Behavioral Biometrics: The Next Step For User Authentication

Behavioral biometrics provides a new generation of user security solutions that identify individuals based on the unique way they interact with smart devices such as smartphones, tablets or notebooks. The technology creates a unique profile for each user by tracking various metrics that are likely unique to the individual. These include things like: the angle a smartphone is held at, swipe/scroll patterns, keyboard/gestural shortcuts pattern, walking style/speed, typing style (speed, keypad pressure, finger positioning), and other keystroke dynamics. It uses software algorithms to build a unique user profile, which can be used to confirm the user’s identity on subsequent interactions.

The evolution of such a technology is important to all businesses under the e-commerce umbrella. Apart from fraudulent activities through credit card or SIM cloning, millions of goods are also left unbought due to the long and complex payment authentication process. This is a huge opportunity loss for the seller as well as each company involved in the value chain of the payment process, including the payment gateway provider as well as the bank issuing the credit card. In such a case, the payment authentication system acts a bottleneck for successful transactions.

Behavioral profiling has various applications in authentication and security, as it profiles unique behavior comprising physiology and other factors including social, psychological, health factors, etc.

User Behavior Tracking on Touch-Based Devices

  • Various web services track clicks and mouse cursor activity on web pages and search engines, but in touch-based interfaces such as smartphones, a cursor doesn’t exist, and touch events don’t represent user interest correctly.
  • On small screens, users move the viewing area left-right and up-down to read through the text. Users also zoom in/out to switch among overall layout and enlarge the content of the page to be examined. Thus, tracking these user behavior metrics creates multiple insights.
  • A display can track the user’s behavior of viewing different areas of content and the duration the user spent in each area through bounding boxes and heatmaps. This creates a visualization of the parts of the web page the user focused on.
  • A short dwell-time in a particular region indicates low-user interest, while long dwell-time indicates the user read through the written content in the region.
  • The information can be used for advertising, user profiling, and web-page analysis.

Real Life Implementations

Appsee is one such analytics platform. It provides visual screen usage analytics solutions to clients. The platform records the user interaction with the app and provides information through heatmaps, user flow charts, user navigation path, and other information. Touch heatmap analytics aggregates various gestures used during the interaction with the app, including taps, double-taps, swipes, pinches, etc. The heatmap is shown as a layer placed over the actual app screenshot, making it easier to analyze the interaction with the app. The frequency of interactions is color-coded. The information is useful for app companies to realign the user interface of the apps.

BioCatch, another US-based behavioral authentication, and threat detection solutions firm, partnered with Samsung SDS to integrate behavioral biometrics to detect fraud on popular mobile apps. The app profiles users based on different behavioral metrics such as the angle the phone is held, swipe/scroll patterns, and other behavioral attributes. When unusual behavior is detected, the app raises a red flag and implements additional security measures. According to BioCatch, a combination of behavioral biometrics and other new forms of phone-based ID verification (such as fingerprint and Face ID) will eventually replace the password as a form of security.

With credit and debit card transactions increasingly taking place through smartphones. Companies like Mastercard are investing in behavioral biometrics. In March 2017, Mastercard announced it was acquiring NuData Security, a global technology company that helps businesses prevent online and mobile fraud using behavioral analytics. NuData offers solutions which incorporate biometric, behavioral and device metrics to flag security violations and verify trusted users.

The Regulation Roadblock and Future Outlook

For now, behavioral biometrics are at a nascent stage. As more payments are made through smartphones, the banking and finance sectors are increasingly likely to seek to leverage smartphones sensors to aid in authentication. Meanwhile, user data protection and regulations like GDPR may act as a roadblock to the use of the technology. In this case, the technology can act as an additional layer, if not the core authentication system.