By Edgar Zayas, BioCatch Director of APAC Global Advisory
Digital and mobile banking have revolutionised the way we manage our finances. Gone are the days of waiting in line at a brick-and-mortar branch. With just a few taps on our smartphone, we can check balances, transfer funds, and pay bills. The pandemic and its various international lockdowns further accelerated this digital adoption, forcing us all to spend more time working, shopping, playing, and socializing through our screens.
Financial institutions have also expedited their pivot to digital in the last few years, improving their remote banking experiences on both mobile and desktop and adding new online banking capabilities. For many of us, this has added great convenience to our lives, but that convenience does not come without risk. Banks must now thread the needle between a seamless customer experience and preventing and detecting fraud and financial crime.
The rise of behavioural biometrics in digital and mobile banking safety
Historically, fraud prevention has relied on authenticating user identities and monitoring transactions. However, as banking services rapidly evolve, so too do cybercriminal tactics. Criminals today harness new technologies to launch more sophisticated, frequent, and effective attacks, exploiting vulnerabilities in these new services. This increasingly volatile landscape means financial institutions must continuously refine and strengthen their defenses to stay ahead.
The digital user journey now requires continuous protection. Banks cannot limit their fraud stack to exclusively point-in-time evaluations (e.g. logins) and must also protect the user experience, avoiding clogging up the process with constant prompts to actively authenticate the session (e.g. one-time passwords, fingerprint scanning, and face ID).
Cybercriminals today utilize malware, Remote Access Tools (RATs), bots, social engineering techniques, SIM swaps, credential stuffing, AI-powered deepfake and voice clones – the list goes on. Financial institutions need to bring in new technologies capable of keeping up with both these emerging attack vectors and the consumer demand for a frictionless online banking experience.
This is where, I believe, behavioral biometrics has a crucial role to play.
Finding a solution that benefits both banks and customers
Behavioral Biometric Intelligence (BBI) not only analyses physical behavior patterns like mouse movements, swiping pressure, and typing speed, but also cognitive signals such as hesitation and segmented typing, to detect anomalies. It then merges this analysis with traditional application, device, network and transactional data. A deviation in user behavior, particularly one that aligns with known criminal patterns, often signals fraudulent activity during an online session.
BBI functions unobtrusively in the background of web or mobile sessions, monitoring thousands of behavioral indicators while minimising user-experience friction. This advanced technology not only interprets an extensive range of data beyond human capabilities and traditional rule-based systems but also serves as a digital forensics platform. Much like a security camera, it allows banks to replay and review sessions where fraud occurred, facilitating the rapid learning and deployment of new prevention and detection strategies without additional costs. This dual capability adds a robust layer of security, helping to accurately differentiate between legitimate and fraudulent activities.
The future of digital and mobile banking security:
The rules of the game have changed, and detection through user-authentication and transaction monitoring strategies must change as well.
As artificial intelligence (AI) arms cybercriminals with new weapons to target the most vulnerable, hyper-personalise their attacks, and evade detection, financial institutions need to look to new technologies to keep up and fight back. Behavioural biometrics must be included in the fraud stacks of the present and the future. As digital channel adoption increases, financial institutions need to be able to immediately distinguish between genuine sessions and criminal ones, allowing legitimate transactions to proceed without headaches and the fraudulent ones not to occur at all.