Musicrypt tunes in to so-called soft biometrics

Behavior analysis presents a lower-cost alternative to scanning equipment

Much of the attention paid to intelligent anti-fraud solutions has come from banking, financial services, and e-commerce companies. There’s a good reason for that, too: They’re the companies most often targeted by frauds. But the benefits of new authentication methods extend well beyond the e-commerce and banking verticals.

At Musicrypt, an online distributor of radio promotions, the advent of new behavioral biometric authentication technology has been a key to the company’s growth. Musicrypt’s Web-based technology delivers new music singles and other promotions to radio stations in Canada and the U.S., replacing slower, more expensive, and less reliable physical distribution methods with digital downloads. Distribution via the Internet also provides record labels with vital intelligence about which stations are interested in their music.

Because those same labels are concerned about Internet piracy, however, security is a top concern for Musicrypt’s customers. Radio stations often get to listen to new music well before its official release. Musicrypt needed a way to ensure copyright owners that only authorized staff would have access to the material. For that, they chose BioPassword, a software-based biometric technology that identifies computer users by their typing patterns.

As opposed to other forms of biometric identifiers, such as thumbprint scanners, BioPassword’s keystroke analyzer doesn’t require any special hardware to use. Users enroll simply by typing their user ID and password multiple times, allowing the company’s software to study the timing and pattern of keystrokes. Customers can then tune the sensitivity of the detection up or down to weed out false positives, or loosen requirements to the point that more than one individual can share a log-on, says BioPassword CTO Greg Wood.

Enterprises often balk at the cost, constraints, and fickle performance of more traditional biometric technologies such as fingerprint, face, and iris scanners. Because of this, so-called behavioral biometrics — including keystroke, mouse pattern, and voice analysis, in addition to such soft authentication methods as challenge/response questions — have become more popular.

For Musicrypt, distributing strong authentication tokens to thousands of employees at radio stations would have been impractical and expensive to support. Keystroke biometrics have added security to the traditional user name and password combination in a way that’s transparent to users, giving the company an edge over competitors that offer similar online distribution systems but still rely on single-factor authentication to secure them, Montgomery says.

Biometrics also provides another advantage with a potentially bigger impact on the music industry — and the enterprise.

“Record executives want to know who opens a file at a radio station,” Montgomery says. “Did they stream it or download it? And if they downloaded it, how many times did they download it?” According to Montgomery, biometrics such as those used by BioPassword make sure “everyone’s accountable.”