CA RiskMinder Administration Guide › Managing Global Configurations › Managing Global Rule Configurations › Deploying New Device-Based Rules › Creating the Device User Maturity Rule

Creating the Device User Maturity Rule

The User Not Associated with DeviceID rule evaluates transactions by checking the association between the user and the device, irrespective of the time the association was created. If the user-device association exists, then the transactions receive a low risk score. There might be cases where fraudsters can reset a user's password and associate themselves with the device. In such cases, evaluating the transaction based only on the User-Device association might not be sufficient to rule out fraudulent activity.

The Device User Maturity rule enables setting a level of trust in the device. For example, a User-Device association that has existed for a month, assuming that there has been no fraudulent activity identified for that user or device, should be more trusted than a User-Device association that has been established recently.

It is based on the following parameters:

• Number of Successful Transactions per User-Device Association

  Denotes the number of successful transactions identified by RiskMinder for a specified User-Device association.

• First Successful Transaction

  Denotes the time (in days) before which the first successful transaction was identified.

These parameters determine the strength of the User-Device association. The Device User Maturity rule returns True if the user has used the device for at least the specified number of days and the number of successful transactions is greater than or equal to the configured value.

To create the Device User Maturity rule:

1. Ensure that you are logged in as a GA.
2. Activate the Services and Server Configurations tab.
3. Under the Rules Management section on the side-bar menu, click the Rules and Scoring Management link.

   The Rules and Scoring Management page appears.

4. From the Select the Ruleset list, select the ruleset for which this configuration is applicable.

   The configuration information for the specified ruleset appears.

5. Click Add a New Rule.

   The RiskFort Rule Builder page appears.

6. Enter the Name, Mnemonic, and Description of the rule that you want to create.
7. Select the Channels and Actions for which this rule is applicable.
8. Build the rule fragment, as follows:
   1. From the Transaction Elements list, select USERNAME.
   2. Hold the CTRL key, and select DEVICEID from the Device Elements list.
   3. Select MATURITY from the Select Operator list.
   4. Specify the number of successful transactions.
   5. Specify the number of days before which the first successful transaction took place.
   6. Click Add to build the rule fragment.
9. Click Create at the bottom of the Rule Builder page to create the rule.

   The changes are not yet active and are not available to your end users.

10. To make the changes active, you must migrate them to production.

    See "Migrating to Production" for instructions to do so.

11. Refresh all deployed RiskMinder Server instances.

    See "Refreshing the Cache" for instructions on how to do this.