How does buguroo’s behavioural biometrics help banks to comply with regulations?

Share this post

Banking customer loyalty is formed and maintained when financial institutions can guarantee cardholders two things – the highest level of security for their finances and a continued, frictionless customer experience.

Historically, the challenge for banks has been to reconcile these two. On the one hand, stepped-up security can often create roadblocks in legitimate customers’ journey, leaving many to abandon the bank in frustration.

On the other hand, overlooking safety leaves the door open to fraudsters to infiltrate the bank and carry out their operations from within the bank’s system undetected.

The internet is full of dark pockets where cybercriminals trade know-how, malware and stolen identity data, including banking credentials. This allows them to move from one target to the next, making profit as easily and elegantly as bees collect pollen from flower to flower.

To protect customers’ personal data and hard-earned money from fraud, newer, stricter regulations are coming into force around the world – and so the balancing act between security and experience becomes increasingly complicated. 

The good news for banks is that behavioral biometrics analysis technology is becoming pervasive within anti-fraud systems today to take the pain out of the equation. Here, we look at three ways financial institutions can leverage BionicIDs to block fraud and keep online experiences simple and smooth for legitimate end users.


GDPR and behavioral biometrics – what can’t be seen, can’t be stolen

Data leakages and impersonation attacks go hand in hand in the world of cybercrime as many of us use the same emails and even passwords across multiple services.

To force a tighter lid on the data individual organizations hold on past and present customers, the European Union’s General Data Protection Regulation (GDPR) requires organizations to demonstrate that their data subjects (people they store personal data on) have given their explicit consent to data processing and can ask for said data to be erased.

Since banks handle extremely sensitive personal information, it’s only reasonable that people demand the highest levels of data protection from them.


Behavioral biometric analysis complies with GDPR as it distrusts personal data by default and treats it as invisible.

Since personal information can be easily stolen, people can be impersonated and fraudsters can even hijack online banking sessions midway (account manipulation attack), these identifiers are ineffective for continuous fraud prevention.

Instead, buguroo’s technology continuously scans users’ ‘cyber DNA’, their BionicID, rooted in their unique behavioral biometric patterns – the way they swipe the screen, the speed at which they type and even the angle at which they hold their device.

The complex BionicIDs buguroo builds for users cannot be replicated, imitated, or stolen from its users.

buguroo undertakes non-intrusive checks during a customer’s online session without storing confidential or private user data, while providing banks with the guarantee that users are who they say they are.


PSD2: A smarter way of customer authentication

The EU’s Revised Directive on Payment Services (PSD2) aims to improve safety and customer protections. One of the ways it’s doing this is through Strong Customer Authentication (SCA) rules – the final implementation deadline of which is looming heavily over organizations, 31 December 2020.


Under the multi-factor authentication requirement of SCA, users must present at least two separate factors of authentication between three categories: possession (something the user has e.g. their device), knowledge (something the user knows e.g. a password or PIN) and inherence (something the user has e.g. behavioral biometrics).

While the SCA is a welcome development in the industry for consumer protection, setting up multiple hoops for cardholders to jump through can introduce friction into the process. And even so, two-factor authentication can leave surface area for fraudsters to hit.

For these measures to be really robust, security must be upheld throughout the entire online banking session. Static security checks at login or when a transaction takes place only tell banks that a seemingly legitimate customer is accessing their systems and approving a payment – not that the actual customer is still in control of their session.

buguroo’s behavioral biometric analysis technology, combined with deep learning, helps banks comply with PSD2 and SCA by continuously authenticating users and providing non-stop, passive fraud protection.

Since it works behind the scenes at all times, it actually reduces the number of authentication challenges customers are asked to complete and so improves the experience of genuine customers.


Additionally, PSD2 requires malware to be detected at the user end-point.

Banks can’t tell customers to install anti-virus software on their devices, but it isn’t easy to find an agentless solution that has the ability to detect unknown malware.

bugFraud can identify devices and online sessions infected with malware – both known and unknown – whether it’s code modifications or injections executed during a user session, or a malicious app or piece of software that cybercriminals installed on an unsuspecting user’s device.


Maintaining customer trust and safety

In addition to complying with regulation and maintaining customer trust and security through keeping customers and their money safe, initiatives like the UK’s Contingent Reimbursement Model also mean that it is becoming increasingly common for banks to be liable for losses due to fraud.

In fact, this trend means that if banks don’t admit responsibility for fraud – whether technically at fault or not – customer trust will be diminished regardless. Although banks want to offer a frictionless experience, security has to be a priority too.


Behavioral biometrics helps banks do both – authenticating users in the quickest and most unobtrusive way possible and thereby keeping customers safe from fraud attacks without adding hurdles.


More To Explore


Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?