CaraComp
CaraComp
Forensic-Grade AI Face Recognition for:
Get Started7-day refund guarantee**
biometrics

Your Bank Is About to Start Watching How Your Thumb Moves

Your Bank Is About to Start Watching How Your Thumb Moves

Somewhere right now, a scammer is on the phone with someone's elderly parent, walking them through a wire transfer step by step. The parent types in the right password. Passes every security check. And hands over their savings — because the fraud didn't happen at login. It happened after.

That's the gap your bank has quietly realized it can no longer ignore. And the fix isn't another code texted to your phone. It's something far more personal — and far less visible.

TL;DR

Banks in Singapore — and soon everywhere — are learning to recognize how you use your phone, not just whether you know your password, because the most dangerous fraud today happens after you've already logged in.

The Problem Passwords Can't Solve

Here's a scenario that is happening thousands of times a week across Asia. Someone calls you. They say they're from your bank. There's a problem with your account — urgent, needs to be fixed right now. They're helpful. Calm. Professional. And they walk you through fixing it yourself. You log in. You move money. You hang up. You just got robbed.

This is called an authorized push payment scam — "authorized" because you technically sent the money. No hacking. No stolen passwords. No drama. Just a scared person doing exactly what a criminal told them to do. According to FF News, 42% of Singaporean banking security leaders now name this type of scam as their single biggest concern. Not data breaches. Not phishing. The scam where the customer does it to themselves.

Traditional bank security is built like a gate. Get past the gate — right username, right password, right verification code — and everything after that gets treated as legitimate. The problem? That gate was designed for a different era. Criminals figured out they don't need to break down the gate. They just need to convince you to open it yourself and walk them through.

91%
of Singaporean banks are reporting a surge in fraud attempts — and 75% say they are seeing real, rising financial losses as a result
Source: BioCatch research, via Biometric Update

So What Is Behavioral Biometrics, Exactly?

Biometric data — your face, your fingerprints, the physical stuff that's uniquely yours — is something you've probably heard of. Behavioral biometrics is weirder and more interesting. It's not what your body looks like. It's how your body moves when you use technology. This article is part of a series — start with Face Match Not Proof Biometric Assurance Deepfakes.

Think about how you type on your phone. Your rhythm. How hard you press. Whether you backspace a lot or barrel through. How long your thumb hovers before you tap "send." Now think about how you scroll — fast or slow, always starting from the same corner of the screen, hesitating before hitting a big number. These tiny, unconscious habits are yours. You built them over years of using your devices, and you don't even notice them.

Your bank's software can notice them. And that's exactly the point.

According to Biometric Update, 36% of Singaporean banks have already deployed this technology — and among the banks that haven't yet, three out of four are actively working on it. This isn't a far-off experiment. It's happening now, in one of the world's most sophisticated banking markets, and the logic is hard to argue with.

If a scammer coaches someone through a bank transfer over the phone, the victim's behavior changes. They hesitate more. They navigate to screens they'd normally skip. They re-read things they'd usually scroll past. They type differently when they're nervous or confused. The person on the other end of the line is literally telling them what to tap next — and that shows up in how they interact with the app. OLOID's security research describes it this way: banks can detect hesitation patterns, unusual navigation sequences, and interaction timing that signal a customer is being coached by someone else. The app can flag the session as suspicious while it's still happening — before the money moves.

"Traditional fraud systems ask the right question at the wrong time. They verify identity at login, then assume everything after that is legitimate. Real-time behavioral biometric authentication is more secure than static checks — even if a fraudster breaks into an account, their behavior exposes them within seconds." — Expert analysis, Biometric Update

Preliminary research suggests behavioral biometrics can identify what's called "money mule" activity — where criminals use a real person's real account to funnel stolen funds — with around 90% accuracy. That number, frankly, is remarkable for something that asks nothing extra of the user. No extra code. No selfie. Just your regular Wednesday afternoon banking session, running quietly in the background.


