-Ashutosh Dubey, NPCI
Smart mobile devices are now an integral part of daily life; they are our main interface to cyber-world. We use them for on-line shopping, education, entertainment, and financial transactions. As such, it is not surprising that companies are working hard to improve their mobile services to gain competitive advantages. Accurately and non-intrusively identifying users across applications and devices is one of the building blocks for better mobile experiences, since not only companies can attract users based on their characteristics from various perspectives, but also users can enjoy the personalized services without much effort
Major Digital Payment Frauds and prevention mechanism
Behavioural Biometric/Cognition Solutions
Behavioural Biometrics provide digital payment apps with an invisible layer of security that continuously authenticates users by analysing the unique ways they interact with their device via keystrokes, swipe patterns, scroll speed, etc. With the help of this data, behavioural biometrics parses through hundreds of parameters, which combined, are impossible for fraudsters to mimic. Behavioural Biometrics offer continuous, passive authentication, which can differentiate between real users and fraud attempts while reducing friction past the initial authentication.
Without real-time follow up, authentication at the login is not good enough. Behavioural Biometrics technology enables digital payment apps to provide users with continuous authentication, an approach that is especially useful in detecting malicious bots, RATs, hijacked sessions and other automated attacks that are based on using stolen valid user credentials. With fraud attacks growing in both volume and sophistication, the need for a passive, frictionless continuous authentication technology is becoming evident. The following are the specifications for implementation:
a. Mobile Screen Touch
b. Web scrolling
c. Device Details
d. Key Strokes
a. Interaction preferences
b. Use of shortcuts
c. Swiping
d. Data entry attributes
e. Speed of Key stroking
f. Press size
g. Segmented typing
h. Mistakes in typing
The information collected will result in the performing Behavioural profiling of the individuals and predicts the Fraud score between a range associated with the probability as per defined business rules. Some of the major context that can be used for profiling:
Challenges in implementations
Conclusion
User identification is a fundamental, but yet an open problem in mobile computing. Traditional approaches resort to user account information or browsing history. However, such information can pose security and privacy risks, and it is not robust as can be easily changed, e.g., the user changes to a new device or using a different application. Monitoring biometric information including a user’s typing behaviours tends to produce consistent results over time while being less disruptive to user’s experience. Furthermore, there are different kinds of sensors on mobile devices, meaning rich biometric information of users can be simultaneously collected. Thus, monitoring biometric information appears to be quite promising for mobile user identification