Risk Based Authentication

2C2P’s Risk Based Authentication (RBA) system, a sophisticated solution used by issuers to assess and score 3DS transactions, reducing the need for active authentication. The system dynamically evaluates transaction risks, tailoring security challenges to minimize friction for cardholders while maintaining robust security.

Key Features

• Card Scheme RBA Procedure: It processes decisions based on Card Scheme-specific message extensions, such as Mastercard Smart Authentication or Verified by Visa, depending on the Cardholder PAN.
• Internal Process: The system uses conditional checks and scoring parameters based on the 3DS Authentication Request (AReq) to assess transaction risk internally.
• Mixture Process: A flexible approach that combines the internal and Card Scheme RBA procedures based on engine settings, allowing dynamic risk assessment adjusted to specific Cardholders.

Technologies

• Languages: C# (.Net Standard)
• Data Store: Oracle, MySQL, Redis
• Infrastructure: Docker, Kubernetes, AWS, Jenkins
• Logging and Error Tracking: Elasticsearch & Kibana

Challenges and Solutions

Challenge: Coordinating risk assessment across different modes (internal, card scheme, and mixed) while ensuring accurate and secure transaction processing.

Solution: Created flexible, parameter-driven logic that adjusts risk assessments according to card scheme rules and internal policies, improving decision accuracy and system adaptability.

Challenge: Maintaining database independence to support multiple issuers with varied database preferences.

Solution: Built a database-agnostic framework allowing configuration changes, enabling the system to operate efficiently across different database environments without any modifications.

Impact

The RBA system improved transaction security and reduced friction for cardholders by dynamically assessing risks and customizing challenges. This approach minimized active authentication, improved user experience, and boosted issuer approval rates.

Role and Contributions

I built the RBA system from scratch, designing and implementing transaction scoring algorithms, robust benchmarking for performance analysis, and seamless integration with multiple card schemes and internal processes.