The Risk Evaluation Web service (evaluateRisk in ArcotRiskFortEvaluateRiskService.wsdl) is the interface to RiskMinder Server. This Web service provides the logic for evaluating the risk associated with a transaction and returning an appropriate advice. Based on various factors collected from the user’s system and the result of configured rules that are triggered, this Web service returns a score and a corresponding advice, in addition to other related details.
If RiskMinder recommends additional authentication (which must be performed by your application), the Post Evaluation Web service (postEvaluate in ArcotRiskFortEvaluateRiskService.wsdl) returns a final advice based on the feedback of this secondary authentication received from your application.
During risk evaluation, a Device ID is passed to the Web service, which is then used by RiskMinder Server to form a user-device association in the database. The Device ID is stored on the end user's device.
This association (or device binding) helps identify the risk for transactions originating from the user’s system for a transaction. Users who are not bound are more likely to be challenged before they are authenticated. You can list and delete these associations by using the listAssociations and deleteAssociation Web services (in ArcotRiskFortEvaluateRiskService.wsdl), respectively.
Note: Users can be bound to more than one device (for example, someone using a work and home computer) and a single device can be bound to more than one user (for example, a family sharing a computer).
Refer to "Performing Risk Evaluation and Managing Associations" for more information on how to use the Risk Evaluation Web service.
|
Copyright © 2013 CA.
All rights reserved.
|
|