Abstract: Methods, systems, and apparatuses are described herein for improving computer authentication processes by analyzing user response times to authentication questions. A request for access to an account may be received. Transaction data associated with a user of that account may be retrieved, and a list of merchants may be generated based on the transaction data. A blocklist may be retrieved, and the list of merchants may be filtered based on the blocklist. An authentication question may be presented. The authentication question may relate to the list of merchants. User responses may be received, and response times for the user responses may be measured. Based on the response times and the response times for other users, an average response time for the merchants may be determined. Based on the average response time for a particular merchant exceeding a threshold, the particular merchant may be added to the blocklist.

Abstract: Methods, systems, and apparatuses are described herein for improving computer authentication processes by generating authentication questions based on the location of a user. Transaction data indicating a plurality of transactions associated with a user account may be received. Location data indicating a plurality of locations of a user device might be received. At least a subset of the plurality of transactions may be tagged, based on the location data, with an indication that a user was present for a respective transaction. For example, a location of a merchant might be compared to a user device location indicated by the location data. A plurality of authentication questions might be generated based on the subset of the plurality of transactions. Access to the user account might be provided based on responses to the plurality of authentication questions.

Abstract: Methods, systems, and apparatuses are described herein for improving computer authentication processes by dynamically adjusting questions presented during authentication. A request for access to an account may be received. A first authentication question may be generated based on a first transaction of a plurality of transactions associated with an account. Based on whether a response to the first authentication question is correct or not, a second or third transaction of the plurality of transactions may be selected, and a second authentication question might be generated based on the selected transaction. It may be determined whether to provide access to the account based on a response to the second authentication question.

Abstract: Aspects described herein may allow for authenticating a user by generating a customized set of authentication questions based on patterns that are automatically detected and extracted from user data. The user data may include transaction data collected over a period of time. By automatically detecting user patterns that correspond to user behavior over a period of time, an authentication system may be able to generate information that is recognizable to an authentic user but difficult to guess or circumvent for any other user.

Abstract: Aspects discussed herein may relate to techniques for authenticating a user using transaction-based authentication questions. Hold transactions conducted using a financial account may be identified and verified. The hold transactions may be transactions that do not post to the financial account, and therefore are not provided on any financial account statement. The transaction-based authentication questions may be generated based on the identified and verified hold transactions. The user may be authenticated based on responses by the user to the transaction-based authentication questions. Malicious actors that gain access to financial account statements are unlikely to answer the transaction-based authentication questions correctly as they are based on financial transaction data that is not provided on the financial account statements.

Abstract: Aspects described herein may relate to techniques for detecting login activity to a financial account during a knowledge-based authentication process. The login activity may be related to access to an online interface for the financial account. The detection of login activity during the authentication process my indicate that the integrity of the authentication process is compromised as login access may provide an individual with transaction data that may be used to answer transaction-based authentication questions. As a result of detecting login activity, an alternative authentication process may be initiated or an authentication request related to the financial account may be denied.

Abstract: Methods, systems, and apparatuses are described herein for improving the security of personal information by preventing attempts at gleaning personal information from authentication questions. A computing device may receive a request for access to an account associated with a user. The request may comprise candidate authentication information. Based on comparing the candidate authentication information with the account data, the computing device may generate a synthetic authentication question. The synthetic authentication question may be generated as if the candidate authentication information is valid. A response to the synthetic authentication question may be received, and the request for access to the account may be denied.

Abstract: Methods, systems, and apparatuses are described herein for improving computer authentication processes using vocal confidence processing. A request for access to an account may be received. An authentication question may be provided to a user. Voice data indicating one or more vocal utterances by the user in response to the authentication question may be received. The voice data may be processed, and a first confidence score that indicates a degree of confidence of the user when answering the authentication question may be determined. An overall confidence score may be modified based on the first confidence score. Based on determining that the overall confidence score satisfies a threshold, data preventing the authentication question from being used in future authentication processes may be stored. The data may be removed when a time period expires.

