Behavioural Biometrics is a new way of doing security, particularly in consumer, retail focused and mobile facing platforms. Behavioural technology allows us to accurately analyse how a user interacts with their device and based on their previous behaviour, can confirm their identity.
The system is already widely used in the Nordic countries by banking and finance companies as an anti-fraud tool and is now starting to move into other parts of Europe.
The technology looks at the way you use the device. Do you zoom across the screen with the mouse and then hover over a button? Which way do you circle the cursor? On mobile devices it would also be the depth of touch, how you move your finger across the screen, how much of your finger is on the screen, how hard you’re pressing, the angle you hold the phone and so on. These actions are incredibly hard to mimic. It can be captured with no need for extra hardware or for the user to do anything different.
So, rather than credit card companies looking for suspicious behaviour, such as a sudden change in usage patterns, to determine if card details have been compromised, behavioural analysis can detect fraudulent use in the way the user swipes the screen. There will therefore be less need for challenges just because you’re using your card in a different country.
This technology can be easily added to existing software and websites, too. Typically a bank would enable the technology on a website or a mobile app in order to capture events. The back end then uses big data and machine learning in real time to analyse events and compare them to what you’ve done in the past.
Any performance issues, especially on mobile devices, come down to how much bandwidth you take up. This technology is very light because the hard work isn’t done on the device itself, it’s done on the back end. Plus the amount of data transmitted is very small compared to things like using images for authentication.
To be efficient, the technology will need to learn your behaviour, and making a transaction for around seven times can be enough to enable the security. The system doesn’t just analyse the login, it looks at all the transactions you do with the site or the app and so a rich amount of data is collected every time. However in the initial stages the user will still be challenged to provide two-factor authentication or similar.
If suspicious activity is detected, the system challenges a transaction by asking for another authentication method or by alerting an agent to call the customer. It can also be used to log information to provide support for fraud investigations. One of the concerns businesses have is that too much authentication can actually drive customers away. By reducing the amount of friction and issuing fewer challenges this technology can ensure customers stay loyal.