Banks and Retailers Are Tracking How You Type, Swipe and Tap

When you're browsing a website and the mouse cursor disappears, it might be a computer glitch -- or it might be a deliberate test to find out who you are. The way you press, scroll and type on a phone screen or keyboard can be as unique as your fingerprints or facial features. To fight fraud, a growing number of banks and merchants are tracking visitors' physical movements as they use websites and apps. From a report: Some use the technology only to weed out automated attacks and suspicious transactions, but others are going significantly further, amassing tens of millions of profiles that can identify customers by how they touch, hold and tap their devices. The data collection is invisible to those being watched. Using sensors in your phone or code on websites, companies can gather thousands of data points, known as "behavioral biometrics," to help prove whether a digital user is actually the person she claims to be. To security officials, the technology is a powerful safeguard. Major data breaches are a near-daily occurrence. Cyberthieves have obtained billions of passwords and other sensitive personal information, which can be used to steal from customers' bank and shopping accounts and fraudulently open new ones.

Permissions

[The-Ixian]

The permissions will become more granular to allow users who care to lock down what apps can access certain sensors and data.

I audit my app permissions regularly and disable anything that I don't think the app needs.

Until that happens, though, I can just not use my banking app from my phone.

Re:Permissions

[AmiMoJo]

I noticed ages ago that when I visit my bank's web site the browser gets slow and even typing is fairly unresponsive on the secret code entry screen. So I disabled Javascript for that site and now it's fine.

Whatever their stupid security system is, apparently disabling it is the fix.

Re:Permissions

[Darinbob]

I disable javascript all the time. It makes the web faster, you get fewer ads, you get fewer malware infections served up by ads, and if the site absolutely won't work without it then good for you as that's one more site you never visit again. Kids who gleefully serve up their private information are half the problem here, companies aren't going to bother being nice to customers if no one pushes back.

I browse on TV

[nospam007]

I don't have cable, just a notebook in the garage, connected to my 60 inch TV where I watch all my legal and illegal stuff.
When I'm too lazy to reach for the keyboard, I just use the onscreen one with the mouse, either with my left or right hand, depending on what I'm doing at that time.
I doubt that they recognize me that way.

So that's why my transaction dies when I'm drunk?

[skids]

Seriously though... has it occurred to them that they may end up denying people's transactions at critical moments of stress due to behavioral differences. Like, I really need to get this hotel room after walking 5 miles in sub-zero weather from my dead car, but I can't transfer goddamn money to checking?

Almost everybody is using mouse heatmap

[Martin+S.]

All the big sites are doing this. There are at least a dozen analytic tools capable of doing mouse tracking and heatmaps; full journey tracking will be next. Hotjar, mouseflow, smartmove, inspectlet are just a few off the top of my head.

If someone gets a hold of my profile...

[mspring]

...representing my typing, scrolling, swiping, how difficult would it be to programmatically mimic me?