Program checks to see if you are using your normal routines
Peter Wilson
Sun
A pleasant 10-second digital trip down memory lane could soon be the way your financial information — and your money — stays safe when you use Internet banking.
And that might be thanks to innovative security software called UNOMI (just sound it out) developed in Vancouver by recently launched, angel-funded start-up Cogneto Inc.
For example, you sign in and the site will ask you — based on information you supplied the first time you signed in — a series of questions about, say, that romantic trip you took to France four years ago.
How did you get there? Who did you go with? Where did you stay? Basically the who, what, when, where and why of it.
But UNOMI, to arrive at what Cogneto calls your “passthought,” rather than password, isn’t just looking for the correct answers.
It’s also tracking the way you use your mouse, the amount of hesitation between clicks, the speed with which you supply your answers.
It’s also looking at where you are as you do this. At your home computer? At the office? In Istanbul?
How are you connected? Over dial-up? With Shaw? On ADSL from Telus?
“It’s the same as if you were interviewing someone and you watch their body language, the tone of their voice, things like that,” said Cogneto’s chief technology officer, Patrick Audley, whose firm is headquartered in London, and financed with European money, but does its research and development in Vancouver.
And, said Audley, every person logging in has a unique profile.
“No matter whether it’s first thing in the morning and you’re a little muzzy in the head because you haven’t had your coffee yet or if it’s late at night, people respond the same way every time.”
Audley said people also tend to sign in at the same time of day from the same machine.
At the same time, from the banks’ end of things, UNOMI is assessing the general threat level that day.
Have there been a lot of failed sign-in attempts and is there a lot of strange activity going on in online banking generally?
Then the user gets a score, say a 90, or maybe a less reliable 75, and they are allowed on to the site and the various possibilities for moving money around, based on that score.
With a lower score, a client might not be able to send money to someone halfway across the world, but, however, be able to make normal credit card payments and transfer money between accounts.
“We don’t look at security from a pass/fail perspective,” said Audley. “We look at it in terms of risk, in the same way that humans make security decisions,
“So when we look at you we say, okay from the cognitive perspective you’re reacting exactly the same and from the way you’re moving the cursor it’s a little off, but we think that’s because you’re using a trackpad.”
And UNOMI, which learns more about you and your habits each time you log on, might also see that while you’re still in Vancouver, you’re signing in from a machine you don’t normally use.
“So we’re going to sign you in, but we’re going to assign you a slightly riskier score because you’re slightly off your normal behaviour.”
And if you want to know why you got a lower score UNOMI will say something like: ” You appear to be logged in from a public terminal. To improve your security you might consider logging in less frequently from public locations.”
Another advantage of UNOMI, said Audley, is that users don’t have to worry about getting their log-in information stolen.
“In fact, someone could steal the entire data base of all the log-in information and it wouldn’t help them to get into any of the accounts,” said Audley.
Audley said that the initial primary market targets for UNOMI are large financial institutions like banks, governments and large online e-commerce sites.
As for clients at present, Audley said: “I can’t discuss what we have on the table right now. We’re currently in proof-of-concept phase with two very large customers.”
© The Vancouver Sun 2006
