In today's high-tech, fast-paced, hyper-connected world, people are spending more and more time on the internet to complete more of their daily activities such as online banking and shopping. The convenience afforded by the access and availability of the online world, however, is not without drawbacks. This increased access has brought with it an unparalleled growth in online fraudulent activity.
Reports about identity takeover, filled with phrases like Trojan, Man in the Middle, Man in the Browser, and Phishing, are increasingly in the news. These emerging threats have triggered a growing awareness by service providers and customers alike. These threats are serious and need to be addressed.
Service providers, such as financial institutions, trying to encourage customer activity, while at the same time minimizing losses from financial fraud, are looking for ways to deal with these threats. One possible way is to use a risk-based authentication system with an associated risk engine to assign risk scores to transactions. The transactions with a low risk score can be processed. Those transactions with a high risk score can be rejected or else a further step up challenge can be issued. For example, the risk-based authentication system can be configured to issue an authentication challenge to the user. There can be numerous different types of challenges such as an SMS challenge and a biometric challenge. The risk-based authentication system can send the challenge to the user. The decision of whether to authenticate may be dependent on the response to the challenge.
The problem with the above approach is how to provide the appropriate authentication challenge to issue to the user.
The present invention is directed towards providing the appropriate authentication challenge.