People are creatures of habit. This applies to daily routines, but also to small details like how they use their phones.
The angle they usually hold their phones as well as how they use the screen to scroll and swipe is often predictable enough to create individual profiles of users’ behavior. And in this data-driven age, it’s no surprise that companies are doing just that by compiling dozens of signals related to consumers’ phone habits in order to create so-called behavioral biometrics that prevent fraud.
The latest example came on Monday when a company called BioCatch announced that it has partnered with Samsung SDS to integrate behavioral biometrics to detect fraud on popular mobile apps.
Frances Zelazny, the vice president of BioCatch, said her company doesn’t only look at swiping or scrolling patterns to verify that someone logging in to, say, a banking app is who they are supposed to be. She says the company also relies on “subconscious decisions” such as the way someone toggles between menu options. BioCatch even introduces “invisible tests”—briefly freezing a phone screen, for instance, to see how someone reacts—as part of its project to map phone users’ behavior.
Get Data Sheet, Fortune’s technology newsletter.
Part of what makes this all work is the power of smartphones to act as data-collection devices. For instance, technology like the gyroscope (a component found in every phone) can measure the angle users hold their phones. This in turn provides an additional data point that firms like BioCatch can add to hundreds of other attributes that, when taken together, make up a distinct behavioral profile.
On a practical level, these profiles deter fraud because a crook trying to impersonate a real user will display aberrant behavior—say by swiping in an unfamiliar pattern or by tilting the phone in an unusual way. When such red flags are detected, says Zelazny, the app will respond by implementing additional security measures.
According to BioCatch and Samsung SDS, the combination of behavioral biometrics and other new forms of phone-based ID verification (such as fingerprint and, in Apple’s new iPhone X, facial recognition) will eventually replace the password as a form of security.
The introduction of behavioral biometrics is also part of a larger initiative backed by the FIDO Alliance—a group of companies that include Samsung, Google and RSA, which are working to create strong authentication protocols across different devices.
BioCatch did not state exactly when its behavioral biometrics tools will deployed in the apps consumers use every day. Here are a few additional details from the company’s press release:
BioCatch’s unique technology will be integrated into and complement Nexsign, Samsung SDS’s FIDO-certified, enterprise-grade biometric authentication software. The integration will fill the major security loopholes exposed when seamless interfaces of today’s most popular mobile applications don’t require a user to login multiple times to validate their identity.
BioCatch will use risk-based authentication to continuously monitor Samsung SDS’ users by mapping their behavioral patterns after log-in, to better distinguish between an authorized user, and that of an unauthorized user or an automated BOT or malware.
