Why your business needs behavioural biometrics for fraud protection

Published August 2024

Written by Yaro Zozulya

Yaro is responsible for managing our identity and fraud innovation portfolio, as well as coordinating engineering and data science teams to deliver critical innovation initiatives that use advanced analytics, cutting edge technology and new data sources.

Biometric authentication has become a powerful tool in the fight against fraud

By using unique characteristics like fingerprints and voice patterns, businesses can verify customers in a way that’s much harder for criminals to mimic. This trend has been fueled by new regulations that hold businesses responsible for compensating victims of authorised push payment (APP) fraud, making secure authentication more important than ever.

This blog explores the latest trends in trust in biometrics and how businesses can use a multi-layered approach in the fight against fraud.

Skip to section...

Biometric authentication has been one of the big fraud prevention success stories of recent years. Because the unique personal characteristics of an individual are hard for criminals to replicate, businesses are increasingly using breakthrough technologies such as fingerprint scanning and voice recognition to identify customers online alongside, or instead of, passwords and one-time PIN codes.

Increased take-up of the technology has been driven largely by the Payment System Regulator’s new rules requiring businesses to compensate victims of authorised push payment (APP) fraud.

Thumbnail of front cover of the UK Fraud and Fincrime Report

Our latest research reveals how challenges in fraud and financial crime are evolving and how businesses are keeping pace Let's go

Our research shows that consumers have high levels of trust in the authentication method, while banks, retailers and other businesses generally see it as a secure way to give customers fast and frictionless access to online experiences.

However, while businesses have actively embraced ‘physical’ biometrics – verifying customers by physical features such as face, fingerprint, iris or voice – our research shows that the uptake of ‘behavioural’ biometrics has been much slower. This authentication method pieces together a picture of customers by their signature behaviours and flags anomalies in patterns such as typing speed, mouse movement, mobile touch pressure, scrolling and swiping, hesitation, device orientation, autofill and more.

For the Experian UK Fraud and Fincrime Report 2024, our survey of more than 200 UK businesses found that only a quarter – and only 22% of retail banks – are using behavioural biometrics to detect and protect against fraud. This is despite the fact that 79% are “extremely” or “very” confident in it as an anti-fraud solution – rising to 84% among businesses that are already using it.

And while physical biometrics topped the list of intended areas of investment related to customer authentication for businesses this year – with 34% planning to invest – only 21% of respondents told us they intended to invest further in behavioural biometrics.

“These are striking findings,” said Yaro Zozulya. “While physical biometrics can be highly effective as part of a multi-layered anti-fraud strategy, it’s not a fool-proof defence, especially in an era of rapidly evolving artificial intelligence technologies. We have seen recent cases of fraudsters using deepfakes to trick physical biometric scanners, even those with liveness detection tests. Whereas in the past they might have done this by holding up an image or mask to a camera, it is now possible for them to ‘inject’ highly convincing deepfake video footage directly into a captured device, using widely available and affordable software.”

AI voice cloning is another growing threat, and there have been cases of audio deepfakes circumventing voice recognition systems operated by major firms and even government bodies. Against this backdrop, the answer for fraud teams is a stratified defence that combines multiple authentication technologies, including behavioural biometrics.

Yaro Zozulya, Innovation Director, Experian UK&I

As well as polling businesses for this year’s report, we surveyed more than 2,000 UK consumers about their online interactions and expectations with regards to security and customer experience.

We found that fewer than a third of consumers are aware of behavioural biometrics – which is unsurprising given that it is a non-intrusive technology that operates passively in the background without requiring users to engage with it. However, one interesting finding was that consumers from high-income households expressed much higher-than-average feelings of security about behavioural biometrics, rating it higher even than PIN codes or security questions.

“This may well be because people on higher incomes have greater access to the latest tech,” said Yaro. “It means they are more likely to knowingly come across this customer authentication method than people from other groups. All the same, this finding is a strong indication that introducing behavioural biometrics and spreading awareness of this technique could be an effective way for businesses to restore the trust of consumers who are nervous about conducting activities online, especially given the number of media reports about malicious uses of AI.”

Benefits of behavioural biometrics

Behavioural biometrics prove particularly effective at the account opening stage. The technology can detect identity impersonation attempts where personally identifiable information (PII) is being copied from a database to register accounts on a victim’s behalf, for example by picking up how the person is typing their name and address.

Disrupting mule networks is another strong use case for the technology’s capabilities. By integrating behavioural biometrics into onboarding controls along with geolocation and device profiling, firms can more quickly identify and prevent mule account creation at the earliest stages.

The other main benefits of behavioural biometrics are:

Continuous authentication

Unlike traditional methods, behavioural biometrics provide continuous authentication by monitoring user behaviour patterns throughout the session.

Real-time detection

The technology identifies and flags suspicious activities in real time by detecting deviations from established user behaviour patterns. It can detect account takeovers, session hijacking and other sophisticated fraud attempts as they are happening, for example.

Reduced friction for the consumer

Behavioural biometrics operate in the background without requiring additional actions from users, ensuring a seamless and unobtrusive experience. This helps reduce the need for frequent multi-factor authentication prompts, enhancing user convenience while maintaining security.

Learning capability

The technology continuously learns and adapts to changes in user behaviour, improving accuracy and reducing false positives over time.

Scalability

Behavioural biometrics can be implemented across various platforms and devices, making it a versatile and scalable solution for businesses of all sizes.

Limitations of behavioural biometrics

There are also drawbacks and limitations in the technology to consider.

Collecting and storing behavioural data may raise privacy concerns among users, necessitating robust data protection measures and clear privacy policies. Businesses need to ensure compliance with data protection regulations such as GDPR to avoid legal issues.

Behavioural biometric systems also require ongoing monitoring and fine-tuning to ensure they remain accurate and effective. And striking the right balance between security and user convenience can be challenging, as overly sensitive systems may lead to false positives, frustrating legitimate users.

In summary

Yaro said: “While not a standalone solution, behavioural biometrics can be a valuable addition to a business’s fraud protection strategy when used alongside other authentication methods such as physical biometrics, multifactor authentication, device intelligence and device-in-hand solutions that use one-time passcodes or push notifications.”

“The technology is discreet and unobtrusive, allowing customers to enjoy a more seamless online experience and potentially preventing them from abandoning account openings or online purchases.”

“Due to the inconspicuous nature of behavioural biometrics, we would recommend that businesses investing in this authentication method also invest in building customer education and awareness about its presence and benefits. That way, as well as significantly enhancing their overall security posture, they can build and maintain the trust of their customers in a rapidly evolving digital environment.”

How can we help?

Experian’s CrossCore platform can help you bring together a range of fraud prevention, ID verification and authentication solutions to drive security and customer experience KPIs.

Visit our website to discover more or get in touch to discuss your specific requirements.