Skip to main content

Risk Engine

eGuardian's Risk Engine is responsible for calculating the level of assurance (LOA) for each transaction. LOA will be used by the smart MFA module to decide whether to increase or decrease the friction for the user.

eGuardian's Risk Engine comes with an out of the box integration with the Policy Engine.

Risk Analyzers#

Risk Analyzers are responsible for fetching data from different sources and calculating a final score based on the collected information. Each Risk Analyzer focuses on a specific area and gets a specific kind of data. For example, the IP Risk Analyzer gets some information about the IP address of the user and generates a score based on that address.

This is a noninclusive list of built-in Risk Analyzers:

  • AIML Risk Analyzer: Provides a score based on the user contextual information provided to Acceptto's AI/ML engine.
  • Auth Method Risk Analyzer: Provides a score based on the authenticator used for the last MFA.
  • DBFP Risk Analyzer: Provides a score based on the user's browser fingerprint.
  • IP Risk Analyzer: Provides a score based on the user's IP address.
  • Location Risk Analyzer: Provides a score based on the user's obtained location. The location will be obtained from the phone or browser and if not provided, falls back to the IP-based location.

Third-party Risk Analyzers#

The Risk Analyzers are designed to be modular and there are multiple ways of integrating new risk analyzers:

  1. Calling an external API to fetch the score for a given user and context
  2. An external risk engine can call the generic score API to provide the score for the users
  3. A custom Risk Analyzer module can be implemented by the Acceptto team that can communicate with any external resources

LOA Score#

The LOA score is a number between 0.0 to 4.0. The higher the LOA the more likely the user is who they claim to be. The overall LOA score is calculated out of the confidence and risk scores generated by the Risk Analyzers.

Total LOA Score Calculation#

The calculation happens in two steps:

1. Total Confidence Score#

We collect the confidence scores reported by risk analyzers. Then we calculate the Total Confidence Score as a weighted average of individual confidence scores and their weights.

2. Total LOA Score#

We collect the risk scores reported by risk analyzers and define the Reversed Risk Score as one minus the risk score value (1 - risk_score) for each risk score. To calculate the Total LOA score, we multiply the Total Confidence Score from the previous section by the Reversed Risk Score of each risk analyzer:

c×∏i=1n1−ric \times \prod_{i=1}^{n} 1 - r_i
  • cc is the Total Confidence Score from the previous step
  • nn is the total number of risk scores
  • rir_i is the risk score from the ithi^{\text{th}} risk analyzer

Example#

Consider the following Risk Analyzers information.

Risk AnalyzerConfidence ScoreRisk ScoreWeightNotes
DBFP1.2N/A1
Auth Method4N/A1Because OOB method was push
IP1N/A0.5
GPS0N/A0.5Because location data is not available (e.g. user didn't allow permission)
AnalyzerX0N/A0.25Third-party Risk Analyzer
ThreatSignalN/A0.25N/AThreatSignal service recognized a risk
AnalyzerYN/A0.5N/A
AnalyzerZN/A0N/ANo risk

The total LOA score is equal to:

(1.2×1)+(4×1)+(1×0.5)+(0×0.5)+(0×0.25)1+1+0.5+0.5+0.25×(1−0.25)×(1−0.5)×(1−0)=0.66{{(1.2 \times 1) + (4 \times 1) + (1 \times 0.5) +(0 \times 0.5) + (0 \times 0.25)}\over{1 + 1 + 0.5 + 0.5 +0.25}} \times (1 - 0.25) \times (1 - 0.5) \times (1 - 0) = 0.66