User Risk Radar

User Risk Radar is an Adaptive solution that provides an effective mechanism to reduce the risk of fraudulent authentication or transaction signing attempts. This solution can be described through the following steps:

  1. It starts by collecting and processing user data (the data collected is listed in the Adaptive data collection section) over time, with the purpose of building a user context.
  2. Once enough data is processed, User Risk Radar will be ready to issue alerts whenever a suspicious event is observed.
  3. Alerts to inform, for example, if the user is in an unknown environment, or if an impossible travel distance has been traveled since the last observation, are provided every time the user engages in authentication or transaction signing sessions.
  4. The Alerts data can then be used to identify suspicious activities and prevent fraud events. Based on the received alerts you may submit the user to additional verifications, such as contacting your help desk or answering security questions, etc., before the authentication or transaction is approved.

The User Risk Radar contextual data is collected from two distinct sources:

  • The login app, in other words the browser or mobile app other than the authenticator app, where the login attempt is taking place. The data provided by the login app is useful to identify whether the login attempt takes place in a context familiar to the user or not.
  • The authenticator app on which the 2FA session is approved or rejected. This data is used to analyze if the authenticator app was used in a known environment.

Login app

The following steps may be taken in order to integrate the User Risk Radar into your login app:

  1. Import Adaptive JS SDK in your login application according to the instructions available on the Adaptive JS SDK installation guide.

  2. Implement the Initialize Adaptive Session endpoint, and make sure that it is called once the user completes the first step of the login and before the 2FA verification step. This endpoint will return the adaptive_session_token which is used to identify the adaptive session.

  3. Pass the adaptive_session_token received on step 2. to the Adaptive JS SDK as described on the Adaptive JS SDK guide.

  4. Once the adaptive_session_token is provided to the Adaptive JS SDK, new user observations may be sent using the sendObservations() method, every time a new authentication or transaction signing happens.

  5. Once the user’s login credentials are validated by your login app, the 2FA authentication is started at Futurae. Make sure to provide the following attributes on the request payload when calling the Authenticate User endpoint:

  • The received adaptive_session_token, which is used to identify the adaptive session;
  • The status_callback_url if you would like to receive callback session status updates including User Risk Radar Alerts. Alternatively you may call the Query Authentication Status endpoint to get the session status including User Risk Radar Alerts.

Authenticator app

Once the user completes the login, the 2FA verification needs to be performed on the authenticator app. As soon as the authentication session is approved or rejected, User Risk Radar will use machine learning technology to evaluate:

  • If the login was performed in a trusted user environment;
  • When applicable, If the authenticator app on which the authentication session was approved or rejected was used in an familiar environment and according to patterns previously observed for the user.

The instructions to support Adaptive Account Recovery in apps that integrate the Futurae mobile SDK, are provided in the respective SDK guides:

If you want to support User Risk Radar on your Futurae WhiteLabel app, please contact our technical support at support@futurae.com.

Alerts

Once enough data has been processed, User Risk Radar will evaluate for every authentication or transaction session, the environmental data collected by the login and authenticator apps. The results, based on the observation of multiple parameters, are provided on the alerts resource attribute, included on the status callback payload. The status callback is sent to the status_callback_url that was provided to the Authenticate User request. The alerts attribute can also be obtained by calling the Query Authentication Status.

User Risk Radar will only provide the complete set of parameters that compose the alerts attribute, once the data collected from the login and authenticator apps is enough to build the a user environment context, which may take weeks to happen, depending on the user’s usage patterns.

© 2024 Futurae Technologies AG. All rights reserved. Crafted in Zurich, CH