Online identity verification is shifting from static secrets to how users act on their devices. Traditional factors like passwords, PINs, or facial scans are being outpaced by generative AI and sophisticated malware that can spoof MFA and Face ID. Banks now face regulatory pressure to adopt continuous authentication that relies on subtle human‑computer interaction patterns for financial institutions and their customers.

Research from UC Berkeley’s Touchalytics project showed that just eleven scroll strokes can uniquely identify a user among dozens, leveraging 30 micro‑features such as stroke length, velocity, curvature and finger contact area. Those unconscious motor corrections form a behavioral biometrics signature that is extremely hard for bots to reproduce, extending beyond scrolling to typing rhythms and device‑holding gestures in real‑world banking scenarios.

At the AppGate Center of AI Excellence, engineers built a platform called 360 Risk Control that fuses bot detection, device intelligence and both desktop and mobile behavioral models into a continuous risk score. By evaluating each interaction in real time, the system can flag account‑takeover or device‑takeover attempts even after a user has passed login, reducing reliance on disruptive OTP prompts while preserving user experience.