What is Behavioral Biometrics? Using Behavioral Data to Fight Account Takeover

Behavioral biometric authentication provides continuous protection against account takeover fraud. Discover how it can be best used here.

Mateusz Chrobok

Head of Fraud Intelligence

6 September 2023


7 min read

In the fight against account takeover fraud, behavioral biometrics authentication provides an additional layer of protection, combining machine learning, cognitive biometrics and a user's behavior for real-time behavioral analysis and reactions. This advanced technology plays a pivotal role in protecting sensitive information and preventing identity theft.

So what are behavioral biometrics and how do they help in detecting fraudulent account activity? In this article, we will explore the topic of behavioral biometrics authentication, its many benefits, how it works with other forms of fraud detection and examples of the data behavioral biometrics analyzes and uses to verify user identity.

What is Behavioral Biometrics and How it Works?

Behavioral biometrics refer to patterns in user activity that can be used to determine identity or the users authenticity. Similarly, behavioral biometrics authentication refers to the use of these indicators in a security function. It works by checking current behavior against previous historical data for consistency. If something’s offbeat, it’s flagged as a risk and sets off a signal for further checking.

behavioral biometrics 1

Digital or Physical Biometrics? Defining Behavioral Biometrics

Before we explore the different types of behavioral biometrics, let's clarify what counts as biometric data. It's important to note that there are unique patterns that can be used to detect a user's identity in both the digital world and the real world.

We can generally split these into three categories or groups.

  • The first group covers the likes of passwords, secret questions and other specific pieces of learned knowledge. Such knowledge is not impossible for fraudsters to crack, and thus alone does not outright prevent fraud.

  • The second possible group includes authentication apps, card readers and other hardware designed to provide additional authentication. While useful, these can be imitated or other bypassed through various means.

  • The last group, to which behavioral biometrics and physical biometrics belong, covers unique patterns of traits to a given user. This includes physical features, such as the face or fingerprint, but also measurable behavioural patterns that can be analyzed to determine legitimate users based on historical data.

Physical vs Behavioral Biometric Authentication

While all data in this latter group is important, it's worth highlighting the key differences between physical biometrics and behavioral biometrics.

Physical data relating to physiological features of an individual count as physical biometrics. Hence, fingerprints, retinas and palm imprints, for instance, do not count as behavioral biometrics. These physical biometrics can be used to validate a user - and are often used as access management solutions - but do not change during the session, and thus have their own limitations.

behavioral biometrics 2

Behavioral biometrics, on the other hand, are data points based on the result of the user's physical actions. If they use a keyboard, a mouse, or navigate through a touchscreen, this creates keystrokes, navigation patterns and more. These are behavioral in nature, and their ongoing input during a session create patterns that can be analyzed throughout.

Biometric technologies exist for both, but for the purpose of this text, we are focusing in the latter.

Types of Behavioral Biometrics

Now that we've established what behavioral biometrics means, we can further identify four key areas of biometric data that can be considered in detecting and preventing identity theft. It's important to note, however, that behavioral biometrics is a field that continues to grow, so this list is not finite.

Device-based gestures

How a user interacts with their given hardware can often be akin to their handwriting. While it can be replicated, there are numerous, specific data points that can still flag potential identity theft.

We can consider for example:

  • Keystroke dynamics and usage. Everyone types differently, leaving different pauses between various combinations of pressed keys. These common groupings, known as keystroke dynamics, can be analyzed as a key behavioral trait.

  • Mouse usage. Similar to a keyboard, we can also track input from a mouse, trackpad or similar device. This includes tracking speed, paths made with the cursor, directional changes and more. Similar to keystroke dynamics, advanced biometric authentication can analyze the measurable patterns and differences between these.

  • Touchscreen usage. Touchscreen interactions leave a distinct trace in the way users tap, slide or pinch on the screen. Fraud prevention systems tab on one’s touch speed, the paths their gestures follow, and even those changes in direction making sure it’s a genuine user in action and not a fraudsters trying to pull a fast one. 

Voice-based behavior

How a person speaks provides a wealth of behavioral characteristics and a narea of user behavior data that many technologies are rapidly adapting as a means of behavioral authentication. More than just the pitch or tone, machine learning can pick up the minute factors that humans can't mimick in order to validate authentic user behavior.

