Strategic Payments Platforms and Infrastructure
March 13, 2025
Behavioral biometric technology is a highly accurate authentication technology that can identify users based on their behavior patterns.
It identifies unique, individual characteristics in how people type and interact with their mobile device or computer, instead of other common technologies that identify users based on their physical attributes (fingerprints, facial recognition), what they have (key fobs or phones), or what they know (passwords or out-of-wallet questions).
Digital IDs rooted in behavioral biometrics are as unique to a person as fingerprints. They can quickly and accurately verify the identity of a user from one session to the next and continuously verify the identity during a single session.
Any anomalies detected in the user’s behavior at any point in their online session can signal that someone else is impersonating them and that there is a security breach or attempted fraud.
Physical biometrics relates to a person’s biology, parts of the human body that can serve as an identifier – such as a fingerprint or retina scan. While behavioral biometrics refers to a person’s unique pattern of behavior – such as the rhythm and cadence with which they usually type on their computer keyboard or the way they move the mouse.
We encounter physical biometric analysis for security purposes more often than we think, for example, when we unlock our mobile phones with a touch or go through an e-passport gate after looking into a camera.
However, behavioral biometrics is a comparatively newer technology gaining ground in online banking fraud prevention. Its power lies in authenticating genuine users – without requiring additional steps that add friction to the process – and spotting fraudsters who return to a bank’s system.
Examples of behavioral biometrics authentication include:
| Keystroke Dynamics | Typing patterns that include a combination of keystroke speed, keystroke duration, variations in these for particular key sequences, and characteristic patterns that occur when typing common groups of keystrokes. |
| Touchscreen Swipes / Mobile Interactions | Unique ways users swipe, tap, pinch-zoom, type, or apply pressure on the touch screens of mobile devices like tablets and phones. |
| Cursor Movements | Unique patterns in mouse or trackpad cursor movement, including paths, tracking speed, direction changes, and clicks. |
| Handling | The way an individual holds or handles a mobile device provides another unique behavioral biometric factor. |
The fundamental building block of a BionicID™ is behavioral biometrics. Revelock collects thousands of non-PII parameters starting with behavioral biometrics – how a user handles a device – and layers on behavioral analytics – when from where and what the user accesses as well as which device and network and all the associated data about that device and network that is used to access a protected website or mobile application server.
Revelock takes a unique approach to verify users at every point in the customer journey by continually asking the question, “are you really you?”.
Other behavioral biometrics companies compare users against a database of known bad, or segments of good actors, trying to answer the question “do you look like a bad or good actor?”. This approach can be effective. Still, in many cases, it is not granular enough.
Moreover, it does not provide complete coverage – leaving open the possibility that sophisticated bad actors will slip through early on in a new account signup process or at other points in the user journey.
The “do you look like a bad actor?” method of determining legitimate users vs. bad actors does not work in scenarios where insiders – people who have verified identities and are not part of the larger universe of cybercriminals – attempt unauthorized access to bank accounts.
Revelock BionicIDs™ are based on full user context and built to recognize every single user. They are established quickly and can start answering the question “are you really you?” accurately, in just a couple of interactions.
 |
|
| Revelock’s BionicID is a “cyber-DNA” or a digital fingerprint, built using thousands of parameters about the user’s context, based on behavioral biometrics, behavioral analytics and device profiling, network data, geolocation, malware patterns, and other threat intel data.
As a result, it recognizes the real person behind each user in as little as two interactions, with a 99.2% accuracy in just milliseconds! |
BionicID™ data collection and analysis is the foundational technology in Revelock’s multi-channel fraud prevention solution. Revelock’s Fraud Detection & Response Platform is unique. It does not just detect anomalies, score risks and raise alerts; it also empowers fraud teams to simply configure the system to handle a number of fraud cases automatically.
This active defense approach protects users without them even knowing about threats, reduces call center costs, and reduces the burden on fraud analysts. In addition, it frees fraud teams from handling routine alerts and instead uses Revelock Hunter to investigate more complex cases.
With Revelock, analysts can take a pre-emptive defense approach, take down bad actors and mule accounts and stop fraud before it happens.
Unlike other behavioral biometrics vendor’s solutions that classify users as “good” or “bad,” Revelock takes a different approach. Since most online users are legitimate, Revelock asks, “are you really you?” at every interaction, using a hybrid AI system that utilizes Deep learning algorithms under expert supervision.
These per-user models compare users to themselves and take less time to train, leaving a shorter window of fraud vulnerability when a user starts interacting with the system and is verified. The system also continuously scores risk based on population-based models and bad actor models. If we detect an anomaly, we immediately spring into action and take defensive measures.
This approach eliminates misidentification. And it reduces both false positive alerts and false negatives that miss signals of actual fraudulent activity. We minimize identification times by assigning all incoming events to the best AI / ML analytics module for the task.
These models are continually updated with the latest knowledge of adversary tactics, techniques, and procedures so you can stay ahead of the rapidly evolving threat landscape.
To learn more about how BionicIDs stop Impersonation and Manipulation attacks read the blog “Using BionicIDs to stop Impersonation and Manipulation attacks?”.
See for yourself how Revelock works. Get in touch or Request a Demo and we’ll get you connected with one of our experts!
The Payments Association
St Clement’s House
27 Clements Lane
London EC4N 7AE
© Copyright 2024 The Payments Association. All Rights Reserved. The Payments Association is the trading name of Emerging Payments Ventures Limited.
Emerging Ventures Limited t/a The Payments Association; Registered in England and Wales, Company Number 06672728; VAT no. 938829859; Registered office address St. Clement’s House, 27 Clements Lane, London, England, EC4N 7AE.
Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.
We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.
Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.
Please click the button below which relates to the issue you’re having.
Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association
Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.
For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.
The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.
Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.
Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.
For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.
