When you deal with finances, secure authentication becomes a matter of the utmost importance. Biometric recognition was a revolutionary verification method that substituted passwords in many services, increasing both efficiency and convenience. Behavioural biometrics is now emerging as an alternative or supplement to fingerprints or iris scans. Is this next-gen biometric solution here to stay, or will it remain a fancy experiment for the fintech industry?
At present, behavioural biometric solutions are in the early stage of development. Although they are changing the way users are authenticated, adding an extra layer of security to access procedures, behavioural biometrics is still quite rarely used in fintech.
What Is Behavioural Biometrics?
Behavioural biometrics is a peculiar method of authenticating individuals based on the measurement and analysis of unique patterns in their behaviour. For example, the biometric solution may focus on distinctive ways people interact with devices, systems, or perform certain tasks.
Unlike the common meaning of biometrics, behavioural solutions don’t rely on inherent physiological characteristics (e.g. fingerprints, palm or iris scans). Instead they leverage spotted behavioural traits and patterns for identification. These include:
- Keystroke Dynamics: takes into account the unique typing patterns of individuals, such as typing speed, rhythm, and keystroke pressure.
- Mouse Dynamics: Each person moves and interacts with a mouse or touchpad in a peculiar way, e.g. with different movement speed, patterns, and gestures.
- Signature Dynamics: Not only the image of a signature itself but also the unique way an individual signs their name matters for this authentication type, that analyses speed, pressure, and stroke patterns observed while signing.
- Voice Recognition: It deals with the unique characteristics of an individual’s voice, such as pitch, tone, and speech patterns.
- Gait Analysis: For particular non-remote authentication types, it is possible to assess an individual’s walking pattern, stride length, pace, and other unique gait aspects.
- Gesture Recognition: Behavioural biometrics also studies the specific gestures made by individuals on touchscreens or through other input devices.
Behavioural biometric solutions can be classified into skill-based, style-based, knowledge-based, strategy-based, and more, depending on the area of particular focus.
Use Cases
Behavioural biometrics can be used for one-time authentication or continuous authentication. Continuous authentication is an innovative method of confirming the user’s identity in real time while they are using the service.
Although it may be theoretically chosen as a main verification way, behavioural biometrics are mostly employed to enhance traditional authentication methods. While the iris or fingerprint is indisputably unique, keystroke dynamics of different people may bear many similarities. At the same time, the more additional factors are added to the authentication scenario, the more accurate it can potentially be.
Due to the uninterrupted increase in the use of mobile applications and the intensive exchange of login and personal data over the web, sensitive details often get stolen by malefactors. They can leverage the hacked data to access financial services or perform an account takeover.
Therefore, while a password or fingerprint can be used to access the financial service, behavioural biometrics are continuously verifying the user’s identity throughout an interaction, making it more challenging for unauthorised users to compromise the user’s account.
As threats of cybercrime grow and become more sophisticated, financial industry players are actively using advanced technologies to protect their institutions and clients from fraud. Behavioural biometrics find applications in identity and access management, risk and compliance management, fraud detection and prevention management, and more.
Mastercard
Mastercard Incorporated, through its subsidiary NuData Security, leverages behavioural biometrics within its comprehensive online security strategy to prevent fraudulent activities. NuData Security specialises in advanced technology solutions specifically designed for risk-based authentication and fraud prevention, with a focus on various aspects of user behaviour. Its flagship solution NuDetect combines behavioural signal analysis and device intelligence to distinguish legitimate users from fraudsters.
By continuously monitoring user behaviour, such as typing patterns, mouse movements, and other interactions, NuData Security creates a dynamic profile for each user. When a deviation from the established behavioural pattern is spotted, it could trigger additional security measures or alert the system to a potential security threat. On the contrary, when a user’s behaviour aligns with their established profile, the system allows the transaction to proceed with minimal friction.
Since users’ behaviour may change over time, NuData Security leverages machine learning algorithms and advanced analytics to continuously improve its behavioural biometrics models. The system constantly learns from patterns and adapts to sustained changes in user behaviour. This mechanism increases the efficiency of identifying potential threats and reduces false positives.
What Drives the Growth of Behavioural Biometrics?
Legacy authentication methods such as unlock dot patterns and passwords are often ineffective against advanced security and privacy threats. With these verification methods, we often deal with human negligence, as people use the same passwords for multiple accounts, create non-secure or easy-to-guess passwords, input this data in public places where they can be seen by malefactors, don’t log out from their accounts on a public or work device, or write the password down in an accessible place.
