Banner image

Business and Technology Insights

Customer-centric Security Using Cognitive Signatures

 
March 8, 2018

News of data theft and security breach at enterprises have become so commonplace that they have moved from front-page headlines to sidebar snippets. But the magnitude of the problem data theft poses remains undiminished; in fact, it has only grown in recent months.

While many organizations give high priority to digital security, they often resort to traditional methods and struggle to ensure a good customer experience. They usually focus on securing the ‘front door’ by authenticating users based on their credentials or some static risk rule. While these security processes might meet industry standards, they very often fail to deter sophisticated hackers—for example, even after a user has passed the ‘front door’ authentication process, he is vulnerable to a Man-in-the-Middle (MITM) attack.

So, what’s the solution? Cognitive signatures enabled by continuous intelligent security and behavioral biometric models. Security clearances, which open doors to digital systems, should be intelligent and customized, and be less of a ‘one size fits all’. The sheer amount of data that is available today (and that can be processed with great speed) makes user behavioral metrics and patterns a good candidate for artificial intelligence-based machine learning algorithms. Cognitive signatures, or the data points that capture the unique ways a person interacts with a digital system—think, digital apps based on user touches, gestures and context—have become critical in identifying a user.

Intelligent security captures user behavioral metrics and patterns to authenticate users ‘continuously’ and ‘invisibly’ as they interact with or transact on digital platforms. Cognitive signatures can help identify the fraudster even in cases of phishing or identity fraud.

There are hundreds of attributes that could define a person’s unique cognitive signature. Figure 1 below demonstrates a few of them—the way users hold a device, the  pressure they exert, their navigation pattern, the way they bring the cursor back, and the like. Artificial intelligence techniques such as machine learning algorithms are used to collect and process data from each user to create a unique signature based on the attributes that the user exhibits prominently and differently from others. This data need not always be captured with a one-time initialization phase but can also be gathered from existing channels (Web, Call center data). The user’s behavior pattern is then constantly evaluated against their cognitive signature, in a frictionless manner.

Figure 1: An Indicative Cognitive Signature Structure of Two Different Users

Certain behavioral attributes of fraudsters such as their proficiency with rarely used transaction workflows and their inability to intuitively, and from memory, reproduce personal profile information, provide great behavioral insights while analyzing and detecting fraud.

Many institutions are experimenting with behavioral biometric security approaches and are reporting a high success rate with very low, false acceptance, and rejection percentages. These systems are also able to identify genuine cases like, shared credentials within multiple members of a household, quite effectively. All these are being accomplished without compromising user experience or impacting top line growth.

To put up an effective wall against bad actors, enterprises need to augment their current static security measures with a more dynamic, intelligent and customer-centric one. Adopting ‘continuous security’ based on intelligent behavioral biometrics to build that line of defense ensures that intruders find it hard to knock down the wall.

Here is a final thought. Using behavioral biometric models, it is conceivable that in the future we will access a banking application not by the content of our password but by the way we type it! Getting started on this journey only requires a conversation with a specialist.

 

Sundar is part of the Front Office Rapid Transformation & Execution (FoRTE) team in the Consulting & Services Integration practice of Tata Consultancy Services. He has over 20 years of industry experience, and has architected and implemented robust online security solutions for large global banking, insurance, and pharmaceutical clients. Since the past few years, he has been engaged in digital strategic and technology consulting for large corporations in North America, and has helped set up Centers of Excellence to deliver on digital strategies. His academic engineering project dissertation in 1997 was based on artificial intelligence-driven expert systems.