Risk analysis systems are likely to commit certain errors such as, for example, rejecting a valid user's login attempts (Type I errors) or authorizing malicious login attempts (Type II errors). Type I errors may occur when a user logs into an account from an unrecognized location that is atypical of the user's prior login history. Type II errors may occur when hijackers successfully mimic a user's login patterns.
Risk analysis systems commonly do not learn from their mistakes, and a similar set of valid logins may be persistently and incorrectly evaluated as risky while another set of malicious logins may be continuously accepted.