Following other big tech companies, Amazon is making a fresh assault on internal and customer data leaks. Now, the company plans to monitor the keyboard and mouse movements of employees in the customer service department in an attempt to prevent some rogue individuals, such as imposters or hackers, from improperly accessing the data.
The information was obtained by motherboard, gives Vice, who gained access to an official Amazon document describing several proven customer data theft situations from the world’s largest retailer.
Thus, the company is considering implementing a tough measure to try to solve the problem. But it’s not a complete surveillance system, in which every keystroke typed by an Amazon employee is logged and all communications are recorded.
Amazon wants to create behavioral profile of employees
The tool under consideration generates a profile based on the employee’s natural keyboard and mouse movements and then continually checks to see if it appears that the same person is in control of the employee’s account to catch hackers or imposters who might try to steal Dice.
This customer data theft issue is still somewhat obscure and came to light during the COVID-19 pandemic, when the vast majority of services were migrated to remote or home office models. Thus, the security and monitoring of the activities of employees and the system were weakened.
The document also argues that Amazon needs keyboard and mouse monitoring to combat several different threats. One involves people impersonating customer service employees and successfully accessing Amazon user data. According to a set of manual audits, an Amazon security team found four cases where imposters accessed this data, the investigation adds.
Pandemic and home office exacerbated data theft
“We have a security gap because we don’t have a reliable mechanism to verify that users are who they claim to be,” the document says. The text also points to the “high risk of data leaks” emerging with more employees working from home, with the company’s limited security tools to verify the identity of external third-party workers, and because Amazon is operating in what is described as “ high-risk areas” with high levels of corruption and crime.
At the top of the list of countries where Amazon is identifying more cases is India, with over 120, followed by the Philippines, with just under 70, and the United States, with almost 40.
Amazon’s security, finance, legal and other teams have reached a consensus on using a product from a cybersecurity company called BehavioSec, the document says.
“Behavioral biometrics uses characteristics of human behavior to authenticate individuals based on how they digitally engage with their devices and applications, such as mouse movements, typing pace, touch and swipe gestures, or how they hold their devices,” says to BehavioSec. Purchasing this software for approximately 750,000 employees will cost $1,360,000.
The ultimate goal is “by the end of 2022, to reduce the activity of imposters by 100%, reaching zero cases per year”, the document adds. For legal reasons, the company says that “it faces challenges regarding the collection of typed data”. For this reason, Amazon has turned to models that collect anonymous keyboard data.
With information: Vice