Skip to main content
×

How to Create a Profile or Policy in Control

  • Updated

The Decision Manager allows fraud professionals to define profiles and policies to meet specific business needs. Profiles and policies work together to reduce friction for good customers while adding friction to potentially risky transactions.

One or more conditions are evaluated to determine if the profile or policy should be applied.

Note: Refer to Conditions for Control for information on conditions used when creating a profile or policy.

Profiles

When a login decision is requested, profiles are used to group users by certain criteria – so the login has an appropriate policy set applied. Because each profile has its own policy set, it is possible to create a customized level of friction based on the attributes of the customer logging in.

Creating a Profile

  1. Log in to Control, and then select Decision Manager .
  2. From the Profiles tab, click Create Profile.
  3. Enter an alphanumeric profile name (special symbols are not allowed).
  4. Enter a description for the profile (optional).
  5. Add tags (optional).
  6. Select one or both Event Option(s) (Login or New Account Opening). 
    Note: If New Account Opening is chosen, only New Account Opening policies are displayed. If Login is chosen, only Login policies are displayed. If both are chosen, all policies are displayed.
  7. In the All Policies table, select one or more policies to link to your profile.
  8. Toggle Challenge MFA On or Off.
    Note: Challenge MFA only applies to Login Events.
  9. Select one or more conditions to base the profile on. For this profile to be selected, it must be the first profile where all conditions evaluate as true.
    Note: Each condition varies and requires additional input to complete the clause. Make sure you populate any additional fields that appear based on your selection.
  10. Click Save Profile.

Profile Ordering

For each Login decision, profiles are evaluated in order. Each condition within a profile must evaluate as true for the profile (and its policies) to be selected. Only a single profile can be selected – the first profile must be chosen where all conditions evaluate as true. When no profiles are chosen, the default profile is selected.

It is not mandatory to create profiles. For some clients, the best business outcome is achieved when all users need to meet the same criteria to login with or without friction. Your Customer Success Manager can help determine the best setup for your specific business needs.

To change the order of a profile, click and drag the handle to move a profile into a new position.

Note: The default profile cannot be moved from last in the order – it is always selected as the profile to be used when no previous profiles evaluate as true.

Default Profile

Every customer begins with a default profile. If no custom profiles are created, then all login evaluations select the default profile and its policy set.

When custom profiles are created, but none are selected because one or more of their conditions do not evaluate as true, then the default profile is chosen.

It is recommended that a policy set is created for the default profile prior to adding any new profiles.

Policies

Policies are evaluated at the time of a Login Decision to create a decision to Accept, Block, or Challenge.

Note: Only policies for the chosen profile are evaluated.

While a policy can belong to one or more profiles, it must belong to the chosen Profile to be evaluated, and all policies for the chosen Profile are evaluated. After all policies for the chosen Profile have been evaluated, the decision is then sent back to the API requester, so that further business logic can be applied to the login experience.

To view your policies, click on the Decision Manager icon and choose Policies from the sub navigation. To view all of the policies assigned to a specific profile, choose the profile to be viewed from the View by Profile drop-down menu.

Creating a Policy

  1. Log in to Control, and then select Decision Manager .
  2. Click the Policies tab, and then click Create Policy.
  3. Enter an alphanumeric policy name (special symbols are not allowed).
  4. Enter a description for the policy (optional).
  5. Add tags (optional).
  6. Select one or both Event Option(s) (Login or New Account Opening).
  7. Select an associated profile. When a policy is created, it is assigned to the default profile unless changed at the time of creation. You can assign a policy to multiple profiles, or to no profile (in this case, the policy will never be evaluated).
  8. Select one or more conditions for the policy. Each condition varies and requires additional input to complete the clause. Make sure you fill-out any additional fields that appear based on your selection.
  9. Choose the result if all of the conditions evaluate as True – either Challenge or Block.
  10. Click Save Policy.
    Note: There is not an explicit Allow policy. The Allow response to a login decision happens when no policies evaluate as true.

Multiple Conditions Example

In the example below, if a login does not have a device trust state of trusted AND is not inside the USA, then the response would be Challenge.

Editing/Inactivating a Policy

We recommend that policies are not deleted until after they have been unassigned to any profiles and the results are evaluated.

Note: When a policy is deleted, it is removed from all assigned profiles.
  1. Log in to the Control dashboard, and then select Decision Manager .
  2. Click the Policies tab.
  3. Click the Edit icon .
  4. Expand the Profile drop-down menu, and then clear any associated profiles.
  5. Click Save Policy. After disassociating all profiles with a policy, the policy can be deleted using the Delete icon .

Frequently Asked Questions (FAQ)

What is Apply No Decision?

When creating a policy, there is an action that is taken when the conditions evaluate as true. The available actions are Block, Challenge, and Apply No Decision.

When Apply No Decision is chosen as the action for a policy, and that policy evaluates as true, it has no effect on the final decision for the Login. However, any tags that are associated with the policy will be sent along with the Login API.

This allows our customers to send information via the API when certain conditions exist, even when they do not want those decisions to affect the outcome of a login.

Related articles

Comments

0 comments

Please sign in to leave a comment.

Can’t find what you’re looking for?
Submit a Ticket
Contact Us
+1.866.919.2167