A Risk-Based Access Control Model for Protecting E-Commerce User Accounts
Keywords:
Risk-Based Access Control, E-Commerce Security, Artificial Intelligence, Fraud Detection, Machine Learning Authentication, Behavioral Biometrics, Context-Aware AuthenticationAbstract
The rapid expansion of digital commerce has significantly increased the risk of cyber threats targeting user accounts and online transactions. E-commerce platforms process millions of authentication requests daily, making them attractive targets for cybercriminals attempting account takeover attacks, credential theft, and fraudulent transactions. Traditional authentication mechanisms, such as password-based login systems and static multi-factor authentication, often lack the capability to dynamically evaluate contextual risk factors associated with login attempts. Consequently, these conventional approaches may fail to detect sophisticated attacks in which adversaries exploit legitimate credentials to gain unauthorized access. This research proposes an Artificial Intelligence–driven Risk-Based Access Control (RBAC) model designed to enhance the security of e-commerce user accounts. The proposed framework integrates contextual authentication indicators, behavioral analytics, and machine learning techniques to dynamically assess the risk level of each login attempt. The system collects multiple contextual attributes, including device information, geographic location, login frequency patterns, and behavioral interaction metrics. These attributes are analyzed using machine learning algorithms to identify anomalies that may indicate suspicious activities. A dynamic risk scoring mechanism is developed to evaluate authentication requests based on contextual and behavioral features. When the calculated risk score exceeds predefined thresholds, the system triggers adaptive security responses such as multi-factor authentication challenges or login blocking. This approach enables the authentication framework to balance security and usability by applying stricter verification only when potential threats are detected. Experimental evaluation using simulated authentication datasets demonstrates that the proposed model significantly improves fraud detection accuracy compared to traditional rule-based authentication systems. The integration of machine learning techniques enhances the system’s ability to detect abnormal login patterns while reducing false positive rates that may inconvenience legitimate users. The results indicate that the proposed AI-driven risk-based authentication framework provides a scalable and effective solution for protecting user accounts in modern e-commerce environments. The findings of this research highlight the potential of combining contextual risk analysis with intelligent machine learning models to strengthen authentication mechanisms in online commerce platforms. The proposed framework contributes to the development of more secure and adaptive access control systems capable of mitigating emerging cybersecurity threats in digital marketplaces.
Downloads
References
H. F. Atlam, A. Alenezi, R. J. Walters, G. B. Wills, and J. Daniel, "Developing an adaptive Risk-based access control model for the Internet of Things," in 2017 IEEE international conference on internet of things (iThings) and IEEE green computing and communications (GreenCom) and IEEE cyber, physical and social computing (CPSCom) and ieee smart data (SmartData), 2017: IEEE, pp. 655-661.
S. Wiefling, L. Lo Iacono, and M. Dürmuth, "Is this really you? An empirical study on risk-based authentication applied in the wild," in IFIP International Conference on ICT Systems Security and Privacy Protection, 2019: Springer, pp. 134-148.
T. Karunaratne, "Machine learning and big data approaches to enhancing e-commerce anomaly detection and proactive defense strategies in cybersecurity," Journal of Advances in Cybersecurity Science, Threat Intelligence, and Countermeasures, vol. 7, no. 12, pp. 1-16, 2023.
T. Shehzadi, "Strengthening eCommerce Transaction Security through Multimodal Biometric Authentication Systems," Baltic Journal of Multidisciplinary Research, vol. 2, no. 3, pp. 86-92, 2025.
V. H. Podapati, D. Nigam, and S. Das, "SoK: a systematic review of context-and behavior-aware adaptive authentication in mobile environments," in International Symposium on Human Aspects of Information Security and Assurance, 2025: Springer, pp. 406-419.
N. R. Vudathala, "AI-Driven Risk-Adaptive App Architecture: A Dynamic Approach to Authentication and Security in Mobile Applications," Journal Of Engineering And Computer Sciences, vol. 4, no. 7, pp. 911-916, 2025.
A. Mutemi and F. Bacao, "E-commerce fraud detection based on machine learning techniques: Systematic literature review," Big Data Mining and Analytics, vol. 7, no. 2, pp. 419-444, 2024.
S. Kumari, C. Prabha, A. Karim, M. M. Hassan, and S. Azam, "A comprehensive investigation of anomaly detection methods in deep learning and machine learning: 2019–2023," IET Information Security, vol. 2024, no. 1, p. 8821891, 2024.
S. Oduri, "Continuous authentication and behavioral biometrics: Enhancing cybersecurity in the digital era," International Journal of Innovative Research in Science Engineering and Technology, vol. 13, no. 7, pp. 13632-13640, 2024.
