Interview with Jordan Blake on the potential of behavioural biometrics

The Paypers interviewed Jordan Blake, BehavioSec VP of Products, on the potential of behavioural biometrics and how to best use this deep authentication technology

How does BehavioSec develop the potential of behavioural biometrics and how do your customers leverage this technology?

In 2008, BehavioSec launched with a mission: to apply the nascent area of machine learning to behavioural biometrics – the concept of leveraging someone’s behaviour to positively identify them. Today, our company’s software platform protects billions of transactions across mobile apps and Websites by studying users’ typing patterns, touch screen gestures and even the way they hold their devices to discern authentic users’ behaviour from criminals, bots, or malware used to commit fraud, hijack accounts, or steal data. Customers leverage our platform in two primary ways: They use it to drastically reduce the number of legitimate end-users who are unnecessarily targeted by existing, noisy authentication signals. When an organisation isn’t able to establish that an end-user is authentic, that user may be inconvenienced in a number of ways such as by having to answer obscure security questions, respond to CAPTCHAs, deal with heavy-handed password measures and may be subject to account lockouts and long phone calls to customer service. Organisations that utilise BehavioSec can significantly reduce reliance on such unfriendly safety measures.

Our platform is also leveraged to reduce fraud and the costs associated with it. Fraudsters find myriad ways to scam their way into users’ accounts, whether it be leveraging a shared password found in a data breach, targeting thousands of accounts with a login bot, performing a sophisticated SIM swap attack or even coaching a user over the phone (i.e. a voice-phishing or ‘vishing’ attack). Regardless of the tactics used, our technology profiles authentic user behaviour in such a way that a fraudster, even with the keys to the proverbial kingdom, simply cannot replicate it.

By bringing BehavioSec into the mainstream market, our efforts are influencing the standards and norms in the industry, bringing about changes that help reduce the amount of financial loss that organisations incur every year due to cyber theft and fraud. In the fight to protect consumers from ever resourceful fraudsters and cybercriminals, behavioural biometrics offers significant advantages over other authentication technologies. We turn users into security’s strongest link by helping them stop attacks by just ‘being themselves’.

Could you thoroughly explain how continuous authentication works?

A consistent, individual signature marks the essence of human movement and touch – every movement you make is influenced by personal style/preferences, speed, pressure, and dexterity. This also applies in the digital world. No one else can replicate exactly how we physically interact with our devices. BehavioSec’s platform plays off this, continuously monitoring, and authenticating users based on their unique physical behaviours, throughout each session, not just once at login.

Powered by this unique application of behavioural biometrics, our company’s platform integrates with websites and apps to analyse user behaviour in real time, enabling organisations to block or flag suspect transactions.

This anti-fraud protection surpasses one-time authentication measures like passwords and thumbprints by enabling organisations to invisibly and unobtrusively authenticate users by validating their personal mannerisms.

In which way is behavioural biometrics relevant in the PSD2’s SCA context?

The PSD2 mandates that payment service providers must ensure Strong Customer Authentication (SCA), which comprises at least two factors from three different categories – ‘knowledge’ (e.g. password), ‘possession’ (e.g. smartphone), and ‘inherence’ (e.g. unique attributes of an individual’s behaviour, like patterns in how users hold their mobile devices and interface with websites and browsers). Behavioural biometrics is an ideal technology for PSD2 compliance because it combines inherence with traditional login credentials, offering dramatically enhanced defences from account hijacking and fraud. Every customer and business handling online payments face mounting threats of fraud and abuse because login credentials are widely breached, and it is trivial for bots and other malicious programs to impersonate account holders’ names and devices. Behavioural biometrics breaks this cycle by giving institutions and payment companies the ability to block login attempts that deviate from known users’ behaviours.

There are several challenges for behavioural biometrics application related to privacy, impersonation attack (spoofing), and even error rates. How does your company meet these challenges to make this technology work at its best?

Privacy can be very well managed with this technology. For example, we do not gather or use any end user biometric data, nor are we interested in capturing PII like credentials. We provide the software platform that our customer organisations around the world then administer in their operations to protect their services and consumers.

Additionally, another benefit of our platform is the accuracy and low error rates. The platform has proven itself to yield low false positive alerts and delivers detailed information for real-time fraud detection and forensic purposes. Our customers discover measurable cost savings from lower fraud incidences, coupled with fewer customer support calls and false positive issues associated with traditional authentication tools across billions of transactions and millions of users.

What other developments do you have in the pipeline for 2020?

Our goal is to enable customers to mitigate risk and further link security and trust to their brands. We have ongoing product updates being introduced that further strengthen BehavioSec’s platform and break the otherwise chronic password breach cycle.

This editorial was first published in the Fraud Prevention and Online Authentication Report 2019/2020. The Guide covers some of the security challenges encountered in the ecommerce and banking, and financial services ecosystems. Moreover, it provides payment and fraud and risk management professionals with a series of insightful perspectives on key aspects, such as fraud management, identity verification, online authentication, and regulation.

About Jordan Blake

Jordan’s role as BehavioSec’s VP of Products drives the vision and growth of cyber safety solutions while in addition to ensuring quality and client satisfaction. His 20-year career in product management, internet security, cyber security, and cyber safety solutions makes him the best choice to lead the product division. Jordan has held many Product Management roles with global industry leaders like IBM, and Symantec.

About BehavioSec

Founded in 2008 out of groundbreaking academic research, BehavioSec’s technology allows companies to continuously verify digital identities with superior precision, in real-time. BehavioSec is the only enterprise-grade vendor used in global deployments safeguarding billions of transactions. BehavioSec investors include Forgepoint Capital, Cisco, ABN AMRO, Conor Ventures and Octopus Ventures.