Some resource providers use risk-based authentication systems to process customer transactions. For example, an online bank may employ a risk engine of such a risk-based authentication system to assign risk scores to banking transactions where higher risk scores indicate higher risk.
A conventional risk-based authentication system assigns a risk score to a transaction based on data associated with the transaction. For example, suppose that a user initiates a transaction with an online bank through the user's cell phone. As part of the transaction request, the online bank may receive location data that was obtained with a GPS unit embedded in the cell phone. The online bank then sends the location data to the risk-based authentication system as part of a process of authenticating the user. The risk-based authentication system, in turn, assigns a risk score to the transaction based on this location data and previous location data associated with the user.
In some approaches, the conventional risk-based authentication system receives location data from the user, obtained with different devices. For example, in addition to the cell phone, the user may also use a laptop computer to log into a web site of the online bank over a WiFi network connection. The online bank would then receive location data obtained from the WiFi network connection in the form of an IP address. In addition, the conventional risk-based authentication system would assign a risk score to the transaction based on the value of the IP address as well as previous location data associated with the user.