Behavioural Biometry and SCA requirements

The Septembers PSD2 Directive is fast approaching. The nervousness is visible not only in the banking industry but also among the clients and the press. Until recently, the hottest subject was Open Banking, and now the most frequently discussed issue is the Strong Customer Authentication requirement. In short, it consists of providing at least a double layer of customer protection in the form of:

1. Something You know – the password and login
2. Something that I have – a phone, token
3. Something I am – that is, a fingerprint, a face scan (some kind of biometric)
 
The European Banking Authority (EBA), which is responsible for setting standards in the banking industry, has recently made public the information about the compliance of the authentication methods with the requirements of SCA.

Element 

Compliant with SCA?  

Behavioural Biometrics 

YES 

Fingerprint scanning 

YES 

Voice Recognition 

YES 

Retina and iris scanning 

YES 

Heart or other body movement pattern identifying that PSU is the PSU (e.g. for wearable devices) 

YES 

Information transmitted using a communication protocol  

NO 

Memorised swiping path 

NO 

source: https://eba.europa.eu/documents/10180/2622242/EBA+Opinion+on+SCA+elements+under+PSD2+.pdf 

The banks approached individually to implement SCA – compliant methods, applying them in various variants and combinations. Some ways are costly; others process data that very sensitive. Specialists from UX pay attention to the fact that each additional interaction on the part of the client may reduce the convenience of using the website.
Can the requirement of strong authentication be solved more conveniently?

 

Some banks provide authentication via a mobile application, which, according to experts, seems to be a safer and cheaper option than text messages. However, it requires conscious user interaction.
And if it could be done much easier? 

 

Digital Fingerprints is a product based on behavioural biometry and is such a solution that can help in everyday use of electronic banking. It is an innovative security system that is observing human interaction with a computer. It is essential, among other things, how you type on the keyboard – how quickly you press the keys and in some way move the mouse – how fast and with what acceleration. Our priority when providing the service is the privacy and ethics of data processing. We do not collect data that is considered sensitive or uniquely identifying the user. We do not want to know what you are doing, but HOW you do it. Our solution is compliance with the GDPR and most importantly, with the SCA PSD2 requirement. The use of behavioural biometry as the next layer of protection helps detect attacks such as sim card cloning and identity theft. It does not require additional user interaction and works in the background without affecting the comfort of using the website.
 
We allowed ourselves to create our own version of the table inspired by the one from the polish portal about cybersecurity niebezpiecznik.pl article            

 

Behavioural Biometrics

Interaction with user

Not required

Stealing original

Difficult

Use after unauthorized access 

Difficult

The time when client notice lost device

No influence

Extortion of code for future transaction

Impossible

Protection against MITB and MITM atacks

High

Protection against malware on mobile devices

High. Hacker must forge bahvioural manners of victim

Attack over the network 

Impossible

Join the discussion

avatar
  Subscribe  
Notify of