The app will continuously monitor user behavior, such as a user’s location or how a user holds their phone. The app will feed these attributes into a risk engine, which uses machine learning to assess a user’s risk score.
When a user interacts with the device in a significantly different way than is typical, the app will request another form of authentication — like a password or fingerprint — and may restrict certain functions. It will take the app roughly one to two weeks to identify a user’s normal behavior.
Aetna will allow users to continue using a traditional password if preferred. However, traditional security procedures will be “relaxed” for other users as the behavioral model improves, according to The Wall Street Journal, meaning users may be able to automatically access the platform’s functions after opening the app.
The shift toward behavior-based security is one of Aetna’s attempts to address cybercriminals’ increasingly sophisticated attacks, Aetna Chief Security Officer Jim Routh told The Wall Street Journal.
“The reality is the industry is getting more and more account takeover attempts,” he said.
More articles on payer issues:
Anne Arundel Medical Center may sever ties with CareFirst
UnitedHealth’s Optum division helps fuel 30% spike in Q2 earnings
BCBS of Texas to absorb 400k state employee members from UnitedHealthcare