CA RiskMinder Administration Guide › Managing Global Configurations › Managing Global Rule Configurations › Deploying New Device-Based Rules › Creating the Device User Velocity Rule

Creating the Device User Velocity Rule

The existing Device Velocity Check rule checks if there are frequent transactions by one or more users from a particular device, exceeding a defined velocity. This can result in inaccurate results in cases where a single device is shared by many users. The new Device User Velocity rule allows a device to be used by n distinct users in any configured duration. If the device is used by more than n distinct users in the configured duration, then it indicates fraudulent activity.

It is based on the following parameters:

• Number of Distinct Users Allowed Per Device

  Denotes the number of distinct users performing transactions using a specified device, irrespective of whether the risk evaluation resulted in success or failure.

  The default value for this parameter is 5.

• Time Interval

  Denotes the time period in which the number of transactions are tracked.

  The default value for this parameter is 60.

• Unit for Time Interval

  Denotes the unit in which the time period is measured.

  The default value for this parameter is Minutes.

For example, consider a configuration of 5 transactions per device in 60 minutes. This rule is not triggered when User1 performs five transactions per hour from Device1. But if there are transactions from five different users using Device1 in one hour, then this rule is triggered.

To create the Device User Velocity rule:

1. Ensure that you are logged in as a GA.
2. Activate the Services and Server Configurations tab.
3. Under the Rules Management section on the side-bar menu, click the Rules and Scoring Management link.

   The Rules and Scoring Management page appears.

4. From the Select the Ruleset list, select the ruleset for which this configuration is applicable.

   The configuration information for the specified ruleset appears.

5. Click Add a New Rule.

   The RiskFort Rule Builder page appears.

6. Enter the Name, Mnemonic, and Description of the rule that you want to create.
7. Select the Channels and Actions for which this rule is applicable.
8. Build the rule fragment, as follows:
   1. From the Device Elements list, select DEVICEID.
   2. Select VELOCITY_DISTINCT_USER from the Select Operator list.
   3. Specify the number of distinct users performing transactions from the device in the Greater than field.
   4. Specify the time interval.

      This value denotes the maximum number of transactions (within the specified time interval) that is considered safe for a device for n distinct users. If the actual number of transactions within the specified time exceeds this number, then RiskMinder tracks the transaction as a risk, which results in the matching of the Device User Velocity rule.

   5. Select the unit for the time interval from the drop-down list.
   6. Click Add to build the rule fragment.
9. Click Create at the bottom of the Rule Builder page to create the rule.

   The changes are not yet active and are not available to your end users.

10. To make the changes active, you must migrate them to production.

    See "Migrating to Production" for instructions to do so.

11. Refresh all deployed RiskMinder Server instances.

    See "Refreshing the Cache" for instructions on how to do this.