Bot traffic now accounts for nearly half of global e-commerce activity, a figure that’s climbing fast as cybercriminals deploy headless browsers to imitate human users. These automated scripts have evolved beyond password guessing; they now simulate keystrokes, mimic mouse drags and even replicate idle pauses. The result is a new generation of payment fraud that looks, on the surface, almost indistinguishable from genuine customer activity.
In this environment, every checkout interaction becomes a contest between authenticity and imitation. Traditional defenses premised on CAPTCHAs, one-time passwords and two-factor authentication no longer offer sufficient protection. Attackers move faster, and users are losing patience with friction-heavy verification flows.
“Fraud no longer announces itself,” says Thrivikram Eskala, a seasoned Cloud and DevOps Architect at Broadcom. “It behaves like a human; and the only way to fight it is to teach systems what real human behaviour looks like.”
That shift in mindset has turned behavioural biometrics into one of the most promising frontiers of fraud prevention. Rather than asking users to prove their identity, systems are now learning to recognize them by the natural way they type, swipe and interact online.
Inside the Intelligence Layer: Rethinking Authentication at the ACS
Every digital transaction begins with a handshake: between the user, the merchant and the bank’s Access Control Server (ACS). It’s here, deep in the authentication chain, that the quietest revolutions in payment security are unfolding.
Thrivikram’s work focuses on embedding behavioural intelligence within this ACS layer. The idea is simple yet transformative: by analyzing subtle behavioural signals, from keystroke rhythm to pointer paths to on-screen hesitations, the system can silently separate humans from automated bots, often before traditional verification even starts.
“Every click and every hesitation carries meaning,” he explains. “The ACS just needed to learn how to listen.”
Across the payments industry, research bodies and expert panels are increasingly examining how behavioural signals can strengthen digital identity frameworks and prevent fraud escalation. As a judge at the ESP Journals, Thrivikram contributes to this ongoing evaluation of authentication technologies, assessing studies that explore emerging models of behaviour-based verification and adaptive intelligence. By integrating behavioural intelligence, payment systems are transforming from reactive authentication tools into predictive engines that adapt to emerging fraud patterns and regulatory demands, setting new standards for digital trust and payment resilience.
This collective focus on evidence-driven innovation is helping transform authentication from a static checkpoint into an adaptive intelligence layer capable of predicting threats before they appear.
Engineering a Smarter ACS: Building the Behavioural Biometrics Framework
Translating this concept into production required more than machine learning. It demanded a structural rethink of how ACS systems interact with third-party biometric providers. Thrivikram led the design of a pluggable behavioural framework, integrating multiple service providers through REST APIs while maintaining full PSD2 SCA compliance.
The system captures behavioural data through browser templates and issuer-specific pages, invoking lightweight biometric scripts that analyze real-time user behaviour. This modular design allows issuers to adopt new providers or scoring models without re-engineering the authentication flow, making the solution as flexible as it is secure.
“Security cannot depend on user discipline,” Thrivikram emphasizes. “It has to be designed into the flow: invisible-oriented, intuitive and adaptive.”
Under his direction, the system delivered measurable impact, achieving a 15% reduction in fraud incidents, a 10% increase in transaction approval rates and an 8% decline in checkout abandonment. The architecture also generated over $2 million in annual savings by minimizing fraud-related losses and preventing PSD2 non-compliance penalties.
Beyond engineering, Thrivikram’s influence extends to the global discourse on secure automation. As an editorial board member of the ESP Journals, he actively contributes to thought leadership shaping how academic research translates into real-world resilience. His editorial role mirrors the philosophy that drives his architecture work: aligning innovation with accountability and ensuring that security design evolves hand in hand with human behaviour.
Compliance as a Competitive Advantage
While many in fintech view compliance as an obstacle, Thrivikram sees it as the architecture of trust. The Payment Services Directive (PSD2) redefined authentication by mandating Strong Customer Authentication (SCA) across Europe, requiring at least two independent verification factors. Most institutions struggled to adapt, layering complexity onto user experience.
Thrivikram’s team approached compliance differently. Instead of hardcoding controls, they engineered a framework capable of interpreting and adapting to new regulatory requirements. The behavioural biometric system does more than just meet the PSD2 RTS validation: it anticipates future iterations by design.
That foresight turned compliance into a value proposition. Financial institutions using the framework report faster audit cycles, lower operational risk and higher customer retention. By embedding compliance within code logic rather than policy paperwork, Thrivikram’s approach demonstrates how security can scale without slowing innovation.
“Compliance-driven innovation is contrary to ticking boxes,” he reflects. “It concerns future-proofing the trust economy.”
The Future of Behavioural Intelligence in Payments
The next frontier of payment security will not rely on single-point verification. It will rely on continuous authentication: systems that observe user behaviour dynamically, adapting risk thresholds in real time. From mobile banking to e-commerce, the industry is already shifting toward frictionless security experiences that reward legitimate users and isolate threats silently in the background.
Thrivikram believes this transition will define the next decade of fintech. As fraud tactics become AI-powered and more deceptive, the systems built to stop them must learn to recognize intent rather than just credentials. His own work, anchored in architectural precision and behavioural insight, demonstrates what that evolution looks like in practice.
“We’re entering an age where systems won’t just verify identity,” he says. “They’ll understand the intent. That’s where security truly becomes human.”
As a veteran architect with over two decades of experience building scalable, compliance-first infrastructure, Thrivikram Eskala represents the synthesis of security, engineering and empathy. His vision redefines authentication, which is counter to a gateway, as a conversation: one that quietly protects every interaction in the milliseconds between trust and transaction.
