While the average person on the street couldn’t define “behavioral biometrics” off the top of their head, these technologies are quietly helping to save them from ending up a statistic. With billions of login credentials hacked every year, plenty of people are familiar with the limitations of passwords and PIN numbers for login security. But now, something as simple (and unique) as the gestures people make while shopping online can help confirm their identity—without adding any friction to their experience. Which is a boon to both consumers and the companies they interact with.
Behavioral biometrics technologies have expanded and innovated to include an extensive range of characteristics that can be used to confirm someone’s identity. In an age where passwords and PINs are no longer bulletproof, this is a game-changer: now, software can detect anything from a person’s mouse use characteristics, keystroke patterns, gait analysis, voice ID, signature analysis, and even cognitive biometrics. Because a fraudster could steal someone’s login info … but can they also mimic the fingers that person typically uses to swipe and tap on their screen, or the finger pressure they do it with, or the angle at which they hold their phone? No. They cannot.
Which explains the growth in behavioral biometrics over the last few years. By tracking uniquely identifying and measurable patterns in human activities, the technology has been used for secure authorization in financial institutions, businesses, government facilities, retail point of sale, and an increasing number of other environments.
Behavioral biometrics solution providers offer logic designed to track users and prevent malicious activity by capturing and analyzing behavioral characteristics across the entire session, from login to check out and everything in between. They compare known customer behavior in the case of an existing account and assess whether behavior is low- or high-risk relative to the overall order volume. Merchants and financial service providers can use these additional data points as an added layer in their greater process or make a decision on them directly.
As users log in, the software starts recording 2,000-plus movements on the keyboard, mobile app, and/or website. On a smartphone, the software can measure the angle at which a customer holds the device, what fingers are used to swipe and tap and how hard or light the customer applies pressure. On a computer, the software collects data on the rhythm of the keystrokes and how they use the mouse. In the case of a new user, this functionality can help determine whether the user is an automated Bot or an actual human. In the case of existing accounts, it builds profiles based on customers’ gestures, using these profiles as comparison tools whenever they revisit the environment.
In addition, new policy regulations (such as PSD2, GDPR, CCPA), which are focused on boosting data privacy, are also driving increase interest and use of these types of solutions. Because the technologies utilize “in session” behavioral elements to authenticate users, they allow organizations to move further away from passwords and reduce the need to collect sensitive PII data for authentication purposes.
In the 2020 Paladin Vendor Report, we featured a couple solution providers who focused primarily on behavior biometrics, including Featurespace and NuData.
Featurespace, with headquarters in both the U.K. and the U.S, is a world leader in risk management for fraud prevention and Anti-Money Laundering. Featurespace invented Adaptive Behavioral Analytics and created the ARIC (Adaptive Real-time
Individual Change-identification) Risk Hub, a real-time machine-learning software that risk scores events to prevent fraud and financial crime.
The technology attempts to mimic a human-like ability to profile people over time through the ARIC platform, which uses Bayesian statistics to model and predict real-time individual behavior.
A typical transaction follows six steps in real time while observing multiple data points over time:
1. Data streams are input
2. Signals are extracted
3. Anomalies are detected
4. Individual predictions are made
5. Action is taken
6. Self-learning system feeds results back into the ARIC platform
Merchants of all sizes can take advantage of the benefits of the solution. Large, enterprise-scale merchants can integrate directly, managing the functionality with internal resources, while smaller merchants can potentially take advantage through an acquirer who is integrated upstream, helping to manage inherent transactional risk.
NuData is a Mastercard-owned company headquartered in Vancouver, specializing in device analytics, behavioral analytics, and passive biometrics. Since its inception in 2008, it has maintained a heavy focus on research and development while looking for better and more sophisticated ways to distinguish automation from human and delineate good users from risky ones. Their flagship platform, the NuDetect suite (launched in 2013) marries enhanced device intelligence, behavior, and passively collected biometric data to analyze and protect high-risk touchpoints throughout merchant and financial institution environments. The platform processes billions of events yearly. In addition, NuData offers a risk-based 3D Secure (3DS) solution harnessing the power of the NuData technology, where businesses can benefit from the new protocol combined with behavioral biometrics.
NuData uses a multilayered approach to understand a user’s digital interactions, analyzing the user across device, location, connection, behavioral analytics, passive biometrics, and the NuData Behavioral Trust Consortium. NuData’s technology, and its NuDetect platform, are offered as a group of solutions targeted to specific industry pain-points and use cases. As such, NuData offers specific products that protect from automated attack risk (NuDetect for Automation), account takeover risk (NuDetect for ATO), account creation fraud (NuDetect for Online Account Origination) good user verification (NuDetect for Good User Validation), device intelligence (Mastercard Trusted Device), and EMV 3DS solution (Smart Interface). These products can be sold together or separately and can be useful to large and medium-sized businesses. NuData continues to identify potential use cases for custom client integration that support new and unique business models.
The fraud-fighting technologies in the 2020 Paladin Vendor Report go far beyond behavioral biometrics. To fully equip yourself with an understanding of the current technology and solutions landscape in fraud prevention today, download the full Paladin Vendor Report here http://paladinfraud.com/mrc-trends-2020/. And stay tuned for upcoming posts highlighting even more fraud-fighting technologies that organizations are turning to today.