IBM has patented an invention that helps prevent fraud after logon credentials are breached

IBM announced it has patented a technique that helps online and cloud-based businesses improve their ability to eliminate fraud by analyzing browsing behavior to determine whether customers are who they say they are after accessing a website or app via a computer, tablet or other mobile device.

IBM’s patented invention can help web site operators, cloud service providers and mobile application developers more efficiently and effectively detect and deal with threats by using analytics to thwart fraudsters.

For example, when individuals access a banking or shopping site, they subconsciously establish characteristics of how they interact with the site, such as clicking certain areas more often than others; using the up and down arrow keys on the keyboard to navigate; relying solely on the mouse; or tapping or swiping the screen of a tablet or smartphone in a distinct manner. Similar to how individuals recognize changes in the behavior of a family member or friend on the phone – even when the audio is fuzzy – by the words they use, how they answer the phone, their mannerisms, etc., IBM’s invention helps businesses analyze and identify sudden changes in online behavior.

If the invention detects a change in behavior, it triggers a secondary authentication measure, such as a security question. This helps businesses and website operators avoid unintentionally hindering legitimate customer activities or transactions.

“Our invention improves the effectiveness of authentication and security systems with insights derived from real-time data analytics,” said Keith Walker, IBM Master Inventor and co-inventor on the patent, in a press release. “For example, if an individual suddenly changes how they interact with an online bank or store, such as due to a broken hand or using a tablet instead of a desktop computer, I want these web sites to detect the change, and then ask for extra identity confirmation before accepting a transaction. Our experience developing and testing a prototype, which flawlessly confirmed identities, shows that such a change would more likely be due to fraud, and we all want these sites to provide more protection while simultaneously processing our transactions quickly.”

Despite strong passwords and authentication systems, troublesome fraudulent charges remain a reality in today’s digital world.
This invention further reinforces one of IBM’s 5 in 5 predictions made last December that in five years a digital guardian will protect you online. Security is evolving from being based on rules, such as passwords, to being automatic and made stronger by taking advantage of the natural behavior of users.