Mateusz Chrobok May 27, 2020 13 min read

Physical Biometrics vs Behavioral Biometrics

Biometrics has become a bit of a buzzword in the banking industry, yet for the general public, its often associated with science fiction, summoning up a vision of the future. Many people don’t make the link between biometrics and everyday practices in 2020, such as unlocking their phone using a fingerprint or face.

In this blog we debunk the myths of biometrics, laying out the clear differences between physical and behavioral biometrics. We’ll also demonstrate how this technology already plays a vital role in the fight against bank fraud, by invisibly protecting people throughout the world each and every day.


What is physical biometrics?

Physical biometrics refers to physiological features on the human body that can serve as identification, such as a fingerprint or retina scan. Companies often collect and store physical biometric data in order to authenticate identity, for all sorts of uses, security being the most obvious. Another example is when a casino uses facial recognition in order to improve the customer experience of identified high-spenders.


What is behavioral biometrics?

Behavioral biometrics refers to any pattern of behavior that is specific to the user, such as the rhythm and cadence with which they usually type on their computer keyboard.

Software deploying behavioral biometrics, for example, to help with online fraud prevention, can quickly adapt to the way the user utilizes the human computer interaction device such as, how fast they press specific keys on the keyboard, what is the way of using the mouse or what is the way they touch their phone screen.


What is the difference between using physical and behavioral biometrics when authenticating users?

Physical biometrics can definitely help provide better security in certain circumstances. It requires specific sensors depending on the trait that is being measured. Most of the techniques verify that that person is physically present and alive.

Biometric features stored in the password are used to verified with the stream from cameras in the airport. This is convenient and efficient way of using physical traits.

However, using physical biometrics has its downsides related to the nature of physical traits. Once some of the physical features are revealed it can be reused in the online world multiple times by the fraudsters.

Additionally, most of the biometric methods can, to some extent, be captured and even re-used.

For example, voice recordings can fairly easily be used to circumnavigate authentication challenges leveraging speech recognition software. Fingerprints can be printed. Photos or videos might be used to spoof the real user in in some cases.


ALL of these method vary by the user experience and accuracy and they add an extra layer of security, such as using your fingerprint to access your online banking app on your phone. But they are only really effective as part of multi-factor authentication – where they are used alongside other security measures.

Behavioral biometrics, on the other hand, checks for patterns of behavior that are characteristic and variable over time.

As they analyze the way in which we interact with things in the world around us, such as the angle at which we usually hold our phones, they are tolerant of changes in our pattern of behavior.

Deep learning technology means solutions employing behavioral biometrics can factor such changes in and adapt to the changes in the behavior of users.

In other words, behavioral biometrics aggregates hundreds of human and interaction signals to create a kind of ‘cyber-DNA’ for each authentic user. A cyberdna that evolves over time. This characteristic pattern of behavior is difficult to be duplicated or reused.

Two of the biggest banking fraud threats are identity theft and account takeover, which is where a fraudster takes control of an online banking session after the legitimate account holder has logged on.

Banks using behavioral biometrics would be able to spot this sudden change in user behavior, and could take remedial action, for example, by asking the user to re-authenticate their ID, by terminating the session, or even by suspending the account.


Behavioral biometrics offers the most comprehensive security for online banking fraud

The frequency, scale, and increasing sophistication of fraud attacks means banks cannot rely on authentication methods based only on static elements that can be stolen, traded or sold.

Deploying behavioral biometrics within an anti-fraud solution is very user experience friendly, fast and accurate way to counteract online banking fraud, as such a solution can analyze thousands of parameters surrounding the user’s behavior during an entire online banking session, ensuring their account has not been taken over by a fraudster and they are not being manipulated in any way.

It’s these continual checks that makes behavioral biometrics a powerful defense against online bank fraud and a necessary complement to one-time authentication techniques such as physical biometrics, passwords and PINs.

Furthermore, behavioral biometrics can also be combined with deep learning, which means that every time a user logs in to their account, the solution becomes more accurate at identifying them.


Behavioral biometrics aid PSD2 compliance

Strong Customer Authentication (SCA) is a requirement set out under the Second Payment Services Directive (PSD2), where at least two of the following are used to authenticate a user: something the user knows, such as a password, something the user has, such as a device, and something a user is, such as their biometrics. This is where behavioral biometrics comes in extremely useful.

Collecting information around a user’s behavioral biometrics to build online profiles is completely non-invasive to the user, who wouldn’t need to enter or provide any additional information to the website or app they are using.

This means one of the two factors of authentication required by SCA can be authenticating the user invisibly and throughout the entire online banking session, whilst simultaneously gathering further information to protect the user even more effectively in the future.

Layering authentication methods remains the surest way to prevent online banking fraud and keep users safe.

Therefore, the decision banks have to make is how to choose methods that satisfy all of the following: cause the least unnecessary friction for legitimate customers, reduce risk, are sensitive to privacy concerns, comply with regulation, and all whilst making fraudster reuse of customer information nearly impossible.

A complex web of issues, to which behavioral biometrics has the comprehensive answer.

Please check out this webinar if you are interested in going deeper into the subject.



Behavioral Vs Physical Biometrics: the ultimate showdown in digital banking

Biometrics has become a buzzword in the banking industry, as it has the potential to make authentication faster, easier and more secure than traditional passwords. Biometrics are either physical or behavioral human characteristics that can be used to digitally identify a person to grant access to online banking.

Physical biometrics refers to physiological features on the human body, such as a fingerprint or retina scan, while behavioral biometrics analyzes parameters such as a user’s keystrokes when typing, navigational patterns, screen pressure, typing speed, mouse or mobile movements, gyroscope position and more.

In this webinar we will see how using behavioral biometrics for authentication makes things easier for users, as it removes the need for any active response. Behavioral traits can be captured in the background, whilst not needing any specific hardware to be installed to guarantee that the users are who they claim to be.

Don’t miss this webinar and learn how behavioral biometrics joined with deep learning technology is the best solution for the prevention of online banking fraud.


Mateusz Chrobok

Mateusz’ mission is to evangelise about new technologies that are being developed to protect the end-users. Mateusz has experience of running a behavioural biometrics startup as a CTO and CEO. Previously he spent five years in Samsung R&D working on multiple cloud and cybersecurity projects. His primary interests are related to behavioural biometrics, ethical data processing and continuous authentication ♾. As a security geek, Mateusz has a strong belief that changing the World to make it better is possible.