User verification is a well-known aspect of everyday transactions. Many online as well as offline and physical transactions require a user to establish the user's identity before the transaction can be completed.
For example, in an online transaction, a user is frequently presented with data entry fields to provide a user identifier (user ID) and a password that has been previously established to identify the user. Similarly, offline transactions of transactions involving physical interaction with another human or machine also require a user to present or confirm previously established identifying information, such as a code, a number, a phrase, a keyword, an image, a pattern, a graphic, an identifier, a password, and the like (collectively hereinafter, “identifier”).
Presentation of an assigned or preconfigured user ID, password, or identifier to gain access to a system or to perform a transaction is commonly referred to as primary verification. Usually, if the primary verification is successful, to wit, if the user has presented the correct assigned or preconfigured user ID, password, or identifier to a system or process, the system or process grants the user access to the system or process, or the user is otherwise allowed to complete a transaction. Some examples of additional verification methods are asking the user to recognize a picture the user has previously selected, sending a code to an address previously configured by the user and asking the user to reproduce that code from that address, and so on.
In some instances, a system or a process performs additional verification steps in addition to the primary verification process, for example, after the primary verification is successful. Additional verification adds another layer of security to the system, process, or transaction with which the user intends to interact.
Users often forget their user ID, their password, or other identifiers associated with them. User also often type, enter, input, pronounce, or otherwise provide incorrect user ID, password or other identifiers associated with them. In case of a forgotten user ID, password, or identifier, systems or procedures invoke secondary verification methods.
A secondary verification method operates in lieu of a primary or additional verification method. A secondary verification process generally operates after a failure in a primary verification process, a failure in an additional verification process, a failure in establishing the user's identity by primary or additional verification for other reasons, or some combination thereof. A secondary verification method allows the user to establish the user's identity using other information either configured by the user, or known to the user previously. Such other information is different from the user ID, password, or identifier used in the primary or additional verification processes, but comprises information that the user is expected to know because the user has configured or acknowledged that information at a previous time.
For example, if the primary verification method requires a user ID and password, and the user has forgotten or lost one or both of those pieces of information, a secondary verification process presents the user with one or more questions, commonly known as security questions. A security question and its corresponding correct answer is established by the user at a previous time, e.g., during a time when the user created or configured a user account. A secondary verification process verifies the user as the correct or valid user if for each security question the user provides the correct previously configured answer.
The security questions often ask for information that the user is expected to remember. Some examples of the security questions used for secondary verification include asking the name of a friend of the user, asking the user for an address where the user lived three years ago, asking for a statement balance from a past account statement, asking to verify certain information from the user's credit report.