Tell me how keys ... As I say if you're committing a fraud

When you are browsing on the internet and the mouse cursor disappears from the screen, can be a computer glitch – or can be only one company trying to confirm if you are yourself. How each person presses, hand fingers, type or key, either in the phone or on the computer, is something as unique as fingerprints or retina. Thus, a growing number of banks and businesses began to track the physical movements of users on their Web sites and applications, as a weapon in the fight against fraud. Some establishments use technology only against virus attacks and in cases of suspicious transactions. Others go much further, gathering data from tens of millions of profiles, which can identify customers by the way they handle, hold and they text their equipment. Is a collection of data invisible to those who are observed. Using sensors installed on mobile phones and codes on websites, specialised companies collect thousands of units of information known as "biometric data of behavior" that help to check if a user is really who he says he is to in charge of cybersecurity, technology is a powerful weapon. Major data thefts are almost daily occurrences. Cyber pirates get, so, billions of passwords and other personal information of strategic customers of banks and stores, which can be used to steal money or make fraudulent purchases. "Identity is the latest digital currency and has been stolen on an industrial scale," said Alisdair Faulkner, one of the founders of ThreatMetrix, which makes fraud detectors for large software companies financial and commercial. Many clients of the Threat are using or testing tools based on biometrics. Organs privacy advocates, on the other hand, see the biometric tools as potentially threatening, partly because few of the companies that serve them reveal to their customers when and how their keyboards are being monitored. "The more data are collected with this technology, more uses will be found for them," said Jennifer Lynch, a lawyer for the Electronic Frontier Foundation, a digital rights advocacy organization. " Between using technology to detect fraud and use it to collect private information is a leap. " Application. The Royal Bank of Scotland (BRE), one of the few who speak publicly of their behavioral biometric databases, began testing the technology for two years, in private accounts of his richest clients. Is now expanding the use of the system for all commercial accounts and 18.7 million of retail, according to Kevin Hanley, Director of the Bank's innovation. When customers of BRE if Logan in their accounts, the software starts recording over 2000 different interactive gestures. In cell phones, the software measures the angle at which the people hold the equipment, using fingers to dial, the pressure they apply and how quickly slide your fingers across the screen. In computers, are recorded the rhythm and intensity of the typing and the way the user handles the mouse. The BRE uses a software designed by a small New York company called BioCatch. The software draws a profile of each person's gestures, which are compared to the movements of the customers each time they access the account. The system can detect impostors with an accuracy of 99%, according to BioCatch. A few months ago, the software has detected unusual signals from a client account Rico. After login, the imposter used the mouse scroll wheel to navigate – something that the customer had never done. Then the impostor typed in numerical range from the top of a keyboard, not the side numbers that the account owner used typically. Warning signs have been issued. The BRE blocked account. An investigation later found that the client had been hacked. "Someone was trying to create a new beneficiary and transfer him to a seven-figure sum", according to the expert. "Intervened in time, we abort the coup," said Hanley. The case in question escapes the pattern. The behavior of users is usually not so constant. People act differently when they're tired, sick, under the influence of alcohol, distracted or in a hurry. The way someone key on the Office computer is not the same with that key on the laptop sitting on the couch home. The BioCatch occasionally tries to provoke a reaction. It can for example speed up access on mobile to data such as date and time, or make the mouse cursor disappears for a split second on the computer screen. "Everybody reacts differently to stimuli such as these," said Frances Zelany, strategist of the BioCatch. "Some move the mouse from side to side, others, from top to bottom, others give a twitch on the keyboard." How the behavior of users is very individual, the fraud becomes difficult. And, as they never know if they're being monitored, they don't have the typical reactions of irritation and blockage that occur in monitored safety tests. The user is also not seeking all the time confirmation through digital signature or authentication code. "We don't have to keep the people sitting in a room and make them type under laboratory conditions," said Neil Costigan, President of BehavioSec, of Palo Alto, California, company that produces software used by several Nordic banks. "You just watch in silence while they perform normal activities with their accounts." Companies call this "frictionless experience". Organs privacy controllers call dangerous experimentation. Biometric systems can sometimes detect health problems. If a customer has normally steady hand starts to shake, your car insurer might worry. This is a potential problem if the customer's Bank, who detected the tremor through your software, is also the owner of the insurance company. "Data like these tend to come with any consumer protection clause, but here there is no," said Pam Dixon, Director of the World Privacy Forum. "Companies are using the system without informing anyone." Most countries do not have laws regulating the collection and use of biometric data. Even the new rules on privacy in Europe open exceptions when it comes to security and fraud prevention. In California, a new digital privacy law includes biometrics of behavior on list of tracking technologies that companies need to notify when they use, but the law only comes into effect in 2020. Banks and commercial enterprises often limit access to customer data. In many cases, however, they provide these data to outside vendors who work with them, which increases the risks, says Dixon. /Translation of Roberto Muniz.