hands-coffee-smartphone-technology.jpg

securedtouch blog

Behavioral Biometrics 101: Behavioral Biometrics vs. Behavioral Analytics

Behavioral Biometrics 101: Behavioral Biometrics vs. Behavioral Analytics

June 27, 2017

Behavioral analytics follows the behavior of users and records how they behave when interacting with devices and apps, essentially what they do. Behavioral biometrics understands behavioral patterns and habits on another level and unlocks the door to enhanced security measures that can prevent fraud.

Even though these two concepts are in the same ballpark, they play a distinctly different game. Understanding their differences will illustrate how behavioral sciences and their applications can reveal the unique ways that individuals use technology and how their patterns of use can’t be duplicated, a key to preventing fraud.

 

Behavioral Biometrics: Look At What You Are

Behavioral biometrics studies the unique identifying and quantifiable patterns that users develop through their activities. It’s essentially the study not of what users do but how they do it.

For example, behavioral biometrics captures how a hand moves a mouse across a mousepad, or how fingers interact with a touchscreen. The biometrics measure and record patterns such as how the device is held, the amount of pressure that’s applied to keys or a touchscreen, and how fast fingers swipe and type.

These behavioral studies are done passively, in the background of a user’s interactions. Passive behavioral biometric apps know not only how a person uses a device or program but also whether an unknown party or even a machine is doing so.

 Read more about SecuredTouch

Behavioral Analytics: Look At What You Do

Behavioral analytics is the study of what users do with technology. It tracks, collects and assesses user activities and data to record their patterns of use with a website or app.

Understanding user interactions and dynamics between processes, machines and equipment creates a new way of thinking into operational risks and opportunities. When companies use these insights to discern consumer behavior, they can get a clearer picture of how to market and sell.

But behavioral analytics doesn’t completely deliver on this promise. While behavioral analytics sheds light on the what, it fails to fully account for the how. Relying solely on the study of what users do with technology might occasionally provide some useful insight, but overall it won’t reliably demonstrate who a user really is.

 

Behavioral Analytics Draws False Positives

If a customer consistently logs into a bank’s mobile app each morning to check his balance, but one late night logs in via a laptop and does something other than check the balance, that activity pattern is noted. If the same customer usually transfers a set amount from checking to savings on the same day each month, but one month reverses accounts, that behavior, too, is noted.

That’s how behavioral analytics works. The record of that customer’s behavior shows he has a particular way of banking, and on those two particular instances, his behavior changed. Now, this might seem like a sure-fire method of determining the user behind the keystrokes and swipes on these two occasions wasn’t the actual customer, but it fails to consider that perhaps these two times the legitimate user, in fact, did change his routine.

The red flags for these two deviations were false positives. Sometimes the red flags are indeed legitimate warnings, and the bank can take a preemptive security action. But red flags based only on behavioral analytics will also far more often be false alarms. Security actions based on false positives hinders customer service and inevitably leads to frustration.

 

Behavioral Biometrics Learns Who Users Are

Behavioral biometrics, on the other hand, holds great promise for companies by grasping how individuals use technology. Learning how they interact with devices and programs can shed light on what they’re thinking and lead to an even greater discovery: Who they are.

Behavioral biometrics works by understanding users’ interactions with their mobile devices and desktops seamlessly, uncovering any activity that veers from normal usage patterns. For example, as a basis of authentication, a user's typing speed, keystroke depressions, patterns of error (say accidentally hitting an “l” instead of a “k” on three out of every seven transactions) and mouse movements establishes that person’s unique pattern of behavior. By simplifying the approval process without compromising on security, behavioral biometrics can predict that users will do or analyze how they do it - all in the background.

This is different from physical biometrics, which, when used as a method of authentication, relies on fingerprints, voice, eye, and face recognition to grant access. Physical biometrics tools don’t ensure foolproof security; fingerprints, for one, can easily be lifted from something tangible and used to hack into a mobile device. Behavioral biometrics, though, offers a stronger form of authentication. Science shows that it is almost impossible to mimic someone’s behavior well enough to trick behavioral biometrics.

 Read more about Behavioral Biometrics

Behavioral Biometrics Stops Crime Before it Happens

Behavioral biometrics takes authentication to an entirely different level. It goes beyond a reliance on physical clues and instead analyzes behavioral patterns from all areas: not just the physical use of devices but also the patterns from actual input. More plainly, it analyzes not just what users do but how they do it, essentially how they behave over time.

A user’s many consistencies and variances are recorded and analyzed. Eventually machine learning algorithms “know” the user’s behavior so well that any action deviating from the established norm raises a red flag that’s grounded in a long history of behavior.

If an inconsistent action on a banking app coincides with faster keystrokes on the device, odds are an imposter is hacking into the account. With more data gathered, the chance of that abnormal use being a false positive is almost zero. This enhances the concept of continuous authentication, behaviors are constantly being evaluated and any deviation from the norm will raise a red flag, even if initial user credentials (password and username) were input correctly.

This sense of security is the reason that behavioral biometrics is gaining significant traction in the security industry. Not only does it strengthen companies’ relationships with customers but businesses, such as banks, will know they are dealing directly with a legitimate customer and can carry on a frictionless relationship with the person, transaction after transaction.

Behavioral biometrics is a type of high-level proactive detective work that can detect and stop fraud in its early stages. Rather than detecting a string of illicit purchases a criminal made with a hacked account, behavioral biometrics can catch the thief in the act. The customer and the bank don’t incur a loss. Companies can prevent fraud and lessen losses with greater ease, and because the biometric technology is passive, customers won’t have to jump through several security hurdles.

With this level of fraud prevention, companies can finally boast of truly knowing their customers and, in turn, knowing who’s not a customer.

Recent Posts

The Top Challenges of Mobile Banking Security
Behavioral Biometrics & Mobile Banking: Trends, Threats & Fraud Prevention
The ROI of Behavioral Biometrics
Strengthening Mobile Payments with Continuous Authentication
Ask The Experts: The Future of Banking & FinTech in Light of PSD2, Part 2

Follow Us