With Risk-based authentication, the issuer bank (cardholder’s bank) decides whether second-factor authentication is required or whether it can be bypassed for each card transaction. This decision to skip AFA is based on the 50+ additional data points that are collected by card networks (Visa, ...