The cat and mouse game between fraudsters, device manufacturers, app developers and smartphone users is a tiring one. Fraudsters are constantly looking for new ways to steal identities and wreak havoc on innocent users. For a very long time, passwords have been used to verify identities. Two-factor authentication – which might include a password and a security code - was later introduced to beef up security. But who can remember all those passwords and codes for so many apps and websites? Phishing scams have also enabled fraudsters to phish out passwords… and use them.
This is why you are hearing so much about behavioral biometrics. It is being used in multifactor authentication and allows the users themselves (meaning their body and behavior) to become the key to keeping their personal data safe. How does this actually work? Let’s take a look at some of the key terms and several of the practical applications being used today:
Remember when your mother fondly told you that you were one of a kind and there’s nobody like you in the whole wide world? Well, as always, mom knows best. Your fingerprints, odor, facial features and signature are innately yours, and nobody else shares them.
Biometrics is a field of science that enables automated recognition of individuals based on their unique biological and behavioral traits. Biometric recognition can be based on static physical characteristics or behavioral patterns:
Static biometrics refers to a person’s inherent physiological traits such as hand geometry, DNA, ear features and other individual characteristics. As these attributes cannot be replicated, when used for identification, they enable highly reliable authentication.
Dynamic behavioral characteristics relate to behavioral patterns such as personal gestures, walking gait, voice and even one’s typing rhythm. A new dynamic behavioral area currently being explored is the use of brainwave signals to determine a person’s mental state. Many of these criteria can be tested in real time, ensuring an even higher level of accuracy. Dynamic biometrics plays a key role within behavioral biometrics because active traits are easy to track using new technologies.
Due to the fact that using static biometrics can sometimes be time-consuming and give rise to serious privacy issues, many security experts now prefer to use applied dynamic biometrics for verification purposes.
You are probably asking how this all works in practical terms. Behavioral biometrics is based on the evaluation of how your dynamic behavioral traits interact with a device, and is now being applied on both desktop and mobile devices. For a mobile device, the amount of pressure applied to the screen, the angle at which the device is held and the speed of finger movement across the screen are individual to each particular user, and can now be used to accurately identify fraud.
By using behavioral biometrics for user authentication, highly secured identity verification is now achievable without being invasive or frustrating. Most smartphones are already equipped with the sensors required to conduct this kind of analysis, so implementation promises to be easy and fast. The application of behavioral biometrics for verification purposes tends to yield less false positives than other detection methods.
Whilst further applications of behavioral biometrics are still being explored, it is currently leading the way in identity authentication of users on digital devices. In our case, behavioral biometrics is the leading methodology to enable users to prove ‘something that you are’.
An analysis of a user’s behavior enables the creation of a unique behavioral profile. No one person is biometrically alike and therefore no behavioral profile is alike. The profile can be based on behavioral patterns, such as those mentioned above. Once this profile has been established, a security system can easily verify the individual’s identity and discern anomalies. Any marked deviation from what has been defined as normal behavior can be singled out and flagged as fraudulent.
Often the term behavioral analytics is used interchangeably with behavioral biometrics. Yet, there are some subtle differences that should be understood when trying to realize the potential uses of these technologies.
Behavioral analysis is an emerging field that studies and analyzes the user’s behavior, and, unlike behavioral biometrics, does not take into account the physiological behaviors. For example, an online shopper who usually shops online in the evening hours and habitually browses through special offers before ordering suddenly shops in the morning. Analysis of this behavior will raise a red flag. The applications of behavioral analytics is limited as it yields significantly higher levels of false positives than behavioral biometrics.
Still confused? We’ll be discussing the differences between behavioral biometrics and behavioral analytics in more detail in our upcoming blog posts. So stay tuned!