1 June 2015

New method reveals potential fraud when logging into your online bank account


The way you press the keys on the keyboard can identify you on the Internet. Or identify a possible intruder! At the Department of Computer Science at the University of Copenhagen, researchers are developing software that recognizes the pattern of your key strokes to reveal if it is really you who is about to log on to your online banking account.

Digital burglary into online bank accounts is an increasing – and costly - phenomenon. In 2013 British online banking customers lost £41 million (equaling USD63 million or DKK 427 million), and in Japan the losses summed up to a record 2.93 billion yen (equaling USD 25 million or 173 million DKK) in 2014.

In Denmark, the banking systems are reasonably safe and the problem of burglaries not as critical as in for instance Great Britain, but it is still necessary to consider new methods for preventing online banking fraud.

Researchers at the Department of Computer Science at the University of Copenhagen are now working on developing a computer program to detect online banking fraud to prevent burglary.

If a swindler has gained possession of another person’s login information he can log in to this person’s online banking account and transfer money to his own account. This type of fraud is hard to detect because the way of accessing the account is completely normal. When the user ID, password and the key from the key card used all over Denmark for online identification is the same as usual, the bank has no way of detecting that a break-in is about to take place.

PhD fellow Dídac Rodríguez Arbonès collaborates with Nets, the biggest provider of payment services in the Scandinavian countries – including the NemID digital signature key card, on
developing computer methods based on pattern recognition for detecting fraud in connection with the login procedure. The aim is to develop methods that can stop the process, before the burglary has actually happened.

Your keystrokes are like fingerprints on the Internet

Dídac Rodríguez Arbonès

We leave fingerprints on the Internet by the way we press the keys on the keyboard. Right now, Dídac is making the computer recognize the distinct pattern of the user’s keystrokes. He is using this information along with the login information, and a huge amount of other data to create a system that warns the bank if somebody else than the owner of the account is trying to log in.

The system collects information and calculates a score indicating whether or not the risk of fraud significantly diverges form the norm. If the program concludes that the risk of fraud is sufficiently high, it sends an alert to the bank, which can then, based on the report, make a decision on how best to act. For instance, the bank can choose to make an employee call the customer to check if the transfer is authorized, or if the risk of fraud is alarmingly high, the bank may choose to simply cancel the transfer.

- With this project, we are trying to relieve a serious societal problem. It is essential that we can trust the systems we depend on to make our daily life a little more safe, says Dídac about his Ph.D. project, which is now a year and a half from being finished.

For Nets, the primary reason to enter into this collaboration with the Department of Computer Science is to generally improve security.

- The increasing digitalization entails rising interest among criminals to try to lure our belongings away from us on the Internet. We are collaborating with the Department of Computer Science to get insights into what possibilities and methods that can be used against IT criminals, explains Marianne Mørk Christensen, head of NemID at Nets.

- The development within online transactions grows fast and steadily – and so does the rate of IT criminality. We always have to be one step ahead in order to protect the digital values of the citizens. We hope that our project with the Department of Computer Science will end up in a solution, which can be embedded in the next generation of the digital key card NemID, says Marianne Mørk Christensen.

The new software is planned to be included in the IT systems of banks in the Scandinavian countries, but in a longer perspective, the plan is to develop a product, that can be used all over the world.