The Case for Behavioral Biometrics

The Case for Behavioral Biometrics

Giovanni Verhaeghe

Director Market & Product Strategy at VASCO Data Secrity

Views 2215

The Case for Behavioral Biometrics

14.02.2018 07:45 am

With mobile banking apps becoming a staple, cybercriminals have started to take a serious interest in compromising these devices. New, sophisticated methods of attack have rendered the classic username-password scheme outright obsolete. Even the more secure but still basic two-factor authentication seems insufficient as hackers have found ways to dupe users into entering pass codes into fake user interfaces.

The main challenge has always been to devise a security scheme that is dynamic enough to thwart hackers from just going for the technical implementation, without impeding usability. From a user perspective, constantly having to add new credentials like strong passwords and unique user names is a hassle and may be a reason to switch to a different service provider. It also provokes shortcuts in behavior, for example by using the same password for multiple platforms or using simple passwords that are easy to recall. That in itself undermines security as it would be easier for criminals to find weaknesses to exploit. Mobile devices are especially vulnerable as users tend to be less mindful of security than they would be on desktops or laptops.

Layers erected, layers collapse

Newly added security layers are also constantly compromised by buggy implementations or inherent weaknesses of mobile devices and their OSes. Cybercriminals are constantly at work to find new ways to exploit these leaks. Each success means developers need to either improve existing layers of security, or add a new layer that contributes to overall complexity. Technology is not the only element targeted by cybercriminals though, as they are trying to exploit lack of knowledge of users. They can present them with a fake login screen, where the unknowing customer can type in the credentials and any authentication code send by SMS, while the malware secretly changes the target account number, for example.

For these reasons, financial institutions have rightly added more discreet security to their apps that does not normally interfere with usability. For example, by taking into account time and place where users log in to their mobile banking apps, they can quickly detect potentially suspicious login attempts. If someone tries to do a large transaction in the middle of the night from halfway across the world, something usually isn’t right. Blocking the transaction until there has been some additional verification is the best course of action. But they can increasingly add more behavioral elements to the mix beside time and place. Examples include finger pressure when tapping or swiping the touchscreen of the smartphone or typing speed. If something is off, it might be that a device has been stolen or that the user is unknowingly using an overlay put in place by cybercriminals instead of the actual banking app.

Behavior as an added factor

This type of security has become known as behavioral biometrics and can be added as an additional layer to its solutions. By capturing the way the user typically uses the device over a period of time, behavioral biometrics algorithms can define a sort of ‘fingerprint’. If the user’s actions match that fingerprint, there is a higher probability the user’s actions are legitimate and there is no need to interfere and possibly compromise the use experience. However, a sudden change in behavior might indicate something is going on. The bank can then step in and request additional verification.

Because behavioral biometrics is a discrete way to verify transactions, the burden of security shifts away from the user. Users normally won’t notice the layer as it does not demand additional action from them. That in turn means that the time spent authenticating a user is minimalized, so the user spends more time using the actual application. All the while, the session is secured to the level that users would expect. Behavioral biometrics reduces fraud while minimizing the occurrence of false positives. Also, it does not nearly invade into the privacy of clients as do traditional biometrics, like databases of fingerprints, iris scans or voice prints. A user’s behavioral pattern is stored as a mathematical equation that is useless for criminals looking for personal data.

Behavioral biometrics offers security on a transaction-to-transaction basis. It does not just secure one avenue, making it very hard for criminals to overcome as there is no single weakness that can be exploited. At the same time, the user is not being burdened with the discomforts additional security layers normally bring with them.


Latest blogs

Otabek Nuritdinov Safenetpay

Beyond Payments Services

    Why it really matters for small for medium-sized enterprise (SMEs) to choose the right payments services provider. Strategic planners in the financial services sector often define their business in terms of products that Read more »

Chak Kolli DXC Technology

How Can Insurers Realise the True Value of AI?

As Artificial Intelligence (AI) and digital transformation find their way into every aspect of our daily lives, we are gradually seeing changes taking place in different sectors. Progressively, AI is permeating the insurance value chain and it is Read more »

Abdullah Faisal Alothman Geidea Financial Tech and AO Holdings and Co-Founder of United Lemar Company Ltd.

How are FinTech innovation and AI disrupting traditional banking models in the ME?

With most of the banks in the region using outdated technology and struggling to meet the increasing demand for online banking during the pandemic, fintech innovation is key to ensuring the Middle East stays ahead in this digital age. Innovations in Read more »

Matthew Feyling Trianz

Why Digital Transformations Fail And How You Can Prevent It?

Going digital is one of the most significant changes a business can make, especially in the current state of Covid, this has become an imperative for survival. The transformation involves the conversion from more traditional workflows and processes Read more »

Thomas Pintelon Capilever

Social distancing & Financial distancing - New counterparty risk models

The impact of the current crisis on counterparty risk models One could argue, that in a similar way that social distancing can limit the epidemic spread in the current health crisis, applying correct counterparty risk measures can prevent the Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel