PROVO, Utah — Identity fraud can cost consumers thousands of dollars and take hundreds of hours to correct, but BYU professors have recently created a system that may detect online fraud and prevent it from happening in the first place.
They have created a detection system that measures keystroke speed, and found that if was over 95 percent effective in detecting fraudulent activity.
According to the report, when people enter personal information such as a name or address, their muscle memory takes over and the information is quickly entered. However, when a person committing identity fraud does so, the speed slows down and no such memory is present.
“When you watch how someone interacts with devices, you gain insight into mental processes,” said study co-author David Wilson, a BYU professor of information systems.
“Our motor movements and our cognitive activities are very intimately linked — subconsciously in many cases.”
Wilson explained that “typing should feel different when typing your own name versus typing a stolen name."
He and his collaborators, including fellow BYU professor Jeffrey Jenkins, Joseph Valacich (University of Arizona) and David Kim (TCU) found in their studies that there are "very different behaviors, very different patterns of interaction" when people enter their own information versus that of someone else.
It is these “keystroke dynamics” that are the basis for their identity fraud detection system, which is more effective that most current systems that rely on several steps of verification.
“The reason why this is such a compelling technology — and such a compelling idea — is that what we are measuring can be captured seamlessly by any device that can run JavaScript,” Wilson said.
“All of our capture technology is based on a script that’s running behind the scenes in a browser. . . . Because there is no effect on the user experience, this technology can be used across an entire web-based platform.”
The technology will help financial institutions verify the identity of potential customers while not discouraging people from finishing applications that are overly complex.
“It’s a low-friction way to flag, say, the 10 percent most suspicious-looking applications and then have that smaller population do a few high-friction things to verify their identity,” Wilson said.
“And then you protect the customer experience for a majority of your customer base.”