Complex Made Simple

Bad move. Fighting cybercriminals with behavioral biometrics

Cybercriminals are increasingly targeting the mobile channel to defraud people using banking apps to conduct business. A new fintech uses behavior biometrics to stop these hackers cold

A user’s navigation behavior like speed of browsing is examined Any deviations from the user’s typical behavior are detected in real-time by comparing that behavior to historical data The problem with current biometrics is that we tend to leave our fingerprints just about everywhere we go

Cybercriminals are increasingly targeting the mobile channel to defraud people using banking apps to conduct business. 

Mobile malware nearly doubled in 2018 and mobile account takeovers increased 79%. Global fraud losses are estimated to have cost banks more than $31 billion at the end of last year.

Facing these growing cybersecurity threats and fraud losses, financial institutions are seeking to strengthen their user authentication methods in digital channels and are after multi-factor authentication. 

At the same time, today’s mobile users seek a frictionless digital banking experience and do not want to be burdened by additional, cumbersome, authentication steps. 

To solve this challenge, banks are increasingly turning to the emerging technology of behavioral biometrics.

Behavioral Biometrics

Fingerprint and facial recognition technology have been commonplace in digital banking but behavioral biometrics are the next frontier.

Behavioral biometrics analyze the way a user interacts with their mobile device from the way they hold their mobile device, to finger pressure, swipe patterns, keystroke dynamics, and so on. 

It compares the information to a previously developed user profile, or “behavior fingerprint”, to continuously authenticate the user throughout the entire digital banking session.

It can look at the user’s navigation behavior both within the application and on the device, examining their typical speed of browsing and accuracy of movement. 

Behavioral analytics also uses data to understand when and how a user normally interacts with their bank account, typical transaction amounts, and more. Any deviations from the user’s typical behavior are detected in real-time by comparing that behavior to historical data. 

By combining behavioral biometrics and behavioral analytics, the organization’s risk analytics engine decides whether the user should be allowed, challenged (by requesting additional authentication measures), or blocked when deviations from the user’s typical behavior are detected.

Behavioral biometrics do not require any additional actions from the user, which improves the customer’s digital banking experience. And it’s not hackable. 

Read: A boom in digital payments globally, reflected regionally. Brick and mortar retail to subside

Read: The horrors of forgotten Bitcoin passwords and the billions of dollars lost

The next stage in contactless

Secure contactless transactions will be essential to keep employees and customers safe in the post-pandemic shopping and workplace era. 

Consumers are looking for shopping experiences that no longer rely on payments from a piece of plastic with a four-digit pin.

Unique motion sensors in smartphone devices can passively authenticate people using their walking behavior and other contextual biometric signals.

Biometrical devices will also be the keys to entry in commercial buildings, residential complexes, and how we navigate our workday tasks when we return to our corporate workplaces.

John Whaley, UnifyID founder and CEO, is developing some of the biometric authenticating technologies that will drive that new safety vision.

UnifyID uses technology that helps identify and authenticate individuals based on the way they move and walk.  

For example, airport procedures and rental car delivery will center on phone apps that will handle selection, payment, directions for accessing vehicles, thus eliminating the need to physically approach a counter to conduct travel arrangements and day-to-day business transactions in hotels and elsewhere.

Changing the in-store experience

The contactless business is moving forward as a digital version of what people did in brick-and-mortar stores. 

For instance, as soon as you walk through the door, your Bluetooth or WiFi device will let store personnel know that you are there. The display screen will include when your last visit occurred. You will be greeted by alerts on your device for special sales and product information based on your previous buying, Whaley explained.

Scanners in the store will track the items you gather and tabulate them. When you leave the store, your phone will display a receipt and confirmation of your purchase transaction.

No checkout counter is needed.  

Security issues

Various biometric systems are already in use involving a number of devices, especially smartphones and tablets, added Hank Schless, senior manager of security solutions at Lookout. Biometric technology provides added security for your accounts.

“What we need to keep in mind is that security measures like biometrics and multifactor authentication rely on a mobile device. So they are only as reliable as your device is secure,” he told TechNewsWorld.

Hackers are stealing data from unsuspecting individuals on devices they believe to be inherently secure and there is also a significant risk that malicious versions of legitimate apps will appear on app stores and get distributed via social engineering campaigns.

UnifyID’s technology confirms a person’s identity by behavior. This solidifies the process of authenticating payment accounts and transactions.

“For example, we can tell it is you by how you walk. Motion recognition is just as accurate as a person’s fingerprint as a form of ID. People’s gait is very unique,” Whaley continued.

Much of this same approach is being prepared for the workplace. 

So using these same motion-sensing technologies to recognize a worker’s ID and open doors as he/she approaches will make for safer environments in the new normal.  

The problem with current biometrics is that we tend to leave our fingerprints just about everywhere we go and our faces as well (on surveillance cameras), but with behavioral biometrics, it’s not an easy task to emulate someone’s behaviors.  

Behavioral biometrics in gaming 

Bots and fraud occur in every app, and in every vertical, said Alon Dayan, Founder and CEO, Unbotify

“In games online, this is a several-billion-dollars problem,” he said. “In our data, we see that between five to 15% of the users of online games are actually using bots.”

Bots interfere directly in the monetization of apps, disrupting in-app purchases and user engagement, creating bad user experiences and game developers lose money because, without bots, the player would be making far more in-app purchases. 

Unbotify uses behavioral biometrics and sensors in smartphones to track how a user interacts with the app, from the way they touch the screen, to how hard they press, the speed of their finger, how the device is moving, among others. 

The solution, therefore, detects anomalies, and any other type of behavior that doesn’t match the user model is, by deduction, a bot.