How it works
The Authentication Risk Indicator analyses specific attributes to detect whether an authentication session is likely to represent malicious or suspicious activity. Our risk engine supports customised rules that you can configure in order to perform an assessment in line with your security requirements.
During an authentication session, the risk engine performs a data-driven risk assessment to determine the risk level based on information such as device, network and behavioural patterns. After the authentication completes, you receive a risk rating that indicates the level of anomalous activity detected. The value can be low, medium, or high.
The insights you receive from the Authentication Risk Indicator allow you to mitigate malicious threats promptly and define follow-up actions before granting access to your end-users.
The Authentication Risk Indicator is intended for use as a supplementary tool and should not be solely relied upon when making risk decisions.
Risk data
The Authentication Risk Indicator gathers and analyses several device, network and behavioural attributes from an authentication session. Data availability varies depending on the eID method used for authentication. If available, Signicat calculates the risk rating using data such as user's IP address, geolocation and number of failed attempts.
The Authentication Risk Indicator is in active development; more risk attributes will be available soon.
In the response you only receive the risk rating without the underlying raw data used for the calculation. This is to comply with GDPR and privacy regulations.
Set the rules
The Authentication Risk Indicator allows you to configure risk-prevention rules to identify suspicious or risky activity. Risk rules have customised logic and definitions, based on lambda expressions, used to determine the risk level of an authentication session.
For example, you could create a basic rule to count the number of failed login attempts for a specific user within the last 15 minutes. You would then determine the risk level based on the number of failed attempts over time, say high risk above 10 attempts.
The rules you define are only used to calculate the risk rating of an authentication.
After you receive the risk rating for an authentication session, you should decide which action (if any) to take based on the result of the Risk Indicator. Then, you should handle the logic on your application side.
For example, if a risk is returned as high, you should decide whether the transaction should be cancelled, completed, or if some other follow-up verification steps should occur.
Risk rating
The risk rating you receive can have one of the following values:
- Low
- Medium
- High
High is the strongest indication of an authentication with anomalous activity.
How the risk rating is calculated
When configuring the Risk Indicator, you can choose which algorithm to use to calculate the risk rating:
- Max value: Returns the highest risk level found across all rules. For example, if one rule/parameter returns a high value, the Risk Indicator will return a "high" risk rating, regardless of other ratings.
- Weighted average. Returns the average value of all ratings from different rules, after applying the respective weights. By default, all rules have equal weights, but you can customise the weights to suit your individual risk profile.
Types of risk evaluation
The Signicat eID and Wallet Hub supports two different types of risk assessment:
- Risk engine evaluation
- Third-party eID processing and evaluation
When you activate the Authentication Risk Indicator and request a risk assessment for an authentication session, you always receive the Signicat risk engine evaluation and, optionally, also the third-party assessment from the eID.
Risk engine evaluation
The Risk engine evaluation is designed by Signicat and it allows you to set customised rules and settings. When you activate this product, one of our onboarding managers will support you with setting up different rules and risk rating options.
Third-party eID processing and evaluation
In addition, certain eID methods provide their own risk evaluation, we refer to this as Third-party eID evaluation.
For example, Swedish BankID (SBID) provides a risk indicator in the authentication response. We pass this risk indicator to you in the authentication response. Note that this risk indicator is independent of Signicat's in-house processed risk rating.
Note that the risk ratings returned by the Signicat Risk engine evaluation and the third-party eID processing evaluation are calculated differently and might therefore have different values.