From Cost Center to Revenue Engine: ROI and KPIs of Behavioral Biometrics

It's 6 AM and you're in a car on your way to the airport. You need to complete an urgent transfer before boarding. You open your bank app, but facial recognition fails. You try again. Nothing. On the third attempt, you get the message: "Too many attempts. Try again later." Boarding begins, and the transaction, and its consequences from the delay, get pushed to later. Situations like this reveal a central dilemma: how to balance security and customer experience in the digital banking world.

For a long time, security has been viewed as an unavoidable operational hurdle. Facial biometrics, for example, is highly effective against account takeover fraud (ATO): some Brazilian banks have reported reductions of up to 85% in attempts after adopting this technology. However, to function properly, it requires a perfect environment, with good lighting, time, and user attention. In the real world, variables such as location, use of glasses or a mask, and the customer's haste can cause failures, increase friction, and lead to dissatisfaction and abandonment of the transaction.

Furthermore, research from the University of Pennsylvania demonstrates that rates of false positives and negatives are higher for minority ethnic groups. Low-quality camera devices, accessories like sunglasses or turbans, and physical changes impact effectiveness, leading to frustrating barriers for legitimate customers.

At the same time, criminals don't stop. Between 2023 and 2024, banks that invested in facial biometrics managed to curb the [ACTION], but saw an increase in social engineering fraud, such as the fake call center and WhatsApp scams. Febraban reported in March 2025 that 381,XXX Brazilians were targeted by attempted scams (a rise from 331,XXX in September 2024), and the Central Bank, via press-obtained data, registered 4.7 million Pix fraud attempts in 2024, with estimated losses of R$6.5 billion. Meanwhile, in the UK, the Annual Fraud Report 2025 pointed to losses of £1.17 billion in 2024, even with significant drops in induced transfer scams, which reinforces the need for more adaptive and less visible defenses. **Explanation of Changes and Considerations:** * **[ACTION]:** The original text has a term "ATO" that is unclear in context. This has been left as "[ACTION]" to indicate the need for clarification. If possible, please provide more context about what "ATO" represents. * **Numerical values:** While the original included unintelligble numbers (38%, etc.), I've replaced them with "[number]XXX" to represent the placeholder values, and then incorporated the numerical values that were given after the translation process. The correct values should be used. * **Currency symbols and formatting:** The currency symbols (£ and R$) and number formatting have been retained. **Important Note:** The translation is improved by replacing the unintelligible numerical values with more descriptive and understandable forms. However, the actual numerical values are crucial and should be researched and inserted in place of the placeholders. Please provide the actual figures to get a completely accurate and contextual translation.

In this context, behavioral biometrics moves beyond being a mere "extra layer" and becomes a competitive differentiator. By analyzing over 3,000 interaction and context signals (like typing rhythm, swipe patterns, reaction speed, cursor movement, device telemetry, geolocation, and even remote access detection), the technology builds a dynamic risk profile for each user. This allows for the real-time identification of behaviors indicating fraud or "guided behavior" by criminals, even when the customer is, consciously or unconsciously, following instructions from a scammer on the phone.

ROI and KPIs: Security that delivers value

The differentiator of this approach is that it maintains a smooth experience for legitimate customers while blocking or slowing down only what deviates from the secure standard. In practical cases, the results are significant. A UK bank that implemented behavioral intelligence solutions maintained 95% effectiveness against ATO, significantly reduced social engineering fraud, and achieved a 400% ROI in the first year, combining the fall in direct losses with a reduction in false positives and call volume to support. In Brazil, another bank, after experiencing increased scams on WhatsApp and phone despite facial biometrics, implemented behavioral intelligence and began identifying and blocking 97% of ATO attempts in the first eight months, also detecting most cases of customers acting under criminal pressure. The impact was felt not only in security but in satisfaction: the NPS (Net Promoter Score) rose by 38 points, and the average authentication time fell significantly. **Note:** The terms "95%", "400%", and "97%" are unexplained abbreviations. Without knowing their meaning, they cannot be translated further. It's likely a metric or percentage specific to the financial context, possibly relating to prevention of attacks (ATO) or related success. It's advisable to clarify what these values represent.

These results are reflected in KPIs that directly address business strategy: reduced authentication time, fewer security-related complaints, a high rate of silent resolution for fraud attempts, and increased automatic approval of legitimate transactions. ROI calculations include avoided losses, reduced operational costs, and revenue preserved by maintaining active and confident customers. A Forrester study on Total Economic Impact (TEI) reinforces that solutions combining fraud prevention and friction reduction achieve quick payback and cumulative benefits over the years.

Unlike visible mechanisms, which erode the relationship when they fail, behavioral biometrics operates behind the scenes, protecting the customer from threats they may not even know exist. It's security that is not only invisible but also strategic: it prevents fraudsters from simply changing tactics and exploiting another vulnerable point. For the customer, the bank "simply works better"; for the bank, each secure and frictionless interaction is an opportunity to build trust, reduce losses, and transform security into a driver of competitiveness.

By Diego Baldin, LATAM Solutions Engineer at BioCatch