Researchers develop keystroke biometrics with 95.5% fraud detection accuracy

A team of researchers at BYU have developed a fraud detection keystroke tracking system that correctly identifies when a user types in someone else’s information with 95.5 percent accuracy, according to a recent study. Such a system would be able to detect instances of fraud where a bad actor is inputting stolen PII.

The study tested the hypothesis that people develop muscle memory when typing out information that is familiar to them – like their own name and password. Individuals will use quicker, more fluid movements when writing out their own information than someone would when typing out stolen information.

BYU professors David Wilson and Jeffrey Jenkins as well as Joseph Valacich from the University of Arizona and David Kim from Texas Christian University developed a tracking system that analyzes keystroke dynamics to determine if the user is inputting their own information or not.

Researchers conducted four observational studies that included over 1,000 participants. The tracker determined when participants entered information belonging to others into online forms with 95.5 percent accuracy.

“When you watch how someone interacts with devices, you gain insight into mental processes,” Wilson said in comments to KSL. “Our motor movements and our cognitive activities are very intimately linked — subconsciously in many cases.”

Wilson said the experiment found that people display “very different behaviors” and “very different patterns of interaction,” when entering their own information versus someone else’s.

The identity fraud detection system is run on JavaScript, making it accessible to nearly every computing device we use today.

“All of our capture technology is based on a script that’s running behind the scenes in a browser,” Wilson explained. “JavaScript will keep track of timings and how things are being typed and then JavaScript reports that back to our servers.”

Implementing the system through JavaScript in the background also reduces friction by not adding additional verification steps, which is common in many fraud-detection methods. This would give financial institutions a new way to combat fraud without affecting conversion rates.

“It’s a low-friction way to flag, say, the 10 percent most suspicious-looking applications and then have that smaller population do a few high-friction things to verify their identity,” said Wilson.

The development comes in time for projected market growth. In 2022, the keystroke dynamics market size reached $390.6 million, according to IMARC services. It is projected to reach $1.4 billion by 2028 with a CAGR of 23.4 percent between 2023-2028. Keystroke dynamics also make up a major portion of the behavioral biometrics market pegged to reach $9 billion in value by 2031.

Article Topics

accuracy  |  behavioral biometrics  |  biometrics  |  biometrics research  |  keystroke biometrics