Identity theft and on-line fraud have become widespread problems in the United States. Each year, many adults in the U.S. have their identities stolen and numerous accounts are compromised, leading to significant losses as a result of identity theft. While the fraud losses themselves are significant, even more worrisome has been the negative impact to enterprises whose consumers have been victims of these breaches. Account churn, lower transaction volume, and even lower stock prices have made the extent of the losses hard to bear for many enterprises.
Weak authentication has led to Internet identity theft, phishing, and on-line financial fraud. As more consumers use computers and mobile devices for shopping, managing their finances, and accessing health care information, the risk of fraud and identity theft increases. Because of the impact of identity theft and on-line fraud on on-line businesses, more and more enterprises are evaluating authentication and security options for their on-line consumer base. This trend to improve security has also been driven by regulatory guidance related to strengthening authentication and security measures.
Fraud detection systems utilize methods and systems to authenticate users in order to secure employee and business-partner access to corporate networks and applications. The risk of enabling unauthorized access to corporate assets justifies the investment and change in behavior needed to deploy strong authentication. Fraud prevention thus enables the enterprise to make a fairly straightforward risk/reward evaluation. However, because these enterprise solutions have been designed for lower volume deployments, utilizing them for securing consumer applications is not entirely feasible. Scaling these enterprise authentication solutions to millions of users in a cost effective manner is nearly impossible.
Many fraud detection systems use a behavioral engine to assess the level of risk associated with an online transaction. A behavioral engine learns how a consumer uses the system to dynamically identify risk. It responds when consumer behavior changes, even if the change does not break a general rule. For example, a behavioral engine goes on alert when a consumer who always logs on from home suddenly logs in from another country. The same behavioral engine does not interfere when a consumer who regularly logs in from different places in the world changes location. A fraud detection system with both rules and behavioral engines does not require a consumer to change behavior, in fact it creates value from their consistency to help prevent fraud.
Despite the progress made in fraud detection systems based on behavioral engines, improvements in robust systems that can provide fraud detection in the context of a user that has a small number of transactions. Accordingly, there is a need in the art for systems and methods to improve identity protection for consumers who access resources infrequently and prevent fraud in such on-line transactions.