EU Approves Behavioral Biometrics as Authentication Factor

The EU made 2 decisions recently that we predict will catapult behavioral biometrics to prominence by this time next year. Here’s why.

Europe is defining its Payment Services Directive 2 (PSD2) to take effect in Sept. of next year. As part of that, the EU will require financial institutions to employ multi-factor authentication to grant user access account information. This makes plenty of sense, and is in general in line with best practices across the industry and globe.

Where it gets interesting, is that PSD2 also dictates that it still applies on mobile, and that a device biometric such as a fingerprint scanner or FaceID only counts as a single factor. When this directive goes live, the implication is that we’ll see a degradation of the user experience back to 2012 levels before biometrics, where one had to enter a username and password for each access attempt. This seems to be bad news for the European banking industry which is getting worried about the impact.

However, at the same time, the EU has officially approved the use of behavioral biometrics as an authentication factor. Behavioral biometrics differ from other forms of authentication in that they use what the user is already doing, and look at how they are doing it (behavior) to authenticate them. This promises to save the EU financial sector from a horrible user interface by allowing them to use easy on-device biometrics, and invisible behavioral biometrics to maintain the user experience their customers have come to expect.

As a result, it would seem that behavioral biometrics will be running in every secure financial application in the EU within the next year.

John Tanios