The Rise Of The ‘Device Biometric’

Big data is a trillion-dollar industry. But for merchants and financial institutions (FIs), it’s what they do with the data that counts.

In an interview with PYMNTS, Sanjay Gupta, vice president, global head of products and corporate development at Mitek, said that for those firms, getting the most out of the torrents of data generated by consumers — while boosting identity assurance efforts — requires a skillful interplay between humans and machines.

Amid the rising tide of eCommerce and the exponential growth of transactions done online, there are different data points that are emerging that couldn’t be collected before, or maybe were not even necessarily viewed as being useful.

But as Gupta told PYMNTS, during the pandemic, huge numbers of people have avoided going to stores. Merchants, he noted, are onboarding customers that they have never seen before, and many of those individuals are supplying identity documents, and in some cases selfies, to prove they are who they say they are.

“That’s one area that has been growing over the past several years,” said Gupta.

More recently, verification efforts have grown to include biometrics, where solutions seek to determine whether an individual is “live” or not (whether, for example, a fraudster is wearing a mask to help thwart detection efforts).

Beyond the physical biometrics such as fingerprints, eyes and facial features, Gupta pointed to the rise of the “device biometric,” which ties into the behavior displayed as individuals interact with their devices.

“Many companies are starting to capture device biometrics to authenticate individuals,” he said. “The device is acting as the proxy for the individual.”

In the digital realm, the way people hold devices, the speed at which they type, the location of the devices, the number of contacts they have, etc., all can serve as “signals” to legitimize an individual’s identity and thus their transactions.

How data is collected and used becomes a bit complicated, said Gupta, against a fragmented regulatory landscape. He noted that in different jurisdictions, there are different laws governing, say, who can save a selfie from the onboarding process (in most cases these firms must have users’ consent). Data laws, he added, can vary from state to state.

We’re a long way from any global standard on collection and use of consumers’ information. Certain verticals may require higher levels of friction, said Gupta. He outlined an “apex” that would include banking at the top — where strict regulations need to be followed or else the bank’s charter is at risk.

“Onboarding an individual at that point requires that you do a thorough background check,” he said, adding that banking regulations can (and do) vary between the U.S. and Europe (where GDPR might govern data).

Merchants, especially smaller ones, may find it tricky to navigate regulations, as they may not have compliance directors able to spearhead those efforts (even some larger firms may not have that staff in place).

But beyond the nuances of data collection and use itself, lie the challenges of getting consumers to adopt new behaviors and embrace biometrics, or, in a large sense, new ways of interacting with technology.

As Gupta told PYMNTS: “If you have too much friction, the individual is not going to adopt it. If you have too little friction, that’s also a scary proposition,” as consumers may be alarmed at how easy it is to get into accounts. “Finding the right balance has always been an issue.”

Drilling down a bit, the challenge has been split along demographic lines, said Gupta. Younger users are generally more open to using new technologies and have likely encountered selfies as a part of daily life. Older users are a bit more daunted by technology.

Against that backdrop, behavioral biometrics may prove to be less intrusive and more readily embraced, as “it actually doesn’t need the consumer to do anything extra — it’s done for them,” explained Gupta.

Actionable Insight

As to the nuance of the data (and its use), Gupta noted that “if we think about the data that are captured on the mobile device and the purposes to which that data are used, there are a few buckets. You have the actual service that you provide to the end customer. [As a merchant,] I am providing you a service, but now that I actually have your data, I can target you with other products or offerings.”

By way of example: Many people may use Alexa to answer questions or control home appliances, but that same assistant can feed information to Amazon to fine tune and personalize offerings on its site — a form of actionable insight.

Another form of actionable insight derived from the interplay of technology and data, he said, comes in the ongoing fight waged by FIs and against fraudsters.

“Fraudsters are looking at this data, and obviously they want to make money, too, but they’re going to create either synthetic IDs, or they’re going to figure out a way to take over your account,” he said.

Anti-fraud efforts at banks used to be siloed, and he noted that a “consortium model” may encourage companies to come together, share data and address fraud attacks in creative, new ways.

“Now what we’re starting to see is the value from the insights that you can get from saving the data across the spectrum and looking at fraud as a journey throughout the customer’s life cycle, from onboarding all the way through transacting to offboarding,” he said.