Performing Post Evaluation

RiskMinder Web Services Developer's Guide › Performing Risk Evaluation and Managing Associations › Performing Post Evaluation

Performing Post Evaluation

The Post Evaluation operation accepts input from the Risk Evaluation operation and updates the device signature and other information for the specified user, if it changed. This operation also creates or updates user-device associations, if required.

To perform the subsequent post-evaluation after you have completed the risk evaluation of a transaction, you must use the RiskFortEvaluateRiskSvc service (available through ArcotRiskFortEvaluateRiskService.wsdl). This service represents the client-side interface to RiskMinder Server’s post-evaluation functionality and exposes the supported operations.

This section walks you through the following topics:

Preparing the Request Message
Invoking the Web Service
Interpreting the Response Message

Preparing the Request Message

You must use the postEvaluateRequest message to perform post-evaluation tasks. The following table lists the elements of this request message.

Element	Mandatory	Description

callerId	No	Unique transaction identifier that your calling application can include. This identifier helps in tracking related transactions.
Risk Assessment Elements
advice	Yes	An action (ALERT, ALLOW, DENY, INCREASEAUTH) obtained from the riskAssessment element of the evaluateRiskResponse message.
outputDeviceID	Yes	The Device ID (cookie) obtained from the riskAssessment element of the evaluateRiskResponse message.
score	Yes	The score obtained from the riskAssessment element of the evaluateRiskResponse message.
matchedRuleMnemonic	Yes	Obtained from the riskAssessment element of the evaluateRiskResponse message, the rules that matched and for which RiskMinder flagged the transaction as risky.
ruleAnnotation	Yes	The result of execution of all rules (or the reason for score and advice), as obtained from the riskAssessment element of the evaluateRiskResponse message.
transactionID	Yes	Unique transaction identifier received from the riskFortSuccess element of evaluateRiskResponse message. Your application can include this identifier for tracking purposes.
deviceContext	No	The MFP details of the end-user’s device obtained from the riskAssessment element of the evaluateRiskResponse message. This element is further described by the following attributes: aggregatorID The unique ID of the third-party vendor who provides account aggregation services by collating specified information of users across multiple enterprises. deviceIDs Defined by the DeviceIDItem element, this element describes the unique identifier information to identify and track the device that the end user uses to log in to your online application and perform transactions: – deviceIDType: The string that identifies the storage type that is used to store the Device ID. -- DeviceIDValue: The corresponding value for deviceIDType. Note: You can add more than one DeviceIDItem element, with deviceIDType and DeviceIDValue pairs. deviceSignature The Machine FingerPrint (MFP) that RiskMinder’s MFP Collector builds this on the client-side. This signature contains information related to the end-user’s device, such as browser details, system details, plug-in details, and screen width. shortDeviceSignature The short form of the deviceSignature.
locationContext	No	The transaction location details, obtained from the riskAssessment element of the evaluateRiskResponse message. This element is further described by the following attributes: clientIPAddress The Internet Protocol (IP) address of the end-user system in the public address space. Not mandatory. longitude A floating point number, with positive numbers representing East and negative numbers representing West. Not mandatory. latitude A floating point number, with positive numbers representing North and negative numbers representing South. Not mandatory. continent The continent from where the transaction originated: – Africa – Antarctica – Asia – Australia – Europe – North America – Oceania (Melanesia, Micronesia, Polynesia) – South America country The country from where the transaction originated. Not mandatory. countryISO2 The two-letter country code (as defined in ISO 3166-1) from where the transaction originated. Not mandatory. region The district or territory from where the transaction originated. Not mandatory. state The first-level administrative division within each country (if one exists) from where the transaction originated. Not mandatory. city The city from where the transaction originated. Not mandatory. connectionType The type of data connection between the end-user’s device and their Internet Service Provider (ISP): – Satellite: High-speed broadband links between a user and a geosynchronous satellite. – OCX: The OC-3 circuits and OC-48 circuits that are used by large backbone carriers. – TX: Old links of type T-3 circuits and T-1 circuits. – Frame Relay: High-speed alternatives to TX. – Dialup: Modems that operate at 56kbps. – Cable: Cable modem broadband circuits, primarily offered by cable TV companies. – DSL: Digital Subscriber Line broadband circuits that include aDSL, iDSL, and sDSL. – ISDN: High-speed Integrated Services Digital Network technology with specialized modems and switches. – Fixed Wireless: Wireless connections where the location of the receiver is fixed. – Mobile Wireless: Wireless connections where the location of the receiver is mobile. lineSpeed The speed of the user’s Internet connection. This is based on connectionType.
userContext	Yes (userName is mandatory)	The user details, obtained from the riskAssessment element of the evaluateRiskResponse message. This element is further described by the following attributes: orgName The name of the organization to which the end user belongs. This attribute is optional. userName The name of the user who performed the transaction. This attribute is mandatory.
transactionContext	No	The transaction details, obtained from the riskAssessment element of the evaluateRiskResponse message. This element is further described by the following attributes: action The type of transaction performed by the user, which can be: – Login – Wire Transfer – Any other value that you specify through your application channel The channel from which the transaction originated: – Web: Transactions initiated through a Web browser. The originator may be a computer, smart phone, tablet, or set-top box. – SMS: Transactions initiated through SMS messaging. – App: Transactions initiated through smart phone, tablet application, or set-top box embedded applications. – 3DSecure: Online transactions initiated using credit card or debit card. – ATM: Transactions initiated through an Automated Teller Machine. – PoS: Transactions initiated at physical point of sale.
additionalOutput	No	Enables you to set additional outputs that you got from RiskMinder’s risk evaluation request. In such cases, you need to set the extra information in name-value pairs. name: The name with which you want to create the key pair. value: The corresponding value for name. Note: You can add more than one of these elements.
Secondary Authentication Status Element
secondaryAuthenti cationStatus	Yes	The result of the additional authentication that your application might have performed based on the advice obtained from the riskAssessment element of evaluateRiskResponse: 0: Indicates that your application denied the transaction. 1: Indicates that the transaction was allowed.
Association Element
associationName	No	The string identifier for the user-to-device association in the system.
Administration Context Type Elements
adminContextType	No	The administrator details, as described by orgName, adminName, and locale, who initiated the Web service call.
adminContextType/ orgName	No	The name of the organization to which the administrator who initiated the Web service call belongs.
adminContextType/ adminName	No	The name of the administrator who initiated the Web service call.
adminContextType/ locale	No	The locale used by the administrator.
Additional Input Elements
additionalInput	No	Enables you to set additional inputs if you want to augment RiskMinder’s post-evaluation capability by specifying additional information. In such cases, you need to set the extra information in name-value pairs. name (The name with which you want to create the key pair.) value (The corresponding value for name.) Note: You can add more than one of these elements.

