AI Case Study

Dankse Bank identifies fraudulent online banking customers with 99.7% accuracy in a pilot with the BehavioSec behavioural biometrics system

Danske Bank piloted Behaviosec's BehavioWeb product for fraud detection. BehavioWeb analyses customer actions when they log in to online banking and perform transactions during a session and compares them with a threshold for determined by machine learning in an effort to reduce false positives and false rejections for fraud detection. The pilot program had a 99.7% success rate of correctly identifying fraudulent users with legitimate ones.


Financial Services


Project Overview

"Danske Bank installed a timing collector into their online E-banking solution (for a limited number of users) at the end of 2012. Collection of data ran for a few months, so that sufficient amounts of transactions could be seen for the majority of the users. BehavioSec utilized a simulator of its BehavioWeb system to be able to post process user data that was captured by Danske Bank. The data was inputted into the simulator which simulated how BehavioWeb would work in a realtime production environment."

Reported Results

"BehavioWeb product was able to properly distinguish between correct user and imposter with stolen credentials in 99.7% of the cases. These results led Danske Bank to deploy BehavioWeb on real users in live environment to further field test the technology."


"Biometrical systems generally separate impostors from a correct user, by matching a score against a threshold. For the simulation the user profiles were built by chronologically inserting every transaction into the simulator, user by user. In this stage, every transaction made for each user was considered to have been made by the correct user. The score received for each such insertion, beyond the first 10 insertions for each profile (training phase), were stored and later used to calculate the FRR [false recognition rate] of the system.

To be able to calculate the FAR [false acceptance rate] of the system it was necessary to simulate attacks in some way. For this project we simulated 5 attacks against every profile by using timing data from different non-correct users. The scores returned from these attacks were then used to calculate the false accept rate of the system.
Timing data was gathered from 4 different input forms:

* Login form (username, password)
* Verification form (one-time password)
* Fund transfer form
* Signature form
...the matching algorithm performs a decision based on a threshold, which determines how close to a template the input sample needs to be for it to be considered a match."





BehavioSec focuses on "behavioral biometrics, a measurable behavior used to recognize or verify the identity of a person. Behaviometrics focus on behavioral patterns rather than physical attributes. After a user is verified with traditional security techniques, such as passwords,Behaviometrics can enhance the protection even after the user has logged in. It can continuously monitor the user during the whole working session to create an ongoing authentication process. A behavioral continuous authentication system uses a set of behavioral traits to calculate a
similarity ratio between the current user’s behavior and the expected. The similarity can be combined with a threshold, so that if the similarity drops below the set threshold, the user
will be detected as an imposter."



18,000 online e-banking live users and 540,000 transactions.