The Decision Manager allows fraud professionals to define segments and policies to meet specific business needs. segments and policies work together to reduce friction for good customers while adding friction to potentially risky transactions.
One or more conditions are evaluated to determine if the segment or policy should be applied.
Segments
When a login decision is requested, segments are used to group users by certain criteria – so the login has an appropriate policy set applied. Because each segment has its own policy set, it is possible to create a customized level of friction based on the attributes of the customer logging in.
Creating a segment
- Log in to Control, and then select Decision Manager
.
- From the segments tab, click Create segment.
- Enter an alphanumeric segment name (special symbols are not allowed).
- Enter a description for the segment (optional).
- Add tags (optional).
- Select one or both Event Option(s) (Login or New Account Opening).
Note: If New Account Opening is chosen, only New Account Opening policies are displayed. If Login is chosen, only Login policies are displayed. If both are chosen, all policies are displayed. - In the All Policies table, select one or more policies to link to your segment.
- Toggle Challenge MFA On or Off.
Note: Challenge MFA only applies to Login Events. - Select one or more conditions to base the segment on. For this segment to be selected, it must be the first segment where all conditions evaluate as true.
Note: Each condition varies and requires additional input to complete the clause. Make sure you populate any additional fields that appear based on your selection. - Click Save segment.
Segment Ordering
For each Login decision, segments are evaluated in order. Each condition within a segment must evaluate as true for the segment (and its policies) to be selected. Only a single segment can be selected – the first segment must be chosen where all conditions evaluate as true. When no segments are chosen, the default segment is selected.
It is not mandatory to create segments. For some clients, the best business outcome is achieved when all users need to meet the same criteria to login with or without friction. Your Customer Success Manager can help determine the best setup for your specific business needs.
To change the order of a segment, click and drag the handle to move a segment into a new position.
Default segment
Every customer begins with a default segment. If no custom segments are created, then all login evaluations select the default segment and its policy set.
When custom segments are created, but none are selected because one or more of their conditions do not evaluate as true, then the default segment is chosen.
It is recommended that a policy set is created for the default segment prior to adding any new segments.
Policies
Policies are evaluated at the time of a Login Decision to create a decision to Accept, Block, or Challenge.
While a policy can belong to one or more segments, it must belong to the chosen segment to be evaluated, and all policies for the chosen segment are evaluated. After all policies for the chosen segment have been evaluated, the decision is then sent back to the API requester, so that further business logic can be applied to the login experience.
To view your policies, click on the Decision Manager icon and choose Policies from the sub navigation. To view all of the policies assigned to a specific segment, choose the segment to be viewed from the View by segment drop-down menu.
Creating a Policy
- Log in to Control, and then select Decision Manager
- Click the Policies tab, and then click Create Policy.
- Enter an alphanumeric policy name (special symbols are not allowed).
- Enter a description for the policy (optional).
- Add tags (optional).
- Select one or both Event Option(s) (Login or New Account Opening).
- Select an associated segment. When a policy is created, it is assigned to the default segment – unless changed at the time of creation. You can assign a policy to multiple segments, or to no segment (in this case, the policy will never be evaluated).
- Select one or more conditions for the policy. Each condition varies and requires additional input to complete the clause. Make sure you fill-out any additional fields that appear based on your selection.
- Choose the result if all of the conditions evaluate as True – either Challenge or Block.
- Click Save Policy.
Note: There is not an explicit Allow policy. The Allow response to a login decision happens when no policies evaluate as true.
Multiple Conditions Example
In the example below, if a login does not have a device trust state of trusted AND is not inside the USA, then the response would be Challenge.
Editing/Inactivating a Policy
We recommend that policies are not deleted until after they have been unassigned to any segments and the results are evaluated.
- Log in to the Control dashboard, and then select Decision Manager
- Click the Policies tab.
- Click the Edit icon
.
- Expand the segment drop-down menu, and then clear any associated segments.
- Click Save Policy. After disassociating all segments with a policy, the policy can be deleted using the Delete icon
.
Frequently Asked Questions (FAQ)
What is Apply No Decision?
When creating a policy, there is an action that is taken when the conditions evaluate as true. The available actions are Block, Challenge, and Apply No Decision.
When Apply No Decision is chosen as the action for a policy, and that policy evaluates as true, it has no effect on the final decision for the Login. However, any tags that are associated with the policy will be sent along with the Login API.
This allows our customers to send information via the API when certain conditions exist, even when they do not want those decisions to affect the outcome of a login.
Comments
0 comments
Please sign in to leave a comment.