Signature Analysis

In many ways, signature analysis represents one of the earliest forms of protection that involves innate human characteristics and, thus, one of the earliest forms of behavioral biometrics combined with security. A signature includes numerous data points and characteristics that trained specialists, and now advanced digital solutions, can authenticate.


Similar to signatures, kinesthetics is another area of digital behavioral biometrics combined with real world interactions. Used in advanced camera equipment, amongst other purposes, these behavioral biometrics generate customer profiles based on physical biometrics, such as:

  • How someone walks. Known as gait analysis, this takes in not only the obvious differences between people of different weight and height, but also the minute, smaller details between strides.
  • Overall posture, which is another tell-tale biometric data point. Again, physical differences will change a posture, but how someone stands, walks or sits represent very personal behavioral patterns. Specifically, the represent part of a user's identity that is difficult to recreate.

ATO Course Banner

Behavior Tells All: Examples of Behavioral Biometrics Use Cases

Companies can use behavioral data gathered from their customers to help validate identities and prevent fraud via stolen personally identifiable information. This can be found across a wide range of industries, including:

  • Ecommerce. Online shopping attracts a large number of users and, with it, the temptation for fraudsters to commit identity theft. In order to prevent fraud, the ecommerce sector is rapidly investing in biometric authentication to provide an additional layer of security that, thanks to automation, scales well in such highly used, and constantly available, online services.

  • Banking. Financial institutions, naturally, represent a big target for data breaches. As such, behavioral biometrics represent another effective way to track customers throughout their entire session, identifying unique patterns and rapidly responding when the data no longer matches.

  • Social Media. Similar to e-commerce, social media platforms represent large websites with vast userbases, making them both a target for data breaches and a target for fraudsters to gain more information. Alongside multifactor authentication, the leading platforms use more and more behavioral biometrics to authenticate users and validate correct behavior, as well as logging potential identity thieves out.

In all of these, biometrics help detect account takeover activity, as well as providing a faster means to respond to such threats.

How Behavioral Biometrics Help Detect Fraud

Behavioral biometric authentication provides an extra layer of protection against account takeover fraud. Specifically, we can further define this in the context of the user, the network, and behavioral patterns. What makes behavioral biometrics stand out is its versatility – it's not a run-of-the-mill security setup, yet a key element that can be applied in different contexts for better fraud precision.

User Context

When users log in or use your system on a regular basis, both the software and hardware used become key markers to indicate the user's identity. The operating system, as well as the memory and graphics cards on a given device, can all be tracked. All this data is often combined to create a unique identifier called a device fingerprint.  Since this method is very popular, fraudsters created dedicated software that tries to  spoof the device's fingerprint by mimicking elements of the user context.

behavioral biometrics 3When it comes to fraud prevention, behavioral biometric authentication considers all of the above criteria to determine the validity of the user. As a form of multi factor authentication, it provides an extra step for identity thieves to overcome.

Network Context

Similar to the user's specific hardware, we can also track the networks used. For example, legitimate customers often access digital services from specific timezones, at more common times of day and often from a select number of IP addresses. This can be tracked and analyzed both in terms of what's inline with exhibited behavior, but also when a new IP address is too far from previous addresses to be physically possible. Fraudsters usually use VPNs, proxies, residential proxies, or TOR to simulate the exit from other network locations and contexts. Proactive detection methods such as detecting network  anonymization techniques based on the network behavior allow you to detect such cases.

behavioral biometrics 4

Behavioral Context

Alongside the user and network context, we can use behavioral biometrics thought a user's session for continuous authentication.

For example, we can look at what happens when a user interacts with a website or service and is asked to enter their email address. For a legitimate user on their own device, this would either be done via an autofill functionality or quickly typed out from memory. A fraudster, on the other hand, likely copies and pastes this information. Such behavioral biometrics on their own do not indicate a threat, but based on past behavior and broader context, can indicate an increased likelihood of fraudulent account activity.

behavioral biometrics 5

Similarly, behavioral biometrics can also be used to verify user behavior on new devices or in other instances where the user and network context are not as reliable.

