. . "To meet the guidance, the bank purchased a ???premium package??? from a security vendor and implemented a multifactor authentication security procedure with six features: (1) user ID and password; (2) device authentication using a cookie; (3) risk profiling using an algorithm that assigned a risk score to each login and transaction based on factors such as location, IP address and size, type, and" . . .