Behavioral biometrics in mobile banking applications

Fraud is an immense problem for organizations navigating the digital age. Cybercriminals everywhere are targeting businesses across all sectors, leveraging account takeover, social engineering and user impersonation schemes to gain access to customers' wallets.  

Fraud is an immense problem for organizations navigating the digital age. Cybercriminals everywhere are targeting businesses across all sectors, leveraging account takeover, social engineering and user impersonation schemes to gain access to customers' wallets.

In fact, an estimated 78 percent of companies worldwide experienced such attacks in 2017, according to research from the Association for Financial Professionals.

Banks and other financial institutions are, of course, among the most sought-after targets for fraudsters. Too many of these nefarious characters find success in this industry, making off with billions of dollars per year. Despite such losses, the financial entities targeted in these fraud schemes are not collapsing under the pressure. Most are bolstering their digital defenses via proven data security technologies - with behavioral biometrics solutions chief among them.

In 2018 alone, enterprises worldwide spent more than $871 million on these innovative platforms, with investors from the financial space leading the pack, analysts for Markets and Markets found.

This space is expected to expand at a compound annual growth rate of 24 percent over the next five years, eventually surpassing the $2.5 billion mark by 2023. The seemingly astronomical ascendance of this unique technology makes since when considering its impact.

Banks and the like have seen considerable success with behavioral biometrics, the optimal counter to financially motivated cybercriminals.


Understanding the state of fraud

Modern fraudsters focus their attacks on active online account holders, including the 47 percent of those who use mobile devices to manage their money, according to Nielsen.

How does this activity unfold? Cybercriminals deploying account takeover and user impersonation methods might harness the power of a botnet or remote access Trojan, or engage in phishing in order to obtain the personal information they need to wrestle online portal access away from users, while those leveraging social engineering psychologically manipulate account holders, convincing them to willingly give up their login details or make illegitimate transfers. In all, these tactics render great harm to consumers.

For instance, cybercriminals conducting fraud schemes in 2017 managed to steal $16.8 billion from US account holders, analysts for Javelin Research and Strategy found.

Banks and other financial institutions have long sought to address this state of affairs. However, these entities must toe the line between securing their online portals and facilitating ease of use. This was apparent in a recent banking survey, which found that while 66 percent of consumers appreciated the presence of obvious data security protocols, one-third abandoned online account management activities due to friction linked to these features.

Fortunately, organizations in the financial arena have a viable digital defense that allows them to strike a balance between access and safety: behavioral biometrics.


Unpacking behavioral biometrics

Many people may assume all data security solutions and strategies are designed to eliminate threats through direct targeting - the proverbial white hat spots suspicious server activity in real time and, wielding the latest defensive tools, strikes a death blow against the intruder.

Sure, some data security operations unfold in this cinematic manner. However, the vast majority of organizations opt for more sustainable and cost-effective methods centering not on cybercriminals but the legitimate account holders they target. This is the modus operandi on which behavioral biometrics is based.

The technology allows banks to closely monitor everyday user activity and compile separate behavioral profiles for each individual. With this data in hand, the behavioral biometrics solution leverages machine learning to compare and contrast established account holder traits with real-time portal activity.

Should extreme discrepancies arise, the system alerts information technology specialists who can then take steps to mitigate the fraud that might be unfolding. All of this activity occurs behind the scenes of course, reducing the likelihood of user-interface friction.


The inner-workings of this software are incredibly complex. Most of the emerging solutions, of which there are few, track countless user behaviors, from click placement to scrolling speed.

These small details form reliable digital account holder profiles that machine learning modules can easily compare to the actions of fraudsters, most of whom either engage in strange account management activities - transferring large amounts of money to new payees, for example - or use advanced techniques or hacking tools to rapidly navigate user interfaces.

Again, the monitoring components at the foundation of behavioral biometrics solutions have little to no impact on account holders, the vast majority of whom are unaware of the numerous sensors registering their activity.


This innovation obviously holds immense potential for the banks and other financial entities absorbing attacks from unceasing fraudsters. However, it is not the bulwark of some far-off fraud-proof future - financial institutions of all sizes are racing to adopt behavioral biometrics.

The Royal Bank of Scotland, which ranks among the world's largest financial entities, launched behavioral biometrics technology back in 2016, The New York Times reported. After testing the platform on wealthy private account holders, the bank rolled out the solution to all 18.7 million of its customers in August 2018.

Now, when users log in to manage their RBS accounts, an invisible program records their activity, registering more than 2,000 minute digital proclivities in an effort to detect fraudsters.


Finding the optimal solution

As evidenced by the aforementioned behavioral biometrics investment projections, many banks are following in the footsteps of RBS and implementing this technology at scale. However, due to the relative immaturity of the market, the firms looking for reliable solutions might find it difficult to pinpoint behavioral biometrics partners that can actually deliver.

Here at buguroo, we develop and deploy proven behavioral biometrics infrastructure designed to empower banks in the face of fraudsters worldwide. Our bugFraud platform analyzes numerous customer gestures, generates detailed profiles and taps into machine-learning functionality to constantly compare these data points against live system activity.

The product also includes robust webpage and network analysis tools that can easily identify cybercriminals attempting code injection or connection masking.

Do you want to learn more about our BugFraud and how it can allow your bank to harness the power of behavioral biometrics? Connect with buguroo today or download our whitepaper.

Posted by Mateusz Chrobok

Mateusz’ mission is to evangelise about new technologies that are being developed to protect the end-users. Mateusz has experience of running a behavioural biometrics startup as a CTO and CEO. Previously he spent five years in Samsung R&D working on multiple cloud and cybersecurity projects. His primary interests are related to behavioural biometrics, ethical data processing and continuous authentication ♾. As a security geek, Mateusz has a strong belief that changing the World to make it better is possible.



We guarantee that the user is who they say they are and are not being manipulated through unique BionicIDs during the entire session.


Solicita una demo

Would you like to know how our solution protects your bank?

Check how our solution can help you to resolve your company's online fraud issues by requesting a free DEMO and we explain it to you in detail.

Watch video

Did you like it? Share in your social communities