Invoking the Web Service

To perform post-evaluation tasks:

(Optional) Include the authentication and authorization details in the header of the postEvaluate operation. See "Managing Web Services Security" for more information on the header elements.
Use postEvaluateRequest elements to set the required information, as listed in the table.
Use the postEvaluateRequest message and construct the input message by using the details specified in the preceding step.
Invoke the postEvaluate operation of the RiskFortEvaluateRiskSvc service for post evaluation of a transaction.
This operation returns the postEvaluateResponse message that includes the final risk advice, indicating whether the result was updated successfully, and the transactionID. See the following section for more information on the response message.

Interpreting the Response Message

The response message, postEvaluateResponse, returns the final risk advice, indicating whether the result was updated successfully, and the transactionID in the SOAP envelope header. These elements are explained in the following table. The SOAP body returns a success message if the operation was performed successfully. If there are any errors, then the riskfortFault response is returned. See appendix, "Exceptions and Error Codes" for more information on the SOAP error messages.

Element	Description

isAllowAdvised	Contains the final risk advice, generated as a result of post evaluation: true: Indicates the final advice was ALLOW. false: Indicates the final advice was DENY.
RiskFort Success Elements
riskFortSuccess	Contains the string that indicates whether the information was successfully updated in the database or not.
transactionID	The unique transaction identifier.