IBM patents technique for killing fraud, using click patterns

A new technology would pick up on suspicious changes in people's online activity

Someday, if you use your non-dominant hand to control your mouse or touchpad when you're say, shopping online, websites might interpret your irregular scrolling and clicking as a sign of fraud and require you to prove your identity, thanks to an IBM fraud-detection patent.

The company has patented a technique for better detecting fraud online to prevent the theft of log-in credentials and other sensitive information, particularly in e-commerce and banking, it said Friday.

U.S. patent #8,650,080 is intended for a "user-browser interaction-based fraud detection system."

How people interact with websites, such as the areas of a page they click on, whether they navigate with a mouse or keyboard, and even how they swipe through screens on a smartphone or tablet, can all be identified, IBM said. The technology could identify sudden changes in online behavior, which would then trigger a secondary authentication measure, like a security question. It would work on a mobile device or PC.

If the technology works as IBM says it will, and other businesses license it, it could help to secure online transactions against cyberattacks, such as the recent eBay hack. Sensitive information of up to 145 million people may have been breached in that recent attack.

It would also lend credence to IBM's previously stated ideas related to a "digital guardian" that would protect Internet users.

"It's important to prevent fraudulent financial transactions before they happen," said Brian O'Connell, an IBM engineer and co-inventor of the patent.

Trusteer, an IBM-owned company that makes malware detection technology mostly for banks, is already using some of the technology in the patent, IBM engineers said Friday. Other sites like eBay or Amazon might one day choose to license it as well.

While it might seem that the technology has the potential to cause false positives, IBM said the prototype it tested successfully confirmed identities and showed that sudden changes in browsing behavior were likely due to fraud.

And some Internet users might consider the technology to be an invasion of privacy. But the data gathered through the technology would not amount to personally identifiable information, said Keith Walker, another co-inventor on the patent.

Tackling fraud and financial crime is high on the agenda for IBM. Recently the company announced new software and services to address the US$3.5 trillion lost each year to fraud.

Zach Miners covers social networking, search and general technology news for IDG News Service. Follow Zach on Twitter at @zachminers. Zach's e-mail address is zach_miners@idg.com

Tags fraudprivacyinternetsearch enginese-commerceebayonline safetyInternet-based applications and servicesAccess control and authenticationTrusteerDesktop securityIdentity fraud / theft

Show Comments