Mouse jitters give away fraudsters

31.05.2006
Online fraudsters might want to try some method acting classes before they attempt to log in to an online banking session using a stolen user name and password. New technology from Fair Isaac claims to be able to spot fishy Web sessions by, among other things, comparing mouse movements and typing mannerisms with those of the account holder.

The company announced its new multi-factor authentication product, Falcon One for Online AccessWednesday. The product uses neural network technology to monitor online transactions and learn customer behavior patterns. The product is targeted at U.S. banks, which are under pressure to implement guidance from the U.S. Federal Financial Institutions Examination Council's (FFIEC),'a cross-agency group, to find alternatives to simple username and password security for online bank accounts.

Falcon One works with other Fair Isaac anti-fraud technology as part of the company's EDM (Enterprise Decision Management) solution. It tracks online behavior, such as how a customer has used online banking in the past. That data is combined with analysis of the computer initiating an online transaction, said Ted Crooks, vice president of Global Fraud Solutions at Fair Isaac.

Like other anti-fraud companies, Fair Isaac notes the IP address an account holder typically uses for online banking and raises flags when a session is initiated from a new address. But the company digs deeper into the remote host, noting details such as the system clock setting and screen resolution to determine whether the machine is different from that used in prior sessions, Crooks said.

The software also monitors other characteristics of account holders, such as their style of typing and mouse movements to determine whether the user attempting a transaction is the actual account holder. Characteristics such as the speed and character pattern that account owners type, as well as whether they are a jittery or staid mouse user are individual and nearly impossible to mimic, Crooks said.

The company also monitors traffic on outbound communications channels, noting how a customer links to an online banking session and whether there are delays in online session traffic that could signal a "man in the middle" attack, he said.