Investor Alert

Best New Ideas in Money Archives | Email alerts

Oct. 4, 2021, 12:33 p.m. EDT

How the quirky ways you type, swipe and behave can protect you online

Watchlist Relevance

Want to see how this story relates to your watchlist?

Just add items to create a watchlist now:

or Cancel Already have a watchlist? Log In

By Emily Bary

Hackers seem to have perfected the ability to nab your online-shopping passwords. But, so far, they haven’t found a way to learn the cadence with which you type them.  

Retailers, and the cybersecurity companies that help them, are increasingly turning to invisible indicators known as behavioral biometrics to fight e-commerce fraud. Behavioral biometrics are behind-the-scenes gauges, such as typing speed, swipe patterns and phone angles, that are unique to us.

The standoff between retailers and fraudsters has heightened as more commerce has moved online during the pandemic. About 90% of payment fraud now happens through so-called card-not-present transactions — mainly online transactions — up from 75% prior to the pandemic, said Chris Reid, Mastercard’s executive vice president for identity solutions. 

The goal of behavioral biometrics is not only to thwart fraudulent activity, but also to create a safer consumer shopping experience for legitimate customers without making people spend their time solving puzzles or answering security questions to verify their identities. Retailers worry that hurdles like one-time passcodes can frustrate true customers enough to make them abandon their shopping carts and head to a rival site.  

“What we’re really looking to do is replace the password with the person,” said Reid. 

Passwords represent a major vulnerability in the security chain, especially as consumers are likely to reuse account information from site to site. Many username and password combinations have been exposed through data breaches, and bots can test those combinations rapidly to determine which still work, according to David Mattei, a strategic advisor at market-research firm Aite-Novarica Group. One fraud executive at a large financial institution told him that his bank sees 10 malicious login attempts for each good one. 

Eventually, behavioral biometrics could work alongside traditional biometrics to eliminate the need for passwords altogether, according to some in the industry. 

“I definitely see a passwordless future,” said Signifyd co-founder Michael Liberty, whose company uses behavioral biometrics as part of its e-commerce-fraud services.

Breaking down the tech

There are key advantages of behavioral biometrics, according to Liberty. For one, indicators such as how long you linger on a given key when typing in your email address are “otherwise meaningless to a person.” They’re also passive, so consumers can authenticate themselves simply by going through all the normal steps when they checkout. 

The technology is one way that companies are trying to build the same sort of customer familiarity in the digital world that exists in the physical world, Mastercard’s Reid explained, noting that you might receive speedier service once you become well-known at your local coffee shop. Behavioral biometrics can help build knowledge of customers’ digital patterns so that legitimate shoppers can avoid stumbling through Captcha codes before making their purchases.  

Fraud is big business to bad actors, but no more than 1% of transactions actually result in fraud, according to Mattei. He sees promise in behavioral biometric technology for businesses looking to enhance and protect the consumer experience for the more than 99% of shoppers who are making legitimate purchases. 

“If a large percentage of transactions are good, why throw up a lot of security roadblocks and compromise that user experience?” Mattei said. Companies could instead try to “keep it as smooth and clear as possible.” 

While merchants don’t want to let fraudulent transactions through, they risk losing customers for good if their models decline too many legitimate buyers. 

Still, the stakes are higher than ever for retailers, as the average value of attempted fraudulent purchases increased by 69% last year while the amount of money spent by online shoppers almost doubled, according to research from Sift, an antifraud company that uses behavioral biometrics in its offering. 

Fraudsters “are not just getting more bites of the apple but taking bigger bites,” said Jeff Sakasegawa, Sift’s trust and safety architect. 

It’s a costly problem for merchants, who just “spent all this money on promotions attracting new buyers” during the pandemic only for some of them to be “known fraudsters,” said Colin Sims, chief operating officer of fraud-detection company Forter. 

For every dollar lost to fraud in the beginning part of 2020, merchants incurred $3.36 in costs around merchandise replacement, fees and more, according to research from LexisNexis. That was up from $3.13 in 2019 and $2.40 in 2016. 

Solving a puzzle

The application of behavioral biometrics in practice goes beyond simply measuring whether someone types in an account password at a consistent speed, as companies are looking to synthesize thousands of signals with artificial intelligence. 

The way people interact with return policies is one indicator that antifraud companies can examine when trying to determine if a buyer is legitimate, noted Signifyd’s Liberty, but the nuances of customer behavior there show why looking at just one data point isn’t enough. 

1 2
This Story has 0 Comments
Be the first to comment
More News In

Story Conversation

Commenting FAQs »

Partner Center

Link to MarketWatch's Slice.