What is risk-based authentication (RBA)?
Risk-based authentication (RBA) is a fraud prevention measure that uses data analysis and user behavior to assess the risk level of a login attempt or a transaction. This security approach is more proactive than outdated authentication solutions like passwords or one-time passwords as it applies the appropriate security measures for each transaction, based on the risk level.
As a result, RBA creates a more secure and user-friendly way for financial institutions to verify their customers and prevent online banking fraud.
How does risk-based authentication work?
Risk-based authentication assesses the risk of each customer transaction in real-time to gain a better understanding of the context. In other words, if a transaction is assessed as unusual, the customer may be required to take an additional step to verify their identity, like a biometric scan. But if RBA assesses that a transaction is low risk, the customer may proceed without any challenges.
RBA can use both silent (like behavioral biometrics) and active authentication measures (like a face scan) to provide the right level of security based on the risk. Depending on the risk level, it may allow the transaction, or challenge the customer with step-up authentication or deny the transaction.
What context does RBA use to make its decisions?
A risk-based authentication tool typically assesses factors such as: