Technical feasibility of context-aware passive payment authorization for physical points of sale

Wójtowicz, Adam; Chmielewski, Jacek

doi:10.1007/s00779-017-1035-z

Cited by 8 publications

(2 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The authors of [7] proposed a risk engine based on fuzzy logic applicable to energy management tasks in smart homes. In [15], a system is proposed to dynamically choose the appropriate authenticator for the authorization process of payment at the point of service (POS) based on a predefined set of rules. While these systems show that risk-based authentication systems are usable in real-life applications, they are not transferable to other domains because the proposed risk engines are too intertwined with their respective application domain.…”

Section: Related Work a Risk-based Authentication Systemsmentioning

confidence: 99%

RLAuth: A Risk-Based Authentication System Using Reinforcement Learning

Picard¹,

Pierre²

2023

IEEE Access

View full text Add to dashboard Cite

Conventional authentication systems, that are used to protect most modern mobile applications, are faced with usability and security problems related to their static and one-shot nature. Indeed, one-shot authentication mechanisms challenge the user at the beginning of a session leaving them vulnerable to attacks on lost/stolen devices or session hijacking. In addition, static authentication mechanisms always use the same challenges to authenticate the user without considering the dynamic nature of the risk related to the authentication context. To mitigate these challenges, we propose RLAuth, a risk-based authentication system that can automatically adapt the level of challenge presented to the user on each authentication request based on the current context. RLAuth is based on binary anomaly detection, which is solved using a deep reinforcement learning agent that acts as the classifier. To cope with the high class imbalance in the anomaly detection problem, we propose to use a balanced sampling technique during experience replay and an imbalanced correction factor during reward computation. We evaluate RLAuth on a public dataset using the G-mean metric which is the square root of the product of sensitivity with specificity. This metric is efficient to measure the classification performance of a model under class imbalance since it does not overfit to the majority class. Finally, RLAuth obtained a G-Mean of 92.62%. In addition, the reinforcement learning agent can be trained offline for acceptable results in about 130 s and can then be periodically retrained to improve its performance over time.

show abstract

Section: Related Work a Risk-based Authentication Systemsmentioning

confidence: 99%

RLAuth: A Risk-Based Authentication System Using Reinforcement Learning

Picard¹,

Pierre²

2023

IEEE Access

View full text Add to dashboard Cite

show abstract

“…The single-factor authentication is not dependable and is relatively simple to get around. Although there have been recent in-depth investigations of password substitutes, no work has yet given a comprehensive assessment of the combined usage of several authentication or testimony procedures inside adaptive systems [8]. In the set of traits chosen for recognizing a person's fingerprint based on the context, there are variables that are used for comparison in adjusting behavior.…”

Section: Literature Reviewmentioning

confidence: 99%

A study of risk-based authentication system in cyber security using machine learning

Qureshi¹,

Kale²

2022

World J. Adv. Eng. Technol. Sci.

View full text Add to dashboard Cite

The optimum authentication method is determined by the user's risk profile, which is created using context- and behavior-based data from the user's device, finger print, one-time password, and other characteristics. Hacking and security breaches of online accounts, including social networking and web ac- counts, are very common in today's society. We suggest a Risk Based Authentication System utilizing Machine Learning to stop this. For the protection of data and money in this internet environment, security is a worry. Numerous parameters are researched and taken into consideration in the paper in order to solve the issue. These variables determine whether to grant the user permission or not. The gradients descent method is used to verify the user. Previous literature is re- viewed with technical details of the system before conclusion.

show abstract

Payment Authorization in Smart Environments: Security-Convenience Balance

Wójtowicz

Chmielewski

2019

Enterprise Information Systems

View full text Add to dashboard Cite

Technical feasibility of context-aware passive payment authorization for physical points of sale

Cited by 8 publications

References 3 publications

RLAuth: A Risk-Based Authentication System Using Reinforcement Learning

RLAuth: A Risk-Based Authentication System Using Reinforcement Learning

A study of risk-based authentication system in cyber security using machine learning

Payment Authorization in Smart Environments: Security-Convenience Balance

Contact Info

Product

Resources

About