Managing hot list records within rules

Apart from manually adding, modifying, or deleting hot list records in a common or specific hot list, it is possible to manage adding or deleting records within hot lists when executing rules Rules are used to define sets of criteria to verify if an event (transaction and non-monetary event) matches any fraudulent behavior. If an event matches a previously defined rule, an alert can be raised.. Two options are available to manage hot list records while executing rules:

• Using a pre-defined workflow action to whitelist, graylist, or blacklist particular elements.
• Using generic hot list record management actions to insert, update, or delete any element in a common hot list or in any hierarchy-specific hot list with a particular name.

Using pre-defined workflow actions

Pre-defined workflow actions are available for whitelisting, graylisting, or blacklisting IP addresses, devices etc. when a rule matches. The targeted hot lists are pre-defined and specific to hierarchies. The pre-defined workflow actions cannot add or remove elements in common hot lists.

To use pre-defined workflow actions to whitelist, graylist, or blacklist elements

1. Open the required rule from the Hierarchy navigation pane.

2. Click Create Action.

3. Select Action Type Launch Workflow.
4. Select the relevant workflow for whitelisting, graylisting, or blacklisting one of these elements:
   • Device
   • IP Address
   • ISP
   • Customer
   • Creditor Account
   • Beneficiary Account
   • Cookie
   • Cookie User ID
   • Risky Country
   • Country Alpha Code

   For example, if you want to whitelist IP addresses, select IP Address White List.

   The Risky Country Black/Gray/White List workflows insert, update or delete the IP_COUNTRY element (IP country in ISO number country code representation) in the corresponding hot lists RISKY_COUNTRY_BLACK/GRAY/WHITE_LIST.

   The Country Alpha Code Black/Gray/White List workflows insert, update or delete the IP_COUNTRY_ALPHA_COD element (IP country in ISO alpha country code representation) in the corresponding hot lists COUNTRY_ALPHA_CODE_BLACK/GRAY/WHITE_LIST.

5. Save the action and click Done.
6. In the rule, the action is now listed in the Actions tab. If you want to modify or delete it, select the radio button of the corresponding action, and click Edit Action or Delete Action.

When a rule with a pre-defined workflow action to whitelist, graylist, or blacklist an element matches, the corresponding element will be inserted or updated in the corresponding hot list in all hierarchies.

If, for example, a non-monetary event rule containing the action workflow IP Address White List matches, the current IP address will be added (if not already present) in the hot lists IP_ADDRESS_WHITE_LIST of all hierarchies (Non Mon Events, Transactions, Relationships, Applications, Accounts).

When a rule with a pre-defined workflow action to place an element on one of the lists (white, gray, or black list) matches, the corresponding element will be deleted (if present) from the other two related hot lists in all hierarchies. I.e., when a rule matches, which includes a pre-defined workflow action for example to whitelist an element, the corresponding element will be deleted from the other two related hot lists (i.e. in this case the graylist and blacklist hotlists) in all hierarchies.

If, for example, a rule containing the action workflow IP Address White List matches, the current IP address will be removed (if present) from the hot lists IP_ADDRESS_GRAY_LIST and IP_ADDRESS_BLACK_LIST of all hierarchies (Non Mon Events, Transactions, Relationships, Applications, Accounts).

Using generic hot list record management actions

Generic hot list record management actions are available for adding or removing any element in any hot list, when a rule matches. The hot list record management actions are more generic than the pre-defined workflow actions. Contrary to the pre-defined workflow actions, the hot list record management actions can add and remove elements in common hot lists.

To use generic hot list record management actions to insert, update, or delete elements

1. Open the required rule from the Hierarchy navigation pane.

2. Click Create Action.

3. Select Action Type Hot List Record Management.
4. Select the relevant Hot List Record Management sub-action:
   • Insert or Update Record
   • Delete Record
5. Select the relevant hot list in which the element will have to be inserted/updated or deleted.
6. Select the relevant element for which the value will have to be inserted/updated or deleted.
7. For the Insert/Update sub-action, you can optionally define an expiry time for the elements that will be inserted or updated (in this case, the corresponding record will be automatically deleted from the hot list after its insertion/update when the configured time is reached).
8. Save the action and click Done.
9. In the rule, the action is now listed in the Actions tab. If you want to modify or delete it, select the radio button of the corresponding action, and click Edit Action or Delete Action.

When a rule with a generic hot list record management action to insert or update an element matches, the corresponding element will be inserted or updated in all common and hierarchy-specific hot lists with the hot list name as selected in the action.

If for example a non-monetary event rule containing the action Hot List Record Management Insert or Update Record matches, the corresponding element will be added (or updated, if already present) in the corresponding hot list in all hierarchies (Common, Non Mon Events, Transactions, Relationships, Applications, Accounts) where the defined hot list exists.

When a rule with a generic hot list record management action to delete an element matches, the corresponding element will be deleted (if present) from all common or hierarchy-specific hot lists with the hot list name as selected in the action.

If for example a non-monetary event rule containing the action Hot List Record Management Delete Record matches, the corresponding element will be removed (if present) in the corresponding hot list in all hierarchies (Common, Non Mon Events, Transactions, Relationships, Applications, Accounts) where the defined hot list exists.