Source:
https://scmp.com/cnbc/article/1933921/how-you-move-your-mouse-could-stop-cybertheft
Tech/ Innovation

How you move your mouse could stop cybertheft

TeleSign's Behavior ID application builds a user profile based on how you type, move your mouse or press a touch screen.

Biometric technology has swiftly emerged as a go-to solution for improving digital security and while fingerprints and facial recognition are being used more and more to stop online theft, how fast you type could soon be stopping hackers.

Mobile identification company TeleSign launched Behavior ID on Tuesday, an online application that tracks a user's behavior to prevent cybertheft.

The application records behavior such as how a user moves their mouse, presses a touch screen, or the way they type. This increases the level of identity assurance for every user account a company has, according to Steve Jillings, CEO of TeleSign.

"The power of Behavior ID is its ability to adapt to the user, transparently producing a digital fingerprint from a user's behavior to confirm their identity and develop an ongoing authentication without requiring the consumer to do anything," he said.

"Best of all, these unique biometric patterns are extremely accurate, from the way we move our hand on a mobile device screen or with a mouse, it is virtually impossible to precisely imitate another person's behavior."

Depending on how much a user does while logged into their account, Behavior ID will build a profile of the user which it can check to confirm their identity, claims Sergi Isasi, director of product management at TeleSign.

"Typically, it's going to be anywhere between five and 10 sessions before we are confident enough in a user's behaviour that we are able to tell them, with greater than 95 percent confidence, that they are different than another user".

Biometrics are swiftly becoming part of online banking. Last month, Bank of Montreal announced it was incorporating MasterCard's Identity Check mobile app into its corporate credit card program to verify online purchases using fingerprint scans or facial recognition .

However, TeleSign's solution differs from other types of biometrics, according to Isasi in that it doesn't require the user to have a specific device and is much harder to steal.

"If there's any sort of privacy issue, the user's behavior is still capable of being used to track that user," he said. "It can't be stolen, duplicated or used like a fingerprint or a retinal scan can be".

Other companies are also offering behavioral biometrics. BehavioSec has developed its own solution that identifies a user based on how they type their username and password.

"Even if a fraudster can get their hands on [a user's] credentials, they still can't mimic that behaviour," explained BehavioSec founder Olov Renberg to CNBC.

One reason companies are looking for new ways to confirm a user's identity is because current methods of authentication are insufficient, explained to IEEE member Diogo Mónica.

"As far as passwords go, they are widely recognised by security experts as a very poor authentication mechanism, mostly due to people's inability to choose long, unguessable passwords," he told CNBC via email.

Biometrics' ease of use is another reason they are becoming more common, according to Mónica.

"As a security community. we're finally realizing that having unusable security is akin to having no security at all, so we're investing a lot of effort in making it as easy as possible for people to authenticate to their devices securely without having to memorize completely random 30 character passwords," he said.

However, biometric solutions are still not perfect and the technology can make mistakes.

"Facial recognition is a good example of biometric authentication that can still prove challenging to implement as it tends to be prone to a high false positive rate" according to Siân John, EMEA chief strategist at Symantec.

"Something as simple as a pair of sunglasses could falsify or reject a facial scan and a dirty finger print could do the same."