When you are browsing a website and the mouse cursor disappears, it might be a computer glitch — or it might be a deliberate test to find out who you are.
The way you press, scroll and type on a phone screen or keyboard can be as unique as your fingerprints or facial features.
To fight fraud, a growing number of banks and merchants are tracking the physical movements of visitors to their websites as they use these websites and apps.
Some use the technology only to weed out automated attacks and suspicious transactions, but others are going significantly further, amassing tens of millions of profiles that can identify customers by how they touch, hold and tap their devices.
The data collection is invisible to those being watched. Using sensors in your phone or code on websites, companies can gather thousands of data points, known as "behavioural biometrics," to help prove whether a digital user is actually the person she claims to be.
To security officials, the technology is a powerful safeguard. Major data breaches are a near-daily occurrence. Cyberthieves have obtained billions of passwords and other sensitive personal information, which can be used to steal from customers' bank and shopping accounts and fraudulently open new ones.
Privacy advocates view the biometric tools as potentially troubling, partly because few companies disclose to users when and how their taps and swipes are being tracked.
"What we have seen across the board with technology is that the more data that's collected by companies, the more they will try to find uses for that data," said Jennifer Lynch, a senior lawyer for the Electronic Frontier Foundation.
"It's a very small leap from using this to detect fraud to using this to learn very private information about you."