As the number of threats is rising, organizations need to step up their efforts in only allowing those users access that are verified. Risk-based access provides an extra level of security by analyzing user behavior and requiring extra information when necessary.
Users requesting access to applications or resources may not always be who they purport to be, even if everything seems OK at first glance. Sometimes suspicious behavior gives them away to a risk-based access system, for instance if they access from a device they have never used before, from a new location or at a suspicious time. Risk-based access means checking parameters such as device, behavior, location, IP range, browser type or sensitivity of data, and calculating a score based on these parameters. If the score is lower than an agreed threshold, the system will ask for extra proof before access is granted. This proof may come in the form of a PIN, a one-time password, the answer to a security question, biometrics (fingerprint is very popular) or a code from a mobile authenticator.
Risk-based access is growing in importance in all industries, but especially so in the financial services market, where avoiding risk is one of the key business objectives.
TrustBuilder provides risk-based access
TrustBuilder provides the highest level of risk-based authentication.
Mobile or web
TrustBuilder’s solution for risk-based access works both for mobile- and web-based applications. This permits easy user logins (for instance just their username/password combination or even passwordless) until they want access to more sensitive data. This is also where adaptive authentication comes into play.
TrustBuilder was set up to connect with third-party software and service providers. This openness allows TrustBuilder to integrate with other risk management solutions that are used, for instance, in financial services.
Thanks to the graphical user interface in the Workflow and ABAC rule Engine, system administrators can easily define the different risk levels that require extra authentication, based on the customer journey.
Context-aware adaptive authentication
TrustBuilder supports the application of arbitrary complex rules, based on the user context (last time 2FA was used, IP address, type of device, time, …), that allows the implementation of full context-aware adaptive authentication. The context can be enriched by optional behavioral analytics or by an external risk scoring engine, that computes a risk score based on all past user transactions.
Advantages of risk-based access
Risk-based access is becoming a must as the number of cyberattacks is increasing and both consumers and governments put greater store on compliance and privacy protection.
Defense against attacks
Cybercriminals are getting ever more creative in trying to steal data or manipulate systems, and risk-based access provides an extra level of security by checking parameters such as device or location. Being hacked or having data stolen is not only an expensive event, it is also very detrimental to a company’s reputation.
Compliant with regulations
Governments and consumers alike attach great importance to compliance. Especially in heavily regulated industries such as financial services, organizations are required to ensure that they meet standards and regulations concerning strong customer authentication.
Although asking consumers for extra proof of identity is not necessarily good for an optimal user experience, customers have become used to providing extra information when needed. In the set-up of the system, it’s key to only step up security when really necessary. What’s more: risk-based access proves to customers that their own data are protected.
How to implement Risk-based access
Interested in more implementation info?
Check out our long read on the 5 keys to a successful implementation of your IAM.