Prove execs outline vision for behavioral biometrics to power device-based MFA
The best remote authentication utilizes the biometric signals that can be furnished by mobile phones, Prove executives said in a discussion on the use of behavioral biometrics like gait recognition and mobile authentication based on real-time signals.
The discussion was a Know Identity ‘Master Class’ from One World Identity with Prove Chief Strategy Officer Michael Lynch and John Whaley, who served as CEO at UnifyID before it was acquired by Prove, and a Stanford lecturer and now holds the role of SVP for Emerging Products with Prove. The ‘Building a Best-in-Class Customer Journey with Behavioral Biometrics & Phone-Centric Identity’ was moderated by One World Identity Director of Research Nick Holland.
Lynch notes that mobile phones are the fastest-growing technology in history, and provide an opportunity for the company’s proprietary ‘phone identity cloud’ as a source of trust in digital commerce.
This powers a range of use cases, as well as capabilities like pre-approvals, through passive authentication of the device and user.
Providing the best-in-class customer journey requires moving to the right data, which is not the traditional set of name, address and government ID checks, and using the new data in the right way, according to Lynch.
Whaley pointed out that organizations effectively utilizing identity can not only reduce risk, but also improve their top-line results, using it as a competitive advantage.
They walked through a pre-approval workflow, and demonstrated Prove’s Pre-fill capability. The latter can also be used as a fraud signal, as fraudsters typically do not use autofill when attempting to spoof a victim’s identity.
Lynch and Whaley also presented what Prove considers the evolution of MFA, from email and voice-over-IP factors in MFA 1.0, through the current use of one-time passwords (OTPs), to the combination of phone-centric data, push authentication and behavioral biometrics, which goes beyond authenticating the device to identify the individual. The vulnerability and cost associated with OTPs will motivate this migration, they say, though OTPs will continue to be used for the foreseeable future.
The way phone sensors provide passive signals for biometric motion and gait authentication was explained by Whaley. He says the false positive rates for these passive behavioral biometrics is similar to traditional biometric modalities like fingerprints.
How to put together the various authentication techniques available through mobile devices for adaptive, mostly passive biometric workflow was presented, along with how to mitigate challenging risks like SIM swaps and device changes. These are particularly relevant challenges for remote device-based approaches, as explained in a recent guest post to Biometric Update by FaceTec.
They concluded by providing a checklist for modern digital identity best practices with five items.
BioCatch recommends OTPs and behavioral biometrics to meet SCA deadline
At present, the combination of OTPs with behavioral biometrics is an effective way to meet the Strong Customer Authentication (SCA) requirements of Europe’s Payment Services Directive 2 (PSD2), BioCatch EMEA Director Ruhan Basson tells The PaymentsJournal Podcast.
Guidance from the UK Information Commissioner’s Office (ICO) earlier this year identified behavioral biometrics as a compliant second factor for SCA.
The guidance, Basson says, provided clarification organizations were looking for as they implement new systems to meet the March, 2022 deadline for SCA compliance.