The Benefits of Implementing Behavioral Biometric Authentication

As a security measure, there are numerous benefits of using behavioral biometrics. The most common advantages of using behavioral biometric data include:

  • As a form of passive technology, behavioral biometrics doesn't impact the customer experience.
  • Likewise, they do not require any conscious input from the user, which helps support their high success compared to the likes of password, which are often down to the individual users personal actions.
  • It's more secure, both in terms of adding numerous more factors to bypass, but also because it's unique to each user.
  • It's also a very flexible and scalable system, as the amount of data that can be collected is near infinite, and the historical data only grows in accuracy over time.

How is Behavioral Biometric Data Collected?

Since the purpose of behavioral biometrics are to identify a user at a micro-behavior level, the only way to gain this data in the first place is to implement technology that is able to collect such information. In other words, behavioral biometric authentication is most often paired with behavioral biometric data collection.

Let's use a common form of behavioral biometrics - device-based gestures - as an example. Once a user has made an account, and verified their identity, behavioral analytics will run in the background whenever the user is active. Over time, these will gather the customer's historical behavior in regards to their keystroke dynamics, cursor movements, typing speed and other behavioral indicators. Of course, this will take a number of sessions to build up a solid profile. Behavioral analytics comes from looking at the most repeated actions.

Other forms of behavioral biometrics follow similar patterns. Physical operations will deploy cameras and sensors powered by facial recognition, machine learning and advanced biometric technologies for the likes of the aforementioned gait analysis, in order to build up their own profiles and authenticate identity in a similar way.

When do Behavioral Biometrics Indicate and Respond to Identity Theft?

With an historical profile built up, how does such a system recognize potential identity theft? In short, behavioral biometric authentication runs in the background, and compares the differences of the current session and the previous historical data.

The differences in this online behavior can be measured and assigned a risk score. Naturally, bigger divergences in known behavior can represent a greater risk of identity fraud. Companies can further set their security measures to automate certain procedures for people of certain risk scores or combined actions.

behavioral biometrics 6

This way, minor differences are still verified without grossly impacting the customer experience.

For example, if a user logs in from a new mobile device, an additional verification step, such as email authentication, can be used to determine that the user's device has simply changed.  On the other hand, if they log in from a new time zone and country, or their behavioral biometrics indicate a significant risk factor, the company may wish to contact the user through other means.

Similarly, the most high risk situations require the most secure methods. A high risk means the current session strays very far from typical online behavior and so, to prevent further data breaches or fraud, the account may be suspended or at least frozen.

How Secure Is Behavioral Biometric Authentication?

Behavioral biometric authentication has a number of key benefits that make it essential for modern security.

The biggest benefit for digital fingerprints is that they cover data that is hard to steal. Most stolen data covers the likes of usernames, passwords and other information that is either true or false: if the data matches, the fraudster is in.

Behavioral biometrics, on the other hand, are much harder to steal or spoof, and significantly harder to replicate. The fact that they consist of many more data points than a single password or email address only adds to this complication, in turn making accounts protected by behavioral biometrics authentication a stronger deterrence.

Because risk scores, and the subsequent actions undertaken, can not only be automated, but adjusted to a company's individual needs, makes behavioral biometrics one of the most adaptive authentication tools in a modern company's arsenal. They're an ideal form of passive technology, fully automated as required and working 24/7 without damaging the customer experience in the frontend.

Of course, behavioral biometrics work best alongside other security measures. This is especially true for processes where users are creating accounts. Here, other means are needed to authenticate users, as the required historical data has not been collected at this point.

ATO Course Banner

How we do Behavioural Biometrics at Nethone

Our Know Your Users approach also involves watching out for those fraudster tactics and reverse-engineering them. Our fraud intelligence experts infiltrate the dark web to learn what new methods cybercriminals are working on or applying in this context, so while they're trying to spoof behavioral biometrics, we're one step ahead, knowing exactly what they're up to.

Behavioral biometrics, context network and AI

behavioral biometrics 7Wrapping things up, behavioral biometrics powered by AI, increases the precision of identity theft detection, including in instances where fraudsters are using Remote Access Tools (RATs), shady VPNs, or other fraud tools used to mask their identity or manipulate other data attributes from network. Combining the unique user behavior with the context network, this dyanimc duo can detect even the slightest anomaly when users log into their account. And the best part? It all happens passively in the background, with no harm to UX.


