In a continuation of the behavior-based, cognitive biometrics trend, a new approach to verifying “individualism” has hit the market.
It’s a well-known fact that biometric sensors can be fooled—animated gifs have gotten past facial recognition, and latex facsimiles have sailed through fingerprint scanners. TeleSign Behavior ID aims to use a multi-layered approach to create a picture of a person that can’t be replicated. It collects and evaluates a complex mix of mouse dynamics, keystrokes, graphical user interface (GUI) interaction and advanced behavioral algorithms to establish a unique user profile.
The purpose of the product is to thwart account takeover attempts, even if a hacker is in possession of a user's correct account credentials. Account takeover (ATO) occurs when unauthorized access is gained to a web or mobile end-user account often due to stolen credentials, weak passwords or bot-based attacks. The opportunity for fraud from ATO is especially significant, considering the average consumer has 24 online accounts protected by reused passwords. And with the recent increase in data breaches resulting in stolen account credentials proliferating across the black market, account takeover has quickly become one of the most prevalent types of cybercrime and every online account is susceptible, from banking and email accounts to social media and retail accounts.
“Assessing the legitimacy of an identity claim remains one of the top digital business and fraud challenges organizations face today,” said Avivah Litan, vice president and distinguished analyst at Gartner, in a recent research note.
Accordingly, Behavior ID brings its profiles to bear on online accounts or mobile applications. It delivers a ‘similarity score’ based on the behavioral biometric traits that are collected from initial account creation through ongoing access and usage of an account. This profile is then used to calculate a similarity ratio between the user's current behavior and the historical, expected behavior, thus streamlining the user experience for known good users, while providing the basis for challenging potentially bad or fraudulent users with re-verification, or two-factor authentication.
“With Behavior ID, our customers can immediately increase the level of identity assurance for every user account they have, without adding friction,” said Steve Jillings, CEO at TeleSign. “The power of Behavior ID is its ability to adapt to the user, transparently producing a digital fingerprint from a user's behavior to confirm their identity and develop an ongoing authentication without requiring the consumer to do anything. Best of all, these unique biometric patterns are extremely accurate, from the way we move our hand on a mobile device screen or with a mouse, it is virtually impossible to precisely imitate another person's behavior.”
Photo © Chekman