A wide variety of behavioral biometric types are currently being phased in for use across North America, including both continuous and adaptive biometric credentials. With 2017 shaping up to be the biggest year yet for cyber fraud according to last year’s Verizon Data Breach Investigations Report, organizations are now aggressively working on expanding their cybersecurity arsenals including passive biometric technologies such as behavioural biometrics. As the use of behavioral biometrics on smartphones rapidly becomes mainstream, it comes fraught with difficulties of its own including privacy and concerns.
Addressing the challenges of maintaining anonymity while enjoying the security of the biometric measures requires innovative thinking that can foresee future unintended consequences, which is always fun to try and do. Some considerations include:
Securing PII
Securing the Personally Identifiable Information (PII) on mobile devices currently focuses mainly on ways to encrypt the information on a device in case of loss or theft, while still ensuring ease of access for daily use. Both iOS and Android are constantly working to improve their security options, although cases like Android’s recent shipment of 38 phones with pre-installed malware don’t do much to boost consumer confidence. Securing a device filled with PII is critical for every user.
This makes secure behavioral biometrics an essential piece of the puzzle for mobile app developers and their clients, because it’s simply not realistic to expect the consumer to carry all the responsibility for secure operation. Organizations such as financial institutions who take every precaution to protect not only the customers’ account information, but also the biometrics used for identification, are likely to have the competitive edge in their industry.
Protection Against Malware
One of the issues with free mobile apps is the vulnerabilities they often incorporate, which can compromise the security of rich, user information. And since most institutional apps are free for customers, it’s difficult to convince users that one free app is sufficiently protected while the next one isn’t. Given the potential of any app to contain malware that facilitates mobile fraud, finding a way to reassure consumers about the strength of an app’s protection needs to be top of the list for 2017.
- Dramatic increases recently in mobile malware have led to both Google Play and Apple pulling hundreds of apps from their stores, but chances are good some of them have made it to customer devices.
- Poor configuration parameters of mobile devices are also a security risk, because an accomplished hacker can target a phone containing little personal information. This can be used as a springboard to obtain more sophisticated data, which can then be socially engineered to provide access to the payload.
Regulatory requirements?
The possibility of abuse are being addressed in several ways, including industry self-regulation and privacy-enhancing technologies. Legislation is also in the works, however, the global nature of the mobile industry means getting governments to agree to clamp down on sharing biometric identifiers and other personal information. Alternatively, there has been some moves to find ways to get biometric vendors across the board to agree to ethical guidelines in the design of their products, or to accept enforcement by independent regulatory bodies, flag fraudsters and embrace a common vision of security.
At Zighra, analyzing data from over 700 different device types with over 6 Billion data points every month users trust is paramount to everything we do.
New Developments in Behavioral Biometrics for Mobile
Some of the exciting developments taking place in biometrics include:
- New authentication methods based on lip motion
- Brain wave analysis that determines a user’s mental state and approves access to resources on that basis
As research and development progresses, no doubt we’ll find other ways to employ these technologies. The one that springs to mind immediately is the ability to detect inebriation based on brain wave analysis, and use that in computerized vehicles to prevent the user from being able to drive in that condition. That’s bound to be a deal breaker for all establishments serving alcohol to include in their apps!