Almost every week, there seems to be a headlining story about photo leaks or XYZ Company’s accounts being ‘compromised’.

As we increasingly rely on smartphones for nearly all areas of work and life, it’s no surprise that we’re becoming extra protective when it comes to securing our devices and accounts.

According to a recent report by the Financial Fraud Action UK, e-commerce fraud hit £174.5 million in the first half of 2014, a 23% increase from the same period last year.

When it came to online banking fraud in the region, losses increased 71% in the first six months of 2014, compared to the same period in 2013, and reached £29 million in losses.

For many, the key to our smartphones are a mere four-digit PIN or pattern of connect-the-dots.

Considering it’s the safeguard to troves of personal information and various log-ins (including email, social media accounts, Dropbox, bank account info, etc.) those don’t seem particularly strong.

For others, a more advanced fingerprint sensor might unlock your phone, but that method has also been shown to be prone to hacking.

Enter BehavioSec

Swedish startup BehavioSec is determined to up the security game with technology that measures and analyzes each person’s unique biological characteristics – such as typing speed/pressure, mouse movements and voice patterns – for authentication purposes.

With recent reports that several Nordic banks have begun rolling out BehavioSec’s technology, we caught up with the company’s CEO, Neil Costigan, to chat about the product and how it all started.

“In the last year or so, we’ve seen an explosion of interest,” Costigan explained. “What we do is we analyze people’s behaviour as they interact with their phones or browsers or the environment, and see if we can verify that they are who they say they are.”

“There’s a fine balance between usability of the product – whether it’s an app or website – versus its security needs so we bring in a nice, soft frictionless method of adding in a layer of security that wasn’t there before. We seem to be pressing the right buttons,” he added.

The startup’s tech, dubbed Behaviometrics (derived from the terms “behavioural” and “biometrics”), employs algorithms to track each person’s nuanced patterns and rhythms when interacting with their devices. It continuously monitors behaviours in the background to create a unique user profile that’s difficult to replicate.


For hackers, this would mean having to mimic idiosyncratic behaviours in addition to obtaining a password in order to gain access to a mobile device or account.

But what about when you happen to drink too much one night while trying to call a friend or fumble with your phone while on-the-run?

The startup claims its success rate on verification was up to 99.7 percent accuracy in a trial of its technology with Danish financer Danske Bank.

From research project to full-blown product

Founded in 2007 by Olov Renberg and Peder Nordstrom, BehavioSec’s products are a spin-off from the team’s research project as students at Luleå Technical University, located in northern Sweden.

Costigan, who joined the firm as CEO in 2011, said that after a couple of people showed interest in the technology, the students were encouraged to speak to an innovations group to help commercialize the concept.

With more than 20 years of experience in the entrepreneurial and tech sector, Costigan has worked and lived in Sweden, Ireland, the US and France.

“I found that in the US, there’s an awful lot more people saying they were ‘going to make something’,” he commented. “They would go ahead to market, sell and position what was essentially a whiteboard drawing. Whereas in Europe, particularly in Sweden, people will go and make the best thing possible before it ever goes out the door.”

At the moment, the application is particularly popular in the area of Internet banking and mobile payments, he said, and the company has been on many people’s radar recently. Though it’s been reported that several Nordic banks will be rolling out BehavioSec’s technology, Costigan remained tight-lipped on names of clients during our conversation because of contractual obligations.

The company was also selected in 2012 by US military research organization DARPA (Defense Advanced Research Project Agency) to help develop a new type of IT security that goes beyond password-centric ones common today. Working with DARPA undoubtedly raises the startup’s profile, but it could also raise concerns among users of its apps.

After the NSA revelations, the idea of using an app, which tracks our activity and can identify us by the way we interact with our devices, affiliated to a US agency that develops technologies used by the military might not be so appealing.

Meanwhile, it looks like Apple may be crossing paths with BehavioSec – without even realizing it.

Following the hoopla surrounding iCloud’s security, the tech juggernaut launched a predictive typing keyboard, called QuickType, which examines typing patterns and suggests words to type next (as opposed to suggesting spelling with its autocorrect feature).

Sounds like it could be fun, right? …until it begins suggesting your password as something to type next, which several iPhone users have reported. Perhaps, QuickType is another reason BehavioSec’s technology could come in handy, though.

Moving towards software-as-a-service

Since its launch, BehavioSec has grown to a team of 14 spread across Sweden, Germany and the US.

In 2011, the startup announced a €1 million funding round from Nordic early-stage tech VC Conor Venture Partners and Partnerinvest Norr among others, to expand its international footprint and further develop its product to prevent online fraud and identity theft.

Costigan told me the startup is currently raising more funding.

As for the future, BehavioSec is looking to repurpose the technology as SaaS and hopes to broaden the technology’s usage beyond banking apps, Costigan said.

We’ll be keeping a close eye on them.

Correction: 25 September 2014
An earlier version of this article misstated the names of BehavioSec’s founders – they are Olov Renberg and Peder Nordstrom, not Olov Renberg, Kristofer Nygren and Hans Peterson.

Featured image credit: Solarseven / Shutterstock
Authenticity image credit:
 Dev.Arka / Flickr

  • Great stuff (as usual), Charmaine.

  • abarrera

    Question: If someone compromises all that biometric data from the company that stores them, am I not screwed for life?