Advertisement

Behavioral Biometrics in Mobile Banking and Payment Applications

  • Piotr KałużnyEmail author
Conference paper
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 339)

Abstract

This paper presents an overview on the possible use of behavioral biometrics methods in mobile banking and payment applications. As mobile applications became more common, more and more users conduct payments using their smartphones. While requiring secure services, the customers often do not lock their devices and expose them to potential misuse and theft. Banks and financial institutions apply multiple anti-fraud and authentication systems - but to ensure the required usability, they must develop new ways to authenticate their users and authorize transactions. Answer to this problem comes with a family of behavioral biometric methods which can be utilized to secure those applications without hindering the usability. The goal of this paper is to describe potential areas in which behavioral biometrics can be used to ensure more secure mobile payments, increase usability and prevent frauds.

Keywords

Behavioral biometrics Authentication Behavioral profiling Banking Mobile applications Security 

References

  1. 1.
    GSMA Intelligence: The mobile economy 2018 (2018). https://www.gsma.com/mobileeconomy/wp-content/uploads/2018/02/The-Mobile-Economy-Global-2018.pdf. Accessed 05 July 2018
  2. 2.
    Deloitte Center for Financial Services: 2018 banking outlook (2018). https://www2.deloitte.com/global/en/pages/financial-services/articles/gx-banking-industry-outlook.html. Accessed 05 July 2018
  3. 3.
    Visa: Annual digital payments study Europe 2017 (2017). https://www.visaeurope.com/media/pdf/45377.pdf. Accessed 05 July 2018
  4. 4.
    Visa: Annual digital payments study Poland 2016 (2016). https://resources.mynewsdesk.com/image/upload/thv1p2ep6thuchr66z6m.pdf. Accessed 05 July 2018
  5. 5.
    Fridman, L., Weber, S., Greenstadt, R., Kam, M.: Active authentication on mobile devices via stylometry, application usage, web browsing, and GPS location. IEEE Syst. J. 11(2), 513–521 (2017)CrossRefGoogle Scholar
  6. 6.
    Hevner, A.R., March, S.T., Park, J., Ram, S.: Design science in information systems research. MIS Q. 28(1), 75–105 (2004)CrossRefGoogle Scholar
  7. 7.
    Saeed, K.: Biometrics principles and important concerns. In: Saeed, K., Nagashima, T. (eds.) Biometrics and Kansei Engineering, pp. 3–20. Springer, New York (2012).  https://doi.org/10.1007/978-1-4614-5608-7_1CrossRefGoogle Scholar
  8. 8.
    Crawford, H., Renaud, K.: Understanding user perceptions of transparent authentication on a mobile device. J. Trust Manag. 1(1), 7 (2014)CrossRefGoogle Scholar
  9. 9.
    Kałużny, P.: Behavioural profiling authentication based on trajectory based anomaly detection model of user’s mobility. In: Abramowicz, W. (ed.) BIS 2017. LNBIP, vol. 303, pp. 242–254. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-69023-0_21CrossRefGoogle Scholar
  10. 10.
    Gascon, H., Uellenbeck, S., Wolf, C., Rieck, K.: Continuous authentication on mobile devices by analysis of typing motion behavior. In: Sicherheit, pp. 1–12. Citeseer (2014)Google Scholar
  11. 11.
    Li, F., Clarke, N., Papadaki, M., Dowland, P.: Active authentication for mobile devices utilising behaviour profiling. Int. J. Inf. Secur. 13(3), 229–244 (2014)CrossRefGoogle Scholar
  12. 12.
    Milton, L.C., Memon, A.: Intruder detector: a continuous authentication tool to model user behavior. In: 2016 IEEE Conference on Intelligence and Security Informatics (ISI), pp. 286–291. IEEE (2016)Google Scholar
  13. 13.
    Shi, E., Niu, Y., Jakobsson, M., Chow, R.: Implicit authentication through learning user behavior. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 99–113. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-18178-8_9CrossRefGoogle Scholar
  14. 14.
    Gupta, S., Buriro, A., Crispo, B.: Demystifying authentication concepts in smartphones: ways and types to secure access. Mob. Inf. Syst. 2018 (2018). https://www.hindawi.com/journals/misy/2018/2649598/cta/
  15. 15.
    Saevanee, H., Clarke, N.L., Furnell, S.M.: Multi-modal behavioural biometric authentication for mobile devices. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IAICT, vol. 376, pp. 465–474. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-30436-1_38CrossRefGoogle Scholar
  16. 16.
    Bailey, K.O., Okolica, J.S., Peterson, G.L.: User identification and authentication using multi-modal behavioral biometrics. Comput. Secur. 43, 77–89 (2014)CrossRefGoogle Scholar
  17. 17.
    Telesign: Beyond the password: the future of account security (2016). https://www.telesign.com/wp-content/uploads/2016/06/Telesign-Report-Beyond-the-Password-June-2016-1.pdf. Accessed 10 Sept 2016
  18. 18.
    Buriro, A., Crispo, B., Del Frari, F., Klardie, J., Wrona, K.: ITSME: multi-modal and unobtrusive behavioural user authentication for smartphones. In: Stajano, F., Mjølsnes, S.F., Jenkinson, G., Thorsheim, P. (eds.) PASSWORDS 2015. LNCS, vol. 9551, pp. 45–61. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-29938-9_4CrossRefGoogle Scholar
