Risk-based authentication (RBA) is a dynamic authentication method that automatically adjusts the security measures that are used based on the risk level associated with each login attempt or transaction. It considers factors like user behavior, device type, geolocation, and transaction value to determine if additional verification is needed, so a user can easily log in to their account on their usual device from home, but extra verification would be deployed if that same user's account was being used to transfer a large sum of money from a new device. It can include biometric authentication, multi-factor authentication (MFA), and passive liveness detection for added security.
Use case/ examples for risk-based authentication
Adaptive security: Adjusting customer authentication requirements based on login location, device recognition, and transaction risk levels, thus allowing quick authentication in low-risk scenarios while requiring additional layers of verification for higher-risk or suspicious activity.
Fraud prevention: Detecting account takeover attempts by identifying unusual access patterns and triggering step-up authentication.