Abstract: Methods, systems, and apparatuses are described herein for improving computer authentication processes through the generation of synthetic merchants. A plurality of different real merchant names may be received. The plurality of different real merchant names may be processed to determine one or more name elements. A request for access to an account associated with a user may be received. Based on the one or more name elements, one or more synthetic merchant names may be generated. Based on the one or more synthetic merchant names, synthetic transaction data may then be generated. A synthetic authentication question may be generated and presented to a user. A candidate response to the synthetic authentication question may be received. Based on the candidate response, access to the account may be provided.

Abstract: Methods, systems, and apparatuses are described herein for improving the accuracy of authentication questions using e-mail processing. A request for access to an account may be received from a user device. A plurality of organizations may be identified. One or more e-mail associated with the account may be identified. The e-mails may be processed to identify one or more organizations that correspond to transactions conducted by a user. A modified plurality of organizations may be generated by removing, from the plurality of organizations, the one or more organizations. An authentication question may be generated and provided to the user device. A response to the authentication question may be received, and the user device may be provided access based on the response.

Abstract: Methods, systems, and apparatuses are described herein for improving the accuracy of synthetic authentication questions by analyzing third party account data. A request for access to a first account associated with a user may be received. The first account may be managed by a first organization. A transactions database might be queried for first account data. Second account data corresponding to a second account associated with the user might be received. That second account may be managed by a second organization different from the first organization. One or more second transactions, unique to the second account, may be identified. A synthetic transaction, configured to be different from transactions in the first account and the one or more second transactions, may be generated. An authentication question may be generated based on the synthetic transaction. Access to the first account might be provided based on a response to the authentication question.

Abstract: Methods, systems, and apparatuses are described herein for improving the accuracy of authentication questions using transaction limitations provided by users. A request for access to an account associated with a user may be received from a user device. An account restrictions database may be queried to determine one or more transaction rules associated with the account. The one or more transaction rules may have been created by the user and indicate limitations on financial transactions that may be performed via the account. An authentication question may be generated that is associated with a violation of the one or more transaction rules. The authentication question may be provided to the user device, and a response to the authentication question may be received. Access to the account may be provided to the user device based on the response.

Abstract: Aspects described herein may use behavioral biometric data to authenticate an individual that requests performance of an action related to a financial account. In response to the request, challenge questions relating to recent transactions conducted with the financial account may be generated. The challenge questions may be provided to the individual and may prompt the individual for audile response and/or touch input responses. Behavioral biometric data may be extracted from the responses and may be used to determine a likelihood the individual is an authorized user of the account.

Abstract: Aspects described herein may use a machine learning model to identify transactions likely to be remembered by a user and that may be used to generate challenge questions to authenticate the user. An individual may request an action related to a financial account. In response to the request, the machine learning model may determine a likelihood an authorized user of the financial account will remember one or more recent transactions. The likelihood of each candidate transaction may be compared to a predetermined threshold to determine a subset of recent transactions. Information relating to the subset of recent transactions may be used to generate one or more challenge questions to pose to the user. The user's responses to the challenge questions may be used to evaluate whether the user is the authorized user of the financial account or is a fraudster or imposter.

Abstract: Aspects discussed herein may relate to techniques for authenticating a user using transaction-based authentication questions. The transaction-based authentication questions may be generated based on a subset of available financial data. Refund transactions and their related transactions may be identified within the available financial data. Data from the refund transactions and their related transactions may be excluded from being used to generate transaction-based authentication questions. In turn, the transaction-based authentication questions are less likely to confuse the user and are more likely to be memorable to the user. Consequently, the likelihood that the user answers the transaction-based authentication question incorrectly is reduced, thereby avoding delays related to the authentication processes that may frustrate the user.

Abstract: Aspects discussed herein may relate to techniques for authenticating a user using transaction-based authentication questions. The transaction-based authentication questions may include one or more “false answer” merchants as potential answers. The false answer merchant choices may exclude any merchant that the user conducted a transaction with using a financial account that is not the financial account for which the user requires authentication. In turn, the false answer merchant choices that are presented to the user are less likely to confuse the user. Consequently, the likelihood that the user answers the transaction-based authentication question incorrectly is reduced, thereby avoiding delays related to the authentication processes that may frustrate the user.