Reliably and seamlessly verifying an accessor identity in granting access to user accounts is a burdensome task for users.
In general, a system may utilize three factors in verifying a user. The system may verify a user by (1) confirming accurate use of a username/password, (2) confirming user account access by a known device, and (3) confirming user identity through enhanced data such as biometric data. However, a user's own tendencies may limit the system's verification process. For instance, the user may use a weak or compromised username/password, because either it is leaked on the Darkweb, is the same username/password as every other account of the user, or lacks significant encryption. Likewise, the user may have failed to setup known devices, so that the system is unaware of appropriate access by certain devices. Moreover, biometric verification may not be available given the device sensor capabilities. Additionally, users often find that use of any or all of these security procedures is so burdensome that access to the user's account (whether that account is provided by a financial service provider, merchant, a social application, etc.) becomes unacceptably inconvenient. The bottom line is that enhanced security may prevent utilization of the user account for its intended purpose.
Moreover, while some solutions exist for verifying the identity of an entity attempting to access a user account, such solutions may be plagued by the difficulties addressed above. Also, such solutions are inefficient, and do not appropriately collect and utilize data. For instance, there exists a plethora of data available for an identity verification system that current systems do not currently utilize. Every attempt by an accessor generates multiple data points, both active and passive, both from the accessors themselves or from the accessing devices. However, the majority of this data goes unused. For example, in order to counter a user's lack of diligence in setting up known devices, a system could analyze passive device information from devices already successfully accessing the user account, such as the device operating system, model number, process chipsets, browser type, etc. Likewise, the system could utilize user information such as their active error rate, mouse speed, scroll speed, typing speed, eye movement rate, etc. Additionally, users also have static, or passive, data, such as biometric (fingerprints, iris scans, palm vein pulse, heartbeat, etc.) data. All of this data could be implemented in a system to provide a seamless verification system that is constantly collecting data and constantly analyzing the user's access to their account.
The present disclosure provides systems and devices to solve these and other problems.