Adaptive Access and Fraud Prevention
Adaptive Access delivers risk-aware, context-driven access management. The Adaptive Access service is built on a scalable, fault-tolerant, multi-tier deployment architecture including the following components:
- Adaptive Access Administration for managing the Adaptive Access Server.
- Adaptive Access Server consisting of three layers: Presentation leveraging the strong authenticator functionality using the interfaces provided by the business layer to access its services; Business Logic containing the core application logic that implements the risk-analyzing engine; and Data Access connecting the environment to the supported relational database systems.
Adaptive Access supports the following functionality:
- Real-time and batch risk analytics to address fraud and misuse across multiple channels of access (real-time evaluation of multiple data types helps stop fraud as it occurs).
- Device fingerprinting, real-time behavioral profiling and risk analytics harnessed across both web and mobile channels.
- Risk-based authentication methods including knowledge-based authentication (KBA) challenge infrastructure with server-generated one-time passwords (OTP).
- Standard integration with Oracle Identity Management (Identity Governance and Access Management).
- Leverages Access Management’s core services and enhances its authentication methods.
- Key support for mobile devices using Access Management’s Mobile and Social service.
- Auto learning: A mixture of real-time and predictive auto-learning technology is used to profile behavior and detect anomalies (recognize high risk activity and proactively take actions to prevent fraud and misuse). Auto-learning automates risk evaluations and keeps track of changing behaviors.
- Configurable risk engine: Flexible architecture supporting three methods of risk evaluation that work concurrently to evaluate risk in real-time: configurable rules, real-time behavioral profiling, and predictive analysis.
- Virtual authentication devices: Server-driven services (i.e., no client-side software or logic that can be compromised by key-loggers and other common malware – personalized images and phrases are known only to the server and the end user). The security of the user credentials during entry is ensured by not capturing or transmitting the actual credential of the end user (strong authentication). Virtual authentication devices include TextPad, a personalized device for entering a password or PIN using a regular keyboard (defends against phishing); PinPad, a lightweight authentication device for entering a numeric PIN; QuestionPad, a personalized device for entering answers to challenge questions using a regular keyboard; and KeyPad, a personalized graphics keyboard used to enter alphanumeric and special characters (passwords and other sensitive data such as credit card numbers).
- Device fingerprinting: Designed to support desktops, laptops, mobile devices or other web-enabled devices, providing standard browser-based access and mobile browser-based access without additional client software. Adaptive Access device fingerprinting integrates with the Access Management Mobile and Social SDK and REST interface, and monitors multiple device attributes.
- Knowledge-based authentication (KBA): Secondary authentication in the form of KBA questions presented after successful primary authentication. The KBA infrastructure handles registration, answers, and the challenge of questions. Adaptive Access Management's rules engine and organizational policies are responsible for determining if it is appropriate to use challenge questions to authenticate the customer.
- Answer Logic: Increases the usability of KBA questions by accepting answers that are fundamentally correct but may contain a small typo, abbreviation, or misspelling.
- OTP Anywhere: Risk-based challenge mechanism consisting of a server-generated one-time password (OTP) delivered to an end user via SMS, email, or instant messaging. The challenge processor framework supports custom risk-based challenge solutions combining third-party authentication products with Adaptive Access realtime risk evaluations.
- Mobile access security: Security policies available with Adaptive Access can dynamically adjust when user access originates from a mobile device. IP geo-location velocity rules behave differently if the access request is via a cellular connection or Wi-Fi. When used with Mobile and Social, Adaptive Access provides device fingerprinting, device registration, risk-based challenge mechanisms, and lost and stolen device.
- Universal Risk Snapshot: Allows an administrator to instantly save a full copy of all Adaptive Access policies, dependent services, and configurations for backup, disaster recovery, and migration.
- Fraud investigation: Forensic interface for security analysts and compliance officers allowing agents to save “case” information in a repository.
- Adaptive policy management: Policies and rules are designed to handle patterns or practices, or specific activities. The administrator can define when rules should be executed, the criteria used to detect various scenarios, the group to evaluate, and the appropriate actions to take when suspicious activity is detected.
Mobile Authenticator is a token-based authentication mobile app available for download from the Apple Store and Google Play. Oracle Mobile Authenticator enables organizations to cost-effectively provide strong authentication and prevent unauthorized access to vital company and customer data by generating a time-based security code or one-touch notification enabling soft-token authentication. As part of the Oracle Access Management platform, Oracle Mobile Authenticator leverages adaptive, dynamic authentication and strong authentication services.
For Technical Implementation please refer my other blogs.
For Technical Implementation please refer my other blogs.