Cybersecurity efforts have traditionally focused on responding to data breaches and incidents of fraud after the fact, but as cybercriminals have grown in their sophistication, financial institutions and merchants have turned to innovations such as biometrics and behavioral analytics to prevent fraud at its source. Biometrics uses personal, physical identification — such as that based on fingerprints or facial recognition — to authenticate users and block fraudsters from gaining access to platforms. Behavioral analytics, by contrast, looks at a range of behaviors that indicate likely fraudulent activity. A biometrics approach to security may be effective in some cases, but it has important drawbacks that are growing alongside fraudsters’ sophistication. Advanced behavioral analytics takes a neuroscience-based approach to security. Such systems can identify low-risk users with high accuracy while flagging actions that signal potential risks, even where biometric data may have failed to do so.
This Deep Dive examines how behavioral analytics differs from biometrics, comparing the two systems’ use of stored data, customer privacy concerns and fraud-fighting effectiveness across a variety of industries.
The Trouble With Biometrics
With the increased ease of acquiring personal data such as social security numbers, addresses and banking data has come the need for a more modern approach to security — one that looks not only at who a user purports to be but also at how they are behaving and have behaved from second to second over time. That nuance in risk detection and analysis requires a complex blend of analytical approaches that examine real-time behavioral data within the context of modern cognitive neuroscience.
An exclusively biometric approach, however — based on fingerprint or facial ID — often fails to provide the highest levels of security because these systems can be easy for sophisticated criminals to outsmart. One particularly jarring example saw a hacker duplicate and share the German defense minister’s fingerprints at a conference. The hacker used a commercially available fingerprint ID software development kit (SDK) along with publicly available online photographs to create a fraudulent ID that, in the wrong hands, might have had devastating economic and even political ramifications. Face and fingerprint IDs can be replicated and disseminated globally in minutes, allowing criminals swift access to valuable synthetic identification that is authentic yet obtained fraudulently.
Criminals intent on circumventing traditional biometric security methods do not have to rely solely on digital technology to commit fraud at scale. Presentation attacks or spoofing can occur simply by a criminal using prosthetics created with a 3D printer or made by hand to fool a facial recognition algorithm into releasing personal data or granting access to a device or account. This allows criminals to mistrain the AI that drives facial recognition security, eventually establishing a false facial ID that corresponds to an individual who, along with their financial institution or merchant, is likely none the wiser until it is too late.
Biometric cues can still be meaningful components of a strong security strategy, but they may not be sufficient to stand alone against a tide of complex fraud attacks.
How Real-time Advanced Behavioral Analytics Can Strengthen Cybersecurity
There is another approach to cybersecurity that allows financial institutions and merchants to block fraud attacks before they launch while protecting legitimate customers from both unnecessary friction and data privacy concerns. Advanced behavioral analytics systems — which review both real-time and contextual data — go beyond the limits of biometric cues and circumvent the dangers of data breaches, as they do not collect any user data at all. Behavioral analytics does more than look for typical bad actor signals: It uses neuroscience-based analysis to assign risk scores in real time to high-confidence and low-confidence responses using a mouse, touch screen or other device. Behavioral analytics takes into account not only the possibility of human error but also the way the human brain analyzes information and makes decisions when using devices or when entering data online. It examines real-time data that indicates such key risk signals as user state of mind, hesitancy, cognitive load and answer switching, providing a clear and relevant portrait of user intent. Behavioral analytics compiles, scores and ranks real-time behavioral fraud attributes for each user. This allows security systems to instantly assess and score potential risk while protecting good customers from false flags that interrupt the customer experience. Research indicates that effective fraud prevention is of paramount concern in 2021, whether a user is accessing personal data for work, logging in to a banking app or making a purchase. Seventy-four percent of banks have witnessed an increase in cybercrime since 2020, yet many cybersecurity and risk management budgets have been reduced. That leaves many companies vulnerable and facing a formidable security challenge.
Science-driven behavioral analytics allows legitimate app and platform users to enjoy an improved interactive experience while halting potentially costly fraud attacks in real time. That may mean lower customer friction at checkout and better overall conversion rates for merchants along with better security in apps and online.