CA Risk Authentication Administration Guide › Configuring Callouts › Understanding Callouts › Types of Callouts › Evaluation Callout

Evaluation Callout

An Evaluation Callout is executed as part of risk evaluation. If an Evaluation Callout is implemented, then:

1. CA Risk Authentication executes all Standalone and Combination rules and invokes the Callout framework.
2. The CA Risk Authentication Callout framework formats the data in XML format.
3. The CA Risk Authentication Callout framework performs an HTTP or HTTPS POST of the following information to your Evaluation Callout:
   • Context information (such as User name, IP address, and Device ID) that is passed to each CA Risk Authentication Evaluation rule.
   • Rule results for each Evaluation rule that was executed.
   • Additional Inputs, if any, that are provided by the CA Risk Authentication SDK to CA Risk Authentication Server as input data.
4. Your Callout uses the data passed by CA Risk Authentication to process its custom logic.
5. Your Callout then returns the following information to CA Risk Authentication:
   • Rule result in the form of Y (SUCCESS) or N (FAILURE).
   • Modifier string with additional information, if any, to be used by the Scoring Callout (if implemented.)

   Note: CA Risk Authentication Server does not process the modifier string at all. If a Scoring Callout also has been implemented, then CA Risk Authentication Server POSTs this data to the Scoring Callout.

   • Annotation string that contains the reason or the description sent back to CA Risk Authentication Server.

   Note: This information is used for logging (in the database), reporting, and auditing purposes.

6. CA Risk Authentication Server logs the information returned by your Callout.