The three traditional authentication factors, while a useful construct, may not adequately describe certain measures that are aimed less at positively identifying a legitimate user, than at disqualifying or screening out a probable impostor. Indeed, a number of authentication measures may have more value as “negative” than as “positive” measures. For example, the Internet protocol (IP) address of a user’s computer or device provides information about the location of a user’s computer or device. Because the IP address can be spoofed by a fraudster, the IP address may serve only as corroborating (but not conclusive) evidence that a user’s computer is located in an expected geographic locale (as opposed to a foreign country). However, if an IP address indicates that a user is abroad, this fact may itself be suggestive of fraudulent activity, particularly if the user in question has not previously logged in from foreign IP addresses. Similarly, whereas a user’s ability to provide his or her address of record may be of limited value as a “positive” authentication measure, a user’s inability to provide this information may be stronger evidence of potentially fraudulent activity. Back