• BIOMETRIC UPDATE - BehavioSec updates behavioral biometrics platform for hosted, cloud deployments ... Learn More >>

  • MOBILE ID WORLD - Newly Granted BehavioSec Patents Detail Mobile-based Behavioral Biometrics, Social Engineering Detection ... Read It >>

  • PLANET BIOMETRICS - BehavioSec updates behavioural platform ... New! >>

Learn More »

Privacy FAQ

  • Frequently Asked Questions
  • Share
man looking at his laptop

What is behavioral biometrics?

Pioneered by BehavioSec, behavioral biometrics uses characteristics of human behavior to authenticate individuals based on how they digitally engage their devices and apps, such as mouse movements, typing rhythm, touch and swipe gestures, or how they hold their device. In contrast to physical biometrics like a fingerprint, behavioral biometrics provides continuous authentication to verify digital identities by passively monitoring of behavioral inputs without negatively impacting their experience.

BehavioSec first introduced this technology in 2007. Today, BehavioSec serves a wide range of Global 2000 enterprises and advanced Research and Development projects, including projects for the U.S. Department of Defense’s Defense Advanced Research Projects Agency (DARPA).

What is behavioral biometrics software?

Our patented, software-based platform enables enterprises to seamlessly integrate behavioral biometrics into existing and future mobile and web applications and other online services. Using an extensive set of REST APIs and lightweight SDKs, our platform provides enterprises with real-time, actionable intelligence and continuous authentication of their end users. This allows our customers to prevent fraud, like account takeovers, new account fraud, and machine automated attacks, and achieve compliance for mandates like PSD2 and SCA, and empower their digital transformation with frictionless security.

What type of data is collected from my customers?

We monitor digital inputs including mouse movements, typing rhythm, touch and swipe gestures, or the particular way an individual holds a device. This raw data is turned into statistical variances. The software does not rely on personally identifiable information or other static data.

Is BehavioSec General Data Protection Regulation (GDPR) compliant?

BehavioSec complies with the elements of Article 40 of the GDPR that are applicable wherever data is stored and during the course of carrying out contractual obligations for the “Data Controller.”

We work with our customers to ensure that all behavioral biometrics data processing remains compliant with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to our solution.

Are there any obstacles that would prevent the sharing of customer data across borders for global, mobile end-users?

All data is handled and stored according to the requirements of the legal jurisdiction where it is collected. Individual data transfers should be managed on a case-by-case basis since governing regulations are varied between jurisdictions and are frequently updated.

Is the data processed by the BehavioSec solution classified as Personally Identifiable Information (PII)?

No, Personally Identifiable Information (PII) used in information security is also categorized as Personal Data under European law and is covered by the GDPR. While our behavioral biometrics profiles are unique to each end user, it is not possible to use behavioral biometrics profiles to identify sensitive information about a person like age, race, gender, or other personally identifiable information.

Will the use of BehavioSec behavioral biometrics software cause problems for my legal or compliance teams?

No.  We have customers in Europe under General Data Protection Regulation (GDPR) and other data privacy mandates using our solution, and they have not experienced any issues.   In fact, there are some circumstances where using the technology may not require explicit consent – depending on the use case and the particular country/regulator.

We are happy to share with you our legal findings and experience, and recommend you always start by understanding how and where you intend to use our technology, and engage your legal and compliance teams as appropriate.

What if someone manages to steal or listen in and record the behavior of a user?

No worries.  Our behavioral biometrics profiles and risk scores are based on statistical variances, so it isn’t possible to replay, reuse, mimic, or identify an individual based on a recorded sample. The behavioral biometrics profile itself is simply a description of variances of application-specific behavior.

How would our customer data be secured during transmission from the mobile app or website?

First, all data is transmitted over TLS v1.2, providing for strong encryption in transit. Second, the client-side SDK can anonymize static private data so that only behavioral timings are sent and not the actual keystrokes.

Where is the data hosted?

In our customers environment of choice. The BehavioSense solution supports both on-premises and cloud-hosted environments. As of today, we have successfully deployed our software within Amazon Web Services (AWS), Azure, and IBM Softlayer cloud infrastructures.