Increasingly, individuals and companies have critical data on their devices and look to their device and service vendors to keep that data safe. High-profile breaches of celebrity email and social media accounts have cast a spotlight on user authentication. While many of these breaches have been caused by phishing attacks, there is still a concern around the unauthorized access of data through device hacking.
To this end, TeleSign, a vendor in the mobile identity space, is rolling out a new, so-called Behavior ID to proactively and dynamically analyze and identify users. TeleSign already secures over 3.5 billion end user accounts via its two-factor authentication offerings; Behavior ID looks set to increase that penetration. Additionally, TeleSign already boasts that four of the five largest technology companies are customers. The company hopes to broaden that statistic with this new offering.
TeleSign's Behavior ID enables applications to analyze user behavior in the background, examining keystrokes, mouse usage and device handling to capture a "similarity score" to authenticate users. Not only can this reduce fraud and account takeover, it also solves a well-known pain point for developers -- providing great security without compromising the user experience. TeleSign is doing two things: More generally it allows developers to offload the authentication function to a third-party specialist but, more specifically, with Behavior ID it is deepening the level of surety that its customers have when using its authentication solution.
And this is a timely move -- with the recent increase in data breaches resulting in stolen account credentials proliferating on the black market, account takeover has quickly become one of the most prevalent types of cybercrime. And every online account is susceptible, from bank and retail to social media and email.
"Assessing the legitimacy of an identity claim remains one of the top digital business and fraud challenges organizations face today," wrote Avivah Litan, vice president and distinguished analyst at Gartner. Gartner recommends "favoring vendors that combine multiple identity assessment layers and provide plentiful identity data and intelligence."
In practice, TeleSign Behavior ID provides an additional, transparent layer of security for every type of consumer online or mobile app account (social networking, online auctions/marketplaces, email, dating, entertainment/gaming, travel and banking/e-commerce sites) to protect them from fraud in the background and without the need for user interaction.
Behavior ID delivers a “similarity score” based on a set of behavioral traits that are collected, analyzed and rated along the user journey, from initial account creation through ongoing access and usage of an account. This score is then used to calculate a similarity ratio between the user's current behavior and the historical, expected behavior, thus streamlining the user experience for known good users, while providing the basis for challenging potentially bad or fraudulent users with re-verification, or two-factor authentication.
Additional key features of Behavior ID include:
- Measurable behavioral patterns: Continuously monitors and recognizes the identity of a user based on behavioral patterns rather than physical attributes, including a complex mix of mouse dynamics, keystroke dynamics, the user's GUI interaction and advanced behavioral algorithms to establish a user's profile. Behavior ID utilizes the characteristics of the user's input and how they navigate through the interface to create virtual fingerprints of their behavior and determine variations that can flag user activity for re-verification.
- Continuous authentication: Behavior ID is always active and delivering continuous account protection that can be performed at any point during the entire user session, from initial login to account updates and specific transactions. This continual authentication makes the overall user experience more streamlined and secure for good users while ensuring incorrect, or malicious, users are quickly challenged and blocked from causing harm or financial damage.
- Transparent enrollment: No user interaction is required to enroll, enable and start protecting an account from compromise. Users simply continue to use their Web or mobile application as normal; no change is required in their workflow or behavior.
- Detailed usage monitoring: View and monitor all verification and authentication events through a single set of comprehensive usage reports and centralized dashboard.
While some might balk at the "Big Brother" aspects of this sort of monitoring, the reality is that most people are happy to accept a degree of monitoring in return for heightened security. TeleSign's new broader authentication offering looks like a compelling proposition for end users and application developers alike.
This article is published as part of the IDG Contributor Network. Want to Join?