Risk Score and Advice

CA RiskMinder Windows Installation Guide › Understanding the Basics › Introduction to RiskMinder › Risk Score and Advice

Risk Score and Advice

Based on the result of the execution of each rule that Rules Engine provides, the Scoring Engine evaluates the score of each rule in the order of priority set (by the administrator) and returns the score corresponding to the first rule that matched.

For example, consider that you have configured these rules in the following order:

Negative IP (say, with a score of 85)
User Velocity (say, with a score of 70)
High Amount Check (say with a score of 80)
Device Velocity (say, with a score of 65)

Note: High scores are typically assigned to rules that are more critical.

If RiskMinder determines that a transaction is coming from a negative IP address, then it returns a score of 85 (Deny), based on the first configured rule that matched. If another transaction exceeds the configured Device Velocity, then RiskMinder returns a score of 65.

The risk score that is generated by the Scoring Engine is an integer from 1 through 100. RiskMinder then uses this risk score to generate the corresponding advice and returns this advice to your application.

The following table shows the default out-of-the-box risk score and corresponding advice matrix. You can configure these ranges according to your organization policies and requirements.

Score Value (From)	Score Value (To)	Advice	Default Recommended Action
0	--	--	The rule is executed but is not used for scoring.
1	30	ALLOW	Allow the transaction to proceed.
31	50	ALERT	Take an appropriate action. For example, if the user name is currently unknown, then on getting an alert you can either redirect it to a Customer Support Representative (CSR) or you can create a user in RiskMinder.
51	70	INCREASEAUTH	Perform additional authentication before proceeding any further.
71	100	DENY	Deny the transaction.

Based on the data that is received, RiskMinder generates any of the following advice:

ALLOW: RiskMinder returns ALLOW, if the risk score associated with the transaction is low.
ALERT: If a user who is not registered with RiskMinder tries to log in, then ALERT is returned.
INCREASE AUTHENTICATION: When RiskMinder detects a suspicious transaction, it flags the transaction with INCREASE AUTHENTICATION and it advises the application to force the user for secondary authentication.
For example, when a user registered with RiskMinder attempts a transaction from a device that is not yet recognized by RiskMinder, then the user must undergo secondary authentication (such as OTP or QnA) with your application.
DENY: RiskMinder returns the DENY advice when a high risk score is associated with the transaction.

The following figure illustrates the advice that RiskMinder returns.