| I don't think that's what's going on. I think it's more likely a standard multi-factor risk threshold that's been triggered. A vendor you've never used (or haven't used recently), a vendor category (auto parts) which you rarely purchase within, a higher risk payment processing method (perhaps they put through a CNP (cardholder not present) transaction) in a location (geo or vendor) where use of stolen cards is above average. However, that said, many mobile banking applications require coarse (mobile network) and fine (GPS) location permissions (https://play.google.com/store/apps/details?id=com.grppl.andr... and https://play.google.com/store/apps/details?id=com.barclays.b... for example). I highly suspect that this data, along with other information gathered from your device such as IMEI, is used to assess login risk. If you look at the markup on a lot of internet banking login pages you'll often find Javascript and 1px images loaded from unusual subdomains at the bank (sometimes with "risk" or "security" in the name). A couple of the banks I use also embed hidden Flash objects, only on the login page, which I suspect are used for the same purpose. My understanding is that they pull together data from a number of sources/signals to calculate a login risk score, in the same way virtually every bank calculates a transaction risk score when you use your card. I doubt that this information is tied with physical card transactions, however. Edit: I'll add that I'm the most surveillance/tracking conscious person I know (most just don't care) but this is a little paranoid even for me. |