主权项 |
1. A method comprising:
receiving, at a server computer, an authentication request message for a transaction involving a user computing device associated with a user, the authentication request message including user data, user computing device data, and transaction data; determining, by the server computer, if authentication is available for the transaction by determining whether an account identifier associated with the user is enrolled in an authentication program; when authentication is available for the transaction, performing, by the server computer, a risk analysis using the user data, the user computing device data, and the transaction data received in the authentication request message to compute a risk score; and when the risk score determined from the risk analysis is on a first side of a threshold,
initiating generating a verification value, andprovisioning the verification value to the user computing device in an authentication response message, and when the risk score determined from the risk analysis is on a second side of the threshold,
initiating generating and sending a challenge request message to the user computing device, andprovisioning the verification value to the user computing device in the authentication response message, after the challenge request message is generated and sent. |