Behavior Is The New Identity – Artificial Intelligence Sees Who You Really Are

Mobile commerce is growing at an astounding rate. IDC predicts that mobile payments will account for $1 trillion USD in 2017, a massive 124% jump from less than $500 billion USD in 2015. Most major commercial banks now also offer some sort of mobile banking option for their customers.

This growth is intensifying a discussion about the enhanced security needs for banking or payment related mobile applications. Risks like identity theft, account takeovers, payment fraud and data breaches remain imminent.

A recognized area of weakness is the authentication itself. It’s becoming increasingly common for simple passwords to be exposed via the next data breach.

Advanced security techniques seem ready to meet the challenge

Biometrics, tokenization and two-factor authentication are legitimate alternatives to simple passwords.

  1. Biometrics such as fingerprint scanning or facial recognition, are now being increasingly used in mobile applications. They offer considerably more protection in cases where sensitive financial data is managed and offer a relatively seamless customer experience.
  2. Tokens: In this situation, an app receives a distinct piece of data – usually a sound or image – in the mobile device, which the customer then relays to the point of sale. It can be either another computer or a POS terminal. There are some risks in using this outside of the home, with an inherent friction apparent from making sure the token registers.
  3. Two-factor authentication: It essentially enhances the password by creating an additional step to the verification process. After a site receives a password, it can send out an email or text message to customers’ mobile devices with another string of data – either a token or one-time code – which they must enter to complete the process.

 

But are these methods practical for mobile commerce?

Online payment providers and merchants always need to weigh the benefits of these alternatives against the possibility of reduced sales due to friction. The additional time taken for authentication can and does increase abandonment rates.

Additionally, they only work at the point of authentication and don’t offer any protection if identity is spoofed or compromised.

There is a better way, that can still provide enhanced security while being frictionless, and it leverages the fact that we’re addicted to our mobile devices.

Behavior is the new identity

It’s no secret that we’re inseparable from our mobile devices. According to a 2015 Bank of America Trends in Consumer Mobility Report 71 percent of survey respondents say they sleep with or next to their smartphones!

Today we can observe and record a customer’s patterns to determine whether his or her transactions are legitimate. This is a new horizon, since it basically requires no touch points on the part of consumers to authenticate a purchase.

Instead, a unique digital behavioral identity i.e. a ‘segment-of-one behavioral profile‘ for a customer is easily built by combining various types of historical data; online session data, mobile device data, payment transaction history and even third party identification data. 

Device Data

Session Data

Transaction Data

Third Party Data

  • Network history
  • Geo-location
  • Device motion data – rotation, acceleration
  • Device Id
  • Whether jailbroken or rooted
  • Is user behind a proxy or a tor node?
  • Length of stay at a particular page
  • Where user landed on from
  • Path to shopping cart or checkout
  • Historical transaction history
  • Location where past transactions were made
  • Frequency of transactions
  • Email authenticity and age check
  • Know Your Customer Data
  • OFAC Flags

This segment-of-one profile can then be processed by an advanced machine learning model, in addition to the real-time interactions of the customer to catch anomalies on an ongoing basis to determine the likelihood of a fraudulent transaction via an account takeover attack or otherwise.

At Feedzai, we’ve developed advanced supervised and unsupervised machine learning approaches that processes hundreds of millions of extremely granular ‘segment-of-one’ profiles of customers, mobile devices, cards, accounts and merchants to monitor and stop fraudulent activity in as little as 3 milliseconds.

This way, not only do customers get a frictionless customer experience, but also safety beyond the point of authentication.

Written by Ajit Ghuman, Director of Product Marketing, Feedzai, Inc.

I lead Feedzai’s Product Marketing for enterprise and financial services customers. I’m excited about the massive impact that the next generation of machine learning based platforms are having in the market. I joined Feedzai from another software firm in the Big Data and Machine Learning space where we grew from 115 to 901 employees. At Feedzai, I’m firing up the growth rocket engines again and having fun doing it.