How effective is behavioural biometrics in fraud prevention?

The history of behavioural biometrics is fascinating. Learn about its present use in fraud prevention and authentication to its prospects for the future.

Maciej Pitucha

Chief Data Officer

25 October 2022


6 min read

Fighting online payment fraud is a challenging business, best summed up as a constant ‘cat and mouse game’ between opponents trying to outwit each other. But modern fraud-fighting companies - at least the ones staying ahead of the game - have an ace up their sleeves: behavioural biometrics. The analysis of human behaviours and interactions using technology has come a long way since the early days. Behavioural biometrics in fraud prevention is now essential, and very effective at authenticating individual users using any digital services. The need to stay ahead of the game is imperative, as fraudsters continue to adapt their tools and techniques in their attempts to bypass anti-fraud systems, which is why behavioural biometrics powered by machine learning models must continue to stay ahead of the threats.

Past and present: what is behavioural biometrics?

The simplest definition of behavioural biometrics is the field of study to measure uniquely identifiable and measurable patterns of human behaviour. And despite being a hot topic in fintech circles, it’s certainly nothing new. The first applications of behavioural biometrics stretch back to the 1860s when it was used to recognise senders of telegrams. The same principle was applied in World War II to authenticate morse code messages - it was crucial to distinguish them from potentially misleading recipients. The clue to authentication was in the small details - how the senders would behave when typing etc.

The concepts for authentication remain the same - to determine genuine users against fraudsters. The taps on a morse code device have moved onto the taps of a keyboard and taps, swipes and general movements of mobile devices. The means by which authentication takes place has become sophisticated and continue to evolve. Due to its accuracy to determine true intentions and motivations, behavioural biometrics has become essential to modern-day fraud prevention.

To catch a fraudster…

The simple explanation for use of behavioural biometrics in fraud prevention is that it’s very difficult for a fraudster, no matter how determined or skilled they are, to completely fool anti-fraud systems. To imitate your physical digital characteristics perfectly is no walk in the park. Behavioural biometrics analyzes a user's digital physical and cognitive behaviour to distinguish between cybercriminal activity and legitimate customers, identifying fraud and identity theft. Legitimate customers and fraudsters interact with digital platforms differently.

Importantly, a distinction has to be made between behavioural biometrics and biometrics, especially from an ethical standpoint, to allay fears of surveillance of individuals who possess computers or mobile devices.

Of course, biometrics can be found in digital devices and services to identify a unique individual - from facial recognition, iris and fingerprint scanners. With behavioural biometrics, an individual is not identified, more to the point, the set of behaviours associated with regular service use, or the regular behaviours associated with an original account holder of a service are used to determine whether any deviations from these behaviours are suspicious in themselves. A fraudster that has committed an ATO will certainly behave differently from the original account holder.

Practical applications of behavioural biometrics in fraud prevention

Behavioural biometrics has become an essential part of modern anti-fraud systems. But there are distinctions in their applications. Anti-fraud setups that are based on ineffective rules-based models are trained to look for a certain set of behaviours, almost like a checklist. Skilful fraudsters know that even these rules are difficult to bypass, however, they take the approach of fighting fire with fire. In a practical sense, this means acting similarly to a legitimate end user (or original account holder of a comprised account) in a process we now know as the ‘warming up’ process in eCommerce.

With this approach, a fraudster may spend days, weeks or even months behaving as naturally as possible. They will add and remove items from a shopping basket, they will make small purchases and even go as far as to read and leave comments and reviews on product pages. The final act is to make a purchase of a high-value item for later resale. This method can be used indefinitely - until the original account holder has noticed suspicious activity on their account or bank statement, or the anti-fraud system discovers the anomaly.

This method is made much harder to accomplish when behavioural biometrics are powered by machine learning models in advanced fraud solutions. Coupled with digital fingerprinting, thousands of pieces of behavioural, device and network settings are analysed passively and in real-time. The goal is to provide a full understanding of a user’s interactions with a given online service. It is possible to uncover a fraudster or dishonest customer that is trying to mask their true identities, device setups and true geographical locations. These alone may not be indicative of fraudulent behaviour, but they are certainly suspicious.

The future of behavioural biometrics in cybersecurity

From the value and the benefits that having behavioural biometrics technology be as efficient as it can be, it would surprise you to know that there are businesses that still opt for inefficient rules-based anti-fraud. Cost can be a deciding factor, due to the belief that using advanced fraud solutions is beyond the reach of small to medium-sized businesses (this is a false belief).

The main fear for eCommerce merchants in particular, for example, is the potential to cause unnecessary friction in the online customer experience (UX). Invasive authentication measures can be terribly offputting for customers, and rightly so. The vast online choices today mean that anyone can find alternative services in mere minutes - and ones that have found the perfect balance between advanced, non-invasive authentication measures. Frictionless experiences are possible - and behavioural biometrics is key to seamless authentication.

The truth is, behavioural biometrics is expanding, not only in capabilities but also in the size of the market. In 2017, the global behavioural biometrics market was worth $675 million - a stark contrast to its estimated worth in 2023 at $2.5 billion. The technology has already proven its worth and as global fraud rates continue to rise, the ability to fight back must match the expectations of not only businesses but customers to keep identities, accounts and finances safe. We are witnessing some interesting times, and we await whatever developments occur in future.

Mobile app payments, transactions and cryptocurrency interest are on the increase

The realm of cryptocurrencies can seem daunting even to internet savvy users, which is perfectly understandable. The unregulated nature of crypto can be offputting to many, and indeed, if people are swept off their feet by the crypto hype, there is a real chance to lose a lot of money (as well as make a lot it) through some easy to make, but fateful trading decisions. With cryptocurrency, fortunes have been made, while others have been lost. And all this without falling for cryptocurrency scams. But now, with the world becoming more mobile, it’s easier than ever before to make investments in cryptocurrencies within the palms of your hands.

Take the situation with the COVID-19 pandemic, which significantly boosted the percentage of eCommerce’s share of global retail sales. In the midst of merchants and shoppers increasingly going online, the convenience has spread to mobile devices, which allowed more people to shop, pay and transfer money with great ease and from the comfort of their sofas. The ease with which mobile apps have allowed people to engage in M-Commerce, digital banking and even dabble in cryptocurrency investments is staggering, but not surprising. What is a surprise to many is the pace these changes have taken place, which were originally forecast to reach current levels by 2025-2030. Amidst this growth in mobile users, fraudsters have seen an opportunity to target people, aiming to remain hidden in the huge increase in daily transactions

It's time to add behavioural biometrics into your business flow

It's time to add behavioural biometrics into your business flow

Would you like to learn more about how behavioural biometrics analyses can help your business effectively stamp out fraud without causing online friction? Let us show you how.

Try for free