Some service providers use conventional risk-based authentication systems to process customer transactions. For example, an online bank may employ a risk engine of such a risk-based authentication system to assign risk scores to banking transactions where higher risk scores indicate higher risk. The online bank may choose to manually investigate the transactions with the highest risk score (i.e., the riskiest transactions) before completing these transactions or shortly after completing these transactions.
At the end of a processing interval (e.g., at the end of each day), the service provider may update the risk engine with the results of the manually investigated transactions. For example, the service provider may have manually discovered particular transaction attributes that closely correlate with fraudulent transactions such as certain times of the day, certain IP addresses, and certain geographical locations. The service provider may then have the risk engine reprogrammed for the next processing interval so that future transactions having these particular transaction attributes are given higher risk scores by the risk engine.
In an effort to identify recently completed fraudulent transactions, conventional risk-based authentication systems have the updated risk engine re-run all transactions from the previous processing interval to identify risky completed transactions for further investigation. Often, such a re-run of all transactions from the previous processing interval discovers completed transactions that were not assigned a high risk score during initial processing but should be investigated as possibly fraudulent nevertheless.