000037658 - What case markings give feedback to CRE in RSA Adaptive Authentication (Cloud)

Document created by RSA Customer Support Employee on Jul 13, 2019
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000037658
Applies ToRSA Product Set: Adaptive Authentication (Cloud)
RSA Product/Service Type: Adaptive Authentication (Cloud)
RSA Version/Condition: 12.0
Platform: CentOS
 
IssueA question about AA Cloud BackOffice Case Manager and marking cases. - i.e. appears or confirmed fraud/genuine - how does case marking impact the CRE?
ResolutionAn overview -- 

The RSA Risk Engine is a proven, self-learning technology. The RSA Risk Engine evaluates each activity in order to detect fraudulent activities, generating a unique risk score between 0 and 1,000 for each activity, where a higher risk score indicates a higher chance that a given activity is fraudulent.

The RSA Risk Engine uses behavioral analysis as well as device profiling to identify high-risk activities including high-risk authentication attempts. The RSA Risk Engine takes information from a variety of sources, including from your online application, eFraudNetwork service data, and third-party data sent via Risk Score Custom Facts, and performs a risk analysis to determine the level of risk an event may present. Parameters that are measured include velocity checking, IP address information, RDP Trojan, and time of day comparisons. Behavioral profiling analysis complements device profiling with user behavior to offer a form of multi-factor authentication that includes something you have (the device) and something you are (behavior). The score reflects device profiling, behavioral profiling.

The RSA Risk Engine detects fraud using several methodologies:
Positive device identification

Advanced device identification techniques are implemented to assess the probability of whether or not the same device was used by the end-user in the past (known as "Assurance Level"). The system uses multiple data sources, such as cookies, Flash shared objects (FSO), device fingerprints generated by RSA JavaScript, mobile device identifiers collected by the RSA Mobile SDK to identify devices, among others.

While Feedback is sent to the RSA Risk Engine when a case is created by a production rule. Case Marking optimizes the Risk Engine, the statistics of Genuine to Fraud users is used in CRE Learning during Offline task analysis. 

What is on page 159 (attached)...you should read, but I also wanted to ask the CTO to elaborate..  

Here is what I asked them ... 

The customer wants to understand the impact to the CRE of the various Event Resolution Markings 


  1. How is the CRE influenced by a Suspected Fraud(which it seems is when a rule is triggered but the customer does not mark the case) compared to Confirmed Fraud, or Unknown, or Assumed Genuine, or Confirmed Genuine?


Back coloring is an offline task that re-evaluates the risk of historical activities based on new information and generates cases in the case management application to the riskiest activities.

Lets take for example a payment that was done 2 days ago and at the time was not considered risky, 2 days later due to case management marking or eFN new data we learn that the IP that was part of the old payment has been confirmed as fraudulent, the back coloring process will collect the fraudulent data elements and look for them in activities from the past 2-3 days then re-evaluate their risk based on this new indication and open cases in case management for the riskiest activities. In that way, if you can stop the cash out of payment after two days you will get a chance to do so once a case for that historical payment has been created by the back coloring process.

For a small number of AAH customers a component named “ORE (= Offline Risk Engine) “ performed a similar process, not this process will be available to all AA customers and it will be more flexible as customers will be able to set the threshold for the number of cases they would like this process to generate and the risk level from which they would like to open a case due to back coloring.

Outcomes