Share this post

Biometrics has become a bit of a buzzword in the banking industry, yet for the general public, it’s often associated with science fiction, summoning up a vision of the future. Many people don’t make the link between biometrics and everyday practices in 2020, such as unlocking their phone using a fingerprint or face.

In this blog we’ll debunk the myths of biometrics, laying out the clear differences between physical and behavioral biometrics. We’ll also demonstrate how this technology already plays a vital role in the fight against bank fraud, by invisibly protecting people throughout the world each and every day.


What is physical biometrics?

Physical biometrics refers to physiological features on the human body that can serve as identification, such as a fingerprint or retina scan. Companies often collect and store physical biometric data in order to authenticate identities for all sorts of uses, security being the most obvious. Physical biometric identification can also have other use cases where facial recognition is used to identify high-rollers in a casino to improve their customer experience.


What is behavioral biometrics?

Behavioral biometrics refers to any pattern of behavior that is specific to the user, such as the rhythm and cadence with which they usually type on their computer keyboard.

Software deploying behavioral biometrics, for example, to help with online fraud prevention, can quickly adapt to the way a user utilizes a human-computer interaction device such as, how fast they press specific keys on a keyboard, how they use a mouse, or how they swipe the screen or hold a mobile device.

What is the difference between using physical and behavioral biometrics when authenticating users?

Physical biometrics can definitely improve security in certain circumstances. It requires input from specific sensors depending on the trait is being measured. Most techniques are used to verify that a person is physically present and alive.

Biometric features can also be stored in premises security systems and can help verify authorized personal operating in highly secure areas of a facility. This technology provides a convenient and efficient way of using physical traits for identification.

However, using physical biometrics has its downsides related to the nature of physical traits. Once some of the physical features are revealed they can be reused in the online world multiple times by bad actors.

Additionally, many biometric methods can be captured and re-used. For example, voice recordings can be fairly easily used to circumnavigate authentication challenges leveraging speech recognition software. Fingerprints can be captured and printed. Photos or videos can be used to spoof the identity of actual users in some cases.


ALL of these methods vary by the impact on user experience and their accuracy. Each adding an extra layer of security, such as using your fingerprint to access your online banking app on your phone. But they are only truly effective as part of multi-factor authentication – when they are implemented alongside other security measures.

Behavioral biometrics, on the other hand, checks for patterns of behavior that are virtually impossible to spoof.

Behavioral biometrics applications can analyze the way we interact with things in the world around us, such as how we type or swipe on a phone, and they can be considered tolerant of changes in individual patterns of behavior.

When Deep Learning Technology is employed to analyze behavioral biometrics it can learn to factor in minor behavioral changes and adapt to the changes in user behavior.

In other words, behavioral biometrics aggregates hundreds of human and interaction signals to create a kind of cyber BionicID for each authentic user that can evolve over time. Characteristic patterns of behavior that are very difficult to duplicate or reuse.

Two of the biggest banking fraud threats behavioral biometrics can help prevent are identity theft and account takeover. Threats that allow a bad actor to take control of an online banking account, or of a session after the legitimate account holder has logged on.

Banks using behavioral biometrics can spot sudden changes in user behavior and can take remedial action, for example, by asking the user to re-authenticate their ID, by terminating the session, or even by suspending the account.


Behavioral biometrics offers the most comprehensive security for online banking fraud

The frequency, scale, and increasing sophistication of fraud attacks means banks cannot rely on authentication methods based only on static elements that can be stolen, traded, or sold.

Deploying behavioral biometrics within an anti-fraud solution delivers a transparent user experience that is a friendly, fast, and accurate way to counteract online banking fraud. Behavioral biometrics solutions can analyze thousands of parameters surrounding the user’s behavior during an entire online banking session, ensuring their account has not been taken over by a bad actor or isn’t being manipulated in any way.

Behavioral biometrics delivers continual user authentication and is a powerful defense against online bank fraud and should be a necessary complement to one-time authentication techniques such as physical biometrics, passwords, and PINs.


Behavioral biometrics aid PSD2 compliance

Strong Customer Authentication (SCA) is a requirement set out under the Second Payment Services Directive (PSD2), where at least two of the following are used to authenticate a user: something the user knows, such as a password, something the user has, such as a device, and something a user is, such as their biometrics. This is where behavioral biometrics comes in extremely useful.

Collecting information around a user’s behavioral biometrics to build online profiles is completely non-invasive to the user, who wouldn’t need to enter or provide any additional information to the website or app they are using.

This means one of the two factors of authentication required by SCA can be authenticating the user invisibly and throughout the entire online banking session, whilst simultaneously gathering further information to protect the user even more effectively in the future.

Layering authentication methods remains the surest way to prevent online banking fraud and keep users safe.

Therefore, the decision banks have to make is how to choose methods that satisfy all of the following: cause the least unnecessary friction for legitimate customers, reduce risk, are sensitive to privacy concerns, comply with regulation, and all whilst making fraudster reuse of customer information nearly impossible.

A complex web of issues, to which behavioral biometrics has the comprehensive answer.

Please check out this webinar if you are interested in going deeper into the subject.



Behavioral Vs Physical Biometrics: the ultimate showdown in digital banking

Biometrics has become a buzzword in the banking industry, as it has the potential to make authentication faster, easier and more secure than traditional passwords. Biometrics are either physical or behavioral human characteristics that can be used to digitally identify a person to grant access to online banking.

Physical biometrics refers to physiological features on the human body, such as a fingerprint or retina scan, while behavioral biometrics analyzes parameters such as a user’s keystrokes when typing, navigational patterns, screen pressure, typing speed, mouse or mobile movements, gyroscope position and more.

In this webinar we will see how using behavioral biometrics for authentication makes things easier for users, as it removes the need for any active response. Behavioral traits can be captured in the background, whilst not needing any specific hardware to be installed to guarantee that the users are who they claim to be.

Don’t miss this webinar and learn how behavioral biometrics joined with deep learning technology is the best solution for the prevention of online banking fraud.

More To Explore


Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?