Adaptive authentication enables service providers to determine the authenticity of a user from a risk score based on multiple factors [e.g., IP addresses, device IDs]. For instance, attempts to log into a website from many different locations over a fixed period of time may be an indication of fraudulent usage.
In determining whether a user is as claimed, adaptive authentication provides a risk score to a current login request based on the values of the IP addresses historically associated with the user. For example, if a user submitted login requests from a single IP address over the past 30 days, and then sent a login request from a different IP address, then the adaptive authentication could, for example, require more information from the user to verify the user's identity.
Some of the factors used in adaptive authentication include historical request data associated with a user. Historical data associated with a user is maintained on a database which is accessible to the adaptive authentication. Each entry in the database corresponds to a request sent by the user and contains values of factors such as IP address, device ID, geo location, etc.