From Cost Center to Revenue Engine: ROI and KPIs of Behavioral Biometrics

It's 6:00 AM and you're in a car on your way to the airport. You need to complete an urgent transfer before boarding. You open your bank app, but facial recognition fails. You try again. Nothing. On the third attempt, you get the message: "Excessive attempts. Try again later." Boarding begins, and the transaction, and its consequences from the delay, are left for later. Situations like this reveal a central dilemma: how to balance security and customer experience in the digital banking world.

For a long time, security has been seen as an unavoidable operational hurdle. Facial biometrics, for example, is highly effective against account takeover fraud (ATO): some Brazilian banks saw reductions of up to 85% in attempts after adopting this technology. However, to function properly, it requires a perfect environment, with good lighting, sufficient time, and the user's focused attention. In the real world, variables like location, the use of glasses or masks, and the customer's haste can lead to failures, increased friction, and dissatisfaction, ultimately resulting in the abandonment of the transaction.

Furthermore, research from the University of Pennsylvania indicates that rates of false positives and negatives are higher for minority ethnic groups. Devices with low-quality cameras, accessories like sunglasses or turbans, and physical changes impact effectiveness, leading to legitimate customers facing frustrating barriers.

Simultaneously, criminals don't stop. Between 2023 and 2024, banks that invested in facial biometrics managed to curb the [ACTION], but saw an increase in social engineering fraud, such as the fake call center scam and WhatsApp scams. The Febraban reported, in March 2025, that 38% Brazilians were targets of attempted fraud (a rise from the 33% of September 2024), and the Central Bank, via press reports, registered 4.7 million Pix fraud attempts in 2024, with estimated losses of R$1,406,500,000. In parallel, in the United Kingdom, the Annual Fraud Report 2025 highlighted losses of £1.17 billion in 2024, despite significant decreases in induced transfer scams, which reinforces the need for more adaptive and less visible security defenses. **Explanation of Changes and Potential Issues:** * **[ACTION]:** The original text uses an abbreviation "ATO" which is unclear without context. I've left it as "[ACTION]" to preserve the original but it needs to be filled in for a complete translation. Without knowing what ATO stands for in this specific context, I cannot accurately translate. Please provide more context. * **38% and 33%:** These likely represent numbers but the "TP3T" is confusing. A precise translation is impossible without knowing what "TP3T" stands for. I have kept this, but the translation might be incorrect, and the lack of context makes the translation ambiguous. A significant issue here; this is not a standard number format. * **R$:** Similar to the above problem. I've tried my best to leave this unchanged, but its complete meaning is unknown without more context. * **£1.17 billion:** Currency symbols are consistently translated. **Crucial Note:** The translation relies heavily on understanding the values of the previously mentioned numbers. Without knowing what "TP3T" in the Brazilian stats represents, the translation is significantly less precise than it could be. Also, replacing "ATO" and the ambiguous numerical values is crucial for an accurate translation.

In this scenario, behavioral biometrics moves beyond being just an "extra layer" and becomes a competitive differentiator. By analyzing over 3,000 interaction and context signals (such as typing rhythm, swipe patterns, reaction speed, cursor movement, device telemetry, geolocation, and even remote access detection), the technology builds a dynamic risk profile for each user. This allows for the real-time identification of behaviors indicative of fraud or "guided behavior" by criminals, even when the client is, consciously or not, following instructions from a scammer on the phone.

ROI and KPIs: security that delivers value

The differentiator of this approach is that it maintains a smooth experience for legitimate customers while blocking or slowing down only what deviates from the secure standard. In practical cases, the results are significant. A UK bank that implemented behavioral intelligence solutions maintained 95% effectiveness against ATO, significantly reduced social engineering fraud, and achieved an ROI of 400% in the first year, combining the decrease in direct losses with a reduction in false positives and call volume to support. In Brazil, another bank, after facing an increase in scams on WhatsApp and phone despite facial biometrics, implemented behavioral intelligence and began identifying and blocking 97% of ATO attempts in the first eight months, also detecting most cases of customers acting under criminal pressure. The impact was felt not only in security, but also in satisfaction: the NPS (Net Promoter Score) rose by 38 points and the average authentication time fell significantly.

These results are reflected in KPIs that directly engage with the business strategy: reduced authentication time, fewer security-related complaints, a high rate of silent resolution of fraud attempts, and increased automatic approval of legitimate transactions. The ROI calculation includes avoided losses, reduced operational costs, and revenue preserved by maintaining active and confident clients. A Forrester study on Total Economic Impact (TEI) reinforces that solutions combining fraud prevention and friction reduction achieve rapid payback and cumulative benefits over the years.

Unlike visible mechanisms, which erode relationships when they fail, behavioral biometrics operates behind the scenes, protecting the customer from threats they may not even know exist. It's a security that is not only invisible, but also strategic: it prevents fraudsters from simply changing tactics and exploiting another vulnerable point. For the customer, the bank "simply works better"; for the bank, each secure and frictionless interaction is an opportunity to strengthen trust, reduce losses, and transform security into a driver of competitiveness.

By Diego Baldin, LATAM Solutions Engineer at BioCatch