Skip to main content

Rule Templates

Permissions
  • View Rules
    • to view this screen
  • Manage Rules
    • to make changes in this screen

Rule Templates

The rule templates tab can be used to create templates for risk rules that can be applied to your operation parameters.

Risk rules must match the same type for each risk rating (low, medium and high). Different parameter types allow for different conditions.

Example - Funds Transfer

Let's explore an example:

A banking application wants to define a low, medium and high risk rules for funds transfers based on the amount of the transaction. Their definition is as follows:

  • API call to transfer funds has 3 parameters:
    • Source Account
    • Destination Account
    • Transaction Amount
  • Transaction Amounts below 500 USD or 500 EUR are ranked low risk
  • Transaction Amounts between 501 USD and 1500 USD or 501 EUR and 1000 EUR are ranked medium risk
  • Transaction Amounts above 1501 USD or 1001 EUR are ranked high risk
  • Transaction Amounts in other currencies should not be subject to risk calculation

Because we are using money (amount and currency) for our definition, we will start by using Money Rules.

In order to create these rules and then use them in operations, we must first press + Add new rule.

Money Rules

In the next screen, we enter the risk rule identifier (funds_transfer_low_risk) and define the type of the parameter this rule will apply to (money-v2).

Rule Templates (Low Risk Rule)

After these two configurations are done, we can start adding conditions to our rule by pressing + Add new condition.

Rule Templates (Upper Limit Amount)

In the pop-up, we define the name of alias for the rule (low_risk_upper_limit) and then set it as "Less Equals". This will change the pop-up UI to allow you to enter different amount / currency pairs. The available logic operators are:

  • Less equals (equivalent to <=)
  • Less than (equivalent to <)
  • Greater than (equivalent to >)
  • Greater equals (equivalent to >=)
  • Equals (equivalent to =)

You may also notice the Strict mode is disabled -- this ensures the rule is compliant with the last statement in the definitions above. In Strict Mode, if a new authentication request is created in a currency that has not been defined in the risk rules, it will throw an error. If Strict Mode is disabled, risk rules are not applied when the authentication request uses a transaction that has not been defined in the Rule Template.

Rule Templates (Less Equals)

After you are done entering your limits for each currency, you can press Done.

Rule Templates (Condition Ready)

This will add the condition you just defined to the condition list. For the low risk rule, this is the only condition we need because it already implements the first statement in the definitions, so we can now press Next to proceed to the rule logic screen.

Rule Templates (Low risk Ready)

In the Rule Logic screen, we have to select the logic with which to apply our conditions. When using multiple conditions, we can define their relationship through logic operators. The supported operators are:

  • AND (&&)
  • OR (||)

In this case it's simple because we only have one condition, so we just select that low_risk_upper_limit condition from the left by clicking on it and moving it to the rule logic pane. After that, press Next again and if all goes well with the validation, we should see a success screen and our first rule has been created.

Rule Templates (Low risk Logic)

Rule Templates (Success)

Now that we have a rule for the first definition (low risk), we need to create the second one for medium risk. We follow the same steps as before but now we need to add two separate conditions, one "greater equals" and another "lower equals" to define the upper and lower bounds of the values that match this rule.

Rule Templates (Medium risk lower limit)

Rule Templates (Medium risk upper limit)

After both conditions are entered you should see a screen like the one below.

Rule Templates (Medium risk 2 conditions)

Now in the rule logic screen, we need to reference both rules and say we want both of them to match through an AND operator.

Rule Templates (Medium risk rule logic)

After this, we press Next to proceed to the validation screen and then Submit our changes to create the Medium risk Rule.

The creation of the last rule to match the definitions above is similar to the first one except instead of having an upper boundary it has a lower boundary and all values above that boundary must be rated High Risk.

String Rules

Rule Templates (String Blacklist)

Rule Templates (String Blacklist) Add Condition

For string parameters, we have the following types of conditions:

  • In

    • Checks whether the value matches a provided list of values

  • Contains

    • Checks whether the value contains a provided value as substring

  • Equals

    • Checks if the value is equal to a provided value

  • Regex

    • Performs a regular expression check against the value

Boolean Rules

Rule Templates (Booleans)

You can also create rules that match boolean parameters. In this case, only "Equals" is supported and values can be "True" or "False".

Datetime Rules

Rule Templates (Datetime)

Datetime parameters are also supported in TrustFactor and as such you can create risk rules for them. In the image above we define an interval between 11:30pm and 06:30am called "middle of the night". We can use this to raise the risk level of authentication requests performed during this time period.

Float Rules

note

You can apply the same kind of rules and conditions described in the Money Rules above to parameters of float type.

Rule Templates (float)

Assigning Rules to Operations

In order to assign a rule template to an operation, read this section.