• View Gartner Market Guide For Online Fraud. Read Here.

  • Read Gartner Market Guide For User Authentication. View Here.

  • BehavioSec Announces More Continuous Authentication Features Read Press Release

Learn More »

Privacy FAQ

  • Frequently Asked Questions
  • Share

What is Behavioral Biometrics?

Pioneered by BehavioSec, Behavioral Biometrics uses characteristics of human behavior to authenticate individuals based on how they perform digital inputs, such as mouse movements, typing rhythm, touch and swipe gestures, or the particular way an individual holds their device. Behavioral Biometrics provides continuous authentication to verify an individual by monitoring known biometric behavior in the background without negatively impacting their experience.

BehavioSec introduced this technology in 2007. Today, BehavioSec serves a wide range of Global 2000 enterprises while continuing to work on advanced Research and Development projects, including projects for the U.S. Department of Defense’s Defense Advanced Research Projects Agency (DARPA).

What is Behavioral Biometrics Software?

BehavioSec’s patented approach enables enterprises to seamlessly integrate our Behavioral Biometrics software platform into their existing and future mobile and web apps. Using a rich suite of APIs and lightweight SDKs, BehavioSec’s software provides enterprises with realtime actionable intelligence scores and continuous authentication of users, preventing account takeovers, new account fraud and machine automated attacks.

What type of data is collected from my customers?

We monitor digital inputs including mouse movements, typing rhythm, touch and swipe gestures, or the particular way an individual holds a device. This raw data is turned into statistical variances. The software does not store personally identifiable information.

Is BehavioSec General Data Protection Regulation (GDPR) compliant?

BehavioSec complies with the elements of Article 40 of the GDPR that are applicable wherever data is stored and during the course of carrying out contractual obligations for the Data Controller.

The processing of any personal data always complies with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to BehavioSec.

Are there any obstacles that would prevent the sharing of customer data across borders for globally mobile end-users?

All data is handled and stored according to the requirements of the legal jurisdiction where it is collected. Individual data transfers should be dealt with on a case-by-case basis since governing regulations are frequently updated.

Is BehavioSec's Behavioral Biometrics Data classified as Personally Identifiable Information (PII)?

No, Personally Identifiable Information (PII) used in information security is also categorized as Personal Data under European law and is covered by the GDPR. While BehavioSec’s Behavioral Biometrics are unique to each user profile, it is not possible to Behavioral Biometrics to identify things like, age, race, gender, or other personally identifiable information.

Will the use of BehavioSec's Behavioral Biometrics Software increase the workload for my legal & compliance teams?

Because we have already laid all the groundwork for compliance with the General Data Protection Regulation (GDPR), there should be no legal or compliance hassles. While our Behavioral Biometrics are unique to each user profile, it is not possible to use Behavioral Biometrics to identify things like, age, race, gender, or other personally identifiable information.

What if someone manages to listen in and record the behavior of a user?

There is no risk from using Behavioral Biometrics as an added security layer to protect your customers and your company. Because the behavioral score is based on statistical variances, it isn’t possible to replay, reuse, mimic, or even identify an individual; the profile is a description of variances. We don’t store personally identifiable information.

What could happen if the database storing the behavioral profiles is hacked?

BehavioSense implements the following security controls to protect the database and its data:

  1. As a cloud offering, all the components are placed in a VPC instance on a separate, isolated account.
  2. Within this VPC, an isolated subnet is used to host the database.
  3. The database is encrypted and only accessible from the internal application tier that is designed to interact with it.

Even if the above security controls were circumvented, the data would be useless to a thief due to its very nature as described in the answer to “What type of data is collected from my customers?”.

How would our customers' data be secured during transmission from the mobile app or website?

First, all data is transmitted over TLS v1.2, providing for strong encryption in transit. Second, the client-side SDK can anonymize static private data so that only behavioral timings are sent and not actual keystrokes.

Where is the data hosted?

The BehavioSense solution supports both on-premises and cloud hosted environments. We have successfully deployed within Amazon Web Services (AWS), Azure, and IBM Softlayer cloud infrastructures. We will consider deployment in another provider’s facilities, as long as they meet the necessary technical and compliance requirements.