Organizations strive to ensure secure and convenient user access to services or accounts. With the proliferation of identity theft and the growing emphasis on convenience, organizations are forced to find a balance between gathering enough identifying information and making the services or accounts accessible to users. Regulations and business rules may govern how much or the types of identifying information the user must provide depending upon the nature of the activity that is requested.
Existing systems often sacrifice security for convenience or sacrifice convenience for unnecessarily. For example, users may be required to provide a login, password, and answer a secret question simply to view current interest rates at an organization. Thus, although the user may be engaging in a low-risk activity, the user may be required to provide an excessive amount of information. Additionally, the risk level of an activity may vary with the user, depending on past behaviors or account preferences.
Further complicating the balance between security and convenience is that organizations have various channels in which users may interact with the organization. For example, users may perform activities related to an account at the organization over the phone, through an internet portal, by mobile phone application, or by face-to-face contact at a brick-and-mortar building. Thus, with the different means of interaction and access, organizations must provide various methods of verifying the user's identity.