The future of authentication
All experts engaged in developing applications will tell you one thing – we are all human, and most of us will take convenience over security, even when dealing with banking or shopping mobile apps. So, as long as it is easy, we will not think about the danger.
However, in business we do care about security, and we do care about our customers, so we are always searching for ways to combine the two.
And that is where biometry and behavior analysis come into play.
Biometric authentication, such as fingerprint scanning, retina scanning, voice recognition and face recognition are considered the most effective user identification methods currently available because it is very difficult to actually imitate or copy somebody's biological characteristics.
Biometrics are easy to use because most smartphones have built-in biometric features. Biometric Authentication provides a completely frictionless purchase process as the user does not have to remember any username or passwords to prove their identity.
Can it get even better? Apparently, yes.
In the vast sea of mobile application functionalities, one is emerging that will prove to be very useful, albeit a little unbelievable at first sight. It is the ability of the application to memorize your behavior in the app.
People use their mobile phones for over 50% of their waking hours. Swiping from left to right, how fast we switch through screens in different apps, how hard we press the screen with our fingers, all of this is rather unique and identifies us much more reliably than traditional passwords. Being so smooth and unique, it is no wonder that user behavior analysis has recently become one of the most popular concepts for proving user identity, which also offers the ability to automatically detect potential fraud in the app through collecting thousands of pieces of unique data after each iteration.
For an online banking system, it is very important to secure user accounts and protect their assets and personal information from malicious hands due to the high sensitivity of the data held inside. There are many existing authentication methods. In general, they are categorized into knowledge-based methods, possession-based methods and biometric-based methods. All of the methods definitely have their own uniqueness (strengths and weaknesses); however, the environment determines which authentication approach is best suited.
The most important key for the authentication process is the uniqueness of security measures, which in general can be categorized into something the user knows (password/PIN), something the user has (token/smart card) or something the user is (biometrics).
Most popular biometric methods “recognize” people by their face, voice or fingerprint, but alternative and less invasive biometrics have emerged recently.
Behavioral biometric authentication goes a step further by identifying a person based on unique behavior they exhibit when they interact with a device. It allows for truly frictionless authentication that is non-invasive and uses existing hardware capabilities avoiding additional sensor costs. Platforms today use one or multiple types of behavioral patterns.
Humans are creatures of habit. The way we walk, the way we type, how we move our cursors around a website’s login or checkout page—these are deeply ingrained rituals that, although we don’t necessarily realize it consciously, are unique to us. Not only can we be identified by the physical details of our various body parts, but we are also defined by how we perform our daily tasks. This is the world of behavioral biometrics, where what you are is verified by what you do.
Behavioral biometrics is an emerging modality in the biometric landscape, with clear applications in enterprise security, online banking, and mobile commerce. In general, a behavioral biometric system will create a profile of a user’s quotidian habits and run in the background of an application—invisible to the user—silently matching the nuances of their actions for verification. When enough of a discrepancy is found between the user and the profile, access can be denied, or an additional verification method can enter into play. For instance: if a user fails to pass the behavioral check for some reason, a request for facial recognition can be triggered.
For example, take a person using a shopping app frequently to purchase new products that usually cost under $20. They usually shop during the evening and are left-handed. These are all useful pieces of information that the system memorizes and stores as a unique identification for that person. Each time the user interacts with this app, the system will memorize their behavior and learn from iteration to iteration. With each iteration the system becomes “smarter” and the process of user authentication is much shorter.
If the system is not sure about this user and their behavior, it can additionally ask the user to enter the password or pin to authenticate additionally. Again, the system will memorize this kind of intervention as inherent to the user behavior.
To conclude, in order to keep modern customers and meet their expectations while keeping your business safe, behavioral authentication is definitely the route of future online services development.