000030911 - Issues with continuous collections in Adaptive Authentication (Hosted)

Document created by RSA Customer Support Employee on Nov 4, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000030911
Applies ToRSA Product Set: Adaptive Authentication (Hosted)
RSA Product/Service Type: Adaptive Authentication (Hosted)
 
Issue A customer states that over the past week,  every client we sign onto portal for the first time is having the RSA questions asked immediately after they answer them during the same sign on sequence, this is what is happening:
  • They log on with their initial sign on information
  • Then they are asked to put in a phone # and answer 3 authentication questions
  • Then they are asked to change the temporary password
  • Then the password reset question is asked
  • And after they submit their answer, the next screen comes up asking for the client to answer the authentication questions that they just answered 3 screens earlier
Can you explain why this is happening to the banks customers?  
Cause"This could be an implementation issue, which can happen when authentication data is owned by the customer."
You may need to ask for another set of user ids if the behavior described does not match what is seen in the logs. 
Resolution1.  Ask for sample users and look over the logs. 
2. If there are any patterns of collections, CS activities, challenges, etc. note this. 
Analysis of the two users.. You described this behavior 
  1. They log on with their initial sign on information 
  2. Then they are asked to put in a phone # and answer 3 authentication questions 
  3. Then they are asked to Change the temporary pw 
  4. Then the password reset question is asked and after they submit their answer 
  5. The next screen comes up asking for the client to answer the authentication questions that they just answered 3 screens earlier 
Analysis of the logs does not really show this behavior..(and that can be simply a limitation of the logs, what the user experienced does count, also RSA does not control all aspects of some customer's part in the flow. 
Also some customer maintains their own authentication data like with OTP collection data... 
There can be customer controlled applications that are implemented from the OLB website like 'password reset' or Forgot user name that does not anything to do directly with RSA.
 
WorkaroundWorkaround may be for the customer to reset the user authentication data (this cannot be done for KBA, just unblock).
NotesThe customer closed the case before better samples were provided.. 

Attachments

    Outcomes