How to Set Up Tag Matching for Command

If you use Kount Command and Control and want to create Risk Inquiry Service (RIS) rules based on Control conditions, you can use Tag Matching. This feature allows you to take advantage of velocities and data previously unavailable in Command. It also lets you create a tiered approach for identifying fraud and gives you more control over your login use cases.

Here are some parameters to note for Tag Matching:

• The most recent login where UNIQ (in Command RIS SDK) must match the userID (in Control Login API).
• The login search is limited to the past 30 days.
• If “Session ID Must Match” is chosen, the search is limited to the last login where the Command session matches a Control session.
• When creating a rule in Command, use the Contains operator to avoid unexpected results.
• Tags are not case-sensitive.

To set up Tag Matching for all use cases, follow these steps:

1. Create a Policy in Control and add a tag to it.
2. Create a “third-party callout” for Kount Control Tagged Events in Command to prepare.
3. Create a RIS rule to Match Tags, Session Match required or Match Tags, Session Match not required.

This article provides details for specific use cases that implement Tag Matching.

Reducing Reviews for Trusted Devices

Imagine you work for a company that wants to reduce purchasing friction for good customers and wants to know if a user logged in with a trusted device prior to making a purchase. You create a policy within Control to pass a tag called TrustedDevice when the user is logging in with a trusted device.

In Command, you create a condition that looks for the tag TrustedDevice. If the user logs in using a trusted device, you adjust the scorecard in the RIS to reduce the number of reviews for trusted users that are logging in with their trusted devices.

Steps to implement Tag Matching for a trusted device

1. Log in to Control and open the Decision Manager.
2. Create a tag labeled TrustedDevice. 
   Refer to How to Manage Tags in Kount Control.
3. Create a policy with the TrustedDevice tag using the following conditions: 
   If Trusted Device State is trusted then Take no Action
   Refer to How to Create a Profile or Policy in Kount Control for additional support.
4. Log in to Command and open the Rules Editor.
5. Create a rule with the Apply the following decision to the transaction when the conditions are met drop-down menu set to No Change.
6. Expand Rule Actions and select Control Tagged Events.
7. Label the rule TrustedDevice.
8. Deselect Disabled and then click Create Rule. The Command/Control bridge is linked. Now you can create rules based on conditions in Control.
   Note: Once you have implemented the “bridge” between Command and Control, it will remain active. There is no need to repeat the steps to implement the “bridge”.
9. Create a RIS rule by selecting one of the following: Match Tags, Session Match required or Match Tags, Session Match not required. Refer to How to Manage Rules in the Agent Web Console for additional support.
10. Add a Rule Action. Input the counter name used for the scorecard along with the appropriate negative number (assuming that a lower score is lower risk).
11. Change the decision to No Change.
12. Uncheck Disabled and click Create Rule.
13. Save and activate the rule set.

Pre-Auth, Post-Auth Protection

Imagine you work for a company that uses Control for pre-authorization protection to mitigate card testing. So you use a tiered approach to identify credit card fraud by sending the transaction to Control Pre-Auth and, if no fraud is detected, the transaction goes to Command Post-Auth.

During the pre-authorization check in Control, you identify several conditions that are potentially risky, but not risky enough to block a transaction. Specifically, when the customer is using an IP from a hosting solution, there have been several declines from the IP organization. Therefore you would create the policy within Control and tag it RiskIPOrg.

Then, within Command, you would create a tag matching rule to look for RiskIPOrg. When the transaction is passed through post-authorization into RIS, it identifies that the transaction is coming from a high risk IP Org and therefore the transaction is tagged for review.

Steps to implement Tag Matching for pre and post-auth protection

1. Log in to Control and open the Decision Manager.
2. Create a tag labeled RiskIPOrg. Refer to How to Manage Tags in Kount Control for additional support.
3. Create a policy with the RiskIPOrg tag using the following conditions:
   If Hosting Facility is used and IP Org Failed Attempts 30 times or more in under 1 hour and the IP Risk is high then apply no Decision
   Refer to How to Create a Profile or Policy in Kount Control for additional support.
4. Log in to Command and open the Rules Engine.
5. Create a rule with the Apply the following decision to the transaction when the conditions are met drop-down menu set to No Change.
6. Expand Rule Actions and select Control Tagged Events.
7. Label the rule RiskIPOrg.
8. Deselect Disabled and then click Create Rule. The Command/Control bridge is linked. Now you can create rules based on conditions in Control.
   
   Note: Once you have implemented the “bridge” between Command and Control, it will remain active. There is no need to repeat the steps to implement the “bridge”.
9. Create a RIS rule by selecting one of the following: Match Tags, Session Match required or Match Tags, Session Match not required. Refer to How to Manage Rules in the Agent Web Console for additional support.
10. Add a Rule Action. Input the counter name used for the scorecard along with the appropriate negative number (assuming that a lower score is lower risk).
11. Change the decision to No Change.
12. Uncheck Disabled and click Create Rule.
13. Save and activate the rule set.