Privacy News Banks secretly monitor you to Detect Fraud (Examples inside)

[Ink]

Content source

https://9to5mac.com/2018/08/14/bank-app-security-markers/

Banks are secretly gathering up to 2,000 data points on how you use your phone and computer to help detect fraud. The data used can be anything from the angle at which you typically hold your phone to whether or not you use a numeric keypad when typing numbers on your computer.

Read more: Banks secretly monitoring how you use your phone and computer to detect fraud

The NY Times gives one example of how an attempted million-dollar fraud was detected.

A few months ago, the software picked up unusual signals coming from one wealthy customer’s account. After logging in, the visitor used the mouse’s scroll wheel — something the customer had never done before. Then the visitor typed on the numerical strip at the top of a keyboard, not the side number pad the customer typically used.
Alarm bells went off. The R.B.S. system blocked any cash from leaving the customer’s account. An investigation later found that the account had been hacked, Mr. Hanley said.
“Someone was trying to set up a new payee and transfer a seven-figure sum,” he said. “We were able to intervene in real time and stop that from happening.”

The paper’s Stacy Cowley gives other examples of data captured by these systems.

When clients log in to their Royal Bank of Scotland accounts, software begins recording more than 2,000 different interactive gestures. On phones, it measures the angle at which people hold their devices, the fingers they use to swipe and tap, the pressure they apply and how quickly they scroll. On a computer, the software records the rhythm of their keystrokes and the way they wiggle their mouse.

The systems can even deliberately cause glitches to test your response.

It can speed up the selection wheel you use to enter data like dates and times on your phone, or make your mouse cursor disappear for a fraction of a second.
“Everyone reacts a little differently to that,” said Frances Zelazny, BioCatch’s chief strategy and marketing officer. “Some people move the mouse side to side; some people move it up and down. Some bang on the keyboard.”

While it’s an impressive way to help confirm the identity of customers, privacy advocates are concerned.

“What we have seen across the board with technology is that the more data that’s collected by companies, the more they will try to find uses for that data,” said Jennifer Lynch, a senior lawyer for the Electronic Frontier Foundation. “It’s a very small leap from using this to detect fraud to using this to learn very private information about you.”

One example given is when a hand-tremor might tip off a bank to a medical condition – which might then result in increased health insurance premiums if the bank is the insurer. Some banks work through third-party vendors, creating further privacy concerns about who holds the data and how it might be used.

-- End of Article --

 

[ForgottenSeer 58943]

Maybe this is why my bank calls me every 48 hours to ask if it was really me doing this or that.

I wonder what techniques will develop to block such invasive activities?

 

[LDogg]

This is one grey area for me. Privacy over security when using a banks services. I'm feeling more secure over the fact banks could do this. Sometimes though you need to remove a tin foil hat and look at the bigger picture to make sure your monies safe.

~LDogg

 

[DeepWeb]

I figured that they're tracking us in other ways. I can do transactions through my VPN from another state or even country but the moment I do a transaction out of town they block the transaction. So I figured they can track who you are far beyond your IP through sophisticated fingerprinting.

 

[Burrito]

I've heard about this capability in other channels... I think it's great that they do this, and I'm disappointed that this info has entered the public sphere. This will give bad guys the cue that they need to now add mimicry to their toolbox when they plan their spearfishing expeditions.