LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What is risikoabhängige Authentisierung (risk-based authentication) and how does e-banking use it?

Different actions require different authentication strength. Reading your balance might need only a password; making a payment needs 2FA; high-risk operations like adding a new beneficiary need extra verification.

E-banking pyramid (low → high authentication strength required):

Activity Auth required
General info (rates, branch hours) None — public
Reading account/card info (smartphone) Password only
Stock trading (smartphone) Password
Scanning/registering payments (smartphone) Password
E-bills (smartphone with Access Card) Password + card
'Smooth' payments (smartphone with Access Card) Password + card
Pre-registered payments (PC) Full e-banking login
Arbitrary payments (PC) Full e-banking login
Changing customer data (PC) Full e-banking login + extra check

Why this matters:

  • Forcing full 2FA on every interaction would push users to disable security or pick weaker banks.
  • Letting low-risk actions go with low friction keeps users happy; only escalating where loss potential is real keeps the bank safe.
  • This is the Schutzziel × Aufwand trade-off applied to UX.

Modern extensions: "adaptive authentication" — risk score is computed live from device fingerprint, IP geolocation, time of day, behaviour patterns, then escalation is triggered only when anomalous.

From Quiz: ISF / Access Control | Updated: Jul 14, 2026