|
Risk-based authentication uses multiple factors to score the likelihood that a user is, in fact, who he or she claims to be online. To establish a confidence level regarding the user’s digital identity, a combination of observed and requested factors can be used.
Risk engines collect observed factor information – keystroke dynamics, device characteristics, IP address, and more -- use rules to score that information, create a confidence rating, and then provide access based on the confidence or lack of risk.
Risk-based authentication has been widely adopted in the financial services industry and is now gaining acceptance in other industries as a means for preventing online fraud. Unlike other methods, risk-based assessment can occur continuously: at initial login; at each interaction during a secure session; as well as during transactions specified as high-risk transactions.
Low TCO and User-friendly
The key advantage of risk-based authentication is that it can be zero-footprint, which means no deployment additional hardware or desktop software controls is required. The result is lower total cost of ownership by eliminating the deployment, administration, and renewal costs associated with traditional two-factor controls. Advanced risk-based authentication solutions also preserve the user experience by leveraging only observed factors like keystroke dynamics to make the approach seamless or invisible to the end user.
Effective and Powerful
The effectiveness of risk-based authentication based on observed factors has been certified to be comparable to or better than hardware tokens, certificates, or software tokens, but risk-based authentication is far less expensive to implement and manage.
|
