Fighting Fraud: How Biometrics Enhance Identity Authentication

By now, you probably don’t give a second thought to unlocking your smartphone with biometrics such as a fingerprint or facial scan — even though the latter wowed the world when it debuted in 2017. As consumers, most of us still consider facial recognition the current state of the art for authentication. But soon your voice and the rest of your fingers will be involved, too.

Here’s why it matters: Authentication is used for a lot more than unlocking your phone. Once you’re at your home screen, your fingerprint or facial scan grants access to mobile payments apps, banking apps and all manner of ways to spend and move money. To better protect these transactions from fraud, new biometric measures can now authenticate that it’s really you who’s using your phone. These measures include:

• Your voice
• How you hold, tap and swipe your device
• Other physical characteristics, such as your gait

All are based on inherence, or "something you are," and provide a cornerstone to identity authentication that older methods, such as device recognition, no longer can.

The Case for Multi-Factor Authentication

FICO recognizes that device IDs are no longer immutable, nor reliable as an indicator of potential fraud. In response, we’ve taken a fundamentally more modern approach to fighting identity-based fraud, actively supporting the strong customer authentication called for by regulations including the European Union’s second Payment Services Directive (PSD2) and industry standards such as 3DSecure 2.

Authentication has evolved beyond what you have (such as the device in your possession) and what you know (e.g., password), adding an important third and immutable, criterion: what you are, or inherence. These are factors based on biometrics, such as a fingerprint or face scan. The immutability of biometric factors and their direct connection to the customer makes them the appropriate cornerstone of effective identity authentication.

But biometrics alone still aren’t enough. For example, Falcon® Authentication Suite includes authentication capabilities based on user behavior (still a biometric, albeit more complex than individual physical characteristics) and device telemetry. They establish your identity by non-intrusively examining user patterns (such as keystroke analysis of the way you enter your password), geolocation, and other behaviors around your device, such as your gait and which browser you prefer. These patterns create a behavioral signature that is unique to you, which can be assessed without asking you to perform additional tasks.

As providers expand the range of biometrics offered, customers have more choice and flexibility in how they authenticate. Instead of a fingerprint, FICO’s voice signature capabilities allow users to enroll in online and mobile banking by saying a short phrase, such as “I love chips!” three times while taking a selfie. By having the factor be specific to your bank account (rather than your device), the user establishes a mechanism to prove inherence.

Integrated Security across the Customer Lifecycle

There are additional effective methods to manage fraud in a device-independent way, with behavioral and biometric signatures of an identity that are persistent and accessible across devices. The Falcon® Authentication Suite (and Falcon® Identity Proofing) provide a platform to establish and sustain trust in digital identity, offering easy-to-use, integrated security across the customer lifecycle. These solutions are strong complements to FICO® Falcon® Fraud Platform, AI-empowered FICO® Falcon® X and many more of FICO’s risk, fraud, and compliance management solutions.

Granted, devices can be stolen, fingerprints copied and passwords compromised, but every hurdle placed in front of criminal access makes customer accounts more secure.

To learn more about why biometric-based multi-factor authentication is today’s state-of-the-art standard, download my new Executive Brief, “Biometrics: The New Cornerstone of Identity Authentication.” Follow me, and the hashtag #FightFraud, on Twitter @dougoclare.