Behavioral biometrics is the next generation of bank security

When it comes to fintech services, bank customers want it all. They want streamlined, user-friendly applications on the one hand, but they also expect their financial service providers to protect them from the growing scourge of online threats.

The problem is that these two customer demands typically clash: in order to contend with the multiplying hordes of cyber attacks, social engineering schemes, trojans, and malware, banks have traditionally piled more security tasks on the user in order to minimize risk. However, the more banks make customers jump through security hoops to access and use their accounts, the less a user-friendly, sleek online experience banks provide.

“This friction between customer safety and customer experience is not something that is actually sustainable,” said Uri Rivner, head of cybersecurity at BioCatch. Founded in 2011, the company’s fraudster prevention technology for the finance industry also rests firmly on the user. Unlike traditional verification methodologies, BioCatch’s behavioral biometric solution needs customers to do just one thing: act normally.

If a user attempts to access her back account as she normally does with a device or app, BioCatch’s technology collects information about her and creates a user profile. “The idea of behavioral biometrics is to essentially monitor user activity over time, establish their regular behavior – behind the scenes,” explains Rivner. The technology then looks for deviations in normal behavior, “so if someone else then goes into that device or into that application using the username of the account, the system is able to detect it and alert the owner of the account in real-time that there’s some type of foul play that has been detected.”

Though the Israeli company isn’t releasing client names just yet, Rivner reports that four of the five biggest banks in the UK have started to implement BioCatch’s solution into their online and mobile retail banking services, with an average deployment of 5 to 10 million users at each bank.

BioCatch’s technology, which utilizes big data and machine learning, monitors approximately 500 parameters to determine whether an account holder is behaving as they usually do. The firm collects information from customers’ mobile devices, including how they hold the phone, the way they interact with it and touch it, and the way they scroll and swipe. It also analyzes customers’ cognitive choices, such as how they fill in their passwords, dollar amounts, or dates.

“One of the things we’re monitoring is the way that customers use the mouse because this exposes their hand-eye coordination,” Rivner explained. BioCatch will sometimes present invisible challenges to customers to verify that they’re behaving like themselves, like making the mouse disappear momentarily, or dragging the mouse off slightly to the side of the screen. These are barely perceptible changes, but it helps BioCatch ascertain that customers are humans, not malware. Moreover, different people respond differently to these very minor challenges.

After monitoring an account for a certain number of sessions, BioCatch builds a unique user profile, based on parameters collected from the general public and from the individual user. And while this may sound like a creepy big brother set-up, Rivner is careful to differentiate behavioral biometrics from physiological biometrics.

While physiological biometrics such as facial recognition or fingerprint collection is focused on accurate identification of a person, behavioral biometrics just wants to make sure that the account is behaving normally. Even if you were to aggregate all of the data from the account, you still wouldn’t to be able to identify who the account user is.

BioCatch’s biometric solution got a real boost in the U.S. in 2015, after the startup signed a strategic partnership with Early Warning, a bank-owned consortium that provides technology and fraud prevention services to the financial services industry. Nevertheless, even if behavioral biometrics has graduated from novelty to accepted technology, the space is still basically a two-player game.

The startup’s main competition is Swedish BehavioSec, which like BioCatch offers continuous authentication with behavioral biometrics. And while BioCatch may have snagged the Early Warning partnership, the Swedish company recently nabbed two awards at the 2016 European Fintech Awards. BioCatch’s solution is tailored to the finance industry, while BehavioSec also caters to ecommerce and social media platforms.

BioCatch and BehavioSec’s respective collaborations within the finance industry are a great example of how a partnership economy can benefit both financial institutions and their customers. By moving online security checks unobtrusively into the background, behavioral biometrics is helping banks facilitate a healthier balance between seamlessness and security across all remote channels. Your move, cyber criminals.

Photo: flickr