My Actions - My Password
The future of authentication
Is it good that my phone knows me better than my wife?
All experts engaged in developing applications will tell you one thing – we are all human, and most of us will take convenience over security, even when dealing with banking or shopping mobile apps. So, as long as it is easy, we will not think about the danger.
However, in business we do care about security, and we do care about our customers, so we are always searching for ways to combine the two.
And that is where biometry and behavior analysis come into play.
Biometric authentication, such as fingerprint scanning, retina scanning, voice recognition and face recognition are considered the most effective user identification methods currently available because it is very difficult to actually imitate or copy somebody's biological characteristics.
Biometrics are easy to use because most smartphones have built-in biometric features. Biometric Authentication provides a completely frictionless purchase process as the user does not have to remember any username or passwords to prove their identity.
Can it get even better? Apparently, yes.
In the vast sea of mobile application functionalities, one is emerging that will prove to be very useful, albeit a little unbelievable at first sight. It is the ability of the application to memorize your behavior in the app.
People use their mobile phones for over 50% of their waking hours. Swiping from left to right, how fast we switch through screens in different apps, how hard we press the screen with our fingers, all of this is rather unique and identifies us much more reliably than traditional passwords. Being so smooth and unique, it is no wonder that user behavior analysis has recently become one of the most popular concepts for proving user identity, which also offers the ability to automatically detect potential fraud in the app through collecting thousands of pieces of unique data after each iteration.
For an online banking system, it is very important to secure user accounts and protect their assets and personal information from malicious hands due to the high sensitivity of the data held inside. There are many existing authentication methods. In general, they are categorized into knowledge-based methods, possession-based methods and biometric-based methods. All of the methods definitely have their own uniqueness (strengths and weaknesses); however, the environment determines which authentication approach is best suited.
The most important key for the authentication process is the uniqueness of security measures, which in general can be categorized into something the user knows (password/PIN), something the user has (token/smart card) or something the user is (biometrics).
Most popular biometric methods “recognize” people by their face, voice or fingerprint, but alternative and less invasive biometrics have emerged recently.
Behavioral biometric authentication goes a step further by identifying a person based on unique behavior they exhibit when they interact with a device. It allows for truly frictionless authentication that is non-invasive and uses existing hardware capabilities avoiding additional sensor costs. Platforms today use one or multiple types of behavioral patterns.
WE ARE MORE PREDICTABLE THAN WE THINK… AND THAT IS A GOOD THING
Humans are creatures of habit. The way we walk, the way we type, how we move our cursors around a website’s login or checkout page—these are deeply ingrained rituals that, although we don’t necessarily realize it consciously, are unique to us. Not only can we be identified by the physical details of our various body parts, but we are also defined by how we perform our daily tasks. This is the world of behavioral biometrics, where what you are is verified by what you do.
Behavioral biometrics is an emerging modality in the biometric landscape, with clear applications in enterprise security, online banking, and mobile commerce. In general, a behavioral biometric system will create a profile of a user’s quotidian habits and run in the background of an application—invisible to the user—silently matching the nuances of their actions for verification. When enough of a discrepancy is found between the user and the profile, access can be denied, or an additional verification method can enter into play. For instance: if a user fails to pass the behavioral check for some reason, a request for facial recognition can be triggered.
BENEFITS OF USING BEHAVIORAL AUTHENTICATION
- Service log in – The user does not have to type a password, they can simply use biometry, and the system will additionally check their behavior and enable login into the app.
- Very difficult to spoof – Passwords and pins are easy to steal, but it is very hard to copy user behavior, voice or the way a user is typing or interacting with the app.
- No additional hardware is needed – Now every laptop, PC or mobile device comes with a keyboard which will detect user behavior by the way a user types. But, even more importantly, user behavior is memorized by how they behave within a certain app.
- Technology that evolves with the user – Unlike robots, our behavior is not always exactly the same. Biometric analysis adapts accordingly in order to protect the user throughout the whole session.
- Fraud prevention – If a fraudster steals a mobile device, they can easily access the account to make a purchase if the user stays logged into an account. Behavioral biometrics provide seamless authentication. Behavior which is out of the ordinary raises a red flag, preventing fraudulent activity.
- Catching fraudsters - When a transaction is made, businesses must decide whether to flag the charge as fraudulent or give it a green light. With machine learning, data is collected, and risk of fraud is calculated using algorithms. Behavioral biometrics are suited for gathering large amounts of distinct data, so they can be incredibly helpful when detecting fraud. This method also decreases the chance of a legitimate customer being locked out of a transaction.
- Great user experience – The user doesn’t have to memorize PINS or PASSWORDS, they just let the system create their pattern based on their behavioral characteristics.
HOW DOES THIS WORK IN PRACTICE?
For example, take a person using a shopping app frequently to purchase new products that usually cost under $20. They usually shop during the evening and are left-handed. These are all useful pieces of information that the system memorizes and stores as a unique identification for that person. Each time the user interacts with this app, the system will memorize their behavior and learn from iteration to iteration. With each iteration the system becomes “smarter” and the process of user authentication is much shorter.
If the system is not sure about this user and their behavior, it can additionally ask the user to enter the password or pin to authenticate additionally. Again, the system will memorize this kind of intervention as inherent to the user behavior.
To conclude, in order to keep modern customers and meet their expectations while keeping your business safe, behavioral authentication is definitely the route of future online services development.