profile, which is meaningless to criminals.
Behavioral biometrics is one of the most disruptive new technologies in identity management. Any organization that needs strong identity verification and multi factor authentication without hindering the digital customer experience should look to add behavioral biometrics as part of a multi-layered approach. It offers financial institutions an excellent opportunity to enrich their risk analysis with user-specific data. By performing continuous, real-time analysis in the background, behavioral biometrics ensure a positive digital experience for legitimate users while detecting and stopping fraudsters.
About the author
Sam Bakken is Senior Product Marketing Manager at OneSpan where he is responsible for the OneSpan mobile app security portfolio. Sam has nearly 10 years of experience in information security.
DISCLAIMER: BiometricUpdate.com blogs are submitted content. The views expressed in this blog are that of the author, and don’t necessarily reflect the views of BiometricUpdate.com.