It's Time We Confront These Common Myths About Behavioral Biometrics

As someone who works at a company that specializes in Behavioral Biometrics, I've seen first hand what Behavioral Biometrics can do for an online retailer. Daily I’m confronted with the reality of how this technology has the potential to stop a fraudster in his tracks. Which leaves me wondering: Why aren't more companies tapping into this powerful technology?

Becoming the Obvious Choice

As a technology that provides real-time fraud prevention and detection without interrupting the consumer experience, adopting Behavioral Biometrics seems like the obvious choice. There's also no arguing that this technology is growing in popularity.

It's estimated that the Behavioral Biometrics market is expected to be valued at $3.922 billion by 2025, up from $720.5 million in 2017. And yet, some companies still lack an understanding of this technology and how it can benefit them in the fight against online retail fraud. I'd argue that this all comes down to a lack of understanding of what this technology can really do.

In speaking with people over the years, I've also seen that there are many misconceptions and myths about Behavioral Biometrics and how the technology works. As a diehard advocate of this technology, I thought it was time we challenged some of these myths. In this blog post, I explore 7 of the most common misconceptions and myths I encounter frequently.

Confronting the Myths Head-On

Myth #1: Behavioral Biometrics and Behavioral Analysis Are The Same Thing

Truth:

  • Behavioral Biometrics and Behavioral Analysis share similar foundations that look at patterns in human behavior.
  • The difference is the data sources used, what insights can be extracted and their applications to various disciplines.

Here’s What you Need to Know:

Behavioral Biometrics tends to be confused with Behavioral Analytics. And some people even confuse biometrics and Behavioral Biometrics, thinking that they're the same thing. To understand what's significant about Behavioral Biometrics, it's important to start by understanding how these different types of biometrics differ. Because while they can all be applied to security, their scope and purpose vary greatly.

  • Biometrics - This refers to the unchanging biological parameters used to verify identity, such as one's fingerprints, iris, etc.
  • Behavioral Analytics - This refers to a user’s behavior on a website and focuses on their what, when and where. Behavioral Analytics focuses on what a user does and includes things like when they login, what country they’re from, as well as what they click on.
  • Behavioral Biometrics - This refers to how you use technology and would include everything from your keystrokes, how you scroll, how you move the mouse, and how you interact with the touch screen to how the device is held and even how much pressure you place on the screen.

Myth #2:Behavioral Biometrics Relies on PII

Truth:

  • The interesting thing about Behavioral Biometrics and what sets it apart from other forms of biometrics or behavioral analysis is that no personally identifiable information is collected (PII).
  • All the data that's used to validate and determine whether a session is safe is linked to a user’s behavior.

Here’s What You Need to Know:

Behavioral Biometrics relies on data in the form of human behavioral patterns. Individually that data isn’t unique, but as a set, it can be used to differentiate between good and bad behavioral patterns.For example, at first glance, it may seem like all people hold a smartphone, swipe or hit keystrokes in the same way. A deeper look at one’s unique micro-habits tells a different story. In contrast, with something like biometric data every input is unique and personally identifiable data.

This is significant because with Behavioral Biometrics it means that there's no private customer data for a hacker or fraudster to steal online, giving customers a sense of ease and guaranteeing a seamless customer journey. Additionally, it means that retailers don't have to worry about GDPR compliance or other data privacy regulations and standards. Now think of something like biometrics and how relying on specific biological parameters exposers users to risk. At last year’s Black Hat convention, security researchers demonstrated this perfectly when they were able to use a pair of glasses to bypass the iPhone FaceId feature. And they did this in just 120 seconds!

Myth #3: Behavioral Biometrics Results in a Lot of False Positives

Truth:

  • With Behavioral Biometrics, you're unlikely to see many false positives because it relies on dynamic behavioral data to decide whether a user is good or bad.
  • It's also important to consider that Behavioral Biometrics relies on dynamic data points, as opposed to static, historical data that can easily be stolen.

Here’s What You Need to Know:

Something like Behavioral Analytics draws lots of false positives because if a user changes their behavior slightly, their account will likely be flagged. This change in behavior could include something as subtle as a combination of logging in at a different time/timezone, a different place, or just more regularly than usual.

Biometrics has an even greater chance of false positives. In fact, Gartner's research found that fingerprints are only 75% successful as a form of biometric authentication due to dirt, sweat, etc.

