Mission Impossible

The real Mission Impossible

The real Mission Impossible
Why behavioral biometrics outshines physical biometrics

August 18, 2016

Mission Impossible

Let’s go back to 1996. Mission Impossible. The one where Tom Cruise zips down a cord and hangs above a sensor and decibel-rigged floor. At that time, those biometrics were so cool and edgy. Thumbprints, retinal scans, multi-digit codes, and voice recognition. It seemed like the future was just around the corner and we’d all soon be using this new tech. We’re still waiting!

Unfortunately, for every method of authentication, fraudsters are out there figuring out how to spoof them and that’s why some of these technologies are slow to be adopted. The public is justifiably wary of technologies that might not live up to their hype.

Physical biometrics might be popularized, but the reality is they can be very easy to replicate. For example, there’s even a WikiHow on how to replicate a fingerprint with stuff you have around the house. Given what we’ve seen before, there’s no reason to believe fraudsters won’t keep evolving their methods to counter any single technology we come up with. In fact, this is the biggest downside of any physical biometric or single access point for used authentication.

On the other hand, behavioral biometrics (BB) are next to impossible to replicate. Here are a few reasons why they are so effective:

Passive Customer Experience: Customers have a lot of choice in the marketplace. The more hoops they have to jump through, the less apt they are to continue doing business with you. A staggering 55% of all online users still use the same password for everything. Expecting customers to remember long and complex unique passwords may be simply unrealistic.

Fortunately, behavioral biometrics can be leveraged to authenticate users without any friction to the end-user. Customers can continue using a website just as they always have without having to take any special steps. This passive and positive experience can go a long way toward establishing customer loyalty.

Continuous Analysis: Authentication isn’t a point-in-time process. It’s not enough to authenticate a user at one moment and lose sight of them afterwards. With behavioural biometrics, a user’s behavior is being constantly monitored and observed from the very first time they interact with a website. This ongoing analysis can find patterns in their behavior over time, and establish a typical risk profile.

Unique Digital Identity: The myriad of signals, connections and interactions that comprise a behavioral biometric profile are too complex and unique to be stolen, duplicated or reused. Humans behave in ways that are unique to them and can be very accurately observed through their online interactions. Machines behave in very different ways and where there is a change or difference in how the interaction is taking place, BB can quickly flag it for further investigation.

The Growth of Account Fraud: Account fraud continues to grow along with the rise in online commerce in general, and we see no signs of this trend stopping anytime soon. With account takeover, a fraudster gets access to legitimate user credentials and then uses these to take over financial and ecommerce accounts. Bank accounts, for instance, are targeted by fraudsters who take over an account and then clean out the funds or borrow money by posing as the consumer.

What makes ATO particularly scary is that once a fraudster has gained access to one online account, it’s far easier for them to access other affiliated accounts also. Very few proofs are generally required for verification in many of today’s authentication systems. Examples of these kinds of single-modal proofs might be a password, an answer to a 2FA question, phone number, email address. Most of these types of identity proofs are stolen from previous hacks, or can be mimicked or spoofed.

Behavioral biometrics and analysis provide a foil to this fraudulent activity. BB is multi-modal in that no single touch point acts as a proof by itself. Instead, multiple layers of signals are interlaced and analyzed to build the complete profile. So while a fraudster can steal someone’s single-modal credentials, it’s still impossible for them to completely replicate every aspect of a person’s complete behavioral biometric identity.

The Ripple Effect of Data Breaches: As we’ve seen countless times, a data breach doesn’t exist in a vacuum. The consequences are far-reaching and often, long lasting. Pieces of data stolen from breaches can sit dormant for months or years until more data gets stolen and combined into “identity bundles.” These bundles are sold on the Dark Web – the more complete the information, the more valuable the bundle and the more potential for identity fraud in the future. With a system that incorporates behavioral biometrics, fraudsters are quickly identified as what they are – frauds. A BB system that verifies the good users means the bad users are quickly found out, before the damage is done.

These are just a few of the many reasons why organizations are using behavioural biometrics to predict fraud and risk while protecting the customer experience. The real mission is to use these next-gen behavioral—not physical – biometrics to help protect identity and make fraud impossible for fraudsters to continue.

For more information about how your organization can begin harnessing the power of this tool, find out more here.

Want to read more posts like this? See our full blog here.