Behavioural biometrics flag fraud but invade privacy
In August 2018, banks and merchants had begun tracking the physical movements users make with input devices - keyboard, mouse, finger swipes - to aid in blocking automated attacks and suspicious transactions. In some cases, however, sites are amassing tens of millions of identifying "behavioural biometrics" profiles. Users can't tell when the data is being collected. With passwords and other personal information used to secure financial accounts under constant threat from data breaches, this approach is valuable for security. However, privacy advocates are concerned about how the data will be used in future because it can also expose medical conditions. Early adopters include the Royal Bank of Scotland, which uses software designed by New York company BioCatch, some Nordic banks, which use software made by Palo Alto-based BehavioSec, and some large retailers, who use software from New York start-up Forter. American Express has also adopted BioCatch for new accounts, while MasterCard acquired NuData, a company working in this are, in 2017. Behavioural biometrics are also built into security software sold by IBM to retailers and banks. Privacy laws such as Europe's GDPR contain exceptions for security.
tags: biometrics, behaviour, banks, retail, Forter, BioCatch, NuData, IBM, GDPR, monitoring, fraud prevention, security
writer: Stacy Cowley
publication: New York Times