Follow

Risk Suite v0.9.2

optile's Risk Suite offers the functionality to help you prevent fraud and manage your risk. Our Risk Suite is continuously evolving and currently you can choose to block specific transactions when those transactions meet certain conditions. These conditions could be Simple Conditions, Aggregate Conditions or a Combination of Conditions (i.e., conditions combined with AND in a single rule).

 

Create Risk Rules

Currently there is no graphical user interface for our Risk Suit, however the process to configure your Risk Rules is simple and efficient. You just need to download the ‘Risk Rule Configuration Request' excel file, complete the 'Rules' tab and send this file to our Support team (support@optile.net).  Remember to specify if the changes should be applicable to the Live or the Sandbox environment. If not explicitly specified, we would apply the changes to Sandbox as a default

Our support team will check the rules for logic and organize the configuration on your behalf.  Once the Risk Rules have been configured you will receive your file back with confirmation the rules have been configured and each Risk Rule will be given a Risk ID.

In the future, if you require the rules to be modified or deleted you can communicate this with the us via email (support@optile.net). To modify or delete an existing rule we will need the Rule ID which we provided when the rule was created. You can easily note this in the Risk Rule Configuration Request file that we returend to you whan the Risk Rules were created.

 

Simple Rule Conditions

A simple condition checks only the current transaction with regard to the a single ‘Dimension’.  Simple conditions block a transaction if a parameter of the transaction (a dimension) has (or not) the determined value. For example,

  • Block if IP Country has value ‘US’
  • Block if IP Country doesn’t have the same value as Issuing Country
  • Block if Email Address contains ‘noreply’

You can create your simple conditions using the nine dimensions for simple conditions below:

 

Dimensions for simple conditions                                                                                            

  1.    IP Address - the end customer's IP address.
  2.    IP Country - The country where the end customer’s IP address emanates.
  3.    IP Continent - The continent where the end customer’s IP address emanates.
  4.    BIN - The Bank Identification Number which is the first 6 digits of a credit card.
  5.    Issuing Country - The country where the credit card was issued.
  6.    E-Mail Address - The full e-mail address of your end customer.
  7.    E-Mail Local part - the first part of the e-mail address before the "@" sign.
  8.    E-Mail Domain - the  part of the e-mail address after the "@" sign.
  9.    Division – Merchants division (shop) code.
  10.   Transaction Country - The country specified in the transaction request to optile

 

Example of simple conditions:

  1. Block if value of [Dimension] 'has' or 'has not' value "X" - examples:
    • [IP Country] 'has not' value "Germany". This rule matches all end customers with an IP address not from Germany and blocks these transactions.
    • [E-Mail Domain] 'has' value "hotmail.com". This rule matches all end customers using an email address ending in "@hotmail.com" and blocks these transactions.
  2. Block if value of [Dimension] 'has' or 'has not' the same value as [Dimension] - example:
    • [IP Country[ 'has not' the same value as [Issuing Country]. This rule matches and blocks the transactions where the credit card is issued in a country other than the GeoIP location of the end customer.
  3. Block if value of [Dimension] 'contains' or 'does not contain' substring "X" - example:
    1. [E-Mail Domain] 'contains' substring "yahoo.". This rule matches and blocks all end customers using an email address containing "yahoo." after the "@" - so this would match "@yahoo.de", "@yahoo.com" and "@yahoo.fr" email addresses (among others).

 

 

Aggregate Conditions

 An Aggregate condition checks the current transaction in the context of the past transactions. There are two types of aggregated conditions:

 

Aggregated condition type 1

Block a transaction if there would be more than [N] transactions for the same 'Aggregation Parameter' in 'Time Period'. For example,

  • Block if there would be more than 3 transactions for the same Payment Account in 24 hours.
  • Block if there would be more than 15 transactions for the same Customer number in 30 days.

 

You can create your type 1 aggregate condition using one the following four aggregate dimensions (1-4) below and a time period.

 

Aggregate condition type 2

Block a transaction if there would be more than [N] different values for a transaction parameter (Dimension for aggregated conditions below) for the same Aggregation Dimension in Time period. For example,

  • Block if there would be more than 3 different Customer IP Addresses for the same Payment Account in the last 24 hours.
  • Block if there would be more than 7 different Customer Numbers for the same Payment Account in the last 30 days.
  • Block if there would be more than 5 different Customer IP Addresses for the same Payment Account in the last 14 days.
  • Block if there would be more than 5 different Customer Numbers for the same Customer IP address in the last 1 day.

 

You can create your type 2 aggregate conditions using the eleven dimensions below and a time period:

 

Dimensions for type 2 aggregated parameters

  1.   IP Address - the end customer's IP address.
  2.   Card / Account Number
  3.   Customer Number
  4.   E-Mail Address - The full e-mail address of your end customer.
  5.   IP Country - the country where the end customer’s IP address emanates (only type 2 types).
  6.   IP Continent - The continent where the end customer’s IP address emanates (only type 2 types).
  7.   BIN - the Bank Identification Number which is the first 6 digits of a credit card (only type 2 types).
  8.   Issuing Country - The country where the credit card was issued (only type 2 condition types).
  9.   E-Mail Domain - the  part of the e-mail address after the "@" sign (only type 2 condition types).
  10.   Account Expiration Date (only type 2 condition types).
  11.   Transaction Country - The country specified in the transaction itself (only type 2 condition types).

 

Time period is a configurable period for transaction aggregation. It could be "the last 30 days" or "the last 12 hours"; it is always evaluated with regards to the exact time that the transaction was attempted.

 

Example of aggregate conditions:

  1. Block if more than "Number of" [dimension 1] for the same [dimension 2] in (Time period).

The (Time period) can be something like "the last 30 days" or "the last 12 hours"; it is always evaluated with regard to the exact time that the transaction was attempted. Only non-blocked transactions are counting towards the limit [N].

  • Block if more than "5" [transactions] for the same [Card/Account number] in the last (12 hours). this condition would block the 6th transaction attempt with the same a credit card within a 12 hour period. If first transaction is attempted at 2017-05-31 09:42:18 UTC, all transactions for this credit card after 2017-05-01 09:42:18 UTC are included.
  • Block if more than "3" [different Card/Account numbers] used for the for the same [email address] in the last (3 days). In this case, if a fourth card/account number is used for a customer with same email address within three days it would be blocked. 

If you have a rule that blocks transactions when "Number of transactions for the same payment account in 24 hours is greater than 3" and a transaction is attempted every hour,  the first 3 of these transactions will be allowed and the subsequent 21 transactions would be blocked. The next 3 transactions will be allowed again, as the 21 blocked transactions are not counted as transactions within the 24 hour time period.

 

 

 

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments