Use case scenario: Approve a medication refill request

Involved solutions:

This use case occurs when a logged-in user wants to request a refill of their medication via the MyHealth Demo website.

About this scenario

This scenario simulates a request by a logged-in user for a medication refill. The selected medication and the refill quantity determine the risk level of the transaction. When approving the request on their mobile device, the user needs to authenticate with the method associated with the risk, i.e. with the PIN or with the fingerprint.

Because by default, the sandbox environments do not have rules configured for this scenario, you need to create them before you can complete the workflow.

Before you begin

Before you can go through this scenario, you need to create the following rules in Risk Analytics Presentation Service:

  • Rule 1: Non-DEA Required Strong Auth
  • Rule 2: High Quantity Prescription Refill
  • Rule 3: Low Quantity Prescription Refill

To create the rules for this scenario

  1. Log in to the Risk Analytics Presentation Service, via https://sdb.tid.onespan.cloud/irm.
  2. Select DESIGN RULES & ACTIONS > Rule Management.
  3. Navigate to the non-monetary events in the Rules list, i.e. Non Mon Events, and locate the Adaptive Authentication campaign.
  4. Click the Create Division icon to add a new division to the Adaptive Authentication campaign.
  5. Complete the new division form and click Save.

    • Name: Healthportal Prescription Approval
    • Criteria: "IS" "APPLICATION_REF" "=" "HealthPortal"

    Creating a new division

  6. Select the new division and click Create Rule to add a new rule to the division.
  7. Complete the new rule form and click Save & Next. Use the following rule settings:

    • Rule 1:

      • Name: Non-DEA Required Strong Auth
      • Criteria: "IS" "BENEFICIARY_NAME" "=" "Amoxicillin250mg"
      • No history criteria.
      • No match criteria.
      • Leave the default settings on the Create Action tab.
      • Response/Status tab: "RESPONSE_CODE set to Accept at Non-Mon Event Level."

    Creating a new rule

  8. Save the new rule.
  9. Repeat steps 6 to 8 for Rule 2 and Rule 3. Use the following rule settings:

    • Rule 2:

      • Name: High Quantity Prescription Refill
      • Criteria: "IS" "CUSTOM_NUMBER_1" ">=" "3"

        AND "IS" "NON_MON_EVENT_TYPE_KEY" "=" "NewBillBeneficiaryAttempt"

      • No history criteria.
      • No match criteria.
      • Leave the default settings on the Create Action tab.
      • Response/Status tab: "RESPONSE_CODE set to ChallengeFingerprint at Non-Mon Event Level."
    • Rule 3:

      • Name: Low Quantity Prescription Refill
      • Criteria: "IS" "CUSTOM_NUMBER_1" "<=" "1" AND

        "IS" "NON_MON_EVENT_TYPE_KEY" "=" "NewBillBeneficiaryAttempt"

      • No history criteria.
      • No match criteria.
      • Leave the default settings on the Create Action tab.
      • Response/Status tab: "RESPONSE_CODE set to ChallengePin at Non-Mon Event Level."
  10. Select the new division and click Toggle Division to enable it.
  11. For each new rule, click Toggle Rule to enable it.

Walkthrough: Approve a medication refill request

Approve a medication refill request

  1. On the MyHealth Demo website, switch to the Refill Medications tab.
  2. Enter the quantity and select a medication from the list.
  3. Enter a reason for the refill.
  4. Enter the refill date.
  5. Click Request Refill.
  6. Approve the request in the OneSpan TID IAA Mobile Demo App on your mobile device.

    For the approval, you may need to provide your PIN or authenticate with your fingerprint. The required authentication method is determined by the rules that you have defined in Risk Analytics Presentation Service.