Every day, I wake up in the morning and have tea and breakfast. While I’m eating, I check my financials on my phone and laptop: my bank accounts, credit cards, IRA, etc. I also check my credit score once a week using Credit Karma.
I do this because you never know when identity fraud could pop up, so it’s better to keep a strict eye on your financial life so you can catch any anomalies quickly.
What I didn’t know is that — depending on which site/app I’m using at the time — my daily habit is likely being monitored by my financial institution. I just learned about this via an article published at The New York Times.
Every minor detail of my online banking process is data logged: the time I log in, how I log in, what I click on/tap on first, how long I stay logged in, and even the specific movements of my mouse or the angle with which I hold my phone.
This log is attached to my customer profile, and it creates a kind of biometric code that gives the financial institution a good idea of what it looks like when I — C. Scott Brown — use the online banking service.
The point of logging all that info is so if “C. Scott Brown” logs into a banking site and starts doing things that it doesn’t seem C. Scott Brown would do, the bank can flag that behavior.
Privacy advocates are probably having heart palpitations, but I think it’s awesome.
Hidden and effective security measures
In the NYT article, the Royal Bank of Scotland gives an incredible real-life example of how this security system works. A wealthy R.B.S. customer logged into their online account and started scrolling around with the mouse scroll wheel. The user then also started typing some numbers using the top row of the keyboard, as opposed to the numerical keypad.
These two actions were things that the wealthy customer had never done before in the history of the bank’s monitoring of customer behavior. Internal alarm bells went off at R.B.S. and the system blocked any cash movement in the customer’s account.
R.B.S. saved a customer from significant theft using these security measures.
A later investigation uncovered that the customer’s account had, in fact, been hacked, and the hacker was attempting to move a seven-figure sum to another account.
The unnamed wealthy R.B.S. customer probably a) never knew their habits were being monitored and b) didn’t have any idea they had been hacked. They would have found out the latter information the next day when they discovered hundreds-of-thousands of dollars missing from their account.
But because of the silent habit monitoring, that issue was thwarted.
This kind of monitoring could be used against you
While that story is pretty cool and seems to make a great case for the silent monitoring security practice, privacy advocates likely aren’t pleased with this news.
First off, the company’s that use this technology don’t disclose that it’s happening. They don’t because…well…they don’t have to. There are no laws on the books saying that companies have to disclose this information — even in GDPR-era Europe.
Secondly, the information that banks are tracking is used to help customers avoid theft and identity fraud. But what if the companies using this technology didn’t have your best interest in mind?
For example, an insurance company could monitor your usage habits of its website and app. If the insurance company noticed that your habits were becoming more erratic than usual and it seemed that your hands were shaking a lot of the time, that could point to a serious illness — or frequent drunkenness. As a result, the insurance company could respond by raising your rates.
That’s a very far-fetched example, but it’s not completely out of the realm of possibility, and at least illuminates how this information could be dangerous in the wrong hands.
I still think this is awesome
While the insurance example above is a real concern of mine, I can’t help but think this is a cool utilization of seemingly meaningless data. I just told Android Authority’s millions of readers that I log into my bank accounts every morning while drinking tea. That innocuous bit of information is helping my banks keep my accounts safe.
Who cares if they’re tracking that?
The only thing that makes me nervous is the fact that companies don’t have to disclose they do this nor do they give you a way to opt-out. I wholeheartedly would support a law forcing companies to disclose the use of this technology and give all customers a choice of whether to be tracked or not.
But honestly, at least when it comes to my financial institutions, I’d let them track me. I actually feel my money is safer with this technology around.