This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Fraud Rules

Owned by Former user (Deleted)
Last updated: Jun 30, 2020 by Former user (Deleted)Version comment
2 min read

The WSO2 Open Banking solution facilitates maintaining fraud rules to detect fraudulent transactions. Transactions that do not exceed a predetermined fraudulent rate are exempted from Strong Customer Authentication (SCA), as shown below.

The following formula is used to calculate the fraud rate. The calculation runs on a quarterly basis, i.e., data taken from the past 90 days is considered for the calculation. 

 

Let's take a look at the fraud scenarios, and applicable fraud rules used in WSO2 Open Banking.

Payer’s abnormal behavioral pattern 

Abnormal payment/behavioral patterns can be detected using the following activities:

  • Abnormal transaction date and/or time: The payer transacts at an unusual date or time when compared with the transaction history.
  • Abnormal IP address: The payer accesses the system via an IP address that was not used previously.
  • Abnormal device usage: The payer access the system using different devices within a particular duration, e.g., accessing the system using three different devices on the same day.
  • Abnormal transaction amount
  • Abnormal transaction frequency
  • Abnormal cumulative transaction spikes

Malware infection

Malware infections in any sessions related to authentication procedures can be detected using scripts, as well as through user intervention.

Known fraud scenarios

Fraudulent payments can be detected using the following activities:

  • Payment initiated from an account in the deny list due to stolen credentials
  • Change of IP address within the transaction session
  • Payment initiation via an IP address in the deny list
  • Time zone mismatch with the payer's location
  • Attempting to replicate the transaction using an auth token
  • Redirection from a website in the deny list (phishing)
  • User flagged for phishing logs from a different location (high-risk phishing)
  • The number of consecutive user consent rejections exceed the predefined threshold
  • The payment submission amount differs to the consented value
  • Abnormal delivery location of an e-commerce transaction
  • High-risk delivery location of an e-commerce transaction