Rule management: campaigns and divisions

Campaigns and divisions serve to group the elements in a hierarchicalClosed Data inside Risk Analytics is stored in the relationship hierarchy - the data is organized in a single-customer view. The relationship hierarchy consists of several layers, or items, and is rendered and managed in the form of pending alerts. structure (see Data in Risk Analytics: relationship hierarchy). This grouping serves to precisely filter events to ensure that the raised alerts can be processed adequately.

Creating campaigns

A campaign is the top filtering level. It groups several rules for a business. Here, the type of fraudulent behavior to be detected, such as account takeover, fraud on payments, money laundering etc. is defined. The selected type of behavior determines the campaign elements and any further campaign configurations. These configurations are based on the hierarchy item for which the campaign is defined, i.e. which criteria are used for the campaign definition. .

Every hierarchy item can only raise one alert, per customer, i.e. the relationship, even if several rulesClosed Rules are used to define sets of criteria to verify if an event (transaction and non-monetary event) matches any fraudulent behavior. If an event matches a previously defined rule, an alert can be raised. and/or sets of rules are matched. Access the relevant alert record to determine which rules were matched. To avoid that any raised alerts are overlooked and to prevent data overflow, OneSpan recommends creating several campaigns where each campaign corresponds to a given type of fraudulent behavior to be detected.

Campaigns verify if an event uses compromised elements of a campaign. They check if the event uses a known suspect element such as blacklisted devices and locations. Campaigns can also detect account takeover during a login phase.

Campaign parameters lists the parameters associated with the campaign.

Campaign parameters
Parameter Description
Priority

Priority of the campaign. Possible values:

  • High
  • Medium
  • Low
Continue on Rule Match

A check box that determines if rules of a campaign arecontinually executed after the rule has been matched, with following behavior:

  • If check box is checked, all rules of the campaign are executed in sequence and by priority
  • If check box is unchecked, execution of the rules of the campaign ends when a rule is matched

The criteria allow to filter the events for which the campaign must be executed. The criteria can be appended with AND statements

To create a campaign

  1. Navigate to DESIGN RULES & ACTIONS > Rule Management.

  2. From the navigation pane, select the relationship hierarchy item for which you will create the campaign in the navigation pane.

  3. In the item's dashboard, click Create Campaign.

  4. Enter a name for the campaign you are creating.

  5. Set the campaign priority.

    The priority that you select for each campaign and rule influences the order in which Risk Analytics processes the campaigns and rules. The campaign priority always overrules the rule priority. When for instance a campaign is defined with the priority set to High and a rule with the priority set to Low, this rule will be processed before any rule with high priority in a campaign with only medium priority.

  6. Add a description for the campaign.

  7. Select the Real Time check box to ensure that the rule is processed in real time (instead of near-time).

  8. Select the Continue on Rule Match check box to ensure that Risk Analytics continues to check for rules to verify if the processed event matches any other rules according to the rule priority. The Continue on Rule Match check box should not be selected if processing in real time has been selected!
  9. To filter the event, you can add, remove, or clear criteria at the campaign level.

    If no criteria are added here, every event will go through the campaign!

  10. To filter the events selected for history rules, you can add, remove, or clear history criteria and enter in the Days, Hours, and Mins fields the period, during which the defined history criteria applies.

    The Days field is automatically pre-set with 1. The values for days, hours, and minutes entered on the campaign level always take precedence over the values entered at the rule level.

    The events selected for history rules are also filtered by the relationship of the processed event. The set of events for history rules are events

    • whose relationship is equal to the relationship of the processed event
    • where the history criteria match, and
    • where the event date is within the defined period.

As long as the campaign status is classed as Not Active, the campaign is not in use. Once the setup for this campaign is complete and it is to be operative, access it in the Hierarchy navigation pane and activate it by clicking Toggle Campaign in the campaign dashboard.

Additional considerations

You can modify the campaigns you created any time by clicking Edit Campaign.

After each modification of a campaign or a rule verify that the modified item still compiles after being modified to ensure that it is still operational and your modifications are taken over.

You can verify if the item you modified is still operational:

  • Check the Compiled Date field in the dashboard of created rules and campaigns

    -OR-

  • Check the summary section of the Create Rule and Action Wizard.

If this field is empty, the modified item has not compiled and consequently your modifications are lost.

Creating divisions

In a division, several types of rules are grouped together to filter the events that have raised the alert. As in a campaign, you can also add criteria at the division level. The criteria between the rules and/or group rules can be factorized to a specific case, e.g. phising attack rules of the account takeover campaign, or checking the session anomaly to track.

Division parameters lists the parameters associated with a division.

Division parameters
Parameter Description
Priority

Priority of the division.

Possible values:

  • High
  • Medium
  • Low

The criteria of the division apply to all rules of the division. This way the division criteria are appended with AND statement to rule criteria for each rule of the division. Several criteria can be set with AND statements.

To create a division

  1. Navigate to DESIGN RULES & ACTIONS > Rule Management.

  2. From the navigation pane, select the campaign for which you want to create a division in the navigation pane.

  3. In the campaign dashboard of that record, click Create Division.

  4. Enter a name for the division you are creating.

  5. Set the division priority.

    The priority that you select for each division and rule influences the order in which Risk Analytics processes the divisions and rules. The division priority always overrules the rule priority. When for instance a division is defined with the priority set to High and a rule with the priority set to Low, this rule will be processed before any rule with high priority in a division with only medium priority.

  6. Add a description for the division.

  7. To filter the event, you can add, remove, or clear rule criteria at the division level.

    The criteria entered at the division level are added to each rule belonging to the division. This allows to factorize criteria. If no criteria are added here, every event will go through the division!

If the setup for this division is complete and the division is to be operative, access it in the Hierarchy navigation pane, and activate it by clicking Toggle Division in the division dashboard.