Cezary Kocik, Vice President of mBank for Retail Banking:
At mBank, we understand the importance of online banking security. Therefore, we regularly introduce new products in this area. We were the first in the market to start mobile authorization, which is a convenient and secure method of approval of the business. Today, more than 400,000 of them use it. our customers. We also offered a CyberRescue service, or "digital ambulance", which is an extra umbrella in the e-world outside banking. It is also the only service on the market.
Many phishing attacks and fraud, despite these existing safeguards, caused mBank to seek new solutions that allow better protection for customers. This solution is intended to be behavioral verification, which will investigate the interaction between customers with the device they use electronic banking.
Based on this, the introduced system will create a customer profile and compare it during each subsequent use of the account. What will be checked? Among other things, the dynamic of using the keyboard, such as keystroke or writing speed, is also how to use the mouse or touchscreen.
When the participant agrees that in the mBank transaction service there will be a special code. It will measure typical user behavior when using online banking based on: how the mouse moves, the buttons "scroll" and "touchpad", the dynamics of using the computer keyboard and in the future using the smartphone screen. Based on this, the user's "image" will be built, that is, his individual behavioral profile. The system will identify users by comparing their current interactions with the completed profile
At the conference, the test system shows how the system works. First, account owner registered account, when a green identification row was displayed at the bottom of the screen (shown only in demo), when one of the journalists logged in after a while, the color of the bar changes to red – this is a demonstration of login data age. In the event of theft of the session, that is, when the customer logged in to the account and the transaction was already performed by someone else, just as the data was introduced in the transfer, the system also detected another user.
The bank's representatives stressed that the information collected by the bank is only about how we use the device, not what we do on it. In addition, in the service lottery, which lasts until the end of 2019, it will only apply to the customers that agree.
As part of the digital fingerprint behavioral biometrics, the system only analyzes how customers interact with devices while using mBank electronic banking services. It does not download data about the use of other sites or tools. So it will be checked how the user uses the site, not what he does in it.
This is a novel about behavioral verification. The second of the announced security implementations applies to all customers, as it will not require their consent, and should contain identification of devices using the mBank electronic bank. In a few words, mBank analyzes all devices used by customers, for example, when a new device is displayed on their list, where a large transfer is made immediately.
Both short stories begin today. In the case of behavioral testing, you can participate in the tests on the mBank website, which 50,000 customers will be included in.