Challenges of the Risk Management Component
- 18 Oct 2024
- 4 Minutes to read
- DarkLight
Challenges of the Risk Management Component
- Updated on 18 Oct 2024
- 4 Minutes to read
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
Intelligent Adaptive Authentication with the Risk Management component can challenge the user in multiple aspects during login and adaptive authentication, event validation, or transaction activities.
Risk Management component challenges
When Intelligent Adaptive Authentication validates adaptive authentication and transaction requests, the response of this request to the Risk Management component includes the authentication or transaction validation challenge (specified in the riskResponseCode field). These challenges can then be used in the remaining processing flow. Risk management challenges provides a list of these challenges.
Risk management challenges | ||
Challenge name | Challenge value | Definition |
|---|---|---|
Challenge | 2 | Simple authentication, i.e. static password. |
ChallengeSMS | 3 | Simple authentication with SMS delivery, e.g. virtual OTP. |
ChallengeDevice | 4 | Challenge with authenticator, hardware or software OTP without a second factor. |
ChallengeDevice2FA | 5 | Challenge with authenticator and two factors, hardware OTP with static PIN, software OTP with PIN, biometric etc. |
ChallengePush | 6 | Simple authentication using Push Notification. |
ChallengePush2FA | 7 | Two-factor authentication using Push Notification. |
ChallengeEmail | 8 | Simple authentication with email delivery, e.g. virtual OTP. |
ChallengeVoice | 13 | Simple Authentication with delivery via voice call, using a virtual OTP. |
ChallengeFIDO | 14 | Authentication using a FIDO-based authenticator. |
ChallengeNoPin | 21 | Authentication without PIN from trusted device (using orchestration command). |
ChallengePin | 22 | Authentication with PIN from trusted device (using orchestration command). |
ChallengeFingerprint | 23 | Authentication with fingerprint from trusted device (using orchestration command). |
ChallengeFaceReco | 24 | Authentication with face recognition from trusted device (using orchestration command). |
Matched Risk Management component rules
Intelligent Adaptive Authentication also provides information about which of the rules defined in the Risk Management component for monetary and non-monetary events matched. The adaptive authentication or transaction validation returns identifiers based on the API field in the output. You can check these identifiers in the event lookup to see all details associated with this event and verify which of the Risk Management component rules have matched. Names of matched rules from the Risk Management component provides a list of these identifiers.
To retrieve information about matched rules for an event
Issue a request to retrieve the event ID with events/{eventID}.
Method: GET
Response body: eventID
The response body contains one or several of the values identified as non-monetary event in the Non-monetary event column of Names of matched rules from the Risk Management component.
You can check events for matched rules during adaptive authentication and event validation with the following endpoints:
POST /users/{userID@domain}/login
The responses of these endpoints also include the (optional) eventID field.
To retrieve information about matched rules for a transaction
Issue a request to retrieve the transaction ID with transactions/{transactionID}.
Method: GET
Response body: transactionID
The response body contains one or several of the values identified as transaction (i.e., monetary event) in the Transaction (monetary event) column of Names of matched rules from the Risk Management component.
You can check events for matched rules during adaptive transaction validation with the following endpoint:
POST /users/{userID@domain}/transactions/validate
The response of this endpoint also includes the (optional) transactionID field.
Names of matched rules from the Risk Management component | |||||
Event identifier | Risk Management component field | OneSpan Trusted Identity platform API field | Definition | ||
|---|---|---|---|---|---|
1 | ACCOUNT_REF | accountRef | ✓ | ✓ | Reference of the banking account. |
2 | AMT_CH_BILLL | amount | ✓ | Transaction amount. | |
3 | BENEFICIARY_BANK_COUNTRY_CODE | beneficiaryBankCountry | ✓ | ISO alpha country code of the beneficiary bank. | |
4 | BENEFICIARY_BANK_NAME | beneficiaryBank | ✓ | Name of the beneficiary bank. | |
5 | BENEFICIARY_IBAN | beneficiaryIBAN | ✓ | International bank account number of the beneficiary bank. | |
6 | BENEFICIARY_NAME | beneficiaryName | ✓ | Name of the beneficiary. | |
7 | CREDITOR_ACCOUNT_REF | creditorRef | ✓ | Reference of the creditor bank account. | |
