PingOne

Risk evaluations

Risk evaluations calculate the risk level and other risk-related details associated with an event.

The risk policy then determines how the aggregated risk score from a risk evaluation should be translated into a final risk level of low, medium, or high. For more information, see Risk policies.

Review and analyze the results from risk evaluations to see how your risk policy is performing. After reviewing the results, you might need to fine-tune your risk policy, depending on your organization’s needs and use cases. To make decisions on whether you need to adjust your risk policy, consider the following:

Your business goals

Should your risk policy be more permissive or more restrictive? This decision depends on your organization’s needs, tolerance for fraud incidents, and overall revenue and user experience impacts.

How your risk policy is configured

How are various predictors configured as part of your risk policy? How are the final risk levels assigned? For more examples of questions to consider when creating and fine-tuning a risk policy, see Risk policies.

The type of user flow

Is your risk policy used for an access, authentication, authorization, registration, or transaction flow? The type of user flow might affect the adjustments you make to a risk policy. You can also specify a flow subtype to provide additional detail about the context of the flow, such as if the user performed a password reset or signed on with their username and password. Learn more about flow types and subtypes in the PingOne API documentation.

You can also create different risk policies for different use cases. Learn more in Risk policies.

Additional identity mitigation tools

Should you use additional tools, such as multi-factor authentication (MFA), identity verification, or knowledge-based authentication (KBA), in your user flow to prevent user identity fraud?

Learn more about how to: