Some online banks use adaptive authentication. Such risk-based authentication systems assign risk scores to banking transactions where higher risk scores indicate higher risk.
In generating a risk score, conventional adaptive authentication systems take as input values of various transaction attributes (e.g., time of receipt, geolocation, transaction amount). For each customer of the online bank, there is an associated history based on values of the attributes associated with previous transactions involving that customer. The adaptive authentication system incorporates the history associated with the customer into an evaluation of the risk score. Significant variation of one or more attribute values from those in the customer's history may signify that the banking transaction has a high risk.
For example, suppose that a customer has historically submitted transaction requests via a credit card to the online bank at about 5 PM from Boston, Mass., and, using the customer's credit card information, a user submits a new transaction request at 2 AM from Boise, Id. In this case, the risk engine would assign a larger risk score to a transaction resulting from the new transaction request.