Advanced Authentication Service › Getting Started with Advanced Authentication › Risk Evaluation and Fraud Detection › How Risk Evaluation Works

How Risk Evaluation Works

The Advanced Authentication service uses rules to evaluate risk in a transaction. By default, each rule is assigned a priority and is evaluated in the specific order of its priority level. Risk assessment can be performed either before the user logs in or after the user has logged in.

A typical risk assessment flow is as follows:

1. An end user accesses a protected application.
2. The application calls the Advanced Authentication service to analyze the risk associated with the transaction.
3. The Advanced Authentication service evaluates the risk by using the incoming IP address of the user and the configured rules. It uses the data discussed in the section, Location Information, and does the following:
   1. Executes all the applicable rules, in the order of execution priority.
   2. This execution priority is internal, and is defined by the Advanced Authentication service.
   3. Generates an individual risk score and advice for each rule that it executes.
   4. Uses the result for each rule and parses the rules based on the scoring priority.
   5. Stops the scoring activity at the first matched rule.
   6. Returns the score and advice of the rule that matched as final.

      Note: If the first rule itself matched, then steps c onwards are not performed.

4. Based on the result of rules that were executed and whether the assessed information matched, the Advanced Authentication service generates a risk score and advice.
5. The end user is validated as follows:
   • If the risk is low, the user is allowed to access the application.
   • If the risk is high, the user is denied access to the application.
   • If the transaction is tagged as suspicious, then the application challenges the user for additional (secondary) authentication to prove their identity.