Fintech companies have been trumpeting the benefits of behavioural biometrics in effectively authenticating online payments for years. Open banking has allowed such companies to expand the capabilities of existing technologies. They are now applying them to the problems experienced by eCommerce merchants and financial institutions. There are now years of experience in behavioural biometrics. The proof that it works is evident in the track records of businesses using it to prevent fraud and ensure customers benefit from frictionless online experiences.
A large part of this success is down to the effective use of behavioural biometrics in fraud prevention. There is already huge current potential for its use, but what about the future? It will only continue to evolve to threats and challenges, making it even more effective in the long term.
Behavioural biometrics as an effective means of understanding user intentions
Behavioural biometrics has been at the core of fraud-fighting for quite some time. It existed long before PSD2 implementation deadlines loomed over eCommerce businesses. The concerns over PSD2 SCA measures potentially causing customer friction has been dispelled – at least for businesses that have opted for advanced fraud solutions using behavioural biometrics powered by machine learning models. With eCommerce merchants already talking about a future PSD3, fears over choosing effective fraud prevention or ensuring frictionless customer UX must be dispelled. If efficient all-in-one solutions already exist, use them. It’s in the best interest of businesses and their customers to avoid a repeat of PSD2 implementation challenges and fears.
The use of behavioural biometrics in advanced fraud solutions today goes far beyond the minimum requirements of PSD2 SCA and 3DS2 authentication for the purposes of online payments and transactions. Businesses can implement safer anti-fraud systems where the entire customer journey can be protected, with users authenticated passively and in real time. From registration, use of service, making payments and weeding out fraudsters and dishonest customers in the returns and chargeback processes, it is possible to understand every single service user with powerful application of behavioural biometrics. How is this achieved?
Examples of effective use of behavioural biometrics
What may sound like futuristic capabilities had its tech roots in the 1860s when behavioural patterns were used to distinguish senders of telegram messages. Senders were identified by how they sent their messages, any habits or quirks in their tapping of messages, and even the time of day. The same means of authenticating messages was also applied during both world wars – essential in determining genuine morse code messages from potentially misleading communications.
Although the tech has advanced, the principles remain the same. I’d like you to imagine that you are making a payment on your laptop or mobile device. As you do so, certain behaviours are analysed by anti-fraud systems to distinguish whether you are a genuine user and not a fraudster or an automated bot. Behavioural biometrics coupled with digital fingerprinting can analyse thousands of data elements to effectively paint a picture of every user using a digital service or making a payment. They include device setups, network settings, and, importantly, and how users behave using the service and their devices. A regular user will register with a service, browse, and make payments, without the need to mask their IP settings or use a VPN. This in itself is not suspicious of fraudulent activity. However, suppose these go hand-in-hand with efforts to mask true device setup (type of operating system used etc., changing of a browser user agent) and hide identity and true geographical location. In that case, there is a high likelihood of a fraud attempt.
The real clincher is when the analysis of how the user behaves using this setup shows that the current user differs greatly from an original account holder (indicating that an Account Take Over (ATO) has occurred). More extensive analysis can determine if a mobile device, for example, is in the hands of a real user or idle and part of a larger automated bot farm. The interpretation of morse code taps has evolved. It now includes an understanding of every user’s taps of a keyboard, taps and swipes on a screen, to physical movements picked up by a mobile device’s gyroscope sensor.
Not just any old anti-fraud system does the trick
Behavioural biometrics are used in many anti-fraud systems. Unfortunately, fraudsters know this and continuously try to adapt their techniques to bypass these measures. Fraudster tools easily available on dark web markets make these efforts easier to achieve – a little bit of patience can also lead to dividends. Enacting ATO or purchasing stolen accounts online is just one part of a fraudster’s attempts. They must act as similarly as possible to an original account holder to succeed. In this regard, rules-based fraud systems can be fooled.
Crucially, advanced fraud solutions using behavioural biometrics powered by machine learning models are far more difficult to fool as the rules evolve and adapt to current and future fraud challenges. Fraudsters can be stopped immediately, even before they’ve had a chance to begin their fraud attempts. The key is to use behavioural biometrics and make fraud as difficult as possible while clearing a straight path for good users. This approach works and is continually improving.
Behavioural biometrics makes frictionless UX easier to achieve
From start to finish, the path to seamless service use can be made much easier for genuine customers. By understanding every single user’s online behaviours and device/network setups, any deviation from these behaviours can be picked up immediately by advanced fraud solutions. It’s natural for businesses to seek frictionless experiences for their genuine users, which is already entirely possible. Yet, not all businesses understand they need not negatively impact their business operations and online reputation by choosing one necessity over the other.
There is food for thought as global eCommerce fraud rates continue to rise – rising to $20bn in 2021 from $17.5bn in 2020 (a rise of 14%). The good news is that effective authentication measures are working in Europe under PSD2 SCA, and overall fraud rates are decreasing (they fell by 20% in the first 4 months of PSD2). This emphasises why advanced fraud solutions are essential, limiting fraud while providing frictionless UX to keep customers satisfied and continue shopping online.
Embedded in these fraud solutions is behavioural biometrics, which will continue to grow. In 2017 the behavioural biometrics market was worth $675 million – a stark contrast to its estimated worth in 2023 at $2.5 billion. The advanced fintech capabilities to provide seamless and secure user experiences is already available. The best solution to beat future fraud attempts is to act today and incorporate effective behavioural biometrics into your anti-fraud strategy. Failure to act could be costly.
Started in 2016, Nethone is a fraud protection company committed to solving fraud and reducing unnecessary transaction friction through a better understanding of online users. Our advanced proprietary Profiler and machine learning models effectively prevent payment fraud and protect merchants and their clients by understanding every user behind a transaction. Nethone has grown to over 70 employees including a dedicated team of Data Scientists and IT security experts who cooperate with global players in eCommerce, digital goods, and financial industries.
