Humans are creatures of habit. The way we walk, the way we type, how we move our cursors around on a website’s login or checkout page—these are deeply ingrained rituals that, while we don’t necessarily realize it consciously, are unique to us. As much as we can be identified by the physical details of our various body parts, we are also defined by how we perform our daily tasks. This is the world of behavioral biometrics, where what you are is verified by how you act.
In general, a behavioral biometrics system will create a profile of a user’s quotidian habits and run in the background of an application—invisible to the user—silently matching the nuance of actions such as keystrokes and mouse movements for verification. When enough of a discrepancy is found between a user and profile, access can be denied or the user can be prompted for an additional verification method. Behavioral biometrics can also be used to detect abnormal behavior in user activity, enabling these systems to detect fraud even if they aren’t being used to authenticate individual end users.
Behavioral biometrics technologies are playing an increasingly critical role in fighting fraud and detecting other forms of malfeasance in digital channels. Most often, these solutions are seen as an extra layer of security on top of authentication mechanisms that require direct user interaction, such as entering a password or undergoing a fingerprint scan. Because behavioral biometrics don’t require any direct actions or responses from end users, they can improve security without adding any friction. And because they can operate continuously in the background, they can detect forms of fraud that take place within online sessions that have already been authenticated; for example, if a fraudster somehow fools an authentication system to log into someone else’s account, their unusual typing patterns and other kinds of behavioral biometrics can automatically flag them for further scrutiny.
A wide range of financial services providers are currently using behavioral biometrics to fight fraud, including major banks like HSBC and NatWest, which is using the technology to ensure compliance with the European Union’s PSD2 regulation requiring Strong Customer Authentication. And as the broader trend toward remote access continues to intensify, behavioral biometrics technologies will likely become more prominent in other sectors including government e-services and enterprise remote work channels.