Behavioral biometrics considers the entire customer journey, which means that even if user behavior is flagged at one point, other aspects of their behavior could indicate they're a trusted user - with at least 80 - 90% precision for our clients.

Myth #4: Behavioral Biometrics Only Shows Results in the Long Run

Truth:

  • With Behavioral Biometrics, online retailers see quantifiable ROI almost immediately.
  • From the moment a session begins, data is collected continuously.

Here’s What You Need to Know:

A good Behavioral Biometrics platform will have out of the box capabilities that will deliver value from day one. And because the technology considers the entire customer journey, it doesn’t wait for the user to initiate a particular action long before the payment stage, fraudsters are stopped before they can do any real damage. This translates into a huge saving for the retailer.

We've seen firsthand how Behavioral Biometrics can end up saving a company millions of dollars every month. This is very different from other fraud prevention and detection solutions that don’t consider actions before the payment stage and therefore can’t show good ROI quickly. This means, for example, if a fraudster is using stolen user credentials which are valid, the transaction won’t seem fraudulent as the cybercriminal will be able to login successfully. Other solutions also often require manual reviews which tend to be time-consuming and are a significant drain on internal resources. In this case, ROI can be difficult to quantify.

Misconception #5: Behavioral Biometrics Only Works if You’re a Known User

Truth:

  • Behavioral Biometrics works regardless of whether you're a known, unknown, returning or one-time user.

Here’s What You Need to Know:

With Behavioral Biometrics, in the case of a new user, their behavior (or behavioral fingerprint) will be compared with what is considered typical for the wider population. This helps the retailer understand whether or not this is a legitimate user. And in this way, behavioral biometrics is able to differentiate good from bad users without needing extensive user history.

Misconception #6: Behavioral Biometrics Provides a Low Level of Insight into Users

Truth:

  • Behavioral Biometrics ensures data is continuously being collected.
  • This gives merchants real-time insights into the customer journey and more importantly into the fraudster’s journey (how fraudsters are exploiting vulnerabilities in the business model)

Here’s What You Need to Know:

Biometrics simply returns a yes or no response. For example, with biometrics, if a user doesn't have a matching fingerprint, the action won't be allowed. On the other hand, Behavioral Biometrics delivers continuous authentication. This means that data is continuously being collected in real-time. This data is used to optimize machine learning models so as to continually assess legitimate customer journeys. These can be contrasted with behavioral patterns that may be indicative of fraud.

Misconception #7: Behavioral Biometrics Can’t Easily Adapt to New Attack Vectors

Truth:

  • Behavioral Biometrics relies on dynamic data, making it adept at responding to new threats
  • In fact, this technology is designed to identify threats you aren’t looking for.

Here’s What You Need to Know:

A significant challenge with fraud prevention strategies is that they are based on static, historical data which limits oversight - providing a siloed approach to detection and prevention. This means that adapting to new attack vectors is problematic: You can't see what you're not looking for. It also means that because fraudsters are always changing their behavior, most fraud prevention solutions can’t keep up. Behavioral Biometrics, on the other hand, learns these changes and adapts to how good and bad users adjust their behaviors. In this way, Behavioral Biometrics is able to offer an adaptive approach.

Behavioral Biometrics uses machine learning in order to adapt and learn from the moment a user session begins. This is its key differentiator. It provides a holistic view of the entire customer journey flagging suspicious activities earlier before any damage can be done. - Whitepaper: Behavioral Data: Unlock Better Fraud Detection

It’s Time to Rethink Fraud Prevention

Behavioral Biometrics changes the nature of not only fraud detection and prevention but the entire customer journey. The technology provides the seamless experience customers are looking for without compromising on security. It's time for more online retailers to confront the misconceptions and embrace this cutting-edge technology that can potentially change how companies approach fraud prevention.

 

Recent Posts

It's Time We Confront These Common Myths About Behavioral Biometrics
[Infographic] Breaking Down the Fraud Flow of Account Takeover
Emulator Fraud-as-a-Service: The Threat Landscape Continues to Evolve
Why reCAPTCHA v3 for Enterprise Matters
Has the Same Technology That Is Used to Prevent Fraud Opened the Door to Increasingly Sophisticated and Pervasive Online Fraud

Follow Us