Banks are secretly gathering up to 2,000 data points on how you use your phone and computer to help detect fraud. The data used can be anything from the angle at which you typically hold your phone to whether or not you use a numeric keypad when typing numbers on your computer …
The NY Times gives one example of how an attempted million-dollar fraud was detected.
A few months ago, the software picked up unusual signals coming from one wealthy customer’s account. After logging in, the visitor used the mouse’s scroll wheel — something the customer had never done before. Then the visitor typed on the numerical strip at the top of a keyboard, not the side number pad the customer typically used.
Alarm bells went off. The R.B.S. system blocked any cash from leaving the customer’s account. An investigation later found that the account had been hacked, Mr. Hanley said.
“Someone was trying to set up a new payee and transfer a seven-figure sum,” he said. “We were able to intervene in real time and stop that from happening.”
The paper’s Stacy Cowley gives other examples of data captured by these systems.
When clients log in to their Royal Bank of Scotland accounts, software begins recording more than 2,000 different interactive gestures. On phones, it measures the angle at which people hold their devices, the fingers they use to swipe and tap, the pressure they apply and how quickly they scroll. On a computer, the software records the rhythm of their keystrokes and the way they wiggle their mouse.
The systems can even deliberately cause glitches to test your response.
It can speed up the selection wheel you use to enter data like dates and times on your phone, or make your mouse cursor disappear for a fraction of a second.
“Everyone reacts a little differently to that,” said Frances Zelazny, BioCatch’s chief strategy and marketing officer. “Some people move the mouse side to side; some people move it up and down. Some bang on the keyboard.”
While it’s an impressive way to help confirm the identity of customers, privacy advocates are concerned.
“What we have seen across the board with technology is that the more data that’s collected by companies, the more they will try to find uses for that data,” said Jennifer Lynch, a senior lawyer for the Electronic Frontier Foundation. “It’s a very small leap from using this to detect fraud to using this to learn very private information about you.”
One example given is when a hand-tremor might tip off a bank to a medical condition – which might then result in increased health insurance premiums if the bank is the insurer. Some banks work through third-party vendors, creating further privacy concerns about who holds the data and how it might be used.
What’s your view? Innovative security measure, or privacy invasion? Let us know in the comments.