  19. 19.
    Xu, H., Zhou, Y., Lyu, M.R.: Towards continuous and passive authentication via touch biometrics: an experimental study on smartphones. In: Symposium on Usable Privacy and Security, SOUPS, vol. 14, pp. 187–198 (2014)Google Scholar
  20. 20.
    Kayacik, H.G., Just, M., Baillie, L., Aspinall, D., Micallef, N.: Data driven authentication: on the effectiveness of user behaviour modelling with mobile device sensors. arXiv preprint arXiv:1410.7743 (2014)
  21. 21.
    Ehatisham-ul Haq, M., Azam, M.A., Naeem, U., Amin, Y., Loo, J.: Continuous authentication of smartphone users based on activity pattern recognition using passive mobile sensing. J. Netw. Comput. Appl. 109, 24–35 (2018)CrossRefGoogle Scholar
  22. 22.
    Wang, X., Yu, T., Zeng, M., Tague, P.: XRec: behavior-based user recognition across mobile devices. Proc. ACM Interact. Mob. Wearable Ubiquit. Technol. 1(3) (2017). Article no. 111. https://portalparts.acm.org/3140000/3139486/fm/frontmatter.pdf?Google Scholar
  23. 23.
    Alzubaidi, A., Kalita, J.: Authentication of smartphone users using behavioral biometrics. IEEE Commun. Surv. Tutor. 18(3), 1998–2026 (2016)CrossRefGoogle Scholar
  24. 24.
    Guerra-Casanova, J., Sánchez-Ávila, C., Bailador, G., de Santos Sierra, A.: Authentication in mobile devices through hand gesture recognition. Int. J. Inf. Secur. 11(2), 65–83 (2012)CrossRefGoogle Scholar
  25. 25.
    Bo, C., Zhang, L., Li, X.Y., Huang, Q., Wang, Y.: SilentSense: silent user identification via touch and movement behavioral biometrics. In: Proceedings of the 19th Annual International Conference on Mobile Computing & Networking, pp. 187–190. ACM (2013)Google Scholar
  26. 26.
    Li, L., Zhao, X., Xue, G.: Unobservable re-authentication for smartphones. In: NDSS, pp. 1–16 (2013)Google Scholar
  27. 27.
    Ngoc Diep, N., Pham, C., Minh Phuong, T.: SigVer3D: accelerometer based verification of 3-D signatures on mobile devices. In: Nguyen, V.-H., Le, A.-C., Huynh, V.-N. (eds.) Knowledge and Systems Engineering. AISC, vol. 326, pp. 353–365. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-11680-8_28CrossRefGoogle Scholar
  28. 28.
    Sultana, M., Paul, P.P., Gavrilova, M.: A concept of social behavioral biometrics: motivation, current developments, and future trends. In: 2014 International Conference on Cyberworlds (CW), pp. 271–278. IEEE (2014)Google Scholar
  29. 29.
    Saevanee, H., Clarke, N., Furnell, S., Biscione, V.: Text-based active authentication for mobile devices. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 99–112. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-642-55415-5_9CrossRefGoogle Scholar
  30. 30.
    Damaševičius, R., Maskeliūnas, R., Venčkauskas, A., Woźniak, M.: Smartphone user identity verification using gait characteristics. Symmetry 8(10) (2016).  https://doi.org/10.3390/sym8100100CrossRefGoogle Scholar
  31. 31.
    Zahid, S., Shahzad, M., Khayam, S.A., Farooq, M.: Keystroke-based user identification on smart phones. In: Kirda, E., Jha, S., Balzarotti, D. (eds.) RAID 2009. LNCS, vol. 5758, pp. 224–243. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-04342-0_12CrossRefGoogle Scholar
  32. 32.
    Shahzad, M., Liu, A.X., Samuel, A.: Secure unlocking of mobile touch screen devices by simple gestures: you can see it but you can not do it. In: Proceedings of the 19th Annual International Conference on Mobile Computing & Networking, pp. 39–50. ACM (2013)Google Scholar
  33. 33.
    Zou, L., He, Q., Feng, X.: Cell phone verification from speech recordings using sparse representation. In: 2015 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 1787–1791. IEEE (2015)Google Scholar
  34. 34.
    Bayometric: Top five biometrics: face, fingerprint, iris, palm and voice. https://www.bayometric.com/biometrics-face-finger-iris-palm-voice/. Accessed 27 Aug 2012
  35. 35.
    Alotaibi, S., Furnell, S., Clarke, N.: Transparent authentication systems for mobile device security: a review. In: 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST), pp. 406–413. IEEE (2015)Google Scholar
  36. 36.
    Wójtowicz, A., Joachimiak, K.: Model for adaptable context-based biometric authentication for mobile devices. Pers. Ubiquit. Comput. 20(2), 195–207 (2016)CrossRefGoogle Scholar
  37. 37.
    Ayed, M.B.: Method for adaptive authentication using a mobile device. US Patent 8,646,060, 4 Feb 2014Google Scholar
  38. 38.
    Giuffrida, C., Majdanik, K., Conti, M., Bos, H.: I sensed it was you: authenticating mobile users with sensor-enhanced keystroke dynamics. In: Dietrich, S. (ed.) DIMVA 2014. LNCS, vol. 8550, pp. 92–111. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-08509-8_6CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Poznań University of Economics and BusinessPoznańPoland

Personalised recommendations