User Risk Radar
User Risk Radar is an Adaptive solution that provides an effective mechanism to reduce the risk of fraudulent authentication or transaction signing attempts. This solution can be described through the following steps:
- It starts by collecting and processing user data (the data collected is listed in the Adaptive data collection section) over time, with the purpose of building a user context.
- Once enough data is processed, User Risk Radar will be ready to issue
alertswhenever a suspicious event is observed.
Alertsto inform, for example, if the user is in an unknown environment, or if an impossible travel distance has been traveled since the last observation, are provided every time the user engages in authentication or transaction signing sessions.
Alertsdata can then be used to identify suspicious activities and prevent fraud events. Based on the received alerts you may submit the user to additional verifications, such as contacting your help desk or answering security questions, etc., before the authentication or transaction is approved.
The User Risk Radar contextual data is collected from two distinct sources:
- The login app, in other words the browser or mobile app other than the authenticator app, where the login attempt is taking place. The data provided by the login app is useful to identify whether the login attempt takes place in a context familiar to the user or not.
- The authenticator app on which the 2FA session is approved or rejected. This data is used to analyze if the authenticator app was used in a known environment.
The following steps may be taken in order to integrate the User Risk Radar into your login app:
Import Adaptive JS SDK in your login application according to the instructions available on the Adaptive JS SDK installation guide.
Implement the Initialize Adaptive Session endpoint, and make sure that it is called once the user completes the first step of the login and before the 2FA verification step. This endpoint will return the
adaptive_session_tokenwhich is used to identify the adaptive session.
adaptive_session_tokenreceived on step 2. to the Adaptive JS SDK as described on the Adaptive JS SDK guide.
adaptive_session_tokenis provided to the Adaptive JS SDK, new user observations may be sent using the
sendObservations()method, every time a new authentication or transaction signing happens.
Once the user’s login credentials are validated by your login app, the 2FA authentication is started at Futurae. Make sure to provide the following attributes on the request payload when calling the Authenticate User endpoint:
- The received
adaptive_session_token, which is used to identify the adaptive session;
status_callback_urlif you would like to receive callback session status updates including User Risk Radar Alerts. Alternatively you may call the Query Authentication Status endpoint to get the session status including User Risk Radar Alerts.
Once the user completes the login, the 2FA verification needs to be performed on the authenticator app. As soon as the authentication session is approved or rejected, User Risk Radar will use machine learning technology to evaluate:
- If the login was performed in a trusted user environment;
- When applicable, If the authenticator app on which the authentication session was approved or rejected was used in an familiar environment and according to patterns previously observed for the user.
The instructions to support Adaptive Account Recovery in apps that integrate the Futurae mobile SDK, are provided in the respective SDK guides:
If you want to support User Risk Radar on your Futurae WhiteLabel app, please contact our technical support at firstname.lastname@example.org.
Once enough data has been processed, User Risk Radar will evaluate for every authentication or transaction session, the environmental data collected by the login and authenticator apps. The results, based on the observation of multiple parameters, are provided on the
alerts resource attribute, included on the status callback payload. The status callback is sent to the
status_callback_url that was provided to the Authenticate User request. The
alerts attribute can also be obtained by calling the Query Authentication Status.
User Risk Radar will only provide the complete set of parameters that compose the
alerts attribute, once the data collected from the login and authenticator apps is enough to build the a user environment context, which may take weeks to happen, depending on the user’s usage patterns.