New behavioral biometrics offering increases identity assurance and prevents online account takeover by providing continuous authentication for consumer end user accounts
Los Angeles, April 5, 2016 – TeleSign, the leader in mobile identity solutions, today announced the launch of TeleSign Behavior ID, a new offering that enables web and mobile applications to measure and analyze a user’s behavioral biometrics in order to provide continuous authentication, even after the user has been verified with traditional security measures such as passwords. The product works behind-the-scenes to collect and evaluate a complex mix of mouse dynamics, keystrokes, graphical user interface (GUI) interaction and advanced behavioral algorithms to establish a unique user profile. With this profile, Behavior ID can help prevent account takeover attempts even if a hacker is in possession of a user’s correct account credentials.
Account takeover (ATO) occurs when unauthorized access is gained to a web or mobile end-user account – often due to stolen credentials, weak passwords or bot-based attacks. The opportunity for fraud from ATO is especially significant, considering the average consumer has 24 online accounts protected by reused passwords (TeleSign’s 2015 Consumer Account Security Report). With the recent increase in data breaches resulting in stolen account credentials proliferating across the black market, account takeover has quickly become one of the most prevalent types of cybercrime – and every online account is susceptible, from banking and email accounts to social media and retail accounts.
“Assessing the legitimacy of an identity claim remains one of the top digital business and fraud challenges organizations face today,” wrote Avivah Litan, Vice President and Distinguished Analyst in Gartner. Gartner recommends, “favoring vendors that combine multiple identity assessment layers and provide plentiful identity data and intelligence.”1
TeleSign Behavior ID provides an additional, transparent layer of security for every type of online account or mobile application, ensuring they are protected from fraud, without the need for user interaction.
“With Behavior ID, our customers can immediately increase the level of identity assurance for every user account they have, without adding friction,” said Steve Jillings, CEO at TeleSign. “The power of Behavior ID is its ability to adapt to the user, transparently producing a digital fingerprint from a user’s behavior to confirm their identity and develop an ongoing authentication without requiring the consumer to do anything. Best of all, these unique biometric patterns are extremely accurate, from the way we move our hand on a mobile device screen or with a mouse, it is virtually impossible to precisely imitate another person’s behavior.”
Behavior ID delivers a “similarity score” based on a set of behavioral biometric traits that are collected, analyzed and rated along the user journey, from initial account creation through ongoing access and usage of an account. This profile is then used to calculate a similarity ratio between the user’s current behavior and the historical, expected behavior, thus streamlining the user experience for known good users, while providing the basis for challenging potentially bad or fraudulent users with re-verification, or two-factor authentication. Through this process, Behavior ID reduces end- user friction, delivers greater assurance and is more cost effective for companies than simply issuing a verification challenge at every login.
Key benefits of TeleSign Behavior ID include:
- Measurable Behavioral Patterns: Continuously monitors and recognizes the identity of a user based on behavioral patterns rather than physical attributes, including a complex mix of mouse dynamics, keystroke dynamics, the users GUI interaction and advanced behavioral biometric algorithms to establish a user’s profile. Behavior ID utilizes the characteristics of the users’ input and how they navigate through the interface to create virtual fingerprints of their behavior and determine variations that can flag user activity for re-verification.
- Continuous Authentication. Behavior ID is always active and delivering continuous account protection that can be performed at any point during the entire user session, from initial login to account updates and specific transactions. This continual authentication makes the overall user experience more streamlined and secure for good users, while ensuring incorrect, or malicious, users are quickly challenged and blocked from causing harm or financial damage.
- Transparent Enrollment: No user interaction is required to enroll, enable, and start protecting an account from compromise. Users simply continue to use their web or mobile application as normal; no change is required in their workflow or behavior.
- Detailed Usage Monitoring: View and monitor all verification and authentication events through a single set of comprehensive usage reports and centralized dashboard.
TeleSign’s Behavior ID software development kits (SDK) for web and mobile applications are available today around the globe and can be easily embedded into new or existing Web and mobile app-based platforms.
Learn more about TeleSign Behavior ID and get full product details by visiting: https://www.telesign.com/products/behavior-id/
1Gartner, Inc., Absolute Identity Proofing is Dead; Use Dynamic Identity Assessment Instead, Avivah Litan, 16 November 2015.