Risk-based authentication for login transactions is a mechanism for detecting and preventing identity fraud. Traditionally, risk assessment during authentication of login transactions involves using contextual information such as the location from where the login attempt is made, the browser or agent being used for the login attempt, the time of day when the login attempt is made, etc. The risk assessment may also use the behavioral patterns of the user such as key stroke analysis. These techniques while useful are not sufficient to reduce or eliminate fraud.
Nowadays, users of social media sites disclose their personal information which is readily available to entities with malicious intent to intrude or launch attacks. Oftentimes user passwords are based on such personal information. Thus, there is a need for a risk-based analysis of login transactions to avoid or eliminate intruder attacks that are based on users information.
These and other drawbacks exist.