So I just tried to access my account via iphone and it came up with a screenshot below
https://www.imghippo.com/i/xTbP3890yBc.png
Has anyone else seen this?
Quite concerning they want to log my typing patterns and swiping acvtity?
AIO or is this bad?
when you interact with the CommBank app.
Is the key bit. Presumably so it can detect bots. That's basically how most (all?) capchas work these days ..
If your phone isn't rooted/jailbroken & you haven't installed some 3rd party keyboard app, no app can keylog your overall phone.
Ohhh no the bank just saw that I transferred funds from one account to another and checked my credit score.
places tin foil hat squarely on noggin'
I think this might be related to CAPTCHA if CBA use that? They probably have to give you that warning under data privacy. Analysing the way you use a browse ror device is how CAPTCHA works
I agree it sounds pretty bad and I would be concerned as well…
Unfortunately however, in practicality this is your bank implementing the same type of tracking tools that many many many websites and apps already use. Please understand that I'm with you - this level of tracking feels super invasive - but a decent number of the websites and apps likely do this already.
Here are a few of the 'tracking and personalisation tools' that do this type of thing and even allow "session replay" (pick a user and watch a video of their mouse moving around your website). Any website owner can implement without much more than a single line of code (tag) in the website header, or an SDK initialised in their app.
You can block those in a website, hard / impossible to block in an app and more and more banks won't let you use a website without having their app too
Multi-factor authentication can be based on things you know (password), things you have (card or token) and things you are or do (biometrics). Biometric characteristics can be physiological features (for example, fingerprint, iris, face or hand geometry) or behavioural attributes (such as gait, signature or keystroke entry pattern) and are the hardest to bypass.
Thanks, ChatGPT!
Actually wrote that myself, used to know a guy on a Sandards Australia committee who was all over this stuff and it’s ridiculous how long it has taken to filter down to consumer level
Don't you just hate it when your bank app requires you to prop up your phone and then walk in a circle to demonstrate your gait
I think what they are doing is implementing some kind of security based on your typing / swiping / tapping patterns in the app. Maybe they can use this information to detect when a scammer is telling you to transfer money to them, or if someone stole your phone while you had the app open and tries to take your money. Then they block or put a hold on that transaction, or maybe make you authenticate with face id / fingerprint. In my experience with Commonwealth Bank in the past they were really aggressive with security as some of my legitimate transactions got blocked, I believe this is going to be the bigger problem for most people.
Within their own app.
Big deal, they already know what you click on, this is just device level analytics to assist in identifying 'your' action and 'your' device behaviour.
You would think having increased security was a good thing?