Online banking fraud’s severity and frequency continuously increase, causing staggering financial losses each year. Now that artificial intelligence is in hackers’ hands, traditional security measures aren’t cutting it. Can behavioral biometrics protect online bankers like you?
What are behavioral biometrics?
Behavioral biometrics uses machine learning (ML) technology to analyze your physical movements, online interactions, and thought patterns to determine whether your account activity is fraudulent or legitimate. It operates under the assumption that a fraudster will act differently than you usually do, tipping off your service provider so that your account may be compromised.
How does behavioral biometrics work?
Behavioral biometrics works because an AI analyzes everything you do in the background in real-time. Since it rapidly processes large amounts of information, it can handle multiple users simultaneously. It monitors whatever mouse, keyboard or touchscreen is used to access your account, tracking metrics to identify behavioral discrepancies.
The ML model can track speed, gestures, voice, orientation, and pressure. For example, it might know you use your right hand to swipe and your pointer finger to scroll. It builds a user profile, aggregating information on physical, digital, and cognitive patterns. This way, it has an up-to-date baseline it can reference to check for fraud.
While behavioral biometric algorithms’ specifics vary, they generally use some sort of scoring system that changes based on pre-determined factors. The lower the score, the more likely the person is someone other than you. Online banking services can follow up by asking security questions, contacting you directly or temporarily locking your account.
Why alternative biometrics are necessary
Frankly, online fraud is increasing in frequency and severity. The FBI’s Internet Crime Complaint Center received about 880,400 complaints in 2023, up from around 351,900 five years prior. Although you might think you’re safe, there’s no guarantee traditional security measures will be enough to stop bad actors.
The three types of authentication — something you have, know or are — can easily be bypassed by hackers. They can steal your security question answer and phish your one-time password. While traditional biometrics used to be safe, generative AI has changed things. Now, they can commit synthetic identity fraud with deepfakes and audio clips.
Other security measures are useless in some scenarios, too. For example, device theft and social engineering can make multi-factor authentication ineffective. This means whoever has access to your phone or banking app can then log into your account and withdraw funds.
Now that AI exists, standard account protections are no longer enough. For instance, while experts recommend using different passwords for each account and changing them every three months to prevent account takeover, you probably use your face ID or your fingerprint to autofill your passwords — and generative AI can deepfake those biometrics.
Common types of online banking fraud
Online banking fraud is common because there’s a lot of money in it — and bypassing traditional security measures is becoming easier every day. According to the FTC, 46% of the reports the Consumer Sentinel Network received in 2020 were fraud-related, totaling $3.3 billion in losses.
Authorized push payment
Authorized push payment fraud involves a fraudster tricking you into approving a payment to them or their money mule. While they may pretend to be a legitimate company or person, standard phishing attacks are common.
Account takeover
A hacker can use brute force cyberattacks — where they try thousands of combinations until they correctly guess your password — to gain access to your online banking account. This way, they can withdraw or transfer money directly.
Identity theft
In an identity theft case, the fraudster uses phishing to trick you into revealing personally identifiable information like your name, birthdate, address and social security number. Alternatively, they use details leaked on the dark web. This way, they can access your online banking account by posing as you.
Account opening
Fraudsters can use stolen or leaked information to pretend to be you and sign up for a new bank account online. This way, they can take out loans, drive up debt or transfer money in your name — and you might not realize until you’re left with debt and a negative balance.
How behavioral biometrics reduce fraud
It’s no surprise behavioral biometrics is catching on. After all, AI’s market value in the banking sector will increase to $64 billion by 2030, up from $3.88 billion in 2020. That said, its main draw isn’t its worth — it’s its ability to consistently combat fraud.
1. Detecting fraudsters
An ML model recognizes minor inconsistencies, enabling it to catch fraudsters. For example, while it’s normal to hesitate when typing in a credit card number, you wouldn’t have to navigate away from the page and then use the copy-and-paste functions to spell your last name.
2. Difficult to mimic
Unlike facial recognition or fingerprinting, behavioral biometrics runs in the background constantly. A hacker would have to study your movements and subconscious habits for weeks and then perfectly replicate them to fool an ML model into thinking they’re you — which is practically impossible.
3. Detecting bots
Of course, bots don’t act like humans. Behavioral biometrics can detect whether one is accessing your account because it won’t swipe, click, type or tap like a human. Even something as simple as device orientation is telling — a bad actor may have dozens of phones sitting stationary on racks, tipping the AI off that a person isn’t using the device.
4. More convenient
You, like many people, probably dislike traditional security measures because they’re inconvenient and slow. For instance, 33% of people say they don’t use multi-factor authentication because it’s too annoying. You’re more likely to enable behavioral biometrics because it runs in the background — it’s convenient.
The bottom line of behavioral biometrics
While AI has its flaws — namely bias and a lack of transparency — it is a powerful tool in the right hands. If you use it to protect your online bank account from most, if not all, fraud attempts, your heightened security may be worth the occasional algorithmic hiccup.