Risk Analytics November Release 23.R2

The services and endpoints listed below will be removed with the next version. We recommend customers who are using any of these services and endpoints to migrate to the OneSpan Trusted Identity platform API before December 31, 2023!

For every removed service, a replacement is already available in the OneSpan Trusted Identity platform API.

In the Risk Analytics API Reference service API, the following services will be removed:

• eventvalidation (v2)

• transaction (v2)

• bulkfile-upload (v1)

The following standalone services which are not part of a service API will also be removed:

• eventvalidation (v1)

• login (v1)

• transaction (v1)

• checksessionstatus (v1)

• fido-metadata

Rule design can now be based on a "four eyes" principle, maker–checker authorization, to separate duties and comply with certain regulations. This process requires two different individuals to complete certain tasks, i.e. certain operations initiated by one individual (maker) can only be executed after approval by another individual (checker). Accordingly, as prerequisite for using this feature, the role for the maker-users must contain the Enable access to Hierarchy and Enable access to Hierarchy in maker mode clearances, and the role for the checker-users must contain the Enable access to Hierarchy and Enable access to Hierarchy in checker mode clearances.

Maker–checker authorization for rule management is based on the following main principles:

• All maker–checker authorization applies at the Campaign level

• The Edit mode for makers is only allowed for inactive campaigns

• Makers submit their changes by requesting to toggle a campaign on or off

• Validation by a checker is performed by accepting or rejecting the toggle actions

Using maker–checker authorization is optional.

For more information, refer to OneSpan Risk Analytics Administrator Guide.

While completing some alerts in batch with the Complete 50 action on the Risk & Relationship Management page, some of the completed alerts were randomly failing to reference the corresponding relationship, making it impossible to access the customer details from the related alert.

This issue has been fixed.

Potential failure of some factor computations was observed when maintenance operations or failover occurred with the Couchbase cluster nodes used by Risk Analytics in the TID infrastructure.

This issue has been fixed.

The Role administration section in the Risk Analytics Administrator Guide does not mention that the user role with the ADMIN_ROLE permission rights cannot be changed to another role.

This issue has been fixed. The Risk Analytics Administrator Guide has been updated to include information about the default roles for master and non-master administrators.

When a mobile event was sent to the Data Collector web service with coordinates of a location in Kosovo, a lookup error was generated in the Risk Analytics logs. This error occurred because the Risk Analytics Geolocation Services returned the country code XK which is based on the GIS coordinate (Risk Analytics GIS Location Service for mobile events). The XK code, however, was not included in the internal country code table since this table is based on the ISO list of country codes.

This issue has been fixed. The XK country code was added to the Risk Analytics country reference table.

The model underlying the Data on Session report aggregated data from transactions and non-monetary events in a single source. This, however, caused problems with the indexing and brought the CPU load almost to the maximum, when used.

This issue has been fixed. The report model has been optimized to prevent long database queries. This now allows to use separate indexes for transactions and non-monetary events, respectively.

Custom event types were not correctly exported from Risk Analytics Presentation Service. When certain custom event types (transactions as well as non-monetary events) were created and exported, they were correctly created as TXN or NME types but were not added to the dashboard data upon import.

This issue has been fixed. A script was added to ensure correct import of the event types and to take into account manually created custom events.

In the SUPERVISE & INVESTIGATE tab of the Presentation Service, the Notification page was related to a historical feature that has already been deprecated and no longer applicable since a long time. This page has now been removed.