Many banks and retailers are now tracking consumers’ physical movements on their website and apps by the way they type, scroll and press on a phone screen or keyboard. These movements can be as unique as a fingerprint or facial feature and are being used to decrease fraud via automated attacks and suspicious transactions.

Some of these companies are using this technology to amass tens of millions of profiles that can identify their customers by how they touch, hold and tap their devices. Consumers cannot see how this data is being collected as companies are using “behavioral biometrics,” thousands of data points that the companies gather to help prove whether a real person is using the website or app and if that person is really who they claim to be.

For example, the mouse curser may disappear for a fraction of a second. How the consumer reacts to this is an identifying factor to his/her identity because everyone reacts differently – “Some people move the mouse side to side; some people move it up and down; some bang on the keyboard.”

For security professionals, this technology is a major defense against data breaches and identity theft. However, advocates for consumer privacy feel that this is too intrusive, given companies’ non-transparency in regard to how they are gathering the data and how the data they collect will be used in the future.

An example of fraud being detected using behavioral biometrics is cited in the article. BioCatch, a small software company in New York designed the program for the Royal Bank of Scotland and says that their program can detect fraudulent activity with 99% accuracy.

The full article can be accessed here.