Over the past few years, the banking and financial services industry has been put under increased scrutiny. Organizations that operate in this heavily regulated space are tasked with keeping up to date with the technological advancements of the decade and responding to the contemporary needs of clients—which include the use of modern security methods and the provisioning of easy-to-use products and services. This post explores why banks should deploy keystroke dynamics authentication—a behavioral biometrics technology—to meet these requirements, increasing the security of internet banking while removing the negative effects of mainstream identity verification methods such as one-time passcodes (OTP) and software tokens. Besides being a key driver of technological innovation, behavioral biometrics technologies can provide seamless authentication, prevent fraud, and ensure compliance with online payment regulations—including PSD2’s requirement for strong customer authentication (SCA) as mentioned by the Regulatory Technical Standards (RTS).
Why is authentication relevant for banks?SCA seeks to promote and enhance the security of electronic payments made by European citizens in the European Economic Area (EEA) and abroad. The extended deadline for compliance with PSD2 is now December 31, 2020. By then, banks and financial services providers that process European citizens’ transactions are required to secure their customers’ access to accounts with at least two distinct factors of authentication from these categories:
OTPs and software tokens issues: lack of accessibility and device switchingTo authenticate their customers, banks and financial services providers typically use a combination of password security and one-time passcodes or software tokens. Yet the speed of transactions and the number of steps these traditional authentication approaches require lead to customer discontent and transaction abandonment. In the case of OTPs, what’s really inconvenient for customers is having to switch between devices. At the same time, software tokens are also highly inconvenient due to their limited accessibility. Consumers are often baffled by the time-consuming and tech-savvy nature of the effort required to set up additional token apps. In short, the overall negative user experience of traditional authentication adds hurdles to the banking process and risks annoying consumers to the point of transaction abandonment.
Passwords can be good enough if you also look at how they’re typed
Findings show that banks should continue to invest in the safety of online banking, with a focus on providing seamless processes that increase customer satisfaction. However, banks should be reminded that 25% of customers abandon a transaction that lacks visible security. This is because people feel reassured by visual signs of security and have grown accustomed to them in recent years.Although 80% of data breaches are tied to weak passwords, 50% of businesses still primarily rely on passwords as the main method of authentication. In this light, applying keystroke dynamics is a great way to allow customers to continue using passwords like they’re used to but in a more secure manner—and without added effort.
3 reasons banks should deploy keystroke dynamics authenticationPopularly known as keystroke dynamics, typing biometrics technology analyzes and matches users’ unique typing behaviors to verify their identities. The technology can be utilized to guarantee strong customer authentication with an unobtrusive layer of security based on how people type their credentials. With that in mind, let’s take a look at three reasons banks should consider adding keystroke dynamics authentication to streamline access to their applications.
1. Seamless customer experienceCustomers don’t have to exert extra effort. Authentication based on typing behavior analysis is done passively during login when they input their credentials. This frictionless design improves the customer experience.
2. Wide availabilityTyping behavior is the most widely available biometric due to the prevalence of keyboards in almost any device. Since it only requires a keyboard to work—and no expensive hardware or browser permissions—typing biometrics can be applied for banking authentication regardless of customers’ socio-economic environments or individual backgrounds. In other words, customers don’t need tech knowhow or fancy smartphones to benefit from state-of-the-art security on their accounts.
3. ComplianceThe European Banking Authority (EBA) has recently approved keystroke dynamics as a compliant inherence element for SCA. This recognition further confirms that banks should deploy keystroke dynamics authentication to eliminate the friction of security mechanisms while remaining compliant with regulations.
All in all, typing biometrics authentication represents an opportunity for banks to balance the convenience of innovative technologies with the increased security of behavioral biometrics—which are irreplicable and almost impossible to breach.Check out this authentication demo to see how keystroke dynamics technology works in various scenarios.