What is Risk-Based Authentication and why banks should implement it?

Driven by the trifecta of smartphone penetration, low-cost data rates, and higher incomes, the Indian e-commerce market was expected to grow to US$ 200 billion by 2026. Covid-19 has caused an inflection point for the e-commerce market in India. A Bain & Company-PRICE survey of 3000 households across income groups and geographies which was conducted between April and June, revealed about 13% of respondents buying online for the first time, while about 40% buying more online. An NRF survey showed that nearly 6 in 10 consumers say they are worried about going to the store due to fear of being infected.

Figure 1: Growth of credit cards in India (Source: RBI database, Bank-wise ATM/POS/Card Statistics various years)

The majority of the growth is from online shoppers in Tier 2 tier 3 cities. The pandemic has also seen a surge in UPI transactions. While credit cards did a total of 185 million transactions delivering a value of INR 805K million, UPI delivered a staggering 3654 million transactions with a value of INR 6543K million as per RBI and NPCI statistics for Sep 2021.

Key Challenges and Solutions:

With the spectacular growth in the eCommerce market sophisticated online payment frauds and threats have mushroomed too. An e-commerce transaction involves multiple entities at various stages, such as the marketplace, merchants, payment gateways, financial institutions, apart from the end consumers, and each of them can act as a vulnerability or attack point for malicious actors. For example:

· The end customer fraud making fraudulent claims, chargebacks, fake buyer accounts, promotion/coupon abuse.

· Malicious fraudsters involved in account takeover, identity theft, card detail theft, etc. Data leaks compromise millions of consumer details every year contributing to digital fraud through impersonation globally.

· Fraudulent merchants who could deploy “bust out” merchant fraud and transaction laundering mechanisms to defraud acquirers.

However, transactional and identity security is not the only concern of financial institutions. This must be balanced with customer experience. Customer loyalties now lie with merchants and banks that offer the best experience in terms of convenience, speed, and security. With the myriad of devices, payment authentication options, and processes every digital bank faces the ultimate challenge of balancing optimal security and a seamless customer payment experience.

This is where Wibmo’s Trident FRM makes a difference. Trident FRM is a comprehensive, omni-channel, risk-based authentication (RBA) solution that identifies and manages fraud in real time. It does so by building a holistic customer profile from diverse data points.

Figure 2: Risk-Based Authentication

A customer’s transaction journey begins on a checkout page or a bill payment action or when a customer does a fund transfer (wire transfer). These actions result in the customer connecting to the bank’s server and the bank’s server is an integration point for Trident to evaluate the risk of every transaction done by the user in real-time. Trident uses the data it receives from multiple channels and devices.

Data comes in various forms, like:

Transactional data: Card number/account number/phone number, amount, currency, merchant or payee information, billing, and shipping addresses.

Location data: Terminal id, IP address, approximate latitude and longitude, ISP data.

Device data: (SDK App ID, Browser information, proprietary device-fingerprinting)

User information: Time of the day for this transaction and any deviations from past customer behavior using historical data.

With more than 100 data points (in the case of online e-commerce), and a powerful set of operators Trident can write rules for almost every fraud scenario using an intuitive rule builder screen. In addition, Trident employs advanced analytics and machine learning algorithms to generate a real-time score and decisions for every transaction. The decision can be one of the following:

Low Risk: These are transactions that can be ALLOWED to proceed without challenging for OTP thereby delivering a seamless customer experience. In Wibmo’s experience, more than 90% of the transactions fall under this category.

Medium Risk: Transactions that are suspected are risky enough to challenge using a multi-factor authentication method.

High Risk: Transactions that are suspected to be very high risk and suggested to be declined.

Any suspected fraudulent transaction is marked as a case for automated action or manual investigation and closure in the Case Management portal.

An efficient case management portal drives both proactive and reactive fraud cases using consolidated data across channels. It also generates various reports that are required for regulatory and compliance purposes.

Benefits of RBA are:

· Reduced financial losses due to fraud.

· Customer delight due to seamless payment experience.

· Improved compliance with local and global regulatory requirements.

· Reduced total cost of operations by managing fraud cases efficiently and limiting the number of cases routed for manual review.

Impact Analysis:

So, a frequently asked question is: What is the impact of doing risk-based authentication? For a credit card online purchase (card not present) scenario, RBA using Trident delivers almost 6–8% improvement in success rates for banks and almost 40% reduction in latency for completing the transaction for the end customers.

To put this in perspective, as of Dec 2020 with an average ticket size of credit cards was Rs 3,653 and with 20 lakhs transactions per month for online transactions, for a given bank and assuming a 1% MDR, this is an additional uptick of 43 lakhs every month.

Wibmo processes cards not present transactions for many of India’s largest banks. For a large bank with more than 150 lakh transactions, we were able to save close to Rs 5 lakhs in a month.


As transaction volumes are set to grow in double digits year on year, and as customers expect to transact from anywhere using multiple devices, the threat of increased online fraud becomes more real. Customers want speed and convenience balanced with security, therefore, banks that deliver the most optimized services will win customer loyalty. Hence, it becomes imperative for issuers to be integrated with robust, omnichannel fraud detection and prevention risk engines. RBA solutions such as TRIDENT FRM is a cost-effective solution that empowers banks to stay one step ahead of fraudsters and deliver delightful customer experiences which they have come to expect in today’s digital world.

You've successfully subscribed to The Capital
Great! Next, complete checkout to get full access to all premium content.
Error! Could not sign up. invalid link.
Welcome back! You've successfully signed in.
Error! Could not sign in. Please try again.
Success! Your account is fully activated, you now have access to all content.
Error! Stripe checkout failed.
Success! Your billing info is updated.
Error! Billing info update failed.