Fraudulent fingertips: How typing biometrics are changing cybersecurity

A person’s handwriting is as unique as their fingerprint. No two people write the same. In fact, a person’s profile can be constructed based on their handwriting: the spacing, how they connect the letters (if at all), and the style. Research from the National Pen Company has even shown that handwriting analysis can reveal 5,000 personality traits about person. Unsurprisingly, however, digitisation has reduced the number of people writing at all. In a survey of 2,000 Britons, one in three participants revealed they had not written anything by hand over the past six months. 

Even though people are writing less, signatures are still one of the most common forms of authentication. Signatures are required for credit card purchases, cheques, contracts, receiving packages, disclaimers, and much more. To keep up in the modern age, companies like DocuSign have made it possible to electronically sign and send documents, while governments have begun providing platforms for people to sign online petitions. Still, both a digital and handwritten signature can easily be manipulated and vulnerable to fraud. 

Nonetheless, the concept of a communication fingerprint has not been lost, it’s simply transitioned to a different medium. Biometrics is the technical term used to describe measurements based on bodily actions or human characteristics. Typing — whether on a computer, mobile phone or tablet — is the new gateway to authentication. 

20 years in the making

Typing biometrics (also known as keystroke dynamics) is AI technology that stores detailed timing information to demonstrate when a key was pressed and when it was released. ‘Dwell time’ refers to how long a key is pressed for, while ‘flight time’ is the duration between releasing a key and pressing the next. These tiny rhythms are then used for future authentication by creating a ‘digital fingerprint,’ a unique biometric template of how a person types. Whereas face or voice devices focus on identification, typing biometrics focus on identification and authentication.

Ratatype says the average person types between 37-44 words per minute, and Statista reports 81% of people in the EU use computer. Interestingly, though, typing biometrics is not a recent phenomenon. A 2017 PC World article claims the technology was developed nearly 20 years ago. The delay in its widespread use stems from inaccuracies that prevented typing biometrics from being a reliable mode of authentication. 

Fast forward to 2020, and Romanian-startup TypingDNA believes its typing-pattern-recognition technology has accuracy levels between 99% and 99.9%.

‘TypingDNA believes its typing-pattern-recognition technology has accuracy levels between 99% and 99.9%’ 

TypingDNA

Having started their research in 2014, TypingDNA officially launched in 2016. Founders Raul Popa, Cristian Tamas, and Adrian Gheara first began the project from Bucharest, Romania, but have since moved the headquarters to New York City following a $7 million Series A funding round. Their unique typing biometrics testing involves AI that combines anomaly detection, pattern recognition, and one-shot learning. A demo on TypingDNA’s YouTube channel details how the authentication works.

The company’s typing biometric technology is available to everyone, as the API is open and easily integrates into apps and platforms. TypingDNA doesn’t need a large sample of text to make informed decisions about users, relatively short bodies of text are enough. At the moment, TypingDNA is most popular with education platforms, and consumer, government, and banking apps. 

Integration in banking 

In the age of online banking, cybersecurity attacks have become a serious threat that seems to evolve with each preventative measure platforms take against them. According to a 2018 report by the European Central Bank, fraudulent transactions amount to €1.8 billion every year. 

In July 2019, the European Banking Authority officially approved the use of keystroke dynamics for multi-factor user authentication. In Europe, following new e-commerce payment rules, this means typing biometrics will be utilised for more than 300 million consumer transitions.

Beyond fraud prevention, the decision also helped elderly bankers who find voice or face recognition difficult. Likewise, typing biometrics is favorable among young bankers who prefer to type, rather than verify themselves on the phone. From an engagement standpoint, typing biometrics allow for a more intuitive banking experience too, meaning fewer users drop off during the authentication stage. 

Elsewhere, typing biometrics can be utilised in surveillance. User accounts can be tracked based on the keystroke dynamics and thus identify if multiple people are sharing one account. The idea is to ensure that software licenses are not distributed among large groups (especially for SaaS products) and that users follow security protocols by not sharing passwords.

Growing typing biometrics companies

TypingDNA is not the only venture championing the rise of typing biometrics. European startup Keystroke DNA is currently running Beta programme to test its behavioural biometrics authentication (including typing biometrics) for any web application. The software is effective on both keyboards and touch screens, and requires no special hardware to implement. Similarly, Dutch startup ID control is developing affordable authentication typing biometric solutions for MS Windows logon, Citrix, VPN, and more. Meanwhile, San Francisco-based BehavioSec has already deployed its behavioural biometrics technology for billions of transactions. 

Notably, typing biometrics is not yet powerful enough to be a single source of authentication. The technique has to be used in conjunction with a user ID and password. That said, it is strong enough to dramatically reduce cases of fraud and strengthen user privacy online. No doubt, the future of biometrics is set to continue establishing revolutionary ways of authenticating people based on their actions, and further blur the line between technology and humans. 

Grace Brennan: Grace is a writer from the UK, interested in the changing relationship between technology and humans. She loves transforming difficult subjects into digestible stories.