Telesign launches Behavior ID to prevent online account takeover

Can behavioral biometrics increase identity assurance and prevent online account takeover with continuous authentication for consumers? A new SDK from TeleSign aims to provide just that.
Written by Eileen Brown, Contributor

Mobile identity solutions provider TeleSign, recently announced its software development kit (SDK),TeleSign Behavior ID. The product enables web and mobile applications to measure and analyse a user's behavioural biometrics and provide continuous authentication.

This continuous authentication works, even after the user has been verified with traditional security measures such as passwords.

TeleSign works behind-the-scenes to collect and evaluate behaviours such as mouse dynamics, keystrokes, graphical user interface (GUI) interaction and the way you behave online.

It then uses behavioural algorithms to establish your unique profile. The profile information can help prevent account takeover attempts -- even if a hacker is in possession of a user's correct account credentials.

Utilizing the characteristics of the users' input and how they navigate through the interface can create virtual fingerprints of a user's behaviour. This is used to determine variations in activity that can flag users for re-verification.

Account takeover can occur when unauthorized access is gained to a web or mobile end-user account. This can be due to stolen credentials, weak passwords or bot-based attacks.

According to TeleSign's consumer security report, 70 percent of consumers are losing faith in passwords. The report also says that the average consumer has 24 online accounts protected by reused passwords which makes account take over a real opportunity for fraudsters.

Account takeover has quickly become one of the most prevalent types of cybercrime. Every online account is susceptible, from banking and email accounts to social media and retail accounts.

There has been an increase in data breaches resulting in stolen account credentials proliferating across the black market.

The Behavior ID product delivers a "similarity score" based on a set of behavioural biometric traits. These traits are collected, analysed and rated as the user uses the account.

The behaviour is collected from initial account creation through on-going access and usage of an account.

The usage profile is used to calculate a 'similarity ratio' between the user's current behaviour and the historical, expected behaviour.

Known 'good users' have a streamlined experience. Potentially bad, malicious or fraudulent users are challenged with re-verification, two-factor authentication, or blocked from causing harm or financial damage.

Users continue to use their web or mobile application as normal; no change is required in their workflow or behaviour.

The SDK provides an additional, transparent layer of security for every type of online account or mobile application, ensuring users are protected from fraud, without the need for user interaction.

Admins monitor all verification and authentication events through usage reports and centralized dashboard.

By timing each key press and analysing the timing changes to subsequent key action (up and down) for each key pair, Behavior ID builds up a user profile that is used to monitor consistency.

It analyzes the behavior similarity versus the normal usage patterns and attaches this statistical data to any transaction.

Steve Jillings, CEO at TeleSign said: "The power of Behavior ID is its ability to adapt to the user, transparently producing a digital fingerprint from a user's behavior to confirm their identity and develop an on-going authentication without requiring the consumer to do anything.

These unique biometric patterns are extremely accurate, from the way we move our hand on a mobile device screen or with a mouse, it is virtually impossible to precisely imitate another person's behavior."

Editorial standards