The rate of fraud attempts decreased during the first half of 2022. That good news deserves a bit more nuanced analysis, however. Despite the overall drop in attempts, some industries saw major upticks as fraudsters tailored their attacks at industries with fewer or less-robust identity-verification protections in place.
Insurance companies, for example, attracted a 159% increase in attempts from Q2 2021 to Q2 2022. Logistics saw a 13% increase, while the online forums and telecoms industries saw a reduction in fraud attempts, though less of a reduction than the -14% overall figure. The financial services industry, for its part, has clearly taken strides to better protect customer identities and establish trust.
As financial intermediaries, insurance companies can learn a lot from how financial institutions have thwarted fraud attempts. Organizations in all industries can even go a step further, implementing additional safeguards against fraud and other criminal activity. Behavioral biometrics is just the tool for engraining strong customer authentication into the business and avoiding future fraud attempts.
How is behavioral biometrics used for authentication?
Many firms now have a system of continuous authentication to secure customers’ digital identities. These systems operate as the backbone of know your customer (KYC) anti-money laundering (AML) and anti-fraud frameworks. Many customer-identity-verification checks only exist at the account sign-up portion of the customer relationship. But after convincing an organization they are who they say they are, customers go on to leave trails of data that can be used against them later.
Everywhere consumers go online, they leave breadcrumbs about their whereabouts, how they spend money, where they live, work and even information about their lifestyle. Criminal actors can amalgamate these datapoints into a synthetic identity or facsimile of the customer in question. Armed with this identity, fraudsters can hijack identities to access online accounts.
By implementing a combination of technologies that prompt verification at every sign-in, financial services firms, insurance companies, and a myriad of other organizations can establish a customer’s identity more regularly — on a continual basis.
Behavioral biometrics is just the latest tool firms can implement in this combination of solutions that provide continuous authentication. Biometric technology such as facial recognition or voice verification are used to verify a customer’s identity. Behavioral biometrics uses customers’ digital breadcrumb trails, as well as how customers approach online logins, to effectively create a behavioral signature fraudsters are hard-pressed to emulate.
For example, customers tend to type passwords in one keystroke at a time, whereas fraudsters copy and paste. Other patterns in human behavior exist, as well, including those of mouse speed and scroll and touchscreen interactions, to name a few.
Helpfully, behavioral biometrics fall under many different buckets of multi-factor authentication methods. “Something you are” methods represent information that is part of a user — a characteristic only that user possesses. “Something you do” methods refer to habits and behaviors. Implementing behavioral pattern analysis into continuous verification frameworks adds an additional layer of security that is difficult even for the most sophisticated fraudsters to crack.
What are the different forms of behavioral biometrics?
Behavioral biometrics prevent fraud by detecting high-risk scenarios and helping institutions make better decisions. If a customer who logs in twice each month suddenly starts logging in more frequently or if a client who always types their password in copies and pastes the password from a different location, those pattern anomalies signal that these logins carry additional risk.
Banking or other institutions that can passively perform authentication stand a better chance of recognizing fraud before it happens. Depending on how customers interact with online platforms, firms can implement different types of behavioral biometrics. Some examples include:
- Keystrokes: How someone types, as measured by keystroke speed and duration and common typing patterns.
- Mouse movement: People move their cursors at different speeds, change directions or scroll at specific rates.
- Speech patterns: Different customers have different voices but also different intonations, inflections and cadences when speaking.
- Signatures: Physical signatures vary from person to person based on various factors that can influence whether the signee is an impersonator or the customer in question.
- Style: Online banking and other platforms can leverage the way people approach writing emails or interacting with digital platforms, such as by looking at sentence case or punctuation.
Whichever method (or methods) an institution chooses, behavioral biometrics adds an extra layer of intelligence to identity authentication and represents a powerful tool in the fight against cybercrime. As technologies like machine learning evolve, behavioral biometric solutions that use them will also become more robust and accurate.
Keystroke dynamics is the most commonly used form of behavioral biometrics and has been a major identity-verification factor for years. In a small study of touchscreen analysis, researchers found that key evaluation could help predict emotion states with 73% accuracy. Other oft-used behavioral analytics that play a role in biometric authentication include mouse dynamics and biotouch (using users’ patterns of holding devices and typing patterns). One analyst found that facial recognition systems had an error rate of just 0.08% in 2020.
What do analysts say about behavioral biometrics?
Analyst estimates about the size of the behavioral biometrics market vary. In 2020, total market revenue was pegged at $1.1 billion. Forecasters believe the market will be worth anywhere from $3.9 billion by 2026 to $4.6 billion by 2027.
As far back as 2018, firms such as Gartner were predicting that identity verification formats, like biometrics, would eventually squeeze out passwords. In 2022, McKinsey noted that passwordless’ identity (including biometric verification) was one of the most noteworthy technologies in emerging trust architecture evolution. Deloitte has long discussed the merits of a technology-agnostic way forward for digital identity, noting how important it will be to leverage various layers of verification, including biometrics.
No matter how you slice it, research and analyst firms believe the burgeoning behavioral biometrics market still has room to grow as it continues to realize its potential.
What does the future of behavioral biometrics look like?
Behavioral biometrics authentication offers a crucial layer in an identity verification framework. Tapping into inherent behaviors that are difficult to mimic and specific to the user can help financial institutions, insurance firms and any other organization identify fraudulent activity before it happens. Best of all, as artificial intelligence and machine learning techniques mature, so, too, will the solutions that use them. As identity verification evolves, it will become an even more powerful tool in the fight against identity theft and fraud. But for all the promise, there are still mountains to climb before behavioral biometrics becomes ubiquitous.
Accuracy is the most prominent consideration for any algorithm. Despite the reported accuracy of some forms of biometrics, other forms are still honing their accuracy potential. The National Institute of Standards and Technology (NIST) reviewed algorithms for facial and fingerprint recognition. The best of the bunch had an error rate of nearly two mistakes per 100 tests. The NIST is looking for an error rate of just 1 in every 100,000 tests.
Any identity verification solution must also carefully straddle the user experience with safety and security. Identity systems that are too frustrating or take too long will cause potential customers to drop, the revenue opportunity along with them. Customer identity access systems must therefore combine enterprise-level protocols with a seamless customer experience, all while continuing to earn loyalty and trust.
For behavioral biometrics to work, customers must consent to organizations using their personal information. With an increasingly complex field of digital identity regulations, managing customer safety without compromising on data privacy standards will require a tightrope act.
Despite these challenges behavioral biometrics offers immense potential as another layer of continuous identity authentication practices. As solutions evolve to become more accurate and in tune with data-privacy regulations, organizations that implement them now can enjoy the fruits of these evolutions today and in the future.
Behavioral biometrics is risk-based authentication organizations need
Behavioral biometrics can help institutions move away from static and less-secure password-based authentication. Industries like financial services have already made progress in securing customer accounts, as evidenced by the decrease in fraud attempts. Other industries, like insurance, can follow banks’ lead and shore up their customer authentication practices. Organizations across all industries can take their get ahead of fraudsters’ next wave of attempts by leveraging the digital breadcrumbs customers use for their benefit, with behavioral biometrics.
Check out the new Gartner report: Innovation Insight for Biometric Authentication for more on digital identity and fraud prevention: