The use of desktops and mobile devices has dramatically changed in recent years: mobile devices were once only used for on-the-go actions, whereas desktop computers were dedicated to more in-depth, intricate activities. Customers would compare data on their smartphones and then make actual purchases on their desktops. And desktop banking was considered to be safer than mobile banking because it encompassed enhanced security measures such as TAN, OTP Tokens, positive identification, and device identification.
The Big Switch From Desktop to Mobile Banking
The switch from desktop to mobile banking is most definitely in full motion, with mobile devices for all banking needs continuing to gain popularity:
- Mobile banking grew from 11% in 2012 to 31% in 2017
- According to Citi's Mobile Banking Study, 8 out of 10 consumers (81%) in the US now use mobile banking nine days a month
- 52.4% of web traffic globally originates from mobile devices
While the banking industry is still a popular target for threat actors – both via desktop and mobile channels – each device faces a different set of risks due to different user behaviors and environmental factors. Users are more aware of potential risks on their computers, yet they tend to be more relaxed about fraud protection on their mobile devices. Therefore, the increasing exposure to constantly evolving phishing attacks, brute force, RAT and MITM attacks on mobile devices, as well as rapidly developing phone technology, necessitates the incessant evaluation and adaptation of security measures.
Behavioral Biometrics - Strong User Security on Desktop and Mobile
Behavioral biometrics analyzes specific user behavior on various devices, providing robust and smooth authentication, for both online desktop and mobile users. It can build a personalized profile by choosing to analyze the most relevant parameters for each user. In May 2017, the International Biometrics Identity Association emphasized in the whitepaper Behavioral Biometrics how, “Behavioral biometrics technology offers robust, risk appropriate identity authentication and anti-fraud measures that are effortless for users and which require no special hardware or additional security steps.”
Desktop Behavioral Biometrics
Using built-in sensors, computers can be used to collect varied data related to an individual’s behavioral biometric patterns. By analyzing the following factors, behavioral biometrics based platforms build a personalized profile that accurately identifies each user:
- Mouse dynamics - Platform tracks the specific ways that the user lifts, moves and clicks their mouse, constantly compiling these parameters for dynamic identification.
- Typing speed and style - User’s typing speed and style can easily be differentiated from others, offering an additional inherent trait for the profile.
- Key pressure - Tactile or touch sensors detect changes in force or pressure on touch screens
However, only select desktop devices offer built-in technology to measure user behavior such as analyzing keyboard and mouse usage.
Mobile Device Behavioral Biometrics
While desktop behavioral biometrics can provide a vital security dimension, this method is even more effective when applied to mobile phones. The mobile device is equipped with several sensors (e.g., touch, accelerometer, gyroscope, and orientation) enabling the compilation of an even wider range of biometric parameters including:
- Speed, style, and position of user’s signature - Signatures can be forged, but replicating personal application habits while signing is far more difficult.
- Screen pressure - The level of pressure applied to the screen is hard to imitate, especially because it is combined with elements like personal speed and angle.
- Device angle - The angle in which users hold their phone is individualized.
- Movement across the screen - The way users move across the screen, depends on various aspects such as position and grasp at any given moment, but it remains relatively consistent for each user.
- Typing rhythm - Depends on factors such as whether one finger or two are used – and how typing speed varies across the screen – enabling to conclusively identify users within seconds.
- User grip - The way users grip their device is a positive indication of identity.
The ability to add more parameters and layers to the analysis process ensures robust authentication even when technologies (and fraudsters) are evolving at record breaking speed. Furthermore, it allows a continuous authentication process throughout a full session, preventing fraud even after the log-in phase.
Banking and Biometrics - Finding the Right Solution
The shift to mobile banking is happening already. Banks need to invest in strong authentication that prioritizes providing a seamless user experience to inspire customers’ trust – conveying the message that the bank is focused on providing a secure environment in a continuously evolving and challenging field.