How long does it take to establish a user’s 'Trusted Location'? Featured Image

How long does it take to establish a user’s 'Trusted Location'?

Incognia location identity can start authenticating users on day one whereas behavioral biometrics models take considerable time to train.

Behavioral biometrics technology leverages a user's unique mouse, keyboard, and touchscreen behavior to authenticate them online. Unfortunately, it takes considerable time to train these models well enough to effectively identify one unique user from another.

According to this study about the use of on-mouse dynamics for continuous user authentication, it can take hundreds or even thousands of samples collected over at least four weeks to learn individual user patterns well enough for user identification to reach about 91% accuracy. In this case, behavioral biometrics requires significant upfront time and resources to work effectively, not to mention the costs associated with the professional services required to integrate and train the tool.

In contrast, location identity technology is based on location behavior, which can start protecting against unauthorized access right away based on the establishment of relationships between:

  • User Account: the online account that the user accesses
  • User Device: the mobile phone used to access the account
  • Device Location: the mobile phone’s current location

After establishing these relationships, the Incognia SDK provides multi-layered protection, delivering security through a combination of insightful user identity signals. It provides two primary levels of protection from unauthorized access as well as securing the authentication process.

Incognia “Immediate” Protection

Incognia starts securing the account when a device accesses the account for the very first time. At this stage, Incognia performs a series of device and application integrity checks. It  analyzes whether:

  • the device is Rooted / Jailbroken
  • the application is running on an emulator
  • the device enabled GPS spoofing
  • the app has been tampered with or recompiled
  • the app has been downloaded from an unofficial store
  • the device matches the self-reported address of the user

At this stage, Incognia also uses advanced technology to create a unique “device fingerprint” for each device, allowing it to be quickly and easily recognized during future visits. Device fingerprinting is a way to combine select software and hardware attributes of a device — like the brand, model, screen resolution, memory size, operating system version, etc…  — to identify it as a unique device. This first level of protection lays the groundwork for establishing trusted locations and helps protect the onboarding process against threats like fake account creation.

Incognia “Advanced” Protection

With subsequent account access, Incognia starts building a location behavior pattern for the device. Incognia has developed proprietary algorithms that establish a pattern of location behavior for each user based on three criteria:

  • Location Fingerprint: the location behavior pattern of the device
  • Trusted Location: highly frequented locations specific to each user
  • Device behavior: using the device fingerprint, Incognia checks if the same device has been accessing multiple accounts, if multiple devices are accessing the same account, and the number of the app re-installations on the device

When Incognia detects that a user is at one of their trusted locations, there is a high probability that the transaction is legitimate and at lower risk for fraud, enabling the app to offer a frictionless authentication experience.

Incognia requires at least three logins to create an initial location fingerprint for a user.  Subsequent log-ins allow us to refine and customize this set for increased protection.

This process is equivalent to the “enrollment stage” in other authentication systems. Enrollment is the process of collecting data samples from a person and subsequently storing the data in a reference template representing a user's identity to be used for later comparison.

In 2022, Incognia’s engineering team published a paper entitled “Using Location as a Signal to Affirm Identity Online,” which demonstrated that Incognia’s technology can identify an individual with an accuracy rate of 1 out of 17 million using five spatio-temporal points.

The time required to establish the set of “trusted locations” and start the “Advanced” Protection depends on the app usage model:

  • for a gaming app or crypto app accessed several times a day, the trusted locations set is established within a few hours.
  • for a food delivery app, accessed once a day to order food, the trusted location set is established within a few days.
  • for a financial services app accessed a couple of times a week to check balances and pay bills, it may take up to two weeks.

Users move around, and our technology understands that. Incognia keeps the set of the user’s trusted locations secure and up-to-date. Even if the user travels, we continually monitor location changes to ensure that our algorithms adjust accordingly - running basic jobs daily and more comprehensive ones weekly for maximum security.

Incognia's dynamic approach to authentication helps ensure that  user accounts  stay secure from the first login to the last thanks to the power of precise location data for establishing identity. Traditional biometric behavior technologies can't match Incognia's speed and precision when it comes to protecting accounts.