CA RiskMinder Administration Guide › Managing Global Configurations › Managing Global Rule Configurations › Editing Rule Definitions Using the Rule Builder › Configuring Zone Hopping

Configuring Zone Hopping

Zone hopping tracks successive transactions from the same user that occur at distant locations (separated by large distances) at a speed beyond what is reasonably possible within a short time span. For example, if Bob logs in from New York at 9 AM (GMT) and again from London at 10 AM (GMT), then the Zone Hopping Check rule will track the latter transaction as risky.

The Zone Hopping Check rule is based on the following parameters:

• Maximum Speed at which a User can Travel

  Denotes the maximum speed (S, in miles per hour) at which a user can physically travel using conventional transport, such as airplanes, cars, and trains.

  If the speed at which a user appears to have moved (in the time frame between two successive transactions) exceeds this pre-configured threshold speed (S), then RiskMinder considers it as a case of zone hopping.

  By default this value is 500 miles, but you can configure it by setting the value of the Maximum Speed at which a User can Travel field in the RiskFort Rule Builder page.

• Maximum Number of Users Sharing the Same User ID

  Sometimes, multiple users (for example, husband and wife) can use the same user name because they might be located in different zones. In such cases, RiskMinder must not consider this as a case of Zone hopping. For example, if husband logs in from New York at 10 AM (GMT) and wife from London at 11 AM (GMT), then RiskMinder will not mark these transactions as risky.

  By default this value is 1, but you can configure it to 2 by editing the Maximum Number of Users Sharing the Same Username field in the RiskFort Rule Builder page.

• Maximum Distance Tolerance for IP Address Locations

  Because of variation in location of the IP address provided by ISPs, a user's physical location (geographic latitude and longitude) cannot be determined to a high level of precision by using their public IP address. To address this, RiskMinder uses an uncertainty offset (U, in miles) to accommodate the variation in the physical location of the IP address from which the transaction originated.

  By default this variation is about 50 miles, but you can configure it by setting the value of Maximum Distance Tolerance for IP Address Location field in the RiskFort Rule Builder page.

To configure the Zone Hopping Check rule, perform the following steps:

1. Ensure that you are logged in as a GA.
2. Activate the Services and Server Configurations tab.
3. Under the Rules Management section on the side-bar menu, click the Rules and Scoring Management link.

   The Rules and Scoring Management page appears.

4. From the Select the Ruleset list, select the ruleset for which this configuration is applicable.

   The configuration information for the specified ruleset appears.

5. In the RULENAME column, click the Zone Hopping Check link.

   The RiskFort Rule Builder page appears.

6. Specify a value for the Maximum Speed at Which the User Can Travel parameter.
7. Specify a value for the Maximum Number of Users Sharing the Same User ID parameter.
8. Specify a value for the Maximum Distance Tolerance for IP Address Location parameter.
9. Click Update.
10. Click Update at the bottom of the Rule Builder page to save the changes.

    The changes are not yet active and are not available to your end users.

11. To make the changes active, you must migrate them to production.

    Refer to "Migrating to Production" for instructions to do so.

12. Refresh all deployed RiskMinder Server instances.

    See "Refreshing the Cache" for instructions on how to do this.