Banks and Retailers Are Tracking How You Type, Swipe and Tap (nytimes.com) 54
When you're browsing a website and the mouse cursor disappears, it might be a computer glitch -- or it might be a deliberate test to find out who you are. The way you press, scroll and type on a phone screen or keyboard can be as unique as your fingerprints or facial features. To fight fraud, a growing number of banks and merchants are tracking visitors' physical movements as they use websites and apps. From a report: Some use the technology only to weed out automated attacks and suspicious transactions, but others are going significantly further, amassing tens of millions of profiles that can identify customers by how they touch, hold and tap their devices. The data collection is invisible to those being watched. Using sensors in your phone or code on websites, companies can gather thousands of data points, known as "behavioral biometrics," to help prove whether a digital user is actually the person she claims to be. To security officials, the technology is a powerful safeguard. Major data breaches are a near-daily occurrence. Cyberthieves have obtained billions of passwords and other sensitive personal information, which can be used to steal from customers' bank and shopping accounts and fraudulently open new ones.
Permissions (Score:4, Informative)
The permissions will become more granular to allow users who care to lock down what apps can access certain sensors and data.
I audit my app permissions regularly and disable anything that I don't think the app needs.
Until that happens, though, I can just not use my banking app from my phone.
Re:Permissions (Score:5, Insightful)
I noticed ages ago that when I visit my bank's web site the browser gets slow and even typing is fairly unresponsive on the secret code entry screen. So I disabled Javascript for that site and now it's fine.
Whatever their stupid security system is, apparently disabling it is the fix.
Re: (Score:2)
Re: (Score:2)
lets not tarry on the "stupider and stupider" usage, the statement would however reflect that as younger people have joined /., it has gotten "stupider and stupider".
Re: (Score:2)
This is an online banking web site. The system is not designed well enough to use JavaScript for anything else. Just bolted on to the login. Parent post also said they disabled it for only one site.
Re: (Score:3)
I disable javascript all the time. It makes the web faster, you get fewer ads, you get fewer malware infections served up by ads, and if the site absolutely won't work without it then good for you as that's one more site you never visit again. Kids who gleefully serve up their private information are half the problem here, companies aren't going to bother being nice to customers if no one pushes back.
Re: (Score:2)
and I had to do a couple Captchas- clicking the squares with vehicles in them.
Funky (Score:2)
Funky.
The way I browse/type/click, I'm surprised I haven't been brought in for some sort of evaluation by now.
Re: (Score:2)
I use only https so nobody but me and the porn sites I frequent knows what I'm up to. Oh, and Amazon and Google ads, who they report my activities and what I click on, with IP address. So everyone on the planet knows, and we're all waiting for a leak of this data ALA South Park.
I browse on TV (Score:4, Interesting)
I don't have cable, just a notebook in the garage, connected to my 60 inch TV where I watch all my legal and illegal stuff.
When I'm too lazy to reach for the keyboard, I just use the onscreen one with the mouse, either with my left or right hand, depending on what I'm doing at that time.
I doubt that they recognize me that way.
Thank you, that makes you easy to distinguish (Score:2)
Your bank, and other web sites you log into, are trying to determine whether the person trying to log in as "nospam007" really is you - the same person who logged into your account the last eight times.
If you consistently use a weird setup, that makes it so much easier. Unless the hacker trying to access your account also uses the on-screen keyboard on a 60" TV, it's really easy to tell the difference.
What's less useful is when people use a very common set-up, with all defaults, and only the most common plu
So that's why my transaction dies when I'm drunk? (Score:3)
Seriously though... has it occurred to them that they may end up denying people's transactions at critical moments of stress due to behavioral differences. Like, I really need to get this hotel room after walking 5 miles in sub-zero weather from my dead car, but I can't transfer goddamn money to checking?
Re: (Score:2)
Why not use a credit card?
Oh right. Your phone. I keep forgetting. A phone is the only way to do transactions any more.
Re: (Score:2)
Why not use a credit card?
Oh right. Your phone. I keep forgetting. A phone is the only way to do transactions any more.
The credit card got blocked due to fraud detection.
Re: (Score:2)
My point is that this extra verification step may come at an extremely inconvenient or stressful time, and may in fact be a big deal in some situations, adding more stress or delay to an already tenuous situation. And given the metric they are using, the likelihood of it kicking in at just those times is much higher than its general-case probability.
Re: (Score:2)
I was thinking something slightly less blunt, like "I've got 150 seconds to do this transaction or I miss my flight out of the country and the local mafia is hot on my heels for that expose I wrote for the AP." But OK.
Re: (Score:2)
Hollow earthers. We don't talk about them.
Bullshit. (Score:2)
We're doing this for your protection, citizen, and you should be grateful that we're looking over your shoulder to ensure that you're not being defrauded!
GET YOUR NOSE OUT OF MY BUSINESS, YOU ASSHOLES.
Yet another reason I'll never own a smartphone.
Re: (Score:2)
It works both ways (Score:2)
if scripts are allowed to run it's not me (Score:1)
they know it's not me if the browser runs their scripts
I use the bank of Czash (Score:2)
In God I trust all others are subject to review...
What could possibly go wrong? (Score:2)
So, I get a little lazy and they accuse me of not being me. Or a more lazy and sloppy than usual. That's okay, at least THEY have my money.
And some people claim there's a market for smart guns and other biometric devices that are specifically intended not to work as intended, when intended.
Almost everybody is using mouse heatmap (Score:3)
All the big sites are doing this. There are at least a dozen analytic tools capable of doing mouse tracking and heatmaps; full journey tracking will be next. Hotjar, mouseflow, smartmove, inspectlet are just a few off the top of my head.
If someone gets a hold of my profile... (Score:4, Interesting)
Nice maybe, till stolen (Score:2)
Once this is stolen, then the bad guys will also have all this information. Matter of time.