Behavioral biometrics and continuous authentication advance as business adapts to remote everything
Even as dramatic social change has been imposed by COVID-19, the kinds of fraud attacks companies experience and the biometric authentication technologies they use to prevent them have remained basically the same. What has changed is that online volumes of traffic, transactions and authentications have reached levels they were expected to years in the future, BehavioSec VP of Products Jordan Blake told Biometric Update in an interview.
As a result, he says, “timelines are getting advanced.”
Demand is coming from new verticals, according to Blake, as numerous people begin using the online channel to interact with many organizations they never have dealt with that way before.
“It’s conceivable that we’re at a local peak, and things die down a little bit,” he argues. “But there’s this sentiment among those that I’ve spoken to that there’s a new baseline, and it’s significantly higher than the one we were dealing with before.”
People are also becoming used to using ecommerce, shopping and banking online as a default, and as a result, organizations from a wide range of industries are looking deeper into advanced authentication, Blake says, including behavioral biometrics and continuous authentication.
Some organizations seem to have shifted from goals somewhere on a roadmap for the next few years to aiming to deploy new technology this year.
“We’ve sort of moved from this mindset where advanced authentication technologies were niche or a few years off, to a world where: ‘We want to look at this right now. We want a POC. We want to see a demo,” Blake reports.
Companies are scrambling to avoid a spike in fraud, and not necessarily in a position to appreciate other aspects of behavioral biometrics, like the ability to gain insights on account usage or the customer journey that are not surfaced by other authentication methods.
“We’re sort of in the eye in the hurricane right now, and its hard to extrapolate what things look like once this calms down, and we get to look back at it and strategize,” Blake states. “Right now there’s a lot motion that seems very tactical, not necessarily thinking that where we are going a couple of years down the road.”
Still, that movement has included a newfound interest among energy companies, for instance. These businesses often have millions or tens of millions of customers, among both consumers and businesses. Practically all of them now want to use online bill payment, and with most energy companies feeling pressure to differentiate themselves to fend of competition, easing that online experience has brought an unforeseen spike in demand from this potential customer group, Blake explains.
What makes this change particularly interesting to Blake is that, unlike financials, who are early adopters for behavioral biometrics, this customer group represents something closer to the early mainstream.
The underlying solution that BehavioSec provides is the same in all use cases, with behavioral timing data captured and passed to a machine learning server to build a profile and make comparisons. How the signals are captured, and what exactly happens after that depends on the implementations. For major financial institutions, BehavioSec is likely providing one of at least 10 or 20 signals that go into a fraud decision. The signals generate a score, which is passed to a rules engine to drive policy enforcement. For non-financials, the company’s technology typically integrates with an identity and access management (IAM) provider like ForgeRock or Ping.
Blake expresses optimism for a future in which standards like 3D Secure align systems so that they work together by default, like Bluetooth has done for electronic devices.
“We’re not quite there yet with authentication technology,” he acknowledges, “but there are obviously those things that are out there, FIDO being the big one, so that’s a conversation we continue to have. Figuring out how we play in that ecosystem I think is super-important for us going forward.”
As a technology that enables strong customer authentication continuously throughout workflows, helps detect fraud throughout workflows, and yields insights without increasing friction, behavioral biometrics are ready for their moment in the spotlight.
“This was sort of considered a research topic for a number of years, but it really has come into its own, it is being used by global banks and organizations in many different verticals,” Blake says. “It’s here today, it’s not academic research, it’s ready to be deployed, and we have customers successfully using it to improve their customer experience and reduce sophisticated attacks; ATO and new account fraud and all of that.”
Read more from this interview series
Biometrics are enabling trust for access control and fraud prevention during the pandemic and resulting social change, and the industry impact could be major and lasting.