Banks face some tough challenges in managing the increase in fraud at the same time as ensuring their customers have everything they need and want (which can be quite a long list, from a sleek, smooth web interface for transacting online – including a mobile app – and frictionless shopping experiences everywhere, every time). Banks therefore need to walk the tightrope of managing their risks and ensuring security, while making all this seem easy to their customers.

Robust authentication processes are the only way to fight and prevent online fraud and behavioural biometrics is being increasingly looked at as a way to deliver secure, reliable – and, importantly, 'frictionless' – authentication, with particular benefits for mobile users, according to this blog by Vasco. Vasco's Tom Dubois writes: “Up until now, banking institutions normally submitted mobile users to traditional authentication methods, which often proved ineffective. Since behavioural biometrics takes place without a users’ knowledge, the user experience improves.”

How does behavioural biometrics work?

We're already familiar with the idea that biometrics uses data about our biological, physical bodies to check that we are who we say we are. Hence we have smartphones that give us access by scanning our finger or thumb prints and we have retina or iris scanners, and machines that can recognise us by scanning and recognising the unique pattern of veins in our fingers. And then we also have facial recognition technologies and voice recognition. The list will probably keep growing.

Behavioural biometrics looks for the unique patterns in our behaviour, rather than our biological idiosyncrasies. Of course, this refers to our digital behaviours, in other words: how we interact with our mobile device. This can include how we use a website, how we type, swipe (finger pressure and swipe patterns) or use the mouse. The technology can detect the unique characteristics associated with each person's interaction with their mobile device and this becomes their 'behavioural fingerprint', which can become an authentication mechanism that the user is hardly aware of. A better way of putting this is that the bank/security provider is able to compare the user's digital behaviour (behavioural biometrics) with the user's stored profile. The bank can then give the user a risk rating or score based on the similarity of current behaviour with the stored profile's behavioural characteristics. And the greater the similarity, the lower the risk that this is a fraud attempt, so the customer can gain access with fewer authentication steps.

In its white paper on behavioural biometric authentication, Vasco explains how this works: “The greater the similarity between the profile and the user’s activity, the less the bank has to worry about the user’s identity and intent. A lower degree of similarity justifies additional layers of authentication before granting the user access to the online platform.”

---

CTMfile take: Behavioural biometrics is a way of improving security for mobile devices and improving the customer experience at the same time. We'll probably be hearing much more on this in future