This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

WSO2 Open Banking solution faciliates maintaing fraud rules to detect fraudulent transactions. The transactions that do not exceed a predermined fraudulent rate would be excempted from Strong Customer Authentication (SCA) as shown below.

The following formula is used to calcuate the fraud rate. The calculation will be rolling quarterly basis, i.e., only the data within past 90 days are considerd for the calculation. 

 

Let's take a look at the fraud scenarios and the applicable fraud rules used in WSO2 Open Banking.

Payer’s Abnormal Behavioral Pattern 

Abnormal payment/behaviroal patters can be detected using the following activities:

  • Abnormal transaction date and/or time: The payer transacts on an unusual date or time when compared with the trasaction history.
  • Abnormal IP address: The payer accesses the system via an IP address that was not used previously.
  • Abnormal device usage: The payer access the system using different devices within a particular duration, e.g., accessing the system using three different devices on the same day.
  • Abnormal transaction amount
  • Abnormal transaction frequency
  • Abnormal cumulative transaction spikes.

Malware Infection

Malware infections in any sesstions related to authentication procedures can be detected using scripts as well as through user intervention.

Known Fraud Scenarios

Fraudulent payments can be detected using the following activities:

  • Payment initiated from a blacklisted account due to stolen credentials.
  • Change of IP address within the transaction session.
  • Payment initiation via a blacklisted IP address.
  • Time zone mismatch with the payer's location.
  • Attempting to replicate the transaction using an auth token.
  • Redirection from an untrusted/blacklisted website (phishing).
  • User flagged for phishing logs in from a different location (high-risk phishing).
  • The number of consective user consent rejections exceeds the predefined threshhold.
  • The payment submission amount is dfferent to the consented value.
  • Abnormal delivery location of an eCommerce transaction.
  • High-risk delivery location of an eCommerce transaction.


  • No labels