RiskMinder Web Services Developer's Guide › Understanding RiskMinder Workflows › Risk Evaluation Workflows › Post-Login Risk Evaluation Workflow

Post-Login Risk Evaluation Workflow

When a user accesses your online application, you can first log them in and then comprehensively assess them for potential risks by implementing this workflow. This workflow uses device identification information and other factors, such as network information, user information, and (if implemented) transaction information to evaluate users.

Based on the result of the evaluateRisk operation, RiskMinder determines whether to create an association and update the attributes during the postEvaluate operation:

• In the case of ALLOW, the user-device association information is updated.
• In the case of ALERT and DENY, the user-device association information is not updated at all.
• In the case of INCREASEAUTH, the user-device association information is updated, but the user association information is created only if the result of the additional authentication ("Secondary Authentication Workflow") was successful.

If you call RiskMinder’s risk analysis capability after you authenticate a user in to your online application, then the risk evaluation workflow is as follows:

1. User logs in to your online application.

   Your system validates if the user exists in the system. If the user is not valid, then your application must take appropriate action.

2. Your application collects information required by RiskMinder.

   Your application collects the following information from the user’s system that will be used by RiskMinder for analyzing the risk:

   • User system information that includes operating system, platform, browser information (such as browser language, HTTP header information), locale, and screen settings. Your application uses RiskMinder's Utility Script called riskminder-client.js to collect this information.
   • Device information that includes Device ID, which is stored on the end user's device.
   • Location information that includes the IP address and Internet Service Provider related information.
   • (Optionally, if you are using additional information) Additional Inputs that are specific to custom rules or the channel selected.
3. Your application calls RiskMinder’s evaluateRisk operation.

   Your application must call the evaluateRisk operation in RiskFortEvaluateRiskSvc. In this call, you must pass all the user and device information that you collected in Step 2 to RiskMinder.

4. RiskMinder performs risk analysis for the user.

   RiskMinder evaluates the risk using the incoming inputs and the configured rules. Based on the result of rules that were executed and whether the information matched, RiskMinder generates:

   • ALERT, if the information for the user does not exist in the RiskMinder database.
   • ALLOW, if the risk score is low.
   • DENY, if the risk score is high.
   • INCREASEAUTH, if the incoming information is suspicious.

   If the advice is INCREASEAUTH, then refer to "Secondary Authentication Workflow" for more information on how to proceed.

5. Your application takes the appropriate action by using RiskMinder’s recommendation.

   Based on the result of the evaluateRisk call, your application either allows the user to continue with the transaction, denies them access to the protected resource, or performs secondary authentication.

   See "Secondary Authentication Workflow" for more information.

6. Your application calls RiskMinder’s postEvaluate operation.

   At this stage, your application must call the postEvaluate operation in RiskFortEvaluateRiskSvc. Based on the output generated by the evaluateRisk call, this call helps RiskMinder generate the final advice and update the device and association information.

   In this call, you must pass the risk score and advice from the evaluateRisk call, the result of secondary authentication (if the advice in the previous step was INCREASEAUTH), and any association name, if the user specified one.

7. RiskMinder updates the device and association information.

   If any change is detected in the incoming data, RiskMinder updates the data and association information in the RiskMinder database.

The following figure illustrates the post-login risk evaluation workflow.

Post-Login Risk Evaluation Workflow