Порогова оптимізація risk-based автентифікації під вартісні регуляторні обмеження PSD2
This paper addresses the problem of threshold decision optimization in risk-based authentication (RBA) systems under the value-based fraud rate constraints of PSD2. We propose a mathematical model for deciding whether to allow a transaction, require additional Strong Customer Authentication (SCA), o...
Збережено в:
| Дата: | 2026 |
|---|---|
| Автори: | , |
| Формат: | Стаття |
| Мова: | Українська |
| Опубліковано: |
Vinnytsia National Technical University
2026
|
| Теми: | |
| Онлайн доступ: | https://oeipt.vntu.edu.ua/index.php/oeipt/article/view/800 |
| Теги: |
Додати тег
Немає тегів, Будьте першим, хто поставить тег для цього запису!
|
| Назва журналу: | Optoelectronic Information-Power Technologies |
Репозитарії
Optoelectronic Information-Power Technologies| Резюме: | This paper addresses the problem of threshold decision optimization in risk-based authentication (RBA) systems under the value-based fraud rate constraints of PSD2. We propose a mathematical model for deciding whether to allow a transaction, require additional Strong Customer Authentication (SCA), or deny the transaction based on a risk score and transaction amount. We introduce constraints on the value-fraud-rate – the fraction of fraud by value among allowed transactions – in accordance with PSD2 thresholds (0.13%, 0.06%, 0.01%)[1][2]. An algorithm for tuning decision thresholds for each transaction amount range is developed, providing guarantees that fraud rates remain below the regulatory limits. A simulation experiment on a generated transaction dataset with risk scores and fraud labels is conducted. The results demonstrate that the proposed approach satisfies regulatory requirements (value-fraud-rate not exceeding 0.13%/0.06%/0.01% for the respective amount tiers) while allowing a significantly higher proportion of transactions to proceed without additional authentication compared to baseline strategies. We analyze how the threshold settings affect SCA trigger frequency and fraud levels, and discuss practical implications of deploying the proposed method in cloud-based banking and Payment Service Provider (PSP) platforms to support trusted transaction authentication. |
|---|