Thales is trying to highlight the many advantages of behavioral biometrics, arguing that the technology has the potential to revolutionize cybersecurity in the next few years. In that regard, the company compared cybersecurity to an iceberg, in the sense that the parts that are visible above the surface are far less impressive than the ones hidden beneath it.
As it relates to cybersecurity, the visible elements are the various forms of multi-factor authentication that are used to protect digital accounts, which covers everything from passwords to one-time biometric authenticators like fingerprint and facial recognition. Some of those factors are more effective than others, but they are all quite visible in the sense that both fraudsters and legitimate customers are both aware when such measures have been put in place. As a result, cybercriminals have the opportunity to anticipate and avoid them, a fact that makes them vulnerable when they are implemented as the sole security option.
Behavioral biometrics, on the other hand, represents the hidden portion of the iceberg. Once deployed, such systems run passively in the background, gathering information about a user’s behavioral patterns to generate a risk score for each interaction. Since a fraudster does not know that the system is there, it is virtually impossible for them to avoid all of the potential security traps to commit fraud without triggering a more aggressive anti-fraud response.
That remains true even if the fraudster knows that an organization is using behavioral biometrics. Cybercriminals may be aware of the system, but they do not know exactly what metrics are being used to generate the risk score, nor will they have access to the profiles of individual users, and those extra hidden elements still make it hard to spoof the system.
If the system does spot suspicious activity, it can initiate a step-up authentication request, or prevent someone from taking any further action until the problem has been resolved. For its part, Thales stressed that behavioral biometrics solutions need to be built with respect for user privacy, since they become far less effective as a security tool if the behavioral data is mined for other purposes and ends up in the open.
May 11, 2021 – by Eric Weiss