FB pixel

The role of behavioral biometrics in a world of growing cyberthreats

The role of behavioral biometrics in a world of growing cyberthreats
 

By Anthony Eaton, Chief Technology Officer, IDEX Biometrics

According to a recent McKinsey article, by 2025, the worldwide cost of cyberattacks is expected to surpass $10.5 trillion. Meanwhile, the identity access management industry is now valued at $14 billion and might reach $49 billion over the next decade. The fast advancement of biometric authentication serves as a bridge between the two.

Behavioral biometrics, in particular, is one of the latest advancements set to have a major impact on cybersecurity. This concept leverages users’ actions and behaviors to infer personal preferences, device security, and even access their credentials. This solution provides enhanced customer knowledge, smoother and more secure user experiences, and improved authentication processes. Whilst first used to trigger an automated and urgent response to questionable physical behaviors and actions, behavioral biometrics can also be explored from the point of view of customer service and personalization. Doing so would enable businesses to compile consumer data, spot trends in footfall and develop more pertinent offerings.

Ultimately, when used appropriately, this next generation of biometric technology can assist businesses in combating both competitors and cyberthreats.

Understanding adaptive authentication

Typically, behavioral biometrics has been adopted within business contexts to build a profile of users and employees, learning their behaviors and actions to an extent where a deviation from the norm can be automatically flagged as suspicious or risky. In this context, it is on the passive side of the adaptive authentication spectrum. Active authentication, conversely, encourages the input of passwords or PINs, the swiping of cards, or the recurring request for biometric input (fingerprints, retina scans, etc).

Passive authentication through the lens of behavioral biometrics sees a more constant background analysis of users based on their already established and recognized ways of behaving. Anything ‘abnormal’ suggests an unauthorized user that may warrant a double check of that person’s credentials.

How fast do they type? How often do they pause when typing? Are they right- or left-handed? Is this their usual finger pressure or keystroke pattern on the touchscreen? What is their usual gait when walking?

Whether it’s on a digital device, or through video monitoring, the idea is to make a non-invasive risk-based decision about a person’s credentials, theoretically pre-empting any possibility for an unauthorized person to access the wrong file, space, room, or account.

Analyzed using the power of AI processing, this continuous and automatic risk assessment not only safeguards against threats but does so without introducing any friction to the user – a primary benefit when more stringent and thorough security measures aren’t needed. Having to continuously log in or out, to present your access card, or to remember PINs and passwords might not seem strenuous, but removing some of those instances on a daily basis soon becomes noticeable.

In essence, for businesses, it is the exact level of risk-based monitoring required for seemingly routine operations and actions. Nothing more, and – given the current, volatile cybersecurity landscape – certainly nothing less.

Benefitting all industries but not all processes

Behavioral biometrics might be an evolving form of biometric technology, but its foundations are already quite well established. For retail and ecommerce, for example, the lines blur slightly between the terms, ‘behavioral biometrics’ and ‘risk-based authentication’. Behavior in this sense isn’t just how people interact with their device, but the location they’re ordering from and to, or the time zone and time of day they’re looking to make a purchase. The extent of risk rises up and down relative to what is deemed ‘typical behavior’ in the broader sense and for that individual transaction.

‘Risk’ refers to the degree of confidence in authentication accuracy and will be key to the rise of behavioral biometrics in other industries too, including healthcare and banking where it is already being deployed to varying extents. It is more about the use case and whether the risk posed is suitable for passive authentication in these cases. In healthcare, for example, passive authentication wouldn’t be sufficient to access patient databases, but once logged in, it could help confirm that the same user is still active or online.

In these data-sensitive industries, using behavioral biometrics as a default securitization tool won’t always be sufficient, but it does have value for more routine user protection or admin.

Another example from the banking sector, sees many providers requesting customers to reconfirm their email addresses, to log their keystroke pattern while typing their details. It is very difficult to replicate the cadence or pattern of a detail that’s so familiar and seamless to each individual. The typing of the address itself immediately becomes a layer of risk-based authentication. One that carries far less friction than alternate security layers such as 3D Secure in ecommerce, which historically required manual password input for payments.

Aside from the securitization element, behavioral biometrics can also enable improved personalization and marketing strategies. If the actions of users or customers can help determine their digital identity, it can also give insight into their preferences. The idea of a smart store has already triggered a stronger relationship between retailers and the supply chain as they use video technology and sensors to better understand where customers look, their footfall and routes around a store, or what products they’re veering towards. Behaviors and interactions on company websites, on social media, or in response to marketing outreach also point to the use of AI-driven behavior analytics as a means to elevate ultimate service.

An opportunity worth taking

Across markets in public and private sectors the ability to reduce user friction, gain a better understanding of consumer preferences, and prevent unauthorized access in real-time, ticks three timely boxes. The issue of privacy intrusion still lurks, however. A recent UK survey confirmed that 70% of consumers take steps to limit cookies over a weekly period. Statista confirmed that fewer than one-third (32%) of US consumers always accept them, compared to 43% that always decline them.

The idea of having their very movements digitized and analyzed might not be appealing to all. Consumers and users are clearly running their own risk assessments when it comes to technology. While improved security as a benefit will undoubtedly appeal, losing our personal privacy to achieve it is a tightrope to be walked by those looking to leverage behavioral biometrics.

Overall, concerns about personal intrusion are likely to be outweighed by a more seamless experience intended to protect people’s credentials and assets – especially considering behavioral biometrics’ position as a passive component of adaptive authentication. It’s not a card to swipe. It’s not even about placing a fingerprint or scanning a retina. It’s just you. Your actions confirming your identity, safety, and preferences. In an environment where cyberthreats are becoming more frequent, behavioral biometrics in conjunction with secure authentication can offer seamless user experiences.

About the author

Anthony Eaton has served as Chief Technology Officer of Idex Biometrics since March 2019.

Related Posts

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News

 

Saudi Arabia’s Absher digital identity for financial inclusion and transactions

The Absher platform in the Kingdom of Saudi Arabia has emerged as the core pillar of the country’s efforts towards…

 

Malawi begins biometric voter registration pilot to test new system

A trial voter registration process will begin in Malawi tomorrow September 13 to put the country’s new Electoral Management Device…

 

Biometrics pilots, launches and investments foreshadow next areas for growth

Biometrics pilots, a patent, predictions and acquisitions paint a picture in the most popular news items of the week on…

 

Biometrics firms pitch privacy in age assurance ahead of US court battle

The U.S. is facing its first constitutional debate connected with age verification in 20 years: The Supreme Court will have…

 

Google announces beta test for digital IDs based on biometrics and US passports

A new type of digital ID based on U.S. passports in Google Wallet has been introduced ahead of beta testing….

 

Permira finalizes $1.3B majority stake acquisition of BioCatch

Permira Growth Opportunities has completed the acquisition of a majority position in behavioral biometrics and fraud prevention business BioCatch, four…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events