What is a behavioral biometric, with an example?

A behavioral biometric is a parameter or other micropattern that is near-unique to a given user, based on an analyse of historical data. For example, how a user types includes numerous frequent keystroke combinations, as well as their overall timing and speed, that can be used to verify a customer's identity.

What is the most commonly used type of behavioral biometrics?

The most common behavioral biometrics are based on a user's physical input. This includes how they type, how they use their mouse and/or mobile device. The way in which they navigate or type provides numerous micropatterns that can be analyzed. There are often paired with a user's digital fingerprint - where they are logging in from and on which specific device - to build known patterns and behaviors.

What are the instances of behavioral biometrics?

There are many use cases and instances of behavioral biometrics in business. They are most commonly used to provide account takeover protection. Such instances are most commonly applied during payments, so they are most active on ecommerce stores, mobile banking apps, social media platforms and more.

What are physical vs behavioral biometrics?

While both are useful, we can separate behavioral biometrics and physical biometrics by the data being recorded. Behavioral biometrics analyze parameters that result due to a user's physical actions. This includes their keystrokes, navigational patterns, cursor movements and more. Physical biometrics, on the other hand, relate to direct physiological biometrics and features, such as retinas and fingerprints.

Why are behavioral biometrics important?

Behavioral biometrics are important because they monitor and measure data points that are significantly more difficult, if not impossible, for potential fraudsters to detect. While passwords and other authentication measures only block or allow access, behavioral analytics considers the users behavior from start to finish, providing a greater chance for fraudsters to be detected and further limit any potential damage.

What are the ethical issues in behavioral biometrics?

Due to their nature in data collection, there are some ethical issues associated with behavioral biometrics in regards to security and privacy. The main criticisms stem from the fact that behavioral biometrics collect data unique to each individual, which some may regard as an invasion of privacy. Many others, however, argue that the convenience of behavioral biometric authentication as a passive technology makes such concerns a fair trade in comparison to more abrupt active technology.

In more extreme cases, some argue that the nature of biometric technologies designed to capture such data, may lead to subsequent technologies designed to replicate the behavior at an advanced enough level to trick the original systems.

What is an example of behavioral data?

Keystroke dynamics are a common example of behavioral data. It consists of data regarding the speed, efficiency and frequency in which individual users log keystrokes. With enough historical data, this creates a pattern generated by the users own behavior, which is in turn unique to them and can be used to mark them as a legitimate user of their own account.

What are the benefits of behavioral biometrics?

The main advantages of behavioral biometrics are that it runs automatically, is unique to each individual user and expands as more historical data is generated. All of this makes it very hard to bypass, giving user accounts an extra layer of protection against identity theft and account takeover fraud.

What is behavioral biometrics for continuous authentication?

Behavioral biometric authentication occurs in the background of services and remains active doing an entire session. Unlike other protective layers, such as passwords, this continuous authentication continues to monitor and authenticate users throughout their session.

What are behavioral biometrics in banking?

In banking and other financial institutions, behavioral biometrics authentication is used as an automated and scalable way to assess the risk of a potential fraudulent account. Behavioral biometrics track the behavior of each user on banking websites, apps and other digital services, gaining a unique understanding of each person. When new behavior strays too far from the historical prediction, banks can implement a number of automatic strategies to limit identity fraud.

This is often combined with digital fingerprint - the location of the user, the device they use and other physical metrics - to authenticate identity at a granular, individual level. Together, they are common elements in both typical desktop access, mobile banking and even card payments.

What are some potential benefits of using behavioral biometrics authentication?

Due to the vast possible data points, biometrics are incredibly hard, if not impossible, for identity thieves to replicate successfully. As a passive form of technology, behavioral biometrics can also run continuously in the background, monitoring for threats even when other means, such as passwords, have been bypassed. What's more, their passive nature doesn't require input from the user, and neither does it impact the overall experience or usability of online services. All of these make biometrics are very scalable and adapting solution.

Fundusze europejskie

It's time to stop account takeover fraud

It's time to stop account takeover fraud

Would you like to learn more about behavioral biometrics authentication can help your business effectively stamp out fraud without causing online friction? Let us show you how.

Go to pricing