Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Privacy Businesses Technology

Banks and Retailers Are Tracking How You Type, Swipe and Tap (nytimes.com) 54

When you're browsing a website and the mouse cursor disappears, it might be a computer glitch -- or it might be a deliberate test to find out who you are. The way you press, scroll and type on a phone screen or keyboard can be as unique as your fingerprints or facial features. To fight fraud, a growing number of banks and merchants are tracking visitors' physical movements as they use websites and apps. From a report: Some use the technology only to weed out automated attacks and suspicious transactions, but others are going significantly further, amassing tens of millions of profiles that can identify customers by how they touch, hold and tap their devices. The data collection is invisible to those being watched. Using sensors in your phone or code on websites, companies can gather thousands of data points, known as "behavioral biometrics," to help prove whether a digital user is actually the person she claims to be. To security officials, the technology is a powerful safeguard. Major data breaches are a near-daily occurrence. Cyberthieves have obtained billions of passwords and other sensitive personal information, which can be used to steal from customers' bank and shopping accounts and fraudulently open new ones.
This discussion has been archived. No new comments can be posted.

Banks and Retailers Are Tracking How You Type, Swipe and Tap

Comments Filter:
  • Permissions (Score:4, Informative)

    by The-Ixian ( 168184 ) on Tuesday August 14, 2018 @11:06AM (#57123446)

    The permissions will become more granular to allow users who care to lock down what apps can access certain sensors and data.

    I audit my app permissions regularly and disable anything that I don't think the app needs.

    Until that happens, though, I can just not use my banking app from my phone.

    • Re:Permissions (Score:5, Insightful)

      by AmiMoJo ( 196126 ) on Tuesday August 14, 2018 @11:10AM (#57123476) Homepage Journal

      I noticed ages ago that when I visit my bank's web site the browser gets slow and even typing is fairly unresponsive on the secret code entry screen. So I disabled Javascript for that site and now it's fine.

      Whatever their stupid security system is, apparently disabling it is the fix.

      • I was on Bloomberg's website a couple of hours ago. I had opened a story in a new window and then got distracted by something else. When I closed the story later, the main page had turned to...

        You Have Violated Our Terms of Service

        and I had to do a couple Captchas- clicking the squares with vehicles in them.

  • Funky.

    The way I browse/type/click, I'm surprised I haven't been brought in for some sort of evaluation by now.

  • I browse on TV (Score:4, Interesting)

    by nospam007 ( 722110 ) * on Tuesday August 14, 2018 @11:10AM (#57123472)

    I don't have cable, just a notebook in the garage, connected to my 60 inch TV where I watch all my legal and illegal stuff.
    When I'm too lazy to reach for the keyboard, I just use the onscreen one with the mouse, either with my left or right hand, depending on what I'm doing at that time.
    I doubt that they recognize me that way.

    • Your bank, and other web sites you log into, are trying to determine whether the person trying to log in as "nospam007" really is you - the same person who logged into your account the last eight times.

      If you consistently use a weird setup, that makes it so much easier. Unless the hacker trying to access your account also uses the on-screen keyboard on a 60" TV, it's really easy to tell the difference.

      What's less useful is when people use a very common set-up, with all defaults, and only the most common plu

  • Seriously though... has it occurred to them that they may end up denying people's transactions at critical moments of stress due to behavioral differences. Like, I really need to get this hotel room after walking 5 miles in sub-zero weather from my dead car, but I can't transfer goddamn money to checking?

    • Why not use a credit card?

      Oh right. Your phone. I keep forgetting. A phone is the only way to do transactions any more.

      • by jetkust ( 596906 )

        Why not use a credit card?

        Oh right. Your phone. I keep forgetting. A phone is the only way to do transactions any more.

        The credit card got blocked due to fraud detection.

  • We're doing this for your protection, citizen, and you should be grateful that we're looking over your shoulder to ensure that you're not being defrauded!

    GET YOUR NOSE OUT OF MY BUSINESS, YOU ASSHOLES.

    Yet another reason I'll never own a smartphone.

    • Speaking of protection: if you're protecting customers' bank accounts with a password only, you're doing it wrong. SMS confirmation isn't good enough either; for banking it should be air-gapped 2FA.
  • We can identify banks by how much vaseline they had to use to screw us up the arse.
  • by Anonymous Coward

    they know it's not me if the browser runs their scripts

  • In God I trust all others are subject to review...

  • So, I get a little lazy and they accuse me of not being me. Or a more lazy and sloppy than usual. That's okay, at least THEY have my money.

    And some people claim there's a market for smart guns and other biometric devices that are specifically intended not to work as intended, when intended.

  • by Martin S. ( 98249 ) on Tuesday August 14, 2018 @11:56AM (#57123842) Journal

    All the big sites are doing this. There are at least a dozen analytic tools capable of doing mouse tracking and heatmaps; full journey tracking will be next. Hotjar, mouseflow, smartmove, inspectlet are just a few off the top of my head.

  • by mspring ( 126862 ) on Tuesday August 14, 2018 @12:00PM (#57123892)
    ...representing my typing, scrolling, swiping, how difficult would it be to programmatically mimic me?
  • Once this is stolen, then the bad guys will also have all this information. Matter of time.

Almost anything derogatory you could say about today's software design would be accurate. -- K.E. Iverson

Working...