PKO BP will force you to use the new service. Unless you like spam

Behavioral biometrics, i.e. security that works by analyzing user behavior and blocking access when the algorithm considers a given behavior to be unusual. PKO Bank Polski, which implemented this system on May 19, is by no means the first, but it boasts impressive dynamics.

According to data provided by Cashless, the new security feature is already used by 10 percent. active iPKO customers. In contrast, ING Bank, which has been using behavioral biometrics since 2020, admitted last autumn that only just over every fourth electronic banking customer uses the solution (27%).

PKO BP: turn it on or we will torture you

The thing is that PKO BP obtains consent to include collateral in a quite invasive way. Namely if the user refuses, he will have to confirm each subsequent login via SMS or in the mobile application. In addition, as the source emphasizes, the consent formula itself may raise some controversy.

In the background, the bank uses two different technologies. The first one is provided by Digital Fingerprints, a company belonging to the BIK Group, and the second one is provided by MasterCard. Consent is common to both services. Although the American company only collects the IP numbers of computers used to log in, the confusing context leads to confusion as to who processes what data.

It remains an open question why the institution is so insistent when consent is not obtained. Please note that the PSD2 directive already forces two-step authorization for the devices used for logging in. Therefore, if the client has a trusted computer that is usually used for e-banking, one more layer of verification seems to be an exaggeration.