Behavioral biometric technology is a highly accurate authentication technology that can identify users based on their behavior patterns.
It identifies unique, individual characteristics in how people type and interact with their mobile device or computer, instead of other common technologies that identify users based on their physical attributes (fingerprints, facial recognition), what they have (key fobs or phones), or what they know (passwords or out-of-wallet questions).
Digital IDs rooted in behavioral biometrics are as unique to a person as fingerprints. They can quickly and accurately verify the identity of a user from one session to the next and continuously verify the identity during a single session.
Any anomalies detected in the user’s behavior at any point in their online session can signal that someone else is impersonating them and that there is a security breach or attempted fraud.
Physical vs. Behavioral Biometrics
Physical biometrics relates to a person’s biology, parts of the human body that can serve as an identifier – such as a fingerprint or retina scan. While behavioral biometrics refers to a person’s unique pattern of behavior – such as the rhythm and cadence with which they usually type on their computer keyboard or the way they move the mouse.
We encounter physical biometric analysis for security purposes more often than we think, for example, when we unlock our mobile phones with a touch or go through an e-passport gate after looking into a camera.
However, behavioral biometrics is a comparatively newer technology gaining ground in online banking fraud prevention. Its power lies in authenticating genuine users - without requiring additional steps that add friction to the process - and spotting fraudsters who return to a bank’s system.
Examples of behavioral biometrics authentication include:
|Keystroke Dynamics||Typing patterns that include a combination of keystroke speed, keystroke duration, variations in these for particular key sequences, and characteristic patterns that occur when typing common groups of keystrokes.|
|Touchscreen Swipes / Mobile Interactions||Unique ways users swipe, tap, pinch-zoom, type, or apply pressure on the touch screens of mobile devices like tablets and phones.|
|Cursor Movements||Unique patterns in mouse or trackpad cursor movement, including paths, tracking speed, direction changes, and clicks.|
|Handling||The way an individual holds or handles a mobile device provides another unique behavioral biometric factor.|
What is a BionicID™
The fundamental building block of a BionicID™ is behavioral biometrics. Revelock collects thousands of non-PII parameters starting with behavioral biometrics - how a user handles a device - and layers on behavioral analytics - when from where and what the user accesses as well as which device and network and all the associated data about that device and network that is used to access a protected website or mobile application server.
Revelock takes a unique approach to verify users at every point in the customer journey by continually asking the question, “are you really you?”.
Other behavioral biometrics companies compare users against a database of known bad, or segments of good actors, trying to answer the question “do you look like a bad or good actor?”. This approach can be effective. Still, in many cases, it is not granular enough.
Moreover, it does not provide complete coverage - leaving open the possibility that sophisticated bad actors will slip through early on in a new account signup process or at other points in the user journey.
The “do you look like a bad actor?” method of determining legitimate users vs. bad actors does not work in scenarios where insiders - people who have verified identities and are not part of the larger universe of cybercriminals - attempt unauthorized access to bank accounts.
Revelock BionicIDs™ are based on full user context and built to recognize every single user. They are established quickly and can start answering the question “are you really you?” accurately, in just a couple of interactions.
Revelock’s BionicID is a “cyber-DNA” or a digital fingerprint, built using thousands of parameters about the user’s context, based on behavioral biometrics, behavioral analytics and device profiling, network data, geolocation, malware patterns, and other threat intel data.
As a result, it recognizes the real person behind each user in as little as two interactions, with a 99.2% accuracy in just milliseconds!
What makes Revelock’s BionicID™ solution unique in fraud prevention?
BionicID™ data collection and analysis is the foundational technology in Revelock’s multi-channel fraud prevention solution. Revelock’s Fraud Detection & Response Platform is unique. It does not just detect anomalies, score risks and raise alerts; it also empowers fraud teams to simply configure the system to handle a number of fraud cases automatically.
This active defense approach protects users without them even knowing about threats, reduces call center costs, and reduces the burden on fraud analysts. In addition, it frees fraud teams from handling routine alerts and instead uses Revelock Hunter to investigate more complex cases.
With Revelock, analysts can take a pre-emptive defense approach, take down bad actors and mule accounts and stop fraud before it happens.
What makes Revelock’s BionicID™ more accurate than other behavioral biometric solutions?
Unlike other behavioral biometrics vendor’s solutions that classify users as “good” or “bad,” Revelock takes a different approach. Since most online users are legitimate, Revelock asks, “are you really you?” at every interaction, using a hybrid AI system that utilizes Deep learning algorithms under expert supervision.
These per-user models compare users to themselves and take less time to train, leaving a shorter window of fraud vulnerability when a user starts interacting with the system and is verified. The system also continuously scores risk based on population-based models and bad actor models. If we detect an anomaly, we immediately spring into action and take defensive measures.
This approach eliminates misidentification. And it reduces both false positive alerts and false negatives that miss signals of actual fraudulent activity. We minimize identification times by assigning all incoming events to the best AI / ML analytics module for the task.
These models are continually updated with the latest knowledge of adversary tactics, techniques, and procedures so you can stay ahead of the rapidly evolving threat landscape.
To learn more about how BionicIDs stop Impersonation and Manipulation attacks read the blog “Using BionicIDs to stop Impersonation and Manipulation attacks?”.