Mateusz Chrobok May 27, 2020 14 min read

Physical Biometrics vs Behavioral Biometrics

Biometrics has become a bit of a buzzword in the banking industry, yet for the general public, it's often associated with science fiction, summoning up a vision of the future. Many people don’t make the link between biometrics and everyday practices in 2020, such as unlocking their phone using a fingerprint or face.

In this blog we'll debunk the myths of biometrics, laying out the clear differences between physical and behavioral biometrics. We’ll also demonstrate how this technology already plays a vital role in the fight against bank fraud, by invisibly protecting people throughout the world each and every day.

Physical-Biometrics-Behavioral-Biometrics-02

What is physical biometrics?

Physical biometrics refers to physiological features on the human body that can serve as identification, such as a fingerprint or retina scan. Companies often collect and store physical biometric data in order to authenticate identities for all sorts of uses, security being the most obvious. Physical biometric identification can also have other use cases where facial recognition is used to identify high-rollers in a casino to improve their customer experience.

Physical-Biometrics-Behavioral-Biometrics-01

What is behavioral biometrics?

Behavioral biometrics refers to any pattern of behavior that is specific to the user, such as the rhythm and cadence with which they usually type on their computer keyboard.

Software deploying behavioral biometrics, for example, to help with online fraud prevention, can quickly adapt to the way a user utilizes a human-computer interaction device such as, how fast they press specific keys on a keyboard, how they use a mouse, or how they swipe the screen or hold a mobile device.

What is the difference between using physical and behavioral biometrics when authenticating users?

Physical biometrics can definitely improve security in certain circumstances. It requires input from specific sensors depending on the trait is being measured. Most techniques are used to verify that a person is physically present and alive.

Biometric features can also be stored in premises security systems and can help verify authorized personal operating in highly secure areas of a facility. This technology provides a convenient and efficient way of using physical traits for identification.


However, using physical biometrics has its downsides related to the nature of physical traits. Once some of the physical features are revealed they can be reused in the online world multiple times by bad actors.



Physical-Biometrics-Behavioral-Biometrics-04
Additionally, many biometric methods can be captured and re-used. For example, voice recordings can be fairly easily used to circumnavigate authentication challenges leveraging speech recognition software. Fingerprints can be captured and printed. Photos or videos can be used to spoof the identity of actual users in some cases.

Physical-Biometrics-Behavioral-Biometrics-03

ALL of these methods vary by the impact on user experience and their accuracy. Each adding an extra layer of security, such as using your fingerprint to access your online banking app on your phone. But they are only truly effective as part of multi-factor authentication – when they are implemented alongside other security measures.


Behavioral biometrics, on the other hand, checks for patterns of behavior that are virtually impossible to spoof.



Behavioral biometrics applications can analyze the way we interact with things in the world around us, such as how we type or swipe on a phone, and they can be considered tolerant of changes in individual patterns of behavior.

When Deep Learning Technology is employed to analyze behavioral biometrics it can learn to factor in minor behavioral changes and adapt to the changes in user behavior.

In other words, behavioral biometrics aggregates hundreds of human and interaction signals to create a kind of cyber BionicID for each authentic user that can evolve over time. Characteristic patterns of behavior that are very difficult to duplicate or reuse.

Two of the biggest banking fraud threats behavioral biometrics can help prevent are identity theft and account takeover. Threats that allow a bad actor to take control of an online banking account, or of a session after the legitimate account holder has logged on.

Banks using behavioral biometrics can spot sudden changes in user behavior and can take remedial action, for example, by asking the user to re-authenticate their ID, by terminating the session, or even by suspending the account.

Physical-Biometrics-Behavioral-Biometrics-06

Behavioral biometrics offers the most comprehensive security for online banking fraud

The frequency, scale, and increasing sophistication of fraud attacks means banks cannot rely on authentication methods based only on static elements that can be stolen, traded, or sold.

Deploying behavioral biometrics within an anti-fraud solution delivers a transparent user experience that is a friendly, fast, and accurate way to counteract online banking fraud. Behavioral biometrics solutions can analyze thousands of parameters surrounding the user’s behavior during an entire online banking session, ensuring their account has not been taken over by a bad actor or isn't being manipulated in any way.

Behavioral biometrics delivers continual user authentication and is a powerful defense against online bank fraud and should be a necessary complement to one-time authentication techniques such as physical biometrics, passwords, and PINs.

Physical-Biometrics-Behavioral-Biometrics-05

Behavioral biometrics aid PSD2 compliance

Strong Customer Authentication (SCA) is a requirement set out under the Second Payment Services Directive (PSD2), where at least two of the following are used to authenticate a user: something the user knows, such as a password, something the user has, such as a device, and something a user is, such as their biometrics. This is where behavioral biometrics comes in extremely useful.

Collecting information around a user’s behavioral biometrics to build online profiles is completely non-invasive to the user, who wouldn’t need to enter or provide any additional information to the website or app they are using.

This means one of the two factors of authentication required by SCA can be authenticating the user invisibly and throughout the entire online banking session, whilst simultaneously gathering further information to protect the user even more effectively in the future.

Layering authentication methods remains the surest way to prevent online banking fraud and keep users safe.

Therefore, the decision banks have to make is how to choose methods that satisfy all of the following: cause the least unnecessary friction for legitimate customers, reduce risk, are sensitive to privacy concerns, comply with regulation, and all whilst making fraudster reuse of customer information nearly impossible.

A complex web of issues, to which behavioral biometrics has the comprehensive answer.

Please check out this webinar if you are interested in going deeper into the subject.

 

webinar_behavioral_vs_physical_bio_v01

Behavioral Vs Physical Biometrics: the ultimate showdown in digital banking

Biometrics has become a buzzword in the banking industry, as it has the potential to make authentication faster, easier and more secure than traditional passwords. Biometrics are either physical or behavioral human characteristics that can be used to digitally identify a person to grant access to online banking.

Physical biometrics refers to physiological features on the human body, such as a fingerprint or retina scan, while behavioral biometrics analyzes parameters such as a user’s keystrokes when typing, navigational patterns, screen pressure, typing speed, mouse or mobile movements, gyroscope position and more.

In this webinar we will see how using behavioral biometrics for authentication makes things easier for users, as it removes the need for any active response. Behavioral traits can be captured in the background, whilst not needing any specific hardware to be installed to guarantee that the users are who they claim to be.

Don’t miss this webinar and learn how behavioral biometrics joined with deep learning technology is the best solution for the prevention of online banking fraud.

avatar

Mateusz Chrobok

Mateusz’ mission is to evangelise about new technologies that are being developed to protect the end-users. Mateusz has experience of running a behavioural biometrics startup as a CTO and CEO. Previously he spent five years in Samsung R&D working on multiple cloud and cybersecurity projects. His primary interests are related to behavioural biometrics, ethical data processing and continuous authentication ♾. As a security geek, Mateusz has a strong belief that changing the World to make it better is possible.