Obviously, biometric data is hard to copy or imitate, so advanced biometric techniques are rising in popularity across global markets. The use of contactless mobile payments has fuelled a significant rise in the use of biometrics. Today, the emergence of smart analysis technologies such as artificial intelligence is enabling market players to improve their verification systems with even more data sets. The increased accuracy and security boost lead to a growing adoption of these technologies in authentication and identification spheres.
In addition, there are instances when traditional fingerprint scanning cannot be applied. For example, the device doesn’t support this function or fingerprint sensors have technical issues such as hardware malfunctions or calibration errors. After all, individuals themselves may have troubles with fingerprint identification due to certain physical impairments or disabilities, altered or damaged fingerprints due to harsh work environments, age-related changes, such as skin elasticity and texture, or other skin conditions. In this case, it’s better to apply other types of biometrics than relying exclusively on password identification.
Therefore, the growing demand for reliable and safe digital transactions in the e-commerce and mobile commerce industry is leading to the increased adoption of sophisticated authentication alternatives such as behavioural biometrics software.
Benefits of Behavioural Biometrics
Behavioural biometrics software utilises Users Behavioural Analytics (UBA) principle of statistical analysis to identify typical patterns in various aspects of human behaviour and detect anomalies. For the financial industry, such anomalies could indicate security breaches and account takeovers.
Behavioural biometric solutions gather user data continuously, providing more insights into the way an account is used than a momentary sign on with a token or scanning a fingerprint. Therefore, it can help financial institutions achieve high security levels, boosting customer trust and loyalty over time.
Let’s imagine a scenario where a criminal gets hold of one’s banking account credentials. It’s not impossible. However, when the offender takes over the account, they would not be able to imitate the account owner’s behaviour and suspicious transactions will be blocked.
Behavioural biometrics can be seamlessly integrated with other authentication methods. Thus, businesses and organisations can leverage the strengths of different authentication factors within a robust multi-channel security system.
In addition, behavioural biometrics does not require the companies to capture and store sensitive physiological information. It enhances user privacy and raises fewer privacy concerns than other trusted biometric methods.
The method is less intrusive compared to traditional biometrics. Since users don’t need to physically touch a device or provide specific physiological samples, it may be more comfortable and acceptable for certain customers.
Behavioural biometrics also reduces friction during the authentication process as it may be used instead of other multi-factor verification methods like phone calls, sms codes, etc.
Obstacles in Behavioural Biometrics Adoption
Although the potential of behavioural biometrics becomes more and more discussed, its adoption is currently still in its infancy. The reasons are numerous.
Firstly, the integration of any new advanced technology into an existing system may be costly, time-consuming and complicated. Most small firms would typically not deal with the technology unless it’s a ready-made and affordable solution. At this point in time, there are only a few behavioural biometrics providers on the market. Weak competition doesn’t typically boost the affordability and development of all-round systems.
At the same time, there is still a lack of research data regarding the level of efficiency of behavioural biometric systems. For instance, there are not many insights about a balance between security and usability when behavioural biometrics is involved. It is crucial to understand how often such systems may trigger additional verification.
The level of potential false positives (incorrectly identifying authorised users as threats) should not be excessive, as it can add discomfort to the user experience. Thus, the technology would be used on a large scale only when behavioural biometrics systems are proven to be highly accurate in distinguishing between legitimate users and potential threats.
Moreover, although the nature of gathered information is less physiological and less intrusive, the scope of observations may feel uncomfortable for many people. Customers may feel uneasy as if they’re constantly being watched and monitored and treat the technology as an infringement on their privacy.
Finally, behavioural biometric solutions must also comply with data protection and privacy regulations, such as GDPR (General Data Protection Regulation) in the European Union or similar laws in other regions, providing proper disclosure and consent procedures. At present, there’s a lack of industry standards for behavioural biometrics. It can lead to interoperability challenges, further limiting the widespread adoption of the technology.
Summary
The use of behavioural biometric technology in fintech is quite limited in scope. It has a certain potential, promising to enhance the accuracy and versatility of identification, enabling continuous real-time user authentication. In theory, it would significantly improve the financial security systems without much additional friction for the user. At the same time, the technology still faces a lot of legal and ethical challenges, along with complexity and costliness of mass adoption. These issues have to be solved before behavioural biometrics is used on a truly large scale.
