The technique that uses both contextual and historical user information along with data supplied during an internet transaction to assess the probability of whether a user interaction is authentic or not is called risk based authentication.
Traditional username and password along with information such as who the user is, from where the user is logging in (IP address and information of the location from where the user is actually in at the time of transaction), velocity of the transaction (the process of verifying if its possible for a person who recently logged in from location 1 could login from location 2) and the type of device the user is using are considered as contextual information.
User specific attributes provided during the transaction combined with user behavior and transactional patterns are considered historical user information.
Each unique information and attributes collected as part of the transaction is considered as a factor and their combination is verified against a pre-determined pattern during this multifactor authentication technique.
Even though it’s easy to replicate contextual information, it’s usually difficult to spoof historical information of a user by a fraudster and their combination makes the authentication more effective.
This technique is a cost effective layered-security approach solution to deploy for internet based applications to prevent fraud. One of the main concerns while implementing risk based authentication is false positive which can be corrected to certain extent by fine tuning the rules engine of the solution.