Adaptive authentication systems aim to identify fraudulent users even though such users possess credentials to gain access to account information of a legitimate user. For example, each login attempt is received at a service provider at a particular time and in many cases, a fraudulent user will send login attempts at times or locations outside of those expected by a service provider. Existing adaptive authentication techniques compare information associated with a login attempt, such as the time of the login and a location from where the login originated, with a historical record of a typical user who exhibits some expected login behavior.
An important component of any adaptive authentication system is the risk engine (RE). A risk engine is a self-learning system that generates a unique risk score for each activity. The risk score indicates the likelihood that an activity is fraudulent (e.g., the likelihood that an impersonator is performing a transaction using credentials of a real user).
The need for improved and comprehensive authentication systems is rising every day, for example, due to constantly changing fraud patterns and the increase in cybercrime and fraud. Many adaptive authentication systems employ a number of different authentication methods and/or change authentication methods or risk models in order to ensure the security level required by customers. Authentication methods include, for example, simple passwords, one-time passcodes, biometrics, tokens and certificates. Each authentication method varies by the strength of the method, the addressed authentication factors, and the usability and cost of the method. Existing authentication systems select one or more suitable authentication methods based on the sensitivity and risk of the activity, taking into account usability and cost constraints.
A need therefore exists for effective mechanisms for evaluating the classification performance of different authentication methods and risk models.