The New Technology Helping Amazon Avoid 'Imposter Take Over'

Customer data is critical in the digital era. With individuals increasingly shopping online, companies now have the ability to collect and curate an abundance of data from their customers. However, as they are able to access more data, they must also work to protect this critical information at a time when data breaches have become all too common.

To avoid these potential data leaks, Amazon has taken its first steps to secure customer information and improve data security. Its first initiative is aimed at improving employee monitoring. According to Motherboard, Vice’s Tech magazine, the eCommerce giant is working to stop rogue workers, imposters, or hackers from accessing customer data by monitoring employee keyboard strokes and mouse movements.

In a confidential document obtained by Motherboard, Amazon outlines the potential solution and identifies instances that this technology could effectively prevent. The service, provided by a behavioral biometrics firm called BehavioSec, creates a profile of how the individual types and uses their computer to verify the official employee. Amazon is apparently eyeing the firm due to challenges surrounding the collection of keystroke data, inspiring the tech company to consider more privacy-aware models that work with anonymous keyboard data.

To understand when this technology would actually be used and what aspects make it more privacy-aware, we outline the use case examples Amazon provided and decode the new initiative:

WFH Privacy Gaps

The first use case Amazon describes is particularly worrisome in the remote work setting. The document notes that a customer support worker may walk away from their computer without locking it, leaving the computer at risk for surrounding individuals like roommates or acquaintances to look up customer information. The example given describes an instance where a support representative’s roommates may have shown interest in seeing what public figures buy from Amazon which could lead them to look up this information with an internal search tool.

Superhuman Tools

In the next example, Amazon notes that a customer support worker can purchase a ‘USB Rubber Ducky Device’ that allows them to input keystrokes at superhuman speeds to steal thousands of customer records in less than an hour. According to one seller, with a device like this hackers can, “Imagine plugging in a seemingly innocent USB drive into a computer and installing backdoors, exfiltrating documents, or capturing credentials. With a few well-crafted keystrokes anything is possible.” Alarmingly, they can also apparently achieve this all for under $50.

Password Negotiations

The last case Amazon outlines is a password negotiation between a customer service worker and a potential hacker. In this instance, the hacker may purchase a customer service representative’s password, along with their multi-factor authentication device, from the employee to steal customer data. Additionally, this is particularly concerning as hackers are then able to sell these credentials to a whole host of others or even auction them online. And nobody is immune — according to ZDNet, back in November 2020, one hacker apparently sold the email and password combinations of C-Level executives from companies all over the world.

The Proposed Solution

To avoid each of these potential security breaches, behavioral biometric technology works to understand how individuals engage digitally. By tracking mouse movements, typing rhythm, swiping gestures, and even how an individual holds their device, the technology can virtually verify the identity of the user in question.

This measure is also incredibly helpful as a security measure in the work-from-home environment. Amazon notes that it does not currently have a reliable mechanism for verifying users, especially external, outsourced workers and its goal is to reduce any instance of ‘imposter take over’ by 100% in 2022.

The technology is promising; as companies attempt to avoid overt surveillance measures, this seems to be a fairly impartial way to identify users. While some may not enjoy any measure of surveillance at work, technology like this is likely one of the least intrusive ways to be observed. Additionally, if employees desire a work-from-home future, tools like these solidify a more certain and secure remote environment — while giving customers peace of mind that Amazon is keeping their individual data safeguarded.

Without measures like this, companies will continue to worry about at-home security and surveillance measures. When considering the examples Amazon laid out, each was a product of a lack of surveillance. Although things can slip through the cracks, many of these cases could not occur if an individual’s supervisor was nearby. Therefore, as companies continue in a hybrid environment, it’s tools like these that will ultimately keep remote work accessible.