Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Cellphones Security Australia

Australian Bank Spots Scams via How Users Hold Their Phones (pymnts.com) 30

National Australia Bank seems to think that monitoring the angle customers hold their phones will offer extra protection against scammers. "Speaking during the Australian Banking Association Conference in Melbourne Wednesday (June 26), CEO Andrew Irvine said the lender introduced more 'friction' to payments processes and new predictive protection tools to spot scammers," reports PYMNTS.com, citing a (paywalled) Bloomberg report. From the report: "We've added tooling that looks at biometrics and the way you actually interact with your devices and how you think about keystrokes," said Irvine, per the report. "If these things are different to how you've used your phone in the past, our intelligence will kick in." Irvine, who called fraudsters the "scourge of our times," also noted that Australia is one of the few countries where bank fraud has declined, the report said.

Still, he said that as scammers have embraced new technology like artificial intelligence, banks have had to shift from making payments fast and simple to adding more steps to protect against fraudulent transactions, per the report. "These threat actors go where the money is," Irvine said, according to the report. "You want to be the best alarm system in the street and right now Australia's leading the way."

This discussion has been archived. No new comments can be posted.

Australian Bank Spots Scams via How Users Hold Their Phones

Comments Filter:
  • Huh (Score:5, Funny)

    by cascadingstylesheet ( 140919 ) on Wednesday June 26, 2024 @05:53PM (#64580865) Journal
    Gives new meaning to "you're holding it wrong".
    • But that would only work with iPhones

    • by dohzer ( 867770 )

      Gattaca told me I'd been holding it incorrectly all my life: "For future reference, right-handed men don't hold it with their left. Just one of those things."

    • Soon sperm banks will license this tech.
      • by drnb ( 2434720 )

        Soon sperm banks will license this tech.

        Makes sense. They currently can charge extra for donor "good looks", donor "high intelligence", etc.
        Now they'll be able to charge for donor "lasts longer than 20 minutes".

    • by mjwx ( 966435 )
      There's an easy way to tell, if someone takes a phone call by holding the phone to their mouth (rather than their ear) as if it were a slice of pizza, then it's a sure sign that person is a complete idiot and much more vulnerable to falling for scams.
  • You mean stuck out in front of them on speaker phone so everyone around them can either hear their entire conversation or whatever shit "music" they're listening to?

    Yeah, that will work real well.

  • If you're seeing a lot of users with phones held at a precise angle at all times, you can be pretty certain you dealing with a spam farm.

  • by devslash0 ( 4203435 ) on Wednesday June 26, 2024 @06:12PM (#64580905)

    Are they saying their app comes with a keylogger that analyses all that their users type at all times?

    • Re:Keystrokes? (Score:4, Insightful)

      by philmarcracken ( 1412453 ) on Wednesday June 26, 2024 @06:18PM (#64580911)

      Its monitoring how the phone is orientated when they make a purchase, and recording how that 'looked' to create a history. Then if theres a sudden deviation from that history, probably over a certain value of transfer all at once, it sets off other triggers.

    • if i am accessing my bank via a cellphone i want mh bank to be able to know its actually me doing the accessing and not some creepy cyber criminal, capisce?
    • by drnb ( 2434720 ) on Wednesday June 26, 2024 @06:49PM (#64580939)

      Are they saying their app comes with a keylogger that analyses all that their users type at all times?

      For some of the functionality mentioned, it does sound like they are observing key taps. Which is a normal thing for an app to do for its own inputs. The personalization described sounds like something that could be kept onboard the phone. If so that would then things seem reasonable. If specifics have to be sent to a server for processing, then some explanation of why so would be reasonable.

      • Decades ago, when we talked about multi factor authentication, there were at least four main classes:

        Stuff you knew (passwords, security challenges)
        Stuff you had (private keys, RSA devices)
        Stuff you are (iris and hand scans, etc)
        Stuff you did

        When we moved to APIs to log into everything, the âstuff you didâ(TM) basically went out of favor⦠but it was stuff like the cadence of how you typed⦠so someone who is doing a hunt and peck to type in your password is different from some

        • by Mal-2 ( 675116 )

          I would be very displeased if password entry included a "style check" for consistency. Sometimes I'm using an onscreen keyboard. Sometimes I'm using a Dvorak keyboard. Sometimes I'm using a QWERTY keyboard. Sometimes I'm laying in bed and only have one hand that can reach the keyboard. What about people that get hurt and face "You logged in using both thumbs until today. It must not be you." because they broke a wrist?

          Generally I'll pull out a phone or tablet in conditions that are not conducive to using a

          • at 2 am, when I am awake and can't fall back to sleep and my eyes are blurry and wouldn't always focus, even when I do find my glasses and put them on... I make a lot of errors and my iphone then does a heroic job trying to fix them... But, that said, only then do I spend a lot of time talking about ducking, ducks, and giving a duck.
        • by drnb ( 2434720 )
          Good post.

