This disclosure relates generally to secure access to web applications and, more particularly, to systems and methods for graduated security for web applications implementing user accounts.
Businesses with significant Internet presence may have a suite of customer-accessible web content and web applications. Some content, such as static web pages, are accessible to customers anonymously (i.e., without the customer having to provide any identifying information). Other content, however, may be customized based on the particular user. This customized content may only be accessed by a user after the user identifies themselves to the content provider. In order to uniquely identify individual users, some identifying information is required. However, some users may be reluctant to provide certain information, such as creating a user account and password.
Some known web applications do not require much identifying information. For example, a financial organization may provide an “offers” program, where a customer or potential customer can sign up to get alerts on special service offerings. Such an application may only require a way to contact the customer, such as an email address or a cellphone number. Another application, for example, may allow the customer to view transactional information associated with that customer's payment cards. Such an application may require greater authentication, such as the creation of a user name and a password. And still another application may allow the customer to access their payment card number, such as through an “online wallet.” Such an application may require even greater authentication, such as providing and answering security questions.
Some known suites of applications utilize user authentication. However, each application may have their own separate authentication requirements, or they may all share the same level of authentication, such as a single ID and password. A system and method for graduated security in authenticating a user accessing online data is needed.