The Quiet Revolution Spurred by Behavioral Biometrics

It’s one thing to predict a tipping point, another to mark it in retrospect. And then there’s a third prospect – to watch as it actually goes full tilt. Such is the case for an old-but-new branch of biometric technology known as “behavioral biometrics.”

This technology is beginning to assert itself across banking, finance, ecommerce, and a multitude of other industries. As it does, experts expect it will have major ramifications for cyber security, personalization and marketing, and, of course, privacy.

At its core, behavioral biometrics is a technology capable of monitoring a single user’s unique “micro-habits.” In some cases, it is reportedly capable of tracking as many as 2,000 different interactive ticks, gestures, and movements -- per individual user -- across mobile devices, wearables, and desktop computer.

Unlike such static authentication measures as fingerprint, facial, voice, and iris recognition, behavioral biometrics are persistent. The longer they’re in place the more accurate they become – up to 99%.

What’s more, they’re passive, requiring nothing from the user, who remains unaware they’re even being tracked. For example, no capcha gotchas – like picking squares with street signs in them. Behavioral biometrics offer a security free of consumer-despising inconveniences of other methods such as two-factor (2FA) and multi-factor authentication (MFA).

Last year, market analyst of C. Maxine Most of Acuity Market Intelligence predicted 2017 would be a “breakout year” for behavioral biometrics. Similarly, Mercator Advisory Group said in a report that the proliferation of behavioral biometrics’ would occur swiftly and broadly enough to “decimate much of the existing authentication industry” within the next 7 years.

A much-circulated market research forecast claims “hockey stick” adoption from here to 2023 – with behavioral-biometrics-related hardware, software, and services leaping ahead at 24% growth rates to become a $2.6 billion market.

Many companies, especially in banking and finance, have deployed behavioral biometrics to some extent or another. Most companies decline to talk about their implementations. But a few have discussed their own adoptions, including NatWest, Experian, Mastercard, Royal Bank of Scotland, Lloyds Banking Group, and Deutshe Bank.

“Behavioral biometrics has been showing great promise,” says Mingliang Pei, the CTO for Identity and IoT at Symantec, which has been piloting a few of its own efforts in the area. “In the last two or three years, there’s been a lot of innovation.”

It’s not that behavioral biometrics represent a spanking new technology. In one of its earliest manifestations, telegraph operators were identified by the invariably unique way they delivered dots and dashes. Software has been capable of tracking keystrokes for decades. But at least three main advances are spiriting behavioral biometrics to a new plateau at the forefront of cyber security technologies.

They are:

1.  Smartphones. Their accelerometers, gyroscopes, and pressure-sensitive touchscreens have become the source of unique identifiers, such as a user’s gait and even the angle at which they habitually hold a device. Indeed, Mentor predicts that 93% of all users will be using such capable devices in their hands by 2022.

2.  AI and Machine Learning. The increase in computing power is making way for ever more powerful algorithms to reside at the device level.  According to a report by the International Biometrics Identity Association, there’s something entirely unique about behavioral biometrics: While AI and Machine Learning most often mimic human judgment, they do what no human can when it comes to instantaneously tracking and assessing human behavior at the micro-habit level for millions of users at a time.

3.  Cloud-computing. It has allowed companies to store behavioral data and use it as a way to compare, contrast, and pinpoint the most telling types of behavior across vast populations of users to improve accuracy to unquestionable levels. The cloud has also opened the door to behavioral biometrics as a service, which, in turn, means far faster adoption. Ryan Wilk, a VP at  Mastercard-owned NuData Security, says the connection to its parent gives it access to some 400 billion transactions a year.

Fueled by these combined forces, behavioral biometrics are verging into mainstream uses, some expected and others not so much. They include:

• Authentication. The dark web is, of course, hard at work using those purloined identities from victim companies. They employ software “bots” to spoof and scale their efforts at opening fake credit accounts. Some use human mills. With behavioral biometrics, however, target companies are able to discern whether it’s a human or a bot. They can also tell if an applicant is a human repeatedly applying. What’s more, software can now include behavioral tests in the engagement flow, such as a suddenly disappearing cursor that requires an identifying mouse movement.
• Insider threats. Behavioral activity can raise the alarms on a rogue employee, who is tracked suddenly downloading more documents than before.
• Personalization. This is among the newest and seminal uses of behavioral biometrics. For instance, Vancouver-based NuData claims its software can be used to make for a better online banking experience, based on a risk involved. If a customer wants to transfer $1,000, they have to satisfy a lower biometric authentication process than if they want to transfer $10,000.  For a bank’s best customers, it’s a win-win: The bank can quickly approve the lower amount, and the customer gets their money faster.
• Biometric-based marketing.  If banks are able to streamline the online customer experience, it’s not hard to foresee other such similar use elsewhere. For example, it could become a tool for CMOs so that on-the-fly offers can be customized get customized based on your identity – and anything that can be interpolated from your behaviors. Example: The speed and length of your stride could mark you as a serious runner ripe for offers for premium shoes and attire.

For instance, Acuity’s Most noted that the advantage of what she calls “do-nothing” behavioral biometrics stems from the fact that they work silently and invisibly. As of now, organizations that deploy the technology aren’t obliged to disclose its uses, functions, or what they harvest.

That shouldn’t present major obstacles. As the technology becomes more mainstream, these and other sundry questions will surely get debated and settled, paving the way for more companies to take advantage of behavioral biometrics to deploy cutting-edge solutions. Looking over the horizon, this much is clear: companies and their customers across a wide spectrum of industry sectors can anticipate a safer world in which they’ll be at least one step ahead of the bad guys -- without suffering at the expense of those things they can’t yet see.