          Could you keep that all on the phone? Maybe, but if someone gets hold of the phone and can extract it moves into the âstuff you haveâ(TM) category.

          I have not looked at the Apple APIs, but one might be able to have the device encrypt the data with an "inaccessible" (directly, relative to software, only the SoC has access) device unique key. So merely getting the data file somehow, perhaps from a backup, won't help an attacker. The attacker would need to have software on board the device to call the Apple APIs that have the SoC encrypt/decrypt data. It seems a compromised device would be needed to decrypt. Well, if something like the preceding

  • I know obscurity is insufficient with respect to security, but let's be honest, sometimes its practical. Maybe they shouldn't be telling scammers what the expected orientation of the phone should be?
    • I know obscurity is insufficient with respect to security, but let's be honest, sometimes its practical. Maybe they shouldn't be telling scammers what the expected orientation of the phone should be?

      Why not? It'll just me a boon to the arduino and servo industries, after all, it just takes money.

    • Or maybe they shouldn't be collecting that non-changeable information in the first place and then using it to "authenticate" crap.

      Bio-metrics = Something you are. I.e. Identification. Not authentication nor authorization.
      • by drnb ( 2434720 )

        Or maybe they shouldn't be collecting that non-changeable information in the first place and then using it to "authenticate" crap.

        That info may not be leaving the phone. They seem to be analyzing very basic information already available to apps. Phone orientation, time between your app's button taps. If that's all it is and it stays local, there seems to be no harm.

    • Or maybe the tech doesn't actually work, so they're making a bug fuss over it to scare people by *saying* that they can tell who's a crook by how they hold their phone.

  • by rsilvergun ( 571051 ) on Wednesday June 26, 2024 @07:41PM (#64581041)
    To even read the summary they're using the angle you're holding the phone among other biometrics to determine if somebody either stole your phone or more likely hijacked your IMEI. E.g. they cloned the unique ID for your phone on the cell phone network so they can spoof you.

    It makes sense if the tilt sensor is sufficiently accurate by hand is going to tend to hold my phone at a specific angle just because of the shape of my bones and somebody else is going to have slightly different bone shape resulting in a degree or two or maybe even just a half degree difference. If you measure that across several readings and mix in some other biometrics and risk data you could easily detect if somebody else is actually got the phone in their hands.

    This is one of the things that's going to be kind of interesting. We are going to increasingly squeeze criminals out of all sorts of crime. They'll still be plenty of money laundering through cryptocurrency, it looks like the banks have gotten in on that scam like they did with all that drug money laundering back in the day so it's probably going to be 20 years before a scandal breaks and we crack down on it. But the kind of petty White collar crime where credit card companies get ripped off is going to gradually evaporate among other things.

    Those criminals aren't going to go away they're going to look for new ways to make a living. We should probably do something about that besides randomly lock a few of them up that we catch but, we kind of suck at building societies that don't do stupid things
    • It makes sense if the tilt sensor is sufficiently accurate by hand is going to tend to hold my phone at a specific angle just because of the shape of my bones and somebody else is going to have slightly different bone shape resulting in a degree or two or maybe even just a half degree difference. If you measure that across several readings and mix in some other biometrics and risk data you could easily detect if somebody else is actually got the phone in their hands.

      So now if you get into an accident, or otherwise have something done to you that could change that very specific angle, you'll need to report it to your bank. Who will then go right ahead and sell that info to your private medical insurance who will instantly raise the amount your responsible for paying long before the physician can even proscribe treatment for said accident. (Personalized pricing is all the rage with shareholders nowadays.) Sounds like yet another great way to scam the public out of their

    • by AmiMoJo ( 196126 )

      Sometimes I hold my phone while sitting or standing, sometimes while lying down, and sometimes I place it on the desk.

  • Low hanging fruit. (Score:2, Insightful)

    by Hylandr ( 813770 )

    What kind of idiot puts financial apps on their phone?!

    • by solanum ( 80810 ) on Wednesday June 26, 2024 @10:41PM (#64581305)

      Everyone.Your phone is the usual way of paying in Australia, very few people use cards any more and even fewer use cash. In fact cash is so out of favour that big retailers are having to prop up Armourguard here. There there isn't enough cash being moved for them to remain in business, but the retailers don't want to cut cash purchases off completely. Also almost anyone under the age of 30 uses their phone for pretty much everything, very rarely reverting to a laptop or PC except for work.They are certainly doing all their banking, payments and money transfers via their phone.

    • Everyone who does banking or online paying or QR code or NFC paying on the phone.

"Pull the trigger and you're garbage." -- Lady Blue

Working...