What are Behavioural Biometrics? Types & Technology

Behavioural biometrics analyse behaviours and physical activities to help prevent and identify fraud.

Behaviural biometrics can recognise how a person acts online, how a user interacts physically with their computer or smartphone (e.g., how the phone is held or keystroke patterns), and help determine that a person really is who they say they are. These biometrics can help to prevent identity theft, as they can tell the difference between an imposter and a real user.

Behavioural biometrics explained

Every user has a unique way of accessing and interacting with a computer, both cognitively and physically. Behavioural biometrics analyses these patterns to determine what a user’s online and digital profile looks like. Behavioural biometrics can use the following:

  • Keystroke uses and patterns
  • Pressure or location touched on a touchscreen
  • How a user holds and moves their smartphone
  • Scrolling behaviour
  • Mouse movement patterns and speed of use

Every user interacts with a computer in specific ways. Behavioural biometrics can work in the background to pick up on these patterns and determine that a user is who they say they are.

How can biometrics prevent identity theft?

The Federal Trade Commission (FTC) reports that there were well over 2 million reports of fraud from consumers, with imposter scams and online shopping fraud topping the list of fraudulent activities. The use of biometrics can secure online transactions and help to prevent identity theft.

A signature can be forged, and passwords and login credentials can be stolen. But it is much more difficult to mimic a user’s direct actions and biometric patterns. Programs scanning for behavioural biometrics are often unobtrusive and unnoticed by the end user. They are running in the background to provide a host of data to help identify a user.

Much of the security software being used by retailers and banks today has behavioural biometrics built in to protect against fraud and identity theft.

Benefits of behavioural biometrics over standard security measures

Systems that use behavioural biometrics do not require any extra steps for users, and can be harder to get around than standard security measures.

Standard security measures often use a multi-factor authentication (MFA) process, for instance. Banks require users to log in with a username and password, and then receive a text to fully access the account. But both phone numbers and login credentials can be hacked and stolen through malware and identity theft.

On top of this, many users do not want to go through extra steps to access their account. With behavioural biometrics, even if the user’s login information and phone number have been breached, there is still an extra layer of security. A cybercriminal is much less likely to know exactly how a user interacts with their smartphone or computer.

Behavioural biometrics can help to identify when someone who is not the user is trying to gain access to these accounts. Behavioural biometrics is extremely accurate in identifying individuals specifically.

Biometrics & AML compliance for banking

Financial firms and banks are required to comply with AML rules and regulations under the Bank Secrecy Act. This means that they must work to ensure that users are legitimate and the money is authentic and not gained through suspicious activity or fraud.

Behavioural biometrics can help banking companies to be compliant while also adding an extra layer of security for consumers. Digital banking and the use of mobile banking apps have exploded due to the COVID-19 pandemic and overall convenience.

The FBI warns that this also increases the risk for cybercrimes and exploitation via these platforms. Banks and financial institutions are increasingly recognising that spending money on AML compliance and fraud defence mechanisms is necessary.

Examples of behavioural biometrics in action

There are three main instances where behavioural biometrics can protect individuals and companies. 

  1. Protection during account opening: Even if a user is not already a customer with a specific firm or banking institution, behavioural biometrics can still help to determine if a user is legitimate. Companies employing behavioural biometrics can help to decipher criminal and fraudulent activity by recognising “bad” behaviours.

    When a legitimate user is filling out information in credit card application forms, for example, they already know their information and can input it with a certain amount of speed. Cybercriminals must often find or look up this information, which can cause a lag in the input time. Behavioural biometrics can pick up on this time difference and help to spot criminals attempting to open fraudulent accounts.  
     

  2. Protecting against account takeovers: Behavioural biometrics go beyond just the login screen and can continue to protect a user during the entire time they are logged in or inside of a digital session. Through behavioural and cognitive biometrics, any fraudulent or suspicious activity can be flagged and recognised before the cybercriminal can access or transfer funds, for instance.

    Users tend to stick to predictable patterns. Behavioural biometrics can determine when something is different, which sends up a red flag. For example, if a user always scrolls with a mouse a certain way or accesses their account via a specific platform, but then changes it up by using a touchscreen or different method, behavioural biometrics can spot this and ask for additional verification.  
     

  3. Detecting social engineering scams: Social engineering scams are very common, and they use various methods to entice sensitive information from users. Phishing scams often encourage a user to click on links containing malware or provide login credentials and passwords through what seem to be legitimate and reputable sites.

    Behavioural biometrics can help to recognise that a user’s pattern and digital access methods are different. This can stop some of these scams before they really get started.

With more and more sensitive and financial information being stored and accessed online, it is increasingly important to take steps to protect both users and institutions against fraud and cybercrime. Okta employs some of the latest evolving technology to ensure privacy and security.

References

New Data Shows FTC Received 2.2 Million Fraud Reports From Consumers in 2020. (February 2021). Federal Trade Commission (FTC).

Banks and Retailers Are Tracking How You Type, Swipe and Tap. (August 2018). The New York Times.

Behavioural Biometrics is the Future of User Authentication. (May 2019). Forbes.

Anti-Money Laundering (AML). (2021). FINRA.

Increased Use of Mobile Banking Apps Could Lead to Exploitation. (June 2020). Federal Bureau of Investigation (FBI).

Does the Combination of AI. Biometrics Hold the Key to Stopping Identity Theft (and Money Laundering)? (August 2020). TechWire Asia.