Make more informed decisions by detecting and preventing fraud

Risk-based authentication: improving performance with new methodologies

Risk-based authentication can be summarized as delivering holistic assessment of a consumer and/or transaction with the end goal of applying the right authentication and decisioning treatment at the right time. Positive effects of using this approach include:

  • Reduced fraud exposure — Use of analytics and a more comprehensive view of a consumer’s identity (the good and the bad), in combination with consistent decisioning over time, generally will outperform simple binary rules and more subjective decisioning from a fraud detection perspective
  • Improved consumer experience — Applying the right authentication and decisioning treatment at the right time subjects consumers to processes that are proportional to the risk associated with their identity profile 
  • Operational efficiencies — With the implementation of a well-designed program, much of the decisioning can be done without human intervention and subjective contemplation 
  • Measurable performance — Understanding the past and current performance of risk-based authentication policies allows for the adjustment of such policies over time 

Some best practices to consider when incorporating and maintaining a risk-based authentication program include the use of:

  • Analytics — Since an authentication score is likely the primary decisioning element in any risk-based authentication strategy, it is critical that a best-in-class scoring model is chosen and validated to establish performance expectations 
  • Targeted decisioning strategies — Applying unique and tailored decisioning strategies (incorporating scores and other high-risk or positive authentication results) to various access channels, offered services and addressable markets tends to be more effective than utilizing a one-size-fits-all strategy 
  • Performance monitoring — It is critical that key metrics are established early in the risk-based authentication implementation process 
  • Reporting — Applying the three best practices listed above necessitates accurate, timely and detailed reporting around your authentication tools and results

Emerging informational elements and processes appear to be enhancing, or have already enhanced, the notion of applying risk-based authentication:

  • Enterprise risk management — This concept involves the creation of a real-time, cross-channel, enterprise-wide (cross–business unit) view of a consumer and/or transaction while expanding beyond the traditional fragmented view of a consumer. This traditional view limits the amount of available high-risk and/or positive authentication data associated with that consumer and therefore diminishes the predictive value of tools that utilize such data. 
  • Additional intelligence — Beyond some of the core data elements traditionally used in consumer authentication, some additional informational elements are emerging as useful in isolation or, even better, as a factor among others in a holistic assessment of a consumer’s identity and risk profile. These elements include IP geolocation, device identity or fingerprinting, and biometrics (such as voice verification). While these tools are being used and tested in many organizations and markets, work still must be done to strike the right balance in their incorporation into an overall risk-based authentication process. 
  • Out-of-band authentication — This technique can be defined as the use of two separate channels to simultaneously authenticate a customer (for example, using a phone number to verify the identity of a customer while performing a Web transaction). Many institutions are finding success with initiating text messages as a means of customer notification and/or verification of monetary or nonmonetary transactions. 

In summary, institutions will do well to maintain and regularly evaluate a forward-looking customer authentication strategy that incorporates emerging technologies, newly available data sources, analytics, and operational processes that meet business goals across all key performance measures.

Please visit for more fraud prevention and detection insights, tools and information.

  • © Experian 2010. All rights reserved.