Despite the wealth of data gathered from online banking customers, Crooks said that Fair Isaac is sensitive to concerns about snooping. The Falcon One Software combines back-end analysis with a Web browser plug-in that collects data without breaking the browser security model, or "sandbox," he said.

None of the data collected necessarily signals fraud. Instead, the company weighs the data to calculate a risk measurement for the online sessions. Banks can take that information and decide whether to change the course of a session. For example, users could be asked to enter an additional one-time password that is sent to their cell phone or a pre-approved e-mail address, Crooks said.

Online risk monitoring companies such as Fair Isaac, RSA Security, and Cyveillance have become more prominent in recent years, as online fraud has exploded. An April 2006 report by RSA Security found that online fraud is evolving, with phishing and pharming attacks "the most sophisticated, organized and innovative technological crime waves" facing online businesses.

Fraudsters have new tools at their disposal and are able to adapt more rapidly than ever, RSA said in its report.

Banks are struggling to keep up with nimble, online criminal groups that can use information stolen in one online channel to conduct fraud in another, Crooks said.