Risk-based authentication (RBA) is a fraud prevention measure that uses data analysis and user behavior to assess the risk level of a login attempt or a transaction. This security approach is more proactive than outdated authentication solutions like passwords or one-time passwords as it applies the appropriate security measures for each transaction, based on the risk level.
As a result, RBA creates a more secure and user-friendly way for financial institutions to verify their customers and prevent online banking fraud.
How does risk-based authentication work?
Risk-based authentication assesses the risk of each customer transaction in real-time to gain a better understanding of the context. In other words, if a transaction is assessed as unusual, the customer may be required to take an additional step to verify their identity, like a biometric scan. But if RBA assesses that a transaction is low risk, the customer may proceed without any challenges.
RBA can use both silent (like behavioral biometrics) and active authentication measures (like a face scan) to provide the right level of security based on the risk. Depending on the risk level, it may allow the transaction, or challenge the customer with step-up authentication or deny the transaction.
What context does RBA use to make its decisions?
A risk-based authentication tool typically assesses factors such as:
What device the customer is using to transact
What their current location is
Whether they’re using their usual browser or a safe network environment
Whether the transaction is high-risk, for example when a large amount is being paid via a faster payment network
What are the benefits of risk-based authentication?
Financial institutions that employ RBA in their fraud prevention strategies enable stronger security. Since the solution also bases its response on the level of risk, it results in less friction for banking customers. RBA tools also help FIs remain compliant with industry regulations such as 3-D Secure.