Dynamic risk engine
First Claim
1. A method of determining whether to allow a user to engage in an activity comprising:
- engaging in an initial contact with the user via a channel, wherein engaging in the initial contact with the user comprises acquiring identifying information relating to the user that is based at least in part on the channel;
receiving, from the user, a request to engage in the activity;
determining an activity trust threshold required for the activity, wherein determining the activity trust threshold is based on rules relating to a risk of the activity, wherein the risk of the activity is determined based at least in part on security preferences identified by the user;
determining, based on the identifying information and a comparison of current user behavior with historical user behavior, an initial identity trust score for the user;
comparing the initial identity trust score with the activity trust threshold to determine whether to allow the user to engage in the activity; and
based on the comparison of the initial identity trust score with the activity trust threshold, performing one of;
allowing the user to engage in the activity,collecting additional identifying information until a revised identity trust score meets or exceeds the activity trust threshold, orrejecting the request to engage in the activity,wherein the identifying information is at least one of;
a username, a password, an automatic number identification, a token, a one-time password, a grid card code, information known to the user, a physical attribute of the user, location information, device identification, past channel usage, language, network, an internet service provider, or information identifying a device, wherein the device is associated with the user,wherein the activity is performed during a session, the session being a continuous dialogue with the user, andwherein the channel is one of;
an internet portal, face-to-face contact, a mobile application, an instant messaging system, or a voice communication.
1 Assignment
0 Petitions
Accused Products
Abstract
Various embodiments of the present invention generally relate to identity authentication and/or recognition. Some embodiments provide a method for determining when a user may engage in a restricted activity, including engaging in an initial contact with a user via a channel, acquiring identifying information relating to the user, receiving, from the user, a request to engage in an activity, determining an activity trust threshold required for the activity, based on the identifying information, determining an initial identity trust score for the user based on the identifying information, comparing the initial identity trust score with the activity trust threshold. Based on the comparison, the user is either allowed to engage in the activity, rejected from engaging in the activity, or additional identifying information is collected.
-
Citations
14 Claims
-
1. A method of determining whether to allow a user to engage in an activity comprising:
-
engaging in an initial contact with the user via a channel, wherein engaging in the initial contact with the user comprises acquiring identifying information relating to the user that is based at least in part on the channel; receiving, from the user, a request to engage in the activity; determining an activity trust threshold required for the activity, wherein determining the activity trust threshold is based on rules relating to a risk of the activity, wherein the risk of the activity is determined based at least in part on security preferences identified by the user; determining, based on the identifying information and a comparison of current user behavior with historical user behavior, an initial identity trust score for the user; comparing the initial identity trust score with the activity trust threshold to determine whether to allow the user to engage in the activity; and based on the comparison of the initial identity trust score with the activity trust threshold, performing one of; allowing the user to engage in the activity, collecting additional identifying information until a revised identity trust score meets or exceeds the activity trust threshold, or rejecting the request to engage in the activity, wherein the identifying information is at least one of;
a username, a password, an automatic number identification, a token, a one-time password, a grid card code, information known to the user, a physical attribute of the user, location information, device identification, past channel usage, language, network, an internet service provider, or information identifying a device, wherein the device is associated with the user,wherein the activity is performed during a session, the session being a continuous dialogue with the user, and wherein the channel is one of;
an internet portal, face-to-face contact, a mobile application, an instant messaging system, or a voice communication. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A non-transitory, computer-readable storage medium containing a set of instructions which, when executed by one or more processors, cause the one or more processors to:
-
engage in an initial contact with a user via a channel, wherein engaging in the initial contact with the user comprises instructions to cause the one or more processors to acquire identifying information relating to the user that is based in part on the channel; receive, from the user, a request to engage in an activity, wherein the request to engage in the activity comprises a request to perform the activity over the channel; determine an activity trust threshold required for the activity, wherein determining the activity trust threshold required for the activity comprises instructions to cause the one or more processors to generate the activity trust threshold based on rules relating to a risk of the activity and information collected in connection with the channel, wherein the risk of the activity is determined based at least in part on security preferences identified by the user; determine an initial identity trust score for the user based on the identifying information and a comparison of current user behavior with historical user behavior; compare the initial identity trust score with the activity trust threshold to determine whether to allow the user to engage in the activity; and based on the comparison of the initial identity trust score with the activity trust threshold, perform one of; allow the user to engage in the activity if the initial identity trust score meets or exceeds the activity trust threshold, collect additional identifying information until a revised identity trust score meets or exceeds the activity trust threshold if the initial identity trust score is below the activity trust threshold, and reject the request to engage in the activity if the additional identifying information cannot raise the initial identity trust score to or above the activity trust threshold, wherein rejecting the request to engage in the activity comprises instructions that cause the one or more processors to associate a fraud alert with the user, wherein the identifying information is at least one of;
information known to the user, a physical attribute of the user, location information, past channel usage, language, network, an internet service provider, or information identifying a device, wherein the device is associated with the user,wherein the activity is performed during a session, the session being a continuous dialogue with the user, and wherein the channel is one of;
an internet portal, face-to-face contact, a mobile application, an instant messaging system, or a voice communication.
-
-
14. A system for determining whether to allow a user to engage in an activity comprising:
-
a memory; and a processor in communication with the memory, the processor operable to execute software modules, the software modules comprising; a channel information collection module operable to; engage in an initial contact with the user via a channel, wherein engaging in the initial contact with the user comprises; acquiring identifying information relating to the user that is based in part on the channel, and receiving, from the user, a request to engage in the activity, wherein the request to engage in the activity comprises a request to perform the activity over the channel; an activity trust threshold module operable to; determine an activity trust threshold required for the activity, wherein determining the activity trust threshold required for the activity comprises instructions to cause the processor to generate the activity trust threshold based on rules relating to a risk of the activity, wherein the risk of the activity is based at least in part on security preferences identified by the user; an identity trust score module operable to; determine, based on the identifying information and a comparison of current user behavior with historical user behavior, an initial identity trust score for the user; and a comparison module operable to; compare the initial identity trust score with the activity trust threshold to determine whether to allow the user to engage in the activity, and based on the comparison of the initial identity trust score with the activity trust threshold, perform one of; allow the user to engage in the activity if the initial identity trust score meets or exceeds the activity trust threshold, collect additional identifying information until a revised identity trust score meets or exceeds the activity trust threshold if the initial identity trust score is below the activity trust threshold, and reject the request to engage in the activity if the additional identifying information cannot raise the initial identity trust score to or above the activity trust threshold, wherein rejecting the request to engage in the activity comprises associating a fraud alert with the user, wherein the identifying information is at least one of;
information known to the user, a physical attribute of the user, location information, past channel usage, language, network, an internet service provider, or information identifying a device, wherein the device is associated with the user,wherein the activity is performed during a session, the session being a continuous dialogue with the user, and wherein the channel is one of;
an internet portal, face-to-face contact, a mobile application, an instant messaging system, or a voice communication.
-
Specification