Modern field guide to security and privacy
A customer looked over an Apple Watch in Palo Alto, Calif.
Robert Galbraith/Reuters/File
|
Caption

Fake or for real? An app exposes forgeries

search for solutions

Israeli researchers have developed a method for authenticating handwritten signatures using sensors in smartwatches and fitness trackers.

American banks lose more than $600 million annually to check fraud. And about one-third of that crime involves forged signatures.

But Israeli researchers have discovered a way to verify handwritten signatures with data from motion sensors in smartwatches and fitness trackers. They've created an app that uses these sensors to record the wearer's arm and wrist movements – including the angle and time it takes someone to write their signature – and can determine with 95 percent accuracy whether the signature is forged or real. 

Banks already use a variety of biometric technologies such as voice detection and facial recognition to verify accountholders. Now, the growing popularity of wearables offers another way of fighting fraud.

"Currently the only way to verify signatures [on paper] is by looking at ... the signature,” says Erez Shmueli, a professor in the Department of Industrial Engineering at Tel Aviv University who is one of the advisers on the research work. "We provide a way that allows you to take the signing process into account – the dynamics of the signature into account – using a smartwatch. And that is something that can lead to a high level of accuracy."

Ben Nassi and Alona Levy, graduate students at Ben-Gurion University of the Negev and Tel Aviv University respectively, conducted the work along with Mr. Shmueli and another adviser Yuval Elovici, a professor in the Software and Information Systems Engineering Department at Ben Gurion University. 

In a research paper about the study, they note that the technology can be applied to more than just battling financial fraud. For instance, lawyers could use it to confirm signatures on contracts. Election officials could also use it to authenticate the signatures of voters on mail-in ballots.

Their work builds on previous research from other academics showing that motion data from wearable devices can be used to identify the wearer from arm movements as they walk or identify different people who use the same object, such as a light switch. Mr. Nassi has also published previous work, with different research partners, on how sensors in a smartphone can tell whether the user is intoxicated.

Although other methods already exist to verify signatures, typically these are limited to authenticating a signature entered on a special digital pad – a method used by banks -- and not signatures on paper. Shmueli says his team plans to conduct research soon showing that their method outperforms existing methods when it comes to accuracy. 

The method the Israeli researchers developed requires just their software application and a smartwatch or fitness tracker, both of which are approaching ubiquity. According to a 2015 Forrester Research study, 1 in 5 US adults who go online use a wearable device. 

The work relies on the fact that most people have a unique pattern for writing their signature, which includes how they form letters, the speed at which they write them, and the fraction of time they take to move from their first to last name.

The method requires that the person – a bank customer or voter – first provide a signature, while using a wearable device, that will be retained and used for comparison. Data collected from the accelerometer and gyroscope embedded in the wearable establishes the person's unique signing pattern. The accelerometer and gyroscope detect the angle and direction a wearable device is moving and the speed at which it moves.

The researchers tested 1,980 signatures taken from 66 undergraduate students at Tel Aviv University, among them nine left-handed students. To collect the initial comparison samples, each student provided 15 signature samples on a tablet device, using the device's stylus, while wearing a Microsoft Band fitness tracker with the researchers' application installed on it. The tablets recorded the signatures as they were being entered so they could be played back in an animation to other students, and the app on the fitness tracker recorded sensor data while the signature was being made. 

A week later, the researchers asked the students to forge signatures of five other students in the study, with a little help.

The researchers first played recordings of the original signatures on the tablet. The test subjects could pause the recordings at will and practice tracing the signatures on the tablet before making their forgery attempts while wearing the Microsoft Band. They were also allowed to create several forgeries of each name, and only submit the three they thought represented their best forgery attempts.

The system that Nassi and his team created detected the vast majority of the forgeries. Although each student provided 15 samples of their legitimate signature, the researchers found that the system could detect a forgery with high accuracy based on only two reference signatures as a comparison.

To put their system into use in the real world, bank customers would first need to enroll in a signature-verification program and provide signature samples in person – while wearing a smartwatch or fitness tracker. Then, whenever the person needed to sign a check or contract, they would open the app on the device. It would record their hand movement, encrypt the data, and send it via Bluetooth or WiFi to the bank's server, which would then send a notification to the recipient of the check or contract letting them know if the signature is valid.

A similar method would also work for verifying the signature on mail-in ballots. 

Currently, election officials check the accuracy of such signatures by comparing them to the signature on a voter’s registration card or driver’s license record. But many ballots get rejected because the images of these initial signatures that are used to make the comparison are of poor quality. A study conducted by the University of California at Davis found that in the 2012 general election, about 69,000 ballots went uncounted in that state, 23 percent of which were rejected because the voter signature on the ballot envelope didn't match the voter signature on file.

Using the method the Israeli researchers developed, a voter would sign their ballot while wearing a smart device. The data would get transmitted to an election office server, which would then send back a verification ID to the voter's smartwatch if the signature was deemed legitimate. The voter would then write that ID code on their mail-in ballot next to their signature, which would let election officials know when the ballot arrived in the mail that the signature had been verified already.

But Nassi, one of the lead researchers on the project, says the uses don’t stop here. 

"This can be used in every situation you can think of that your signature is required and you need to have a level of confidence that the person who signed [the paper] is [the right person]," he says.