IBM is adding behavioural biometrics to its Trusteer Pinpoint Detect platform, which is used by financial institutions to verify the authenticity of online transactions by weeding out thieves who may be using stolen user names and passwords, according to reports.
Behavioural biometrics refers to the use of measurable patterns in human activities that can be used as an identifying tool. It is different from physical biometrics, which makes use of fingerprints or iris patterns to identify legitimate account holders.
IBM’s specific technology builds on subtle recurring patterns, such as mouse movements and clicks.
It looks for anomalies in transactions by comparing the legitimate user’s gestures with those of the current user, and over time refines the accuracy of its analysis based on these comparisons, explained Brooke Satti Charles, financial crime prevention strategist for IBM Security.
The analysis, which is enabled by machine learning, develops a risk score that banks can use to determine whether an ongoing transaction is fraudulent, and then trigger an alert.
Individual institutions will have to define their alert protocols, which could involve terminating a transaction, or requiring further identification before the customer is allowed to continue, Charles added.
Its current capabilities include verifying geolocations and IP addresses of customer as they log into a service to identify fraudulent use, and behavioural biometrics will be an improvement on these features.
The technology was developed with the Ben-Gurion University’s IBM Cyber Security Centre of Excellence.
IBM will provide behaviour biometrics to its existing base of Trusteer Pinpoint Detect customers early December, and ship to new users later in the month as part of its standard offering.
