The most effective method of multi-factor authentication (MFA), which uses the way a user performs actions while using a computer for analysis.
Behavioural verification is used to authenticate access to given devices, accounts or systems. The solution has been designed on the basis of machine learning mechanisms responsible for creating behavioural models – very advanced sets of unique user behaviour, distinguishing them from other people. We are talking about the speed of pressing buttons on the keyboard or mouse movements. This can be compared to traditional handwriting, because when we put letters on a page with a pen, each of us does it in a unique way. The angle of the letters, their size or shape is different. The same is true of typing on a stationary or mobile keyboard, which behavioural verification technology uses for authentication.
Behavioural verification can detect an anomaly in behaviour in under 300 milliseconds and act in accordance with the implemented alert policy, e.g. blocking access to an account. However, user behaviour can change – we know this. Our system automatically adapts models to these changes, and the model can be re-learned even after each new user session.
As early as in 2019, the European Banking Authority (EBA) recognised behavioural verification as a type of strong authentication (SCA). This is one of the proofs of the high effectiveness of solutions based on the analysis of customers’ behaviour when verifying their identity. SCA (Strong Customer Authentication) itself is a part of the PSD2 regulation, which requires strong authentication to confirm the identity of users when consumers make payments. The introduction of multi-factor authentication using behavioural verification is an official recommendation by the National Bank of Poland for all financial institutions.
The Digital Fingerprints system does not need to know the content typed on the keyboard because only the way you type is analysed. Our system replaces the code of the key already in the user’s browser with the information about the type of the key – i.e. whether a letter, digit or another type of key was pressed. Thanks to this, even if someone overhears the verification movement, it is impossible to deduce from this information what was typed. This solution maximises the security of the information of people protected by Digital Fingerprints.
Data anonymisation and pseudonymisation distinguish our solutions. What is the abovementioned pseudonymisation? The European law defines this process as processing of personal data in such a way that it is impossible to identify to whom they belong, without access to other information, stored securely elsewhere.
What is worth mentioning is that the system based on machine learning constantly learns the user’s behaviour, and the behavioural model can be updated even after each session. And what about when we use different types of devices? After all, the way we use a keyboard on a laptop and an external keyboard is different even for the same user due to the possible different key layout, stroke, and design of different keyboards. In this situation, if we regularly use both the keyboard in the laptop and the external keyboard, the system will learn our behaviour pattern and recognise us regardless of the device used.
In the case of smartphones and the mobile application, we analyse different data than in the case of the application accessible from the website. An additional mobile profile is created for the user, allowing for more accurate identification. As a result, the use of the “traditional” keyboard will not affect the use of the on-screen keyboard in the mobile application when identifying the user.
Behavioural verification anonymises the data from your interaction with the computer. We only need to know how you type, not what you type
The lack of possibility to forge or hack behavioural verification results precisely from the continuity of authentication. The system analyses the user’s behaviour all the time, without interruption, and not only at a specific moment, as is the case with passwords or SMS tokens
Uur system automatically adapts to changes in user behaviour, and the behavioural model itself can be re-learned even after each new session of the account owner.
Theft of data or funds by third parties from accounts/services protected by behavioural verification is practically impossible.
Behavioural verification can be implemented both in the internal systems of a corporation and to protect its customers’ accounts. In both cases, it makes it possible to protect against the consequences, especially the financial ones, of possible hacking attacks.
No additional hardware is required, and that results in cost and space savings.
The system is non-invasive for the user and has a positive impact on UX.
It is the responsibility of companies to protect their customers’ personal data and funds, and non-compliance carries severe penalties. Our solution is compliant with current legislation.
Read our blog post on behavioural verification if you want to find out more
Digital Fingerprints S.A. ul. Gliwicka 2, 40-079 Katowice. KRS: 0000543443, Sąd Rejonowy Katowice-Wschód, VIII Wydział Gospodarczy, Kapitał zakładowy: 4 528 828,76 zł – opłacony w całości, NIP: 525-260-93-29
Biuro Informacji Kredytowej S.A., ul. Zygmunta Modzelewskiego 77a, 02-679 Warszawa. Numer KRS: 0000110015, Sąd Rejonowy m.st. Warszawy, XIII Wydział Gospodarczy, kapitał zakładowy 15.550.000 zł opłacony w całości, NIP: 951-177-86-33, REGON: 012845863.
Biuro Informacji Gospodarczej InfoMonitor S.A., ul. Zygmunta Modzelewskiego 77a, 02-679 Warszawa. Numer KRS: 0000201192, Sąd Rejonowy m.st. Warszawy, XIII Wydział Gospodarczy, kapitał zakładowy 7.105.000 zł opłacony w całości, NIP: 526-274-43-07, REGON: 015625240.