8 | CREDITOR_BANK_COUNTRY_CODE | creditorBankCountry | ✓ | ISO alpha country code of the creditor bank. | |
9 | CREDITOR_BANK_NAME | creditorBank | ✓ | Name of the creditor bank. | |
10 | CREDITOR_IBAN | creditorIBAN | ✓ | International bank account number of the creditor bank. | |
11 | CREDITOR_NAME | creditorName | ✓ | Name of the creditor. | |
12 | CURRENCY_BILL | currency | ✓ | Currency of the transaction. | |
13 | CUSTOM_NUMBER_1 | customNumber1 | ✓ | ✓ | A customizable number to pass bank information to the Risk Management component. |
14 | CUSTOM_NUMBER_2 | customNumber2 | ✓ | ✓ | A customizable number to pass bank information to the Risk Management component. |
15 | CUSTOM_NUMBER_3 | customNumber3 | ✓ | ✓ | A customizable number to pass bank information to the Risk Management component. |
16 | CUSTOM_STRING_1 | customString1 | ✓ | ✓ | A customizable string to pass bank information to the Risk Management component. |
17 | CUSTOM_STRING_2 | customString2 | ✓ | ✓ | A customizable string to pass bank information to the Risk Management component. |
18 | CUSTOM_STRING_3 | customString3 | ✓ | ✓ | A customizable string to pass bank information to the Risk Management component. |
19 | CUSTOM_STRING_4 | customString4 | ✓ | ✓ | A customizable string to pass bank information to the Risk Management component. |
20 | CUSTOM_STRING_5 | customString5 | ✓ | ✓ | A customizable string to pass bank information to the Risk Management component. |
21 | CUSTOM_STRING_6 | customString6 | ✓ | ✓ | A customizable string to pass bank information to the Risk Management component. |
22 | DEBTOR_IBAN | debtorIBAN | ✓ | International bank account number of the debtor. | |
23 | DEBTOR_NAME | debtorName | ✓ | Name of the debtor. | |
24 | DEBTOR_REF | debtorRef | ✓ | Reference of the debtor bank account. | |
25 | DEVICE_ID | uniqueDeviceIdentifier | ✓ | ✓ | Device ID from the Mobile Security Suite CDDC SDK. |
26 | DEVICE_MODEL | deviceModel | ✓ | ✓ | Model of the device from the Mobile Security Suite CDDC SDK. |
27 | DIGIPASS_AUTH_TYPE | authentType | ✓ | ✓ | Authentication level. |
28 | DIGIPASS_RETURN_CODE | authentStatus | ✓ | ✓ | Result of the user authentication. |
29 | EXECUTION_COMPLETED | executionCompleted | ✓ | ✓ | Status of the rule execution. |
30 | FINGERPRINT_HASH | fingerprintHash | ✓ | ✓ | Fingerprint hash of the browser. |
31 | FINGERPRINT_RAW | fingerprintRaw | ✓ | ✓ | Fingerprint raw data (JSON) of the browser. |
32 | FRAUD_DATE | fraudDate | ✓ | ✓ | Date when the fraud disposition has been set. |
33 | FRAUD_DISPOSITION_KEY | fraudDispositionKey | ✓ | ✓ | Fraud disposition key. Value range:
|
34 | GIS_COUNTRY_CODE | deviceCountry | ✓ | ✓ | Country of the device location, from the Mobile Security Suite CDDC SDK latitude and longitude. |
35 | GIS_LATITUDE | deviceLatitude | ✓ | ✓ | Latitude of the device location, from the Mobile Security Suite CDDC SDK. |
36 | GIS_LONGITUDE | deviceLongitude | ✓ | ✓ | Longitude of the device location, from the Mobile Security Suite CDDC SDK |
37 | IP | clientIP | ✓ | ✓ | IP address from which the event originated. Formatted in dot-decimal notation. |
38 | IP_COUNTRY_CODE | clientIPCountry | ✓ | ✓ | ISO alpha country code from the client IP-based location data. |
39 | MATCHED_RULES | matchedRules | ✓ | ✓ | JSON object with a list of the names of matched rules from the Risk Management component. |
40 | NON_MON_EVENT_DATE | eventDate | ✓ | Date of the event. | |
41 | NON_MON_EVENT_ID | eventID | ✓ | Identifier of the event. | |
42 | NON_MON_EVENT_SUB_TYPE_KEY | eventSubTypeKey | ✓ | Number that represents the event sub-type. | |
43 | NON_MON_EVENT_SUB_TYPE_KEY | eventSubType | ✓ | Name of the event sub-type. | |
44 | NON_MON_EVENT_TYPE_KEY | eventTypeKey | ✓ | Number that represents the event type. | |
45 | RELATIONSHIP_REF | relationshipRef | ✓ | ✓ | Relationship reference. In the Risk Management component, a relationship represents one customer (irrespective of the number of applications or accounts held for that customer). |
46 | RESPONSE_CODE | riskResponseCode | ✓ | ✓ | The response code sent by the Risk Management component. |
47 | SESSION_ID | sessionID | ✓ | ✓ | The application session identifier, formatted as a hexadecimal string. This identifier is common for all transactions related to the same session. |
48 | TXN_DATE_TIME | transactionDate | ✓ | Date of the transaction. | |
49 | TXN_ID | transactionID | ✓ | Transaction identifier. | |
50 | TXN_SUB_TYPE_KEY | transactionSubTypeKey | ✓ | Number that represents the transaction sub-type. | |
51 | TXN_SUB_TYPE_KEY | transactionSubType | ✓ | Name of the transaction sub-type. | |
52 | TXN_TYPE_KEY | transactionTypeKey | ✓ | Number that represents the transaction type. | |
53 | USER_REF | userRef | ✓ | ✓ | Corporate user reference. |
Was this article helpful?