Skip to content

Risk Management

This section is used to set up the risk chains, which are used to define the authentication process, and the risk adapters defined in the chain. The sequence in which cardholder credentials are passed to the risk adapters is also defined in the chain. Each risk chain adapter defines a condition, actions to be taken if the condition is met or not met, a match score, together with the number of transactions which must have been performed and on how many days.

For further information about risk-based authentication and risk chains and risk adapters, refer to risk-engine-adapter.

System Management > Authentication Management > Risk Management

This page displays:

  • A list of Risk Chains and for each Risk Chain:

    • Checkbox to Select it

    • Chain ID link to Edit Risk Chain

    • A list of Adapters that are enabled for the risk chain

    • Link to Configure risk adapters for the risk chain

  • Delete button to delete selected risk chains

  • Link to Add Risk Chain

  • Link to Risk Adapter Management

Add / Edit Risk Chain

System Management > Authentication Management > Risk Management > Add / Edit Risk Chain

Use the following fields to complete this page:

  • Chain ID

  • Authentication Method Score Range - Based on the risk score (a value between 0 and 100) returned from the risk evaluation, the ranges defined in the following fields will indicate which authentication method should be used for authenticating the cardholder for each risk score.

    • Score range for frictionless - if the risk score falls within this range, the cardholder will be authenticated frictionlessly and authentication method will be 99.
    • Score range for frictionless with review - if the risk score falls within this range, the cardholder will be authenticated frictionlessly and authentication method will be 97.
    • Score range for static password - if the risk score falls within this range, the cardholder will be required to authenticate using static authentication data that has previously been assigned to them, e.g. static password.
    • Score range for device - if the risk score falls within this range, the cardholder will be required to authenticate using an authentication device that has previously been assigned to them, e.g. SMS OTP, Email OTP, Vasco, OOB, etc. If the cardholder has multiple devices assigned, a device selection page will be displayed to them during the authentication process and they will be required to select a device from the available devices.
    • Score range for OOB - if the risk score falls within this range, the cardholder will be required to authenticate using the authentication method utilised by the OOB service, e.g. biometrics, push notifications, etc.
    • Score range for decline - if the risk score falls within this range, the authentication will be rejected.

    Info

    • The ranges defined must fully cover the range between 0 and 100
    • Each range must have a begin and end value
    • It is not required to have a score range for every authentication method. The score range for some authentication methods can be left blank if these authentication methods are not used by the issuer.
    • The ranges can be defined in your preferred order, e.g. OOB can have a lower score range than device.
    • Ranges can not overlap.

    Example 1

    Score range for frictionless: 0..40

    Score range for static password: 41..50

    Score range for device: 51..60

    Score range for OOB: 61..80

    Score range for decline: 81..100

    Example 2

    Score range for frictionless: 0..40

    Score range for static password:

    Score range for device: 61..100

    Score range for OOB: 41..60

    Score range for decline:

  • Apply button to save changes

  • Back button to return to the Risk Chains page.

Configure Risk Chain

System Management > Authentication Management > Risk Management > Configure Risk Chain

In this section, available Risk Adapters can be enabled/disabled, configured and prioritized for the corresponding risk chain.

This page displays:

  • Chain ID

  • A list of available Risk Adapters that can be configured for this Risk Chain, and for each Risk Adapter:

    • Checkbox to Select it. Risk Adapters can only be selected if they have been configured.

    • Adapter ID link to Configure Risk Adapter

    • Move Up and Move Down arrows to change the Priority of the risk adapter, i.e. the order in which the risk adapter is used in the risk chain

    • Status

      • Not configured
      • Configured

  • Enable button to enable selected risk adapters

  • Disable button to disable selected risk adapters

  • Back button to return to the Risk Management page.

Configure Risk Adapter

System Management > Authentication Management > Risk Management > Configure Risk Chain > Configure Risk Adapter

This page displays:

  • Adapter ID

  • Adapter name

Use the following fields to complete this page:

  • Condition which has been defined in the adapter and for each Condition:

    • Matched behaviour for when the Condition is matched

      • Continue

      • Finish

    • Mismatched behaviour for when the Condition is not matched

      • Continue

      • Finish

    • Matched score - the score produced when the condition is matched

    • Condition value - the transaction data is compared with this value to determine if it matches the condition or not.

  • Apply button to save changes

  • Back button to return to the Config Risk Chain page.

Risk Adapter Management

System Management > Authentication Management > Risk Management > Risk Adapter Management

The Risk Adapter Management page displays:

Register Risk Adapter

System Management > Authentication Management > Risk Management > Risk Adapter Management > Register Risk Adapter

Use the following fields to complete this page:

  • dc_new.png Adapter ID can be entered by the user or generated by the system

  • Adapter name

  • Select Risk adapter connector from the drop down list

  • dc_new.png Generate button to generate Adapter ID by the system

  • Apply button to save changes

  • Back button to return to the Risk Adapter Management page.

Edit Risk Adapter

System Management > Authentication Management > Risk Management > Risk Adapter Management > Edit Risk Adapter

Use the following fields to complete this page:

  • Adapter ID

  • Adapter name

  • Select Risk adapter connector from the drop down list

  • Apply button to save changes

  • Back button to return to the Risk Adapter Management page.

Risk Adapter Connector Management

System Management > Authentication Management > Risk Management > Risk Adapter Management > Risk Adapter Connector Management

This section is used to define one or more connectors for communicating with remote risk adapters, which are called by ActiveAccess for risk-based authentication.

Note

To establish a secure connection with Risk Adapters, you may need CA Certificates and a keystore.

The Risk Adapter Connector Management page displays:

  • A list of Risk Adapter Connectors and for each Risk Adapter Connector:

  • Delete button to delete selected risk adapters

  • Back button to return to the Risk Adapter Management page

  • Link to Add Risk Adapter Connector.

Add / Edit Risk Adapter Connector

System Management > Authentication Management > Risk Management > Risk Adapter Management > Risk Adapter Connector Management > Add / Edit Risk Adapter Connector

Use the following fields to complete this page:

  • Name of the Risk Adapter Connector

  • URL of the Risk Adapter Connector

  • Connection timeout

  • Read timeout

  • Apply button to save changes

  • Back button to return to the Risk Adapter Connector Management page.

Upload Connector Encryption Key

System Management > Authentication Management > Risk Management > Risk Adapter Management > Risk Adapter Connector Management > Upload Connector Encryption Key

Use the following fields to complete this page:

  • Risk adapter connector - choose the name of the adapter connector you want to assign an encryption key to

  • Encryption KeyStore - click on Browse to locate and select an encryption key file to upload. The No file selected message will be replaced with the name of the file to be uploaded. The system uses the AES (128 bits) key contained in the JKS KeyStore in order to encrypt/decrypt cardholder data that is being transferred between ActiveAccess modules and Adapter. Issuers must ensure that this AES key is used in encrypting and decrypting cardholder data at other external hosts.

  • KeyStore password - password of the uploaded JKS KeyStore file

  • Apply button to save changes

  • Back button to return to the Risk Adapter Connector Management page.