Skip to main content
close search
site logo
Dive Brief

Privacy quandary: Companies track users' 'behavioral biometrics' in the name of security

Published Aug. 15, 2018
Samantha Schwartz's headshot
Samantha Schwartz Reporter
NeiFo / Pixabay

Dive Brief:

  • Companies in the financial and retail space are collecting "behavioral biometrics" through sensors in phones or code on websites to help decipher if the user is who they claim to be on the device, according to The New York Times. Because passwords are so easily attainable by bad actors, the extra layer of oversight could be the safeguard that derails fraud.

  • Swipes, taps and login times are all accounted for in the metrics. Software from companies like BioCatch is used to construct profiles of consumers based on their gestures and then compares it to the record every time a user comes back to a site or app, according to the report. The system has a 99% accuracy rating when detecting imposters. However, different factors can contribute to inconsistencies in gestures like being tired, drunk, injured or distracted. 

  • Critics of behavioral biometrics say the additional oversight is a privacy violation because only a few companies choose to tell customers how or when they're being tracked. 

Dive Insight:

In a world where every thought is tweeted, every text message recorded and many Facebook accounts still active after Cambridge Analytica, it's hard to know what information should be kept private.

It's a paradox anyone who lives in the digital age has to deal with. Users relinquish personal data to participate on social media, yet getting upset when an organization collects too much data is something every company has to grapple with.

Even when consumers think they're doing the best practices in terms of their online security, it's very difficult to hide information from anyone. Regulations like GDPR and California's latest privacy bill are putting the right to privacy back in the hands of consumers.

However, even with legislation in place companies are making assumptions about what data qualifies as personal data, and some believe people aren't able to accurately analyze data to gain personal insights.

Right now most behavioral biometric use cases are in the workplace, to monitor employees and detect potential insider activity, according to Merritt Maxim, principal analyst at Forrester, in an email to CIO Dive.

Organizations that want to transition behavioral biometrics to monitor customers carry a risk and have to work to ensure the data they're surveilling is not personal information, he said. But some jurisdictions may claim activity, through clicks and mouse movements to be personally identifiable information, which could be a breach of privacy trust.

Collaborating with legal counsel is important to protect how these biometrics are collected, stored and retained. In doing so, it could force organizations to change their consent policies to include "explicit customer consent for behavioral data collection," Maxim said.

Recommended Reading

Filed Under: Security, Future Tech

Editors' picks

Company Announcements

View all | Post a press release
Graphiant Unveils Revolutionary Data Assurance Offering
From Graphiant
December 09, 2024
Only Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Eva…
From Cynet Security
December 11, 2024
Smart City Expo USA 2025 Speakers Announced
From Smart City Expo USA
December 11, 2024
NeuBird Secures $22.5M in Funding, Announces General Availability of Hawkeye: An AI Teammate f…
From NeuBird
December 11, 2024
Editors' picks
Latest in Security
Industry Dive is an Informa TechTarget business.
© 2024 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.