Advanced risk-based authentication technologies apply data-driven risk assessment methods to detect deviations from regular user behavior. In some existing technologies, the regular behavior of a user and/or group of users is learned and kept up to date by continuously collecting historical behavior data regarding user activities. Historical behavior data is collected that describes characteristics of various specific types of user activities, such as logins, application accesses, and/or other user activities. Current user behavior is then compared to the historical behavior data. If the characteristics of a current user activity deviate sufficiently from the expected behavior indicated by the historical behavior data, a high risk score can be assigned to the activity.
Existing risk-based authentication technologies assess whether a current location from which a user activity originates is risky for a particular user by comparing the current location to the user's historical location data, and/or with historical location data for a group of users to which the user belongs. Using previous technologies, a specific risk score can be calculated based on how common the current user location is for the user and/or how common the current user location is for other members of the group to which the user belongs.