A recently released market research report shows
the market for machine learning growing at a rapid 44.1% compounded annual growth rate over the next five years, driven largely by the financial services sector, where big data can yield critical and actionable business insights.
In the world of behavioral biometrics, machine learning, deep learning and artificial intelligence are all hand-in-glove. Behavioral biometrics identifies people by how they interact with devices and online applications. As opposed to something that someone has like a device, token or a static attribute like a fingerprint or a name, behavioral biometrics is a dynamic modality that is completely passive and works in the background, making it impossible to copy or steal. Today"s behavioral biometric technologies can capture more than 2,000 parameters from a mobile device
, including the way a person holds the phone, scrolls, toggles between fields, the pressure they use when they type and how they respond to different stimuli that are presented in online applications. Behavioral biometrics is used primarily for preventing the use of stolen or synthetic identities in applying for credit online and in preventing account takeovers once a user is logged into a session. (Side note: Most of the fraud today occurs inside authenticated sessions.)
Data scientists have discovered an interesting fact: People work in very unpredictable ways. There is no magical or fixed set of behavioral parameters that are used consistently to tell people apart. There is also no generic model that everyone can be measured against, generating results that are accurate enough both on the false positive side, which is critical for preventing fraud and identity theft -- and on the false negative side, which is important to maintaining an optimal user experience. This approach is known as individual feature selection. It makes behavioral biometrics dramatically more malleable over the long term and across different applications and use cases because it means there is no underlying assumption in advance as to which parameters are good for each person. Instead, the optimal set for that user is selected.
Static Vs. Dynamic Biometrics
Physical biometrics -- like face, finger and iris technologies -- are mostly based on a static approach of measuring points captured in fixed images. As stated above, behavioral biometrics is governed by a dynamic approach that's driven by artificial intelligence. The amalgamation and processing of extremely large data sets are possible due to advances in the fields of data science, which in turn drives machine learning and, more recently, deep learning.
Continuous authentication on mobile devices is a good example of this dynamic approach. Using four primary device sensors (touch, accelerometer, gyroscope and orientation), hundreds or even thousands of behavioral patterns can be used to continuously authenticate users. These parameters include tap duration, swipe speed, fingerprint area, session duration and device acceleration. Profiles are built to determine the user behavior against the entire population set, which can change over time. Machine learning makes it possible to drive the decision making processes that are required to support the vast number of parameters and data sets that are analyzed.
Machine learning is used in all facets of behavioral biometrics. It"s able to learn from human behavior and continuously improve user profiles that can be used to validate sessions or transactions. Let"s take keystrokes as an example. Behavioral biometrics looks at type speed and what fingers are used to type and in 10 minutes can build a strong enough profile with which to validate a user for, say, a bank transfer. However, as time goes on and a person uses the device more, by definition, their behavior adapts and changes. Machine learning helps to break through the clutter of the various signals and find the consistencies in the behavioral patterns over time, even with the changes.
Upending The Authentication Paradigm With Behavioral Biometrics And AI
A lot has been written about the shortcomings of traditional authentication processes
. Most of the fraud today comes from either initial accounts that are created using stolen or synthetic identities or within authenticated sessions, meaning the legitimate user logged in, but through malware, social engineering, bots or other types of remote access attacks, there is an account takeover after the login.
This is where behavioral biometrics comes in thanks to its ability to provide passive, frictionless, continuous authentication. In fact, according to the Mercator Advisory Group
, "Behavioral biometrics will restructure the authentication landscape in the next five to eight years."
Initially, AI-driven behavioral biometrics was used primarily for account takeover fraud prevention in the financial services sector. More recently, as stated above, the application of the technology has expanded to identity proofing to provide a new dimension for checking the validity of online applications in light of the massive data breaches and to enable risk-based authentication in payment apps. Advances in AI knowledge will continue to drive even more capabilities of this technology, and with continued adoption and scale will come further refinement in the approach.