Financial institutions and regulators in Asia and around the world are racing to keep one step ahead of increasingly innovative fraudsters. But the defences more frequently used by banks and other businesses – static passwords and One-Time-Passwords (OTPs) sent by email or SMS as a second form of authentication – are increasingly inadequate as the techniques of criminals grow more inventive.

Behavioural biometrics, as an advanced authentication method, is an enormously valuable and sophisticated defence in the fight against fraud. Biometrics techniques, such as facial recognition, are already used during the authentication process, but criminals have found ways of circumventing these security protocols, by stealing sign-in credentials, for example, or the use of fake photographic images, deepfakes videos or SIM swaps. These authentication methods also offer little protection in cases where a user has been deceived into thinking they are dealing with their own bank.

Behavioural biometrics offer a further layer of protection through the ability to recognise the “expected” interactions of a legitimate owner of the account with their devices or applications, such as the way they hold their phones, swipe or press keys. This confirms that the customer is who they say they are and also helps a business be able to recognise if the customer is acting under instruction or duress – if their normal behaviour, in other words, is being disrupted for any reason. It is also highly effective in recognising bot activity and the use of remote access tools by bad actors.

Following the acquisition of BehavioSec, we are able to offer clients even more sophisticated solutions that leverage behavioural analysis for more accurate identity authentication. LexisNexis® BehavioSec® uses advanced behavioural biometrics technology, that when combined with the digital identity intelligence capabilities of LexisNexis® ThreatMetrix®, can create risk scores and other insights to support confident risk decisions.

Behavioural biometrics adds a high level of security to identity authentication workflows, establishing trust in the relationship in a passive way, without adding any unnecessary friction to the customer experience. The adoption of behavioural biometrics is gathering pace as regulatory momentum around privacy protections continues growing. In February 2021, the Reserve Bank of India published new guidelines on digital payment security which requires banks to use multi-factor authentication for electronic payments, including at least one dynamic or non-replicable method such as behavioural biometrics. Banks should also be able to identify anomalous behaviour in users, it added.

Regulators in Asia Pacific are considering various measures to further strengthen fraud controls, including the use of behavioural biometrics and push authentication as more secured methods of authentication. It is likely that regulators will continue to encourage the use of behavioural biometrics in the authentication process but there is little reason for organisations to wait for a mandate for their use. Behavioural biometrics can be highly effective in combatting fraud and improving the customer experience, creating benefits for organisations and customers alike.

For more information about how BehavioSec® can support your business and improve risk management, contact us.