Home > Risk-based authentication
Information Security magazine:
EMAIL THIS

Risk-based authentication

01 Aug 2006 | Jon Panker

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

The concept of risk-based authentication is becoming popular for some online business-to-consumer transactions, particularly those conducted with banks and other financial services firms. It involves two key ideas: device profiling and behavioral analytics.

More on risk-based authentication

Learn how risk-based authentication differs from other authentication methods

Learn about the role of risk-based authentication in FFIEC compliance
Let's assume that a bank is utilizing risk-based authentication. First, it gathers a basic profile of the computer the customer typically uses to do online banking, learning things like the machine's MAC address and settings. The bank also begins to understand a customer's normal pattern of behavior, such as when he might typically log on or the types of transactions he usually conducts. Should a customer deviate from normal behavior -- perhaps by logging on from a different machine in a different country or attempting to transfer an unusually large sum of money -- the session would get a higher risk score, which could trigger the need for an additional form of authentication. This might mean the customer has to answer a challenge-response question or that the bank will want to authenticate the user by phone.

In short, it is simply sequential, or matrix-based, authentication. That said, risk-based authentication can face pitfalls, such as the fact that spouses often access shared accounts on different computers and travelers occasionally log on from unexpected locations.

BROWSE BY TAG
Security Audit, Compliance and Standards,   FFIEC Regulations and Guidelines,   Enterprise Identity and Access Management,   User Authentication Services,   Two-Factor and Multifactor Authentication Strategies,   VIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED CONTENT
FFIEC Regulations and Guidelines
FTC Red Flags Rules: How to create an identity theft prevention plan
Protecting data in a merger and acquisition
This May Day, banks wave the Red Flags
IT security pros face challenge during economic crisis
Understanding multifactor authentication features in IAM suites
Compliance drives credit union to catch online bill payment fraudsters
The road to compliance
At RSA, feds seek help to close widening cybersecurity gaps
TJX should have had stronger Wi-Fi encryption, say Canadian officials
Interview: FDIC director explains FFIEC standard

Two-Factor and Multifactor Authentication Strategies
Two-factor authentication, vigilance foil password theft
Security on a budget: How to make the most of authentication tools
Best Authentication Products
Best Identity and Access Management Products
Are 'strong authentication' methods strong enough for compliance?
PCI compliance requirement 7: Restrict access
PCI compliance requirement 9: Physical access
Best practices: How to implement and maintain enterprise user roles
Changing times for identity management
RSA researcher Ari Juels: RFID tags may be easily hacked

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
FFIEC compliance  (SearchFinancialSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary




Find Expert White Papers on Financial Data Security
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts