Skip to content

EU Approves Behavioral Biometrics as Authentication Factor

The EU made 2 decisions recently that we predict will catapult behavioral biometrics to prominence by this time next year. Here’s why.

Europe is defining its Payment Services Directive 2 (PSD2) to take effect in Sept. of next year. As part of that, the EU will require financial institutions to employ multi-factor authentication to grant user access account information. This makes plenty of sense, and is in general in line with best practices across the industry and globe.

Where it gets interesting, is that PSD2 also dictates that it still applies on mobile, and that a device biometric such as a fingerprint scanner or FaceID only counts as a single factor. When this directive goes live, the implication is that we’ll see a degradation of the user experience back to 2012 levels before biometrics, where one had to enter a username and password for each access attempt. This seems to be bad news for the European banking industry which is getting worried about the impact.

However, at the same time, the EU has officially approved the use of behavioral biometrics as an authentication factor. Behavioral biometrics differ from other forms of authentication in that they use what the user is already doing, and look at how they are doing it (behavior) to authenticate them. This promises to save the EU financial sector from a horrible user interface by allowing them to use easy on-device biometrics, and invisible behavioral biometrics to maintain the user experience their customers have come to expect.

As a result, it would seem that behavioral biometrics will be running in every secure financial application in the EU within the next year.

More from the Blog

June 1, 2022

The Unspoken Cost of Hard Tokens in Call Centers

Hard tokens are expensive and high maintenance. It is no secret that contact centers have exceptionally high churn,...
May 17, 2022

Zero Trust In BPO Call Center Environments

The Truth About Zero Trust  Every industry has a term that is overused and often misused. In the security space, Zero...
February 27, 2023

PCI 4.0: What You Need To Know About Requirement 8 & MFA In Contact Centers

It has been a year since PCI DSS v4.0 was officially announced, and its implementation date is just around the corner....

Sign Up for our Blog

We will never share your email address with third parties.