摘要 |
The invention relates to a method for preventing fraud or misuse based on a risk scoring approach when using a service of a service provider, wherein the service of the service provider is requested by a user equipment, the user equipment being connected to a mobile communication network and the user equipment comprising a subscriber identity module,
wherein a subscriber database is assigned to the mobile communication network, the subscriber database comprising information related to the user equipment and/or related to the subscriber identity module,
wherein for different occurrences of providing the service of the service provider with respect to the user equipment, the user of the user equipment is authenticated by means of transmitting an authentication information between the service provider and the user equipment, wherein for the purpose of the transmission of authentication information between the service provider and the user equipment, the user equipment is identified by means of the MSISDN (Mobile Station Integrated Services Digital Network number) of the user equipment,
wherein the method comprises the following steps:
-- in connection with a first occurrence of providing the service, the service provider transmits, in a first step, a request message to the subscriber database of the mobile communication network, the request message being related to the MSISDN of the user equipment, and the request message requesting additional data related to the user equipment and/or related to the subscriber identity module,
-- the subscriber database transmits, in a second step, subsequent to the first step, an answer message to the service provider, the answer message comprising the additional data related to the user equipment and/or related to the subscriber identity module,
-- in connection with a second occurrence of providing the service, the second occurrence of providing the service being either prior or subsequent to the first occurrence of providing the service, an authentication information is transmitted between the service provider and the user equipment without transmitting a request message and a corresponding answer message. |