Behavioral Biometrics: The Next Step For User Authentication

Behavioral biometrics provides a new generation of user security solutions that identify individuals based on the unique way they interact with smart devices such as smartphones, tablets or notebooks. The technology creates a unique profile for each user by tracking various metrics that are likely unique to the individual. These include things like: the angle a smartphone is held at, swipe/scroll patterns, keyboard/gestural shortcuts pattern, walking style/speed, typing style (speed, keypad pressure, finger positioning), and other keystroke dynamics. It uses software algorithms to build a unique user profile, which can be used to confirm the user’s identity on subsequent interactions.

The evolution of such a technology is important to all businesses under the e-commerce umbrella. Apart from fraudulent activities through credit card or SIM cloning, millions of goods are also left unbought due to the long and complex payment authentication process. This is a huge opportunity loss for the seller as well as each company involved in the value chain of the payment process, including the payment gateway provider as well as the bank issuing the credit card. In such a case, the payment authentication system acts a bottleneck for successful transactions.

Behavioral profiling has various applications in authentication and security, as it profiles unique behavior comprising physiology and other factors including social, psychological, health factors, etc.

User Behavior Tracking on Touch-Based Devices

  • Various web services track clicks and mouse cursor activity on web pages and search engines, but in touch-based interfaces such as smartphones, a cursor doesn’t exist, and touch events don’t represent user interest correctly.
  • On small screens, users move the viewing area left-right and up-down to read through the text. Users also zoom in/out to switch among overall layout and enlarge the content of the page to be examined. Thus, tracking these user behavior metrics creates multiple insights.
  • A display can track the user’s behavior of viewing different areas of content and the duration the user spent in each area through bounding boxes and heatmaps. This creates a visualization of the parts of the web page the user focused on.
  • A short dwell-time in a particular region indicates low-user interest, while long dwell-time indicates the user read through the written content in the region.
  • The information can be used for advertising, user profiling, and web-page analysis.

Real Life Implementations

Appsee is one such analytics platform. It provides visual screen usage analytics solutions to clients. The platform records the user interaction with the app and provides information through heatmaps, user flow charts, user navigation path, and other information. Touch heatmap analytics aggregates various gestures used during the interaction with the app, including taps, double-taps, swipes, pinches, etc. The heatmap is shown as a layer placed over the actual app screenshot, making it easier to analyze the interaction with the app. The frequency of interactions is color-coded. The information is useful for app companies to realign the user interface of the apps.

BioCatch, another US-based behavioral authentication, and threat detection solutions firm, partnered with Samsung SDS to integrate behavioral biometrics to detect fraud on popular mobile apps. The app profiles users based on different behavioral metrics such as the angle the phone is held, swipe/scroll patterns, and other behavioral attributes. When unusual behavior is detected, the app raises a red flag and implements additional security measures. According to BioCatch, a combination of behavioral biometrics and other new forms of phone-based ID verification (such as fingerprint and Face ID) will eventually replace the password as a form of security.

With credit and debit card transactions increasingly taking place through smartphones. Companies like Mastercard are investing in behavioral biometrics. In March 2017, Mastercard announced it was acquiring NuData Security, a global technology company that helps businesses prevent online and mobile fraud using behavioral analytics. NuData offers solutions which incorporate biometric, behavioral and device metrics to flag security violations and verify trusted users.

The Regulation Roadblock and Future Outlook

For now, behavioral biometrics are at a nascent stage. As more payments are made through smartphones, the banking and finance sectors are increasingly likely to seek to leverage smartphones sensors to aid in authentication. Meanwhile, user data protection and regulations like GDPR may act as a roadblock to the use of the technology. In this case, the technology can act as an additional layer, if not the core authentication system.

Hanish is an Associate Director with Counterpoint Technology based in Toronto, Canada. He has 8+ years of industry experience in providing market research and strategic consulting across various industry sectors. He tracks developments in the mobile handset, telecom and IoT industry value chain. He brings in the vast experience of providing advisory services to OEMs & component manufacturers, network operators, private equity firms and technology companies. He played a pivotal role in helping Chinese OEMs set up their manufacturing base in India under the “Make in India” program.

Term of Use and Privacy Policy

Counterpoint Technology Market Research Limited


In order to access Counterpoint Technology Market Research Limited (Company or We hereafter) Web sites, you may be asked to complete a registration form. You are required to provide contact information which is used to enhance the user experience and determine whether you are a paid subscriber or not.
Personal Information When you register on we ask you for personal information. We use this information to provide you with the best advice and highest-quality service as well as with offers that we think are relevant to you. We may also contact you regarding a Web site problem or other customer service-related issues. We do not sell, share or rent personal information about you collected on Company Web sites.

How to unsubscribe and Termination

You may request to terminate your account or unsubscribe to any email subscriptions or mailing lists at any time. In accessing and using this Website, User agrees to comply with all applicable laws and agrees not to take any action that would compromise the security or viability of this Website. The Company may terminate User’s access to this Website at any time for any reason. The terms hereunder regarding Accuracy of Information and Third Party Rights shall survive termination.

Website Content and Copyright

This Website is the property of Counterpoint and is protected by international copyright law and conventions. We grant users the right to access and use the Website, so long as such use is for internal information purposes, and User does not alter, copy, disseminate, redistribute or republish any content or feature of this Website. User acknowledges that access to and use of this Website is subject to these TERMS OF USE and any expanded access or use must be approved in writing by the Company.
– Passwords are for user’s individual use
– Passwords may not be shared with others
– Users may not store documents in shared folders.
– Users may not redistribute documents to non-users unless otherwise stated in their contract terms.

Changes or Updates to the Website

The Company reserves the right to change, update or discontinue any aspect of this Website at any time without notice. Your continued use of the Website after any such change constitutes your agreement to these TERMS OF USE, as modified.
Accuracy of Information: While the information contained on this Website has been obtained from sources believed to be reliable, We disclaims all warranties as to the accuracy, completeness or adequacy of such information. User assumes sole responsibility for the use it makes of this Website to achieve his/her intended results.

Third Party Links: This Website may contain links to other third party websites, which are provided as additional resources for the convenience of Users. We do not endorse, sponsor or accept any responsibility for these third party websites, User agrees to direct any concerns relating to these third party websites to the relevant website administrator.

Cookies and Tracking

We may monitor how you use our Web sites. It is used solely for purposes of enabling us to provide you with a personalized Web site experience.
This data may also be used in the aggregate, to identify appropriate product offerings and subscription plans.
Cookies may be set in order to identify you and determine your access privileges. Cookies are simply identifiers. You have the ability to delete cookie files from your hard disk drive.