Invisible Biometrics Month: Biometrics Versus Malware

Behavioral Biometrics

Behavioral BiometricsWhile many biometric modalities focus on a single physical characteristic that can be measured and matched – be it a facial characteristic, fingerprint, the sound of your voice or even your heartbeat – behavioral biometrics are more elusive. The way that you interact with the world both online and off is characterized by a unique signature made up of human minutiae that some of the newest biometric technologies can now capture.

Behavioral biometrics solutions, also categorized as behavioral analytics, can offer persistent and frictionless authentication. Online and via mobile device, solutions like those offered by authentication and anti-fraud company BioCatch monitor a user’s behavior and compare it to a comprehensive psychological profile. BioCatch Mobile, for instance, accounts for things like right or left handedness, device preference, hand tremors, press size and hand-eye coordination.

As mobility continues to gain traction as the online access point of choice for users around the world, behavioral biometrics are poised to greatly benefit from the myriad sensors that can measure the various ways we interface with our devices. New innovations like touch screen gesture recognition and Apple’s force-touch expand the micro-characteristics that can be used to authenticate users, and metrics like walking gait have been on the minds of innovators for years; a keynote at the 2013 iteration of Biometrics UnPlugged suggested that it be employed as logical access control for handsets.

While behavioral biometrics have plenty to offer in user authentication, they also have a second function in the online space: they can weed out malware.

Man Versus Machine

Man Versus MachineMalware is a major vehicle for financial fraud and behavioral biometrics can be deployed to detect non-humans attempting this online crime. Generally, these attempts at cybercrime are met with hugely inconvenient tests of human sentience. Captcha images are the most common of these, presenting users with an image of text that must be entered into a text field before creating an account. Other old-style two step solutions for human detection involve the typing of a spoken phrase or having a one-time password sent to a mobile device and then entered.

In this scenario it’s easy to identify the demand for a frictionless situation. In the same way that passive voiceprint biometrics are replacing cumbersome security questions in call center operations, behavioral biometrics are breaking down barriers for online services.

Threat detection solutions like those offered by behavioral analytics company NuData Security and, again, BioCatch, have proven incredibly adept at recognizing non-human behavioral profiles. BioCatch has even gone as far to visualize the profiles of certain malwares and offer them as art in a clever marketing campaign.

As the technology to detect non-humans evolves alongside that of actual behavioral authentication, what we are beginning to see is a robust biometric offering that has built-in liveness detection. A website that has behavioral user authentication running in the background that is also able to detect human-impersonating bots can potentially offer visitors an optimal experience in terms of convenience.

Just Be Yourself

DeathtoStock_Wired8The emergence of behavioral biometrics as a viable mode of authentication is both exciting and affirming of the base concept of identity. The implication that all of our quotidian gestures, when combined, paint a snowflake-like picture of who we are is empowering for those of us who enjoy our autonomy. In the age of social media, that counts as just about everybody.

Beyond the realm of online activity and mobile access control, the concept of behavioral biometrics is being applied to large scale disaster response programs, thanks to technology like NEC’s behavioral system being employed in Tokyo. Additionally, as the mobile ecosystem expands with consumer wearable tech, and behavioral sensors proliferate as a result, the systems can become increasingly robust.

What’s more, behavioral biometrics can obviously be integrated into a larger mutli-factor system, providing an invisible foundation than can scale up security as dictated by whether or not the user is behaving like herself. Imagine a system that is frictionless when it recognizes you, but upon detecting anomalies requests your fingerprint, face or voice for good measure. You would not be the first.

The advent of behavioral biometrics is an excellent example of the golden age of innovation that consumer biometrics tech has entered. As the need for greater convenience and security spurs innovation, the inventive minds in the identity management industry are discovering new ways that we are all unique, and how to prove it to the world. With invisible biometrics, it’s beginning to become apparent that the key to standing out is to just be yourself.


Stay with FindBiometrics throughout the rest of July as we continue to delve deeper into the world of invisible biometrics. Join in the conversation by following us on Twitter and using the hashtag #FBinvisible.

July 15, 2015 – by Peter B. Counter