Passive Behavioural Biometric Authentication : A Probabilistic approach to prevent Online Frauds

At a time when conventional data security measures are constrained by limitations like too much dependence on user discretion and user acceptance, Passive Biometrics can potentially offer a balance of security and user acceptance.

Conventional security mechanisms like passwords and SMS codes are only as strong as the user makes them. It has been found that many users tend to set weak passwords because it is easy to remember them. That defeats the main purpose of password or security code based mechanisms.

Passive biometrics does not require the user to actively provide credentials, passively collecting user data in forms such as of face, voice and iris recognition techniques. Although passive biometrics as an IT security mechanism is still finding its niche, it is safe to say that it offers a nice balance of user convenience and data security.

Passive biometrics technology builds a profile by looking at those inherent movements a user does. How we type, hold the device, or move the mouse are unique to each of us. Relying on inherent behavioural information, passive biometrics tells you if the right person is behind the device with high accuracy.

In such a world, authenticating the identity of a user is more crucial than ever. As fraudsters go high-tech, so, too, are the companies seeking to stop them. One such approach is  a connected intelligence approach, which includes multiple layers of authentication solutions, leveraging AI and working together to prevent fraud.

Various Fintech have  developed a range of products that use passive biometrics to help verify good users. 

Passive Behavioural Biometric Authentication  is centred on probabilistically identifying if a legitimate person is physically present in the interaction. This can happen during account creations, login attempts, and transactions.

There are over 300 distinct signals which can analyze in order to make a determination. These can range from how hard a screen is being pressed to how a person is navigating around their device.

Behavioural Biometrics is a passive frictionless mechanism, this is based on users data from both mobile as well as the web. The data collected from the applications while being used by the user, create a unique signature for every individual user based on how user behaviours. This ,by default ,becomes a multi factor authentication system. The beauty of the system is, it need not restrict solely on the login page, but can reside on every page of the app/web where there is human interaction.

In simple words, the authentication happens on every page from the time the customers enters the web or mobile and exits the web or mobile. In technical terms, this is Continuous authentication for the following :

• Continuous Authentication: Impersonation frauds on both mobile and web;
• Impersonation due to password sharing (Cloud, Core banking, E-Commerce etc ..);
• Step Up Authentication: Multi-Factor Authentication (On top of the second factor);
• BOT prevention;
• Fraudulent account creation.

The success of passive biometric authentication solutions “in no way, shape, or form negates the need for active biometrics. Connected intelligence entails coupling the passive biometrics approach to an active one.

When passive biometrics indicate that an interaction has a high probability of being fraudulent, an active challenge can be issued to confirm the identity of the user.

In this way, both approaches are necessary to effectively fight fraud.