Are You, You? Seamlessly Fighting Identity Fraud with Keystroke Dynamics
针对传统身份验证在数据泄露后失效的问题,研究利用用户注册时的击键行为数据设计新型身份验证系统,在四轮实验中有效检测首次用户身份欺诈并保持无缝体验。
PRACTICE-ORIENTED ABSTRACT In September of 2017, Equifax disclosed a data breach that exposed the personal information of 147 million people, including names, Social Security numbers, and addresses. Such high-profile data breaches have rendered traditional forms of identity verification—especially knowledge-based authentication (KBA)—worse than useless: fraudsters have a 92% success rate in KBA screenings, compared to just 46% for genuine customers. In the face of these challenges, digital platforms are turning to sparse alternative data sources and overt verification technologies, often to the detriment of the user experience. The objective of this research is to design and build a novel approach to identity verification for new platform users using digital behavior data—features that describe how users type and interact during account setup. The system (1) evaluates identity fraud risk for all first-time users, and (2) minimizes the impact on the new user experience by seamlessly analyzing behavior during a platform’s existing onboarding experience. We evaluated and improved the design in four experiments, culminating in an identity fraud detection tool that effectively detects identity fraud for first-time users and supports seamless user experiences.