RSA Adaptive Authentication is a complete fraud detection platform which leverages risk-based, multi-factor authentication to protect users accessing websites, online portals, mobile browsers and mobile applications. Adaptive Authentication analyzes more than one hundred risk indicators to identify suspicious user activity. Using a dynamic risk and rules-based approach, Adaptive Authentication can initiate requests for additional identity verification through a variety of methods, such as out-of-band and biometrics, for sessions that are high-risk and violate a policy.

Adaptive Authentication is supported by the RSA Risk Engine to generate a unique score for each user activity between 0 and 1,000, with 1,000 indicating the greatest level of risk. The score is reflective of device profiling, behavioral profiling, and matching to the eFraudNetork, a robust data repository containing information on known fraudulent IPs, devices, mule accounts and other cybercrime patterns. The Risk Engine combines rich data input, machine learning methods and authentication feedback to provide intelligent, real-time risk evaluations to mitigate fraud.

When a particular user activity crosses the risk threshold as defined by the RSA Risk Engine and the Policy Manager, Adaptive Authentication can further assure the identity of the user by initiating a Step-Up authentication:

  • Challenge questions – secret questions that have been selected and answered previously by the end user.
  • Out-of-band (OOB) authentication – via voice, SMS or e-mail.
  • Knowledge-Based Authentication (KBA) – out of wallet questions that are gleaned in real time from a series of public and private databases, the answers to which are known only by the end user.
  • Multi-credential framework – Adaptive Authentication integrates with existing and 3rd party authentication methods.
  • Biometrics: Fingerprint and eye biometrics (available for mobile users).
  • Transaction signing: Provides integrity assurance, cryptographic signature and authenticity for payment transactions to combat fraud from advanced financial malware attacks. Transaction signing can optionally integrate with biometrics as a stronger means of authentication layered on top of the payment transaction signature.

Balancing security & convenience, Adaptive Authentication offers a wide array of deployment and configuration options to meet the need of almost any organization. Adaptive Authentication can be deployed in three ways – on-premise, hosted or cloud. Using fine grained controls, organizations can provide risk-based authentication for their entire user base and allow the RSA Risk Engine to choose an appropriate step-up authentication method based on the risk score or access level of the user.

"We knew we could trust RSA [Adaptive Authentication] to give us the robust user authentication we needed to protect us and our stakeholders from the risk of financial loss and compromised personal data."

CIO PayChoice

RSA Web Threat Detection

Detect cyber threats across Web and mobile applications with advanced behavioral analytics.

RSA Adaptive Authentication for eCommerce

Protect 3D Secure e-commerce transactions without impacting users.

RSA FraudAction 360

Prevent phishing, malware, rogue mobile apps, and other cybercrime threats that target online and mobile users.

Adaptive Authentication Mobile SDK

Download the mobile SDK.