Electronic service providers receive login attempts from users wishing to gain access to sensitive information such as bank accounts. Some users attempt to gain access to such information with credentials obtained fraudulently from a legitimate account holder.
Most basic authentication techniques are designed to control access to such sensitive information. For example, some basic authentication techniques involve presenting a username and password or answering a set of questions to which only a legitimate account holder should know the answers. More secure authentication techniques may involve presenting a one-time password (OTP) from a token in addition to the username and password.
More advanced authentication techniques, on the other hand, involve comparing transaction data with historical transaction data using rule-based computation, statistical analysis, or machine learning techniques. Conventional techniques involve sending the transaction data to a remote authentication server that is configured to access such historical data. When comparing this data to the historical data, the authentication server may then determine the likelihood that the user is the authorized user. For example, a user attempts to make a credit card purchase at 3 AM in Philadelphia. Upon receiving this information, the authentication server finds that this user has been making credit card purchases between the hours of 7 PM and 9 PM from Boston. In such a case, the authentication server may determine that there is a high risk of the user being fraudulent and will take further action.