Trusted by Investigators Worldwide
Run Forensic-Grade Comparisons in Seconds
Court-ready facial comparison reports. Results in seconds.
Get Started
7-day refund guarantee**
🎆 July 4th Sale: 50% OFF your first month — use code JULY426 at checkout · ends July 11

Why Singapore Is Ground Zero for This

Singapore didn't end up at the front of this shift by accident. It has one of the most digitally active banking populations in the world — most people do almost everything on their phones — and the fraud numbers have forced a reckoning. The stat that stood out most to me, buried in the research: 63% of Singaporean banks now say they're more worried about direct financial loss than about their reputation. That might sound like a small distinction, but it's actually a major shift in how banks think about risk. Previously in this series: Your Ai Just Bought 340 Of Vitamins Your Fingerprint Said Ye.

For years, the biggest fear in banking security was the headline. A breach. Bad press. Customer panic. That calculus has flipped. The losses are real enough, frequent enough, and large enough that the banks are now making decisions the way a burned homeowner buys a smoke alarm — not because someone told them to, but because they've seen what happens without one.

LexisNexis Risk Solutions has been tracking this across Asia Pacific, and the picture isn't pretty. Impersonation scams in Singapore have been particularly brutal — and they're getting more sophisticated, not less, as criminals use AI-generated voices and scripts to sound increasingly convincing.

Why This Matters to You Specifically

  • It doesn't stop at Singapore — Where Singapore's banks lead, the rest of the world's banking sector tends to follow within a few years. If you bank anywhere, this is coming to your app.
  • 📊 Your password matters less than you think — The fraud that costs people real money today often happens after correct login. Knowing your password no longer means it's you in the driver's seat.
  • 🔍 This runs silently — Unlike two-factor authentication (where your bank texts you a code to type in), behavioral biometrics collects data throughout your entire session, not just at the front door.
  • 🔮 It's designed to be invisible — The goal is to stop fraud without interrupting your experience at all. That's the appeal. It's also the part that raises questions.

Here's the Part That Should Make You Think

Look, nobody's saying this is simple. Behavioral biometrics is genuinely impressive technology — but it has real limits, and honest security researchers will tell you so.

First: false positives. Maybe you've broken your wrist and you're typing with one hand. Maybe you're exhausted at midnight, doing things slower than usual. Maybe you handed your phone to your kid for thirty seconds. The system doesn't know why your behavior changed — only that it did. That can mean a flagged transaction, a frozen account, a frustrated phone call. Inconvenient at best.

Second — and this is the one the security community genuinely worries about — your typing patterns can potentially be stolen. Research has shown that screen recordings of a user's session can, in theory, capture enough keystroke information to spoof the system. It's not easy, and it's not yet common. But it means this technology works best as one layer of protection, not the only layer. As Focal's security team explains, the real value of behavioral biometrics is stopping fraud that login-based defenses simply cannot — it's not a replacement for the whole security stack.

Third: the privacy question. Your bank already knows a lot about you. Add to that a continuous recording of how your hands move when you use your phone — and that starts to feel like a lot of invisible watching. Even if it's for your protection. Even if it stops fraud. The discomfort is real, and it's not paranoia. It's a reasonable response to a world where "this is for your safety" has sometimes meant something very different. Up next: That 99 Face Match Unlocking Your Bank Fraudsters Just Found.

(That said — your alternative is losing your savings to a criminal who called you on a Tuesday afternoon pretending to be your bank. So the tradeoff is not nothing.)

Key Takeaway

The most dangerous fraud today happens after you've logged in — and the security systems designed to stop it are now watching how you move, not just what you know. One practical thing you can do right now: if you ever get a call from someone claiming to be your bank and asking you to do anything urgently, hang up and call the number on the back of your card. Behavioral biometrics can catch coached behavior — but only if the session reaches the bank's app. Keeping that phone call off your banking screen entirely is still the cleanest defense.

If you've ever had that gut feeling mid-transaction — something feels off about this — that's actually the same instinct behavioral biometrics is trying to automate. Banks are essentially trying to bottle the warning signal a sharp teller used to catch by looking you in the eye. The question worth sitting with isn't whether the technology works. The real question is this: in a world where your bank's app knows your typing rhythm better than your own family does, who else eventually gets access to that data — and under what circumstances?

Somewhere, a product manager is already working on that meeting.


If your bank could protect your account by recognizing the way you naturally use your phone — without ever asking you to do anything extra — would that make you feel safer, or does the invisible part bother you? Tell us in the comments.

Ready for forensic-grade facial comparison?

Full forensic reports with detailed similarity scoring. Results in seconds.

Run My First Search