How effective is behavioural biometrics in fraud prevention?

Fighting online payment fraud is a challenging business, best summed up as a constant ‘cat and mouse game’ between opponents trying to outwit each other. But modern fraud-fighting companies - at least the ones staying ahead of the game - have an ace up their sleeves: behavioural biometrics. The analysis of human behaviours and interactions using technology has come a long way since the early days. Behavioural biometrics in fraud prevention is now essential, and very effective at authenticating individual users using any digital services. The need to stay ahead of the game is imperative, as fraudsters continue to adapt their tools and techniques in their attempts to bypass anti-fraud systems, which is why behavioural biometrics powered by machine learning models must continue to stay ahead of the threats.

The simplest definition of behavioural biometrics is the field of study to measure uniquely identifiable and measurable patterns of human behaviour. And despite being a hot topic in fintech circles, it’s certainly nothing new. The first applications of behavioural biometrics stretch back to the 1860s when it was used to recognise senders of telegrams. The same principle was applied in World War II to authenticate morse code messages - it was crucial to distinguish them from potentially misleading recipients. The clue to authentication was in the small details - how the senders would behave when typing etc.

The concepts for authentication remain the same - to determine genuine users against fraudsters. The taps on a morse code device have moved onto the taps of a keyboard and taps, swipes and general movements of mobile devices. The means by which authentication takes place has become sophisticated and continue to evolve. Due to its accuracy to determine true intentions and motivations, behavioural biometrics has become essential to modern-day fraud prevention.

The simple explanation for use of behavioural biometrics in fraud prevention is that it’s very difficult for a fraudster, no matter how determined or skilled they are, to completely fool anti-fraud systems. To imitate your physical digital characteristics perfectly is no walk in the park. Behavioural biometrics analyzes a user's digital physical and cognitive behaviour to distinguish between cybercriminal activity and legitimate customers, identifying fraud and identity theft. Legitimate customers and fraudsters interact with digital platforms differently.

Importantly, a distinction has to be made between behavioural biometrics and biometrics, especially from an ethical standpoint, to allay fears of surveillance of individuals who possess computers or mobile devices.

Of course, biometrics can be found in digital devices and services to identify a unique individual - from facial recognition, iris and fingerprint scanners. With behavioural biometrics, an individual is not identified, more to the point, the set of behaviours associated with regular service use, or the regular behaviours associated with an original account holder of a service are used to determine whether any deviations from these behaviours are suspicious in themselves. A fraudster that has committed an ATO will certainly behave differently from the original account holder.

Behavioural biometrics has become an essential part of modern anti-fraud systems. But there are distinctions in their applications. Anti-fraud setups that are based on ineffective rules-based models are trained to look for a certain set of behaviours, almost like a checklist. Skilful fraudsters know that even these rules are difficult to bypass, however, they take the approach of fighting fire with fire. In a practical sense, this means acting similarly to a legitimate end user (or original account holder of a comprised account) in a process we now know as the ‘warming up’ process in eCommerce.

With this approach, a fraudster may spend days, weeks or even months behaving as naturally as possible. They will add and remove items from a shopping basket, they will make small purchases and even go as far as to read and leave comments and reviews on product pages. The final act is to make a purchase of a high-value item for later resale. This method can be used indefinitely - until the original account holder has noticed suspicious activity on their account or bank statement, or the anti-fraud system discovers the anomaly.

This method is made much harder to accomplish when behavioural biometrics are powered by machine learning models in advanced fraud solutions. Coupled with digital fingerprinting, thousands of pieces of behavioural, device and network settings are analysed passively and in real-time. The goal is to provide a full understanding of a user’s interactions with a given online service. It is possible to uncover a fraudster or dishonest customer that is trying to mask their true identities, device setups and true geographical locations. These alone may not be indicative of fraudulent behaviour, but they are certainly suspicious.

From the value and the benefits that having behavioural biometrics technology be as efficient as it can be, it would surprise you to know that there are businesses that still opt for inefficient rules-based anti-fraud. Cost can be a deciding factor, due to the belief that using advanced fraud solutions is beyond the reach of small to medium-sized businesses (this is a false belief).

The main fear for eCommerce merchants in particular, for example, is the potential to cause unnecessary friction in the online customer experience (UX). Invasive authentication measures can be terribly offputting for customers, and rightly so. The vast online choices today mean that anyone can find alternative services in mere minutes - and ones that have found the perfect balance between advanced, non-invasive authentication measures. Frictionless experiences are possible - and behavioural biometrics is key to seamless authentication.

The truth is, behavioural biometrics is expanding, not only in capabilities but also in the size of the market. In 2017, the global behavioural biometrics market was worth $675 million - a stark contrast to its estimated worth in 2023 at $2.5 billion. The technology has already proven its worth and as global fraud rates continue to rise, the ability to fight back must match the expectations of not only businesses but customers to keep identities, accounts and finances safe. We are witnessing some interesting times, and we await whatever developments occur in future.