Service providers receive login attempts from users wishing to gain access to sensitive information such as bank accounts. Some users attempt to gain access to such information with credentials obtained fraudulently from a legitimate account holder.
Conventional adaptive authentication identifies fraudulent users even though such users possess credentials to gain access to a legitimate user's account information. For example, each login attempt is received at the service provider at a particular time and in many cases, a fraudulent user will send login attempts at times outside of those expected by a service provider. Specifically, conventional adaptive authentication identifies a user with the same credentials who logs into the account between 2 AM and 4 AM as a high risk of being a fraudulent user.
Conventional adaptive authentication compares information associated with a login attempt received by the service provider, such as the time of the login and a location from where the login originated, with a historical record of a typical user who exhibits some expected login behavior. As an illustration, the typical user's historical record indicates that 99.5% of login attempts received by the service provider occur between the hours of 6 AM and 11 PM daily and from locations within the continental United States. For a user sending login attempts between 2 AM and 4 AM from locations across Eastern Europe, conventional adaptive authentication methods indicate to the service provider that the user is a high risk of being a fraudulent user.