Adaptive authentication systems aim to identify fraudulent users even though such users possess credentials to gain access to account information of a legitimate user. For example, a fraudulent user may send login attempts at a time or location outside of those expected by a service provider. Existing adaptive authentication techniques compare information associated with a login attempt, such as time of the login and location from where the login originated, with a historical record of a typical user exhibiting expected login behavior such that the adaptive authentication system can determine whether or not to authenticate the login attempt.
An important component of any adaptive authentication system is the risk engine (RE) that generates a unique risk score that indicates the likelihood that an activity is fraudulent (e.g., the likelihood that an impersonator is performing a transaction using credentials of a real user). It should be understood that in some cases the risk engine can operate by first generating a ‘preliminary’ or a ‘raw’ risk score that is subsequently normalized in order to maintain a constant percentage of transactions in a score band. For example, the risk engine may generate a ‘raw’ risk score that is subsequently normalized to a scale (e.g., 0 to 1000). The higher the normalized risk score the more likely the transaction is fraudulent.
The above normalization approach is beneficial in that it allows the service provider to have an idea in advance of the amount of transactions that will get a final normalized risk score in a high risk band. Thus, the service provider can provide appropriate manpower in a call center that can deal with risky transactions by issuing further challenges. However, a significant difference between the expected amount of transactions in the high risk band and the actual amount of transactions in the high risk band can have a negative impact. For example, the risk engine may deploy a new model that may cause an increase in the amount of transactions receiving a score in a high risk band. Needless to say, this can cause serious problems for the service provider in the event of insufficient manpower in the call center.