Snippet: One of the biggest challenges in the realm of digital security is to find ways to make the experience of authentication as painless as possible, without compromising on security or technological sophistication. Digital banking users want to feel safe, but they do not want to submit a hair sample or submit to a polygraph test every time they make a purchase.

One of the biggest challenges in the realm of digital security is to find ways to make the experience of authentication as painless as possible, without compromising on security or technological sophistication. Digital banking users want to feel safe, but they do not want to submit a hair sample or submit to a polygraph test every time they make a purchase. To address the tension between ease of use and strong security, many companies are turning to behavioral biometrics.

Ain't what you do, it's the way that you do it

Behavioral biometrics studies the unconscious, but measurable, patterns of human behavior that serve as unique identifiers. This is based on the idea that these behaviors – such as our gait, the way we type, or the way we navigate a webpage – are as unique as our physiological biometrics. Powered by machine learning, behavioral biometrics analyzes a user’s input and how they interact with their chosen interface. As more data is gathered over time, programs that make use of behavioral biometrics become more accurate, and can drastically reduce the occurrence of false negatives as risk scores become more finely tuned.

IBM, for example, is already using behavioral biometrics to assist in the detection of fraudulent transactions. Their algorithm monitors actions such as mouse movements and clicks; it then analyzes the gathered data and calculates a risk score that triggers an alert. This latest feature is an additional layer to their security approach, which also takes into account the IP address and geolocation of the user. (Incidentally, Entersekt’s Transakt product has been validated as Ready for IBM Security Intelligence, making it interoperable with IBM’s products.)

Pushing the envelope even further is a San Francisco-based company, wallet.AI, which, in the words of its founder, helps consumers “make smarter decisions about their money, especially when they’re out spending it”. It combines the use of contextual data and behavioral analysis to deliver a product that helps nudge users in the right direction when it comes to their day-to-day spending.  

These and other advances in machine learning have been making waves in our industry of late, but if we’ve learnt anything from Ex Machina, it’s to reserve the right to regard machines with suspicion.

Can we trust the machines?

Machine learning and artificial intelligence have been breaking new ground, but when it comes to security, no single strategy is sufficient. In fact, the US Federal Financial Institutions Examination Council (FFIEC) has actively discouraged single-factor authentication since April 2016. Across the globe, regulatory bodies are now increasingly mandating two-factor authentication (2FA) for logins, transactions, and other sensitive banking activities. For example, the Monetary Authority of Singapore’s Technology Risk Management Guidelines require 2FA for login to all online financial systems. In Europe, 2FA will soon be compulsory under the revised Payment Services Directive (PSD2) for all electronic payments of more than €30 in value.

The protective measures offered by behavioral biometrics satisfy only one factor of authentication – inherence, also known as “something you are”. Behavioral biometrics identifies a user at some place at some time, but only a second (possession) factor can attest to wherewhen, and why that biometric data was presented. A strong device ID can serve as that possession factor – which, together with the user’s inherent biometric data, ensures proof of the context of a login or transaction. Used in this way, behavioral biometrics could form part of a 2FA approach. 

Subscribe to our blog.


Clara Chennells

MARKETING MANAGER: EU

Clara originally joined Entersekt’s marketing team as a copywriter, and is now based in the European headquarters in the Netherlands. In her current role, she is responsible for lead nurturing, organizing local events, managing relationships with local PR agencies, and serving as the liaison between the EU office and central marketing.

Entersekt Logo

Entersekt is an innovator of customer-centric fintech solutions. Financial services providers and other enterprises rely on our patented mobile identity system to provide both security and the best in convenient new digital experiences to their customers, irrespective of the service channel. With us, they can concentrate on their innovation roadmap, while delivering intuitive, low-friction digital experiences to their customers.