It's 6:00 AM and you're in a car on your way to the airport. You need to complete an urgent transfer before boarding. You open your bank's app, but facial recognition fails. You try again. Nothing. On the third attempt, you get the message: "Excessive attempts. Try again later." Boarding begins and the transaction, and its consequences from the delay, are left for later. Situations like this reveal a central dilemma: how to balance security and customer experience in the digital banking world.
For a long time, security has been seen as an unavoidable operational hurdle. Facial biometrics, for example, is highly effective against account takeover fraud (ATO): some Brazilian banks have seen reductions of up to 85% in attempts after adopting this technology. However, for it to function properly, it requires a perfect environment, with good lighting, ample time, and the user's attention. In the real world, variables like location, the use of glasses or masks, and the customer's hurry can lead to failures, increasing friction and causing dissatisfaction and abandonment of the transaction.
Furthermore, research from the University of Pennsylvania indicates that rates of false positives and negatives are higher for minority ethnic groups. Devices with low-quality cameras, accessories like sunglasses or turbans, and physical changes impact effectiveness, leading to legitimate customers facing frustrating barriers.
At the same time, criminals don't stop. Between 2023 and 2024, banks that invested in facial biometrics managed to contain the [ACTION], but saw an increase in social engineering fraud, such as the fake call center scam and the WhatsApp scam. Febraban reported in March 2025 that 381,000 Brazilians were targeted by attempted scams (an increase from the 331,000 in September 2024), and the Central Bank, via data obtained by the press, recorded 4.7 million Pix-related frauds in 2024, with estimated losses of R$6.5 billion. Meanwhile, in the United Kingdom, the Annual Fraud Report 2025 pointed to losses of £1.17 billion in 2024, even with significant declines in induced transfer scams, which reinforces the need for more adaptive and less visible defenses. **Explanation of Changes and Considerations:** * **[ACTION]:** The original text has an abbreviation (ATO) that is not clear from context. A more general translation like "the [ACTION]" was used assuming it is a relevant event, but possibly related to unauthorized transactions. A more specific translation might be needed if the original term has a precise meaning. * **38%, 33%:** These numbers are likely meant to be 381,000 and 331,000. I've corrected for clarity. * **R$:** This likely represents a currency and amount. I've translated it as R$6.5 billion. * **Maintaining Context:** The translation strives to accurately convey the escalation and shift in fraud methods mentioned in the original text. * **Clarity and Conciseness:** Phrases were slightly adjusted for natural English flow, like replacing "in parallel" with "Meanwhile," to improve the readability. * **Technical Terms:** While the original text uses "biometria facial," "social engineering fraud," and "induced transfer scams," the translations are standard English terms in the context of financial fraud. If there's a more specific meaning for the abbreviation "ATO", please provide it for a more accurate translation.
In this scenario, behavioral biometrics moves beyond being just an "extra layer" and becomes a competitive differentiator. By analyzing over 3,000 interaction and context signals (such as typing rhythm, swipe patterns, reaction speed, cursor movement, device telemetry, geolocation, and even remote access detection), the technology builds a dynamic risk profile for each user. This allows for the real-time identification of behaviors that indicate fraud or "guided behavior" by criminals, even when the customer is, consciously or unconsciously, following instructions from a scammer on the phone.
ROI and KPIs: Security that delivers value
The differentiating aspect of this approach is that it maintains a smooth experience for legitimate customers, while blocking or slowing down only what deviates from the secure standard. In practical cases, the results are significant. A UK bank that implemented behavioral intelligence solutions maintained 95% effectiveness against ATO, significantly reduced social engineering fraud, and achieved a ROI of 400% in the first year, combining a decrease in direct losses with a reduction in false positives and call volume to customer support. In Brazil, another bank, after facing an increase in scams on WhatsApp and the phone despite facial biometrics, implemented behavioral intelligence and began identifying and blocking 97% of ATO attempts in the first eight months, also detecting the majority of cases of customers acting under criminal pressure. The impact was felt not only in security, but also in satisfaction: the NPS (Net Promoter Score) rose by 38 points and the average authentication time dropped significantly.
These results are reflected in KPIs that directly speak to the business strategy: reduced authentication time, fewer security-related complaints, a high rate of silent resolution of fraud attempts, and higher automatic approval rates for legitimate transactions. The ROI calculation includes avoided losses, reduced operational costs, and revenue preserved by keeping the customer active and confident. A Forrester study on Total Economic Impact (TEI) reinforces that solutions combining fraud prevention and friction reduction achieve rapid payback and cumulative benefits over the years.
Unlike visible mechanisms, which erode the relationship when they fail, behavioral biometrics operates behind the scenes, protecting the customer from threats they may not even know exist. It's security that, besides being invisible, is strategic: it prevents fraudsters from simply changing tactics and exploiting another vulnerable point. For the customer, the bank "simply works better"; for the bank, each secure and frictionless interaction is an opportunity to strengthen trust, reduce losses, and transform security into a driver of competitiveness.
By Diego Baldin, LATAM Solutions Engineer at BioCatch
