"Smarter" authentication has arrived - with behavioural biometrics
"Smarter" authentication has arrived - with behavioural biometrics

In today's world, we are inundated by “smart” things - from smart appliances and smart TVs to smart devices like Amazon's Echo and its personal assistant, Alexa. For product companies that want to enhance customers' digital experience, these Internet integrated devices are a boon to their bottom line, but when it comes to the stuff that really matters (like keeping your private information private), we still have some way to go.

Security is undoubtedly a priority for most users but striking the balance with usability is not always easy. In other words, if authentication solutions are not simple and convenient, users will not accept them. Conversely, if they are not secure, hackers will exploit and compromise users and their personal information for the own ends.

The rise of smart authentication

Solutions like two-factor or multifactor authentication might be more advanced than the traditional password but users continue to show dissatisfaction with the status quo, demanding security solutions that match the sophistication of the devices and experiences they are designed to protect. The latest smart authentication technology such as behavioural biometrics and adaptive authentication take security to the next level by leveraging vast data and complex machine learning algorithms to create more secure and easy-to-use consumer experiences.

These technologies add context to user behaviour and score them via sophisticated algorithms to drive the best possible user experience by ratcheting up security only for higher risk transactions. The behavioural biometric technology can accurately detect fraud, in real-time, invisible to the end user simply by the way they interact with their computers and mobile devices via mouse movements, keystrokes, and gesture dynamics.

And since authentication occurs transparently, neither users nor hackers are aware they are being ‘forensically monitored' and have no “out” to game the system.

Location, location, location

For example, if the user is logging into an app, on their smartphone, from a location known for hacker activity, rather than their home or office, access can be blocked or stronger step-up authentication invoked. Additionally, if a request to access an account does not originate from a phone associated with the user's phone number on file, access can likewise be restricted, even rescinded.

Smart authentication is still very much in its early days but it's gaining traction in a lot of industry niches. According to industry analysts, the global behavioural biometrics market is forecasted to grow at a compound annual growth rate (CAGR) of 17.34 percent during the period 2016 to 2020.

Facial recognition goes mainstream

Practically speaking though, we need to assess how ‘smart' authentication is being received in the real world to get a glimpse into its future viability.

Apple's recent announcement of the iPhone X and its Face ID feature, which uses facial recognition to unlock a user's phone, offers insight into the future of smart authentication and its adoption by consumers.

A recent report released by global payments provider Paysafe found that approximately 40 percent of consumers believe biometric solutions such as Face ID are “too risky and unknown” for them to use right now. Moreover, another 24 percent were unhappy about having to use biometrics, believing that tech companies would force them to do so.

Coincidentally, the results of a post-iPhone X survey published by Juniper Research similarly found that over 40 percent of iOS users didn't want to use facial ID technology as part of their mobile payment security. Interestingly enough, among those same Apple customers surveyed, both voice recognition and fingerprint scanning were significantly more appealing for mobile payments authentication, at 62 percent and 74 percent rates respectively.

So, what does this really tell us about smart authentication and its prospects for the future – users are keen as long as it doesn't effect their experience too heavily. Users want security solutions that operate in the background, invisibly (ie they don't want to feel like they need to jump through multiple hoops to be secure). Friction is not a price worth paying for security.

Adopting a smart multi-layer approach

If smart authentication works as well as it's advertised, users wouldn't even know they are being authenticated. As a result, and regardless of platform, when a good customer experience is coupled with security that's also transparent, everybody wins.

Although their demise has long been anticipated by the analyst community, passwords are fast becoming prologue to an entirely new generation of authentication solutions. For online retailers, banks and other financial institutions that are looking to reconcile consumer demand for secure but transparent security solutions with their availability, it may very well be that a multi-layer approach, inclusive of behavioural biometrics and device recognition present the most secure foundation on which to build positive customer experiences.

In sum, smarter devices are all well and good and they're certainly not going away any time soon. However, when they're supplemented by smart authentication solutions, they are also able to achieve levels of usability and security that enable secure, long-term and higher value customer relationships.

Contributed by David Vergara, head of global product marketing, VASCO Data Security

*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.