If someone told you that the way you press, scroll and type on your phone screen or even your computer or laptop keyboard is actually as unique as your fingerprints or facial features, would you believe it? And if they told you that a technology that like is being used to protect you from bank fraud, would you be sceptical? Because we are.
According to a report published by the New York Times on 13 August, banks are tracking visitor’s physical movements as they use websites and app, to fight fraud. While the intention of the technology is to eventually track automated attacks and suspicious transactions, the fact that there exists a technology out there that identifies people and their information, by the way they touch, hold and tap their devices is a bit worrisome.
The data gathered by companies is known as ‘behavioural biometrics,’ which is collected using sensors in phones and codes on websites. It is a completely invisible data collection process and those who are being watched will never know.
How do security officials see this?
Security officials appreciate the technology and think that it “is a powerful safeguard.” Alisdair Faulkner, who is one of the founders of ThreatMetrix, told the publication that “Identity is the ultimate digital currency, and it’s being weaponized at an industrial scale.” Over the years cyberthieves have been able to obtain passwords and other personal information, which can be used to steal from customers’ bank accounts.
ThreatMetrix is a company which provides businesses with fraud and threat detection services, and many of the company’s customers are currently using these behavioural biometric tools.
How do privacy advocates see this?
Privacy advocates see a lot of issues with the idea of the behavioural biometrics, and we guess we understand why. If companies are given the power to collect data for good, they can actually use it for is more ways than what was meant for in the first place.
According to what Jennifer Lynch, a senior lawyer for the Electronic Frontier Foundation, the trend worldwide has been that “the more data that’s collected by companies, the more they will try to find uses for that data. It’s a very small leap from using this to detect fraud to using this to learn very private information about you.”
Who uses this technology?
The Royal Bank of Scotland is one of the banks which collects behavioural biometric data, but it also talks publicly about it. In fact, they are planning to expand the systems to all the people who hold accounts with the bank.
In a recent case, RBS picked up an unusual signal from the customer – which was as detailed as, using the mouse’s scroll wheel and using the top numerical strip on the keyboard to log in – things that the customer had never done in the past. The account was immediately blocked and it was later identified to have been hacked.
While this sounds like a great technology to provide a guard against bank fraud and theft, it is being done at the cost of a user’s personal information. Do you want to secure yourself from falling prey to a fraud and lose your money, or do you feel strongly against a technology which measures the angle at which people hold their smartphones, the fingers and the ways that they use to swipe and tap, and even the pressure they apply and whether they scroll quickly or slowly? It can make you indecisive because you want neither, but unfortunately, you have no control over any of this.
What has made behavioural biometrics monitoring possible?
Cheap computing power and the sophisticated sensors built into most smartphones these days are the main reasons why this has been made possible. They make it easy to track behavioural traits in the background without an obstruction, unlike traditional physical biometrics like fingerprints which require people to sign up and physically authenticate.
Why is behavioural biometrics good?
You physical behaviour on your devices is very unique to you. No one can match that, and reproduce it. It is hard for a fraudster to fake your behaviour. Being able to track unusual movements this way can help detect crimes.
Then why is behavioural biometrics bad?
It’s pretty simple. You, your movements and behaviour are being watched silently as you do your normal activities. While business appreciates, “privacy watchdogs call it is dangerous.”
According to the report, there are currently no laws governing the collection of using behavioural biometric data in most countries, even the GDPR has exemptions for security and fraud prevention.
Should we be worried?
Absolutely. We aren’t far from those dystopian novels we read, we are already in it.