A recent study from LexisNexis indicates that fraud is a growing problem for online retailers, specifically the ones that offer customers a mobile commerce option. “Merchants are challenged on various fronts, including an increased volume of successful fraud attempts, a rise in fraud cost/dollar losses and a bigger bite of fraud costs as a percent of annual revenues”.
In the last couple years RSA analysts have seen a 170% rise in incidents of fraud via the mobile channel, with 60% of all fraud transactions coming from mobile. According to Angel Grant (a principal manager at RSA), the latest trend is to see more fraudulent transactions via mobile apps rather than mobile browser.
LexisNexis reports that the average number of successful fraudulent transactions grew 32.1% year over year in 2015, with merchants reporting an average of 206 fraudulent transactions per month compared with 156 the year before. However, current fraud prevention efforts are barely keeping up with the growth in fraud. Merchants, that accept payments via the mobile channel got hit harder than average, with fraud equaling 1.69% of revenue, up from 1.39% last year and 0.8% in 2013.
For merchants, and payment providers who want to accelerate mobile transactions — want a secure always on continuous authentication and fraud detection solution that is frictionless and balances convenience, security, and privacy.
Can behavioral biometrics help?
Behavioral biometrics or behaviometrics has shown promise to address the continuous frictionless authentication problem by allowing the device to identify the user without the user doing any explicit authentication actions while providing a strong form of authentication. Behavioral biometrics identifies users based upon their behavior rather than upon fixed physical characteristic (such as a fingerprint). Behavioral biometrics learn patterns in user behavior in order to build a user identification model and authenticates the user based on whether their behavior conforms to the recorded model of the user behavior.
There are three basic kinds of behavioral biometrics: continuous, secondary and task-based. In continuous behaviometrics, the user is continually monitored for unusual behavior. Secondary behaviometrics monitors the user while they are performing a primary authentication task, such as entering a PIN. Task-based behaviometrics monitor users while they perform a routine task, such as a swipe.
Task-based biometrics have the advantage that they can work implicitly, in that they can authenticate a user without taking any explicit authentication action (unlike secondary behaviometrics), while also allowing for very rapid authentication decisions i.e. single interaction will authenticate a user (unlike continuous behaviometrics).
Behaviometrics leverage muscle memory users exhibit while doing common tasks. The more common/repetitive the activity, the easier it will be to characterize normal behaviour and consequently easier to detect anomalies.
The fraud rise within mobile is slated to intensify and will not be sustainable as the mcommerce channel is expected to grow during the next couple years. Behavioural biometrics, AI and machine learning will play an important role fighting mcommerce fraud by fitting in seamlessly into existing architectures and business models without causing unnecessary friction — either to consumer experience or to business operations.