The present disclosure generally relates to website information processing systems, and more particularly relates to a system and method for detecting robot data aggregators attempting to access a website information processing system.
Data aggregator robots can gather account information from various websites using account holders credentials. The aggregated information may then be provided to the account holders from a single website operated by the aggregators.
Financial institutions are concerned about potential liability, security, and a possibility of diminishing traffic to the institution's website. Institutions want to provide a high quality service for their customers accessing the institution's website. Institutions also want to block access by robots spoofing the website to aggregate data and to block other unauthorized robot access.
A number of techniques have been used to detect robot users and limit the access to human users. The most common technique is the CAPTCHA method where users are asked to type letters presented in a distorted image that is expected to be understandable by humans only. CAPTCHA method is effective but not user friendly. Human users have their access interrupted and in some cases the CAPTCHA method restricts valid users when the user has a visual deficiency. Other techniques include comparing the list of IP addresses known to be associated with robot users. This approach becomes ineffective since the IP addresses of robots may change. Yet another technique analyzes a user-agent string that contains information that the client sent to the server. This approach is not reliable because it is possible to create fake user agents. If robots use fake user agents, then it will not be possible to differentiate their access from human user access. Recently minimum expected human response time (MEHRT) is used to detect robot access of a web-interface. This technique is based on ascertaining a minimum expected human response time to complete a predetermined task, prompting the user to complete the task in response to user-access of a web-based interface; and preventing the user from completing the task until the minimum expected human response time has passed from the time the prompt is made to impose a time penalty on robots accessing the web-based interface. The MEHRT technique is ineffective for response times which are not very short (robot user) or very long (human user). High accuracy may not be achieved. Other drawback of the MEHRT technique is that a completion of a task may be intentionally delayed for robots by the programmers.