""
Blog

Behavioral biometrics replace passwords

Security Technology
Behavioral biometrics
17 SEPTEMBER 2020 - DEWALD NOLTE
Digitalization of banking and commerce was progressing at pace before the pandemic, but COVID-19 catalyzed consumers and businesses to adopt digital services faster than even its greatest proponents had expected. Now, having become accustomed to this convenient way of transacting, most people are likely to continue with this new way of banking and shopping when life approaches something like normality.


Fraudsters have, of course, followed the opportunity, so it is more important than ever that financial services providers stay steps ahead in the cat-and-mouse game of fast-evolving fraud schemes and exploits, and the security solutions necessary to counter them.

Consumers, meanwhile, are spending significantly more time online and, for many of them, what might have been a mildly annoying user experience in the past – tolerated or avoided entirely by visiting a store or branch – can now loom large over the entire digital offering. That’s a threat to the relationship between service provider and customer.

Fortunately, balancing a good user experience with robust security need no longer be regarded as a trade-off. Every security solution worth its salt is comprised of several layers. Avoiding unnecessary friction and user frustration means understanding when to invoke one capability and when to draw on another.

So where does behavioral biometrics fit in?

The role of behavioral biometrics in authentication


If we look at the theory of authentication, a method or combination of methods can be classed as multifactor – and hence, strong – if it employs factors from more than one of these three categories: possession, knowledge, and inherence.


Behavioral biometrics falls into the inherence or “something you are” category. It’s about the way you do the things you do – such as type or hold your phone – rather than what you know (knowledge) or have (possession).

So, one of the first things to understand about the role that any kind of biometrics-based technology plays in authentication is that, on its own, it isn’t multifactor. To achieve this status, it must be combined with at least one other factor from the remaining two categories.

A winning combination for multi-factor authentication


Possession is one such factor – and the superior one in our book. Your bank card, your mobile phone, your house and car keys: possession is nine-tenths of the law, they say, after all. Entersekt’s patented technology issues strong digital-certificate-based IDs to consumers’ devices – mobile phones, laptops, tablets, and more – transforming the apps and browsers on these devices into trusted endpoints that can be leveraged as strong possession factors during users’ authentication journeys.

Want to know more about biometric authentication? Read: The rise of biometrics in banking: The death of the password?

The recently announced addition of behavioral analytics to our platform is something we are really excited about. The two technologies complement each other well, combining possession with inherence for a powerful, regulatory-compliant multifactor authentication solution that is especially user friendly.

Behavioral biometrics and analytics enrich Entersekt’s customer authentication offering by:

  • adding a frictionless means to determine whether the user of a device is a legitimate one, thus:
  • arming us with strong new signals to identify and combat social engineering
  • bolstering protection against family fraud, where family or friends use your devices to impersonate you
  • providing new signals to identify and combat automated account takeover attacks
  • helping us to accomplish regulatory-compliant frictionless customer authentication when used in combination with our certificate-based device ID technology.

For more on the future of authentication, read: Passwordless authentication: The future is here

New technologies need to enhance the user experience


Behavioral biometrics unlocks some exciting new use cases for our customers, but it’s vital that the technology is used at the right time, and for the right reasons, to ensure it enhances user experiences rather than negatively impacting them.

For every technology that you implement, you want to be sure to play to its strengths. This is also true for behavioral technology. When there is enough interaction in an existing user journey to allow behavioral analytics to seamlessly slot in and perform well, then it’s an ideal use case. In situations where user interaction is limited, so that there is not enough data to analyze, it would be better to use other tools in the authentication stack for that scenario rather than forcing a use case to adapt to a technology.

Behavioral biometrics is a powerful weapon in any financial institution’s arsenal. When used together with the right complementary technologies, it has the potential to unleash some magic in improving the security and user experience of our customers.


Read more about Entersekt's approach to passwordless authentication, which enables biometric and browser authentication use cases.