The Royal Bank of Scotland (RBS) is extending its use of behavioural biometrics – the practice of analysing your online interaction in real time – to combat fraud.
RBS started testing the technology two years ago on private banking accounts for wealthy customers. It is now expanding the system to its 18.7m business and retail accounts, according to a report in The New York Times.
“When clients log in to their Royal Bank of Scotland accounts, software begins recording more than 2,000 different interactive gestures,” reports Stacey Cowley.
“On phones, it measures the angle at which people hold their devices, the fingers they use to swipe and tap, the pressure they apply and how quickly they scroll.
“On a computer, the software records the rhythm of their keystrokes and the way they wiggle their mouse.”
When you’re browsing a website and the mouse cursor disappears, it might be a computer glitch – or it might be a deliberate test to find out who you are, writes Cowley.
“The way you press, scroll and type on a phone screen or keyboard can be as unique as your fingerprints or facial features. To fight fraud, a growing number of banks and merchants are tracking visitors’ physical movements as they use websites and apps.
“Some use the technology only to weed out automated attacks and suspicious transactions, but others are going significantly further, amassing tens of millions of profiles that can identify customers by how they touch, hold and tap their devices.
“The data collection is invisible to those being watched. Using sensors in your phone or code on websites, companies can gather thousands of data points, known as “behavioral biometrics,” to help prove whether a digital user is actually the person she claims to be.”
RBS is using software designed by a New York company, BioCatch. It builds a profile on each person’s gestures, which is then compared against the customer’s movements every time they return. The system can detect impostors with 99% accuracy, according to BioCatch.
Recently, its software picked up unusual signals coming from a wealthy customer’s account; after logging in, the visitor used the mouse’s scroll wheel, something the customer had never done before.
Then the visitor typed on the numerical strip at the top of a keyboard, not the side number pad the customer typically used. Detecting this unusual behaviour, the system blocked funds from leaving the customer’s account.
An investigation later found that the account had been hacked. “Someone was trying to set up a new payee and transfer a seven-figure sum,” said Kevin Hanley, RBS’s director of innovation. “We were able to intervene in real time and stop that from happening.”