Point-Based System for Business Rules

CSI’s Fraud Anomaly Detection solution was developed as a point-based system. Within the FAD tab of the Digital Banking administrator site, a tab labeled "Point Settings" can be found. This is the region of the FAD tab that will contain all the business rules (also known as "triggers") along with their:

1. Point values: Represents the value of the anomalous activity
2. Thresholds: Can be broken down into two types of thresholds:
   • Amount Thresholds: Will only trigger a point value to be added towards a point cap if a user tries to utilize over X% of an account balance.
   • Usage Thresholds: Will trigger every time, until an activity is considered normal by the system. If a threshold of 20% is set for a login IP address, then when that new login IP address has been used enough to be considered 20% of the total logins in the past 6 months (customizable by the bank), then the system will stop adding points towards the cap and will no longer consider this IP address anomalous when the user logs in.
3. Depreciation Values: Determine the point retention for a business rule. If a depreciation value of 3 is set next to a business rule, then that total point value will slowly depreciate over the course of 3 days. Depreciation of points occurs on a daily basis.

These values are fully customizable by a bank employee and can be modified on a bank wide level, or on the individual customer level. It is CSI’s recommendation that each bank evaluate the standard set of point values, thresholds, and depreciation values to determine if the monitoring meets the requirements of their specific customer base. Evaluating the overview reports over the course of 4 weeks will generally give a bank an idea if the standard set of values meets their specific needs.

As a customer takes actions that the system believes to be anomalous (based upon the last 6 months of activity [modifiable by the bank]), the point values for these business rules will begin to add up against a bank defined anomalous "Point Cap." Once the point cap has been broken for a user, a number of things will occur:

1. An email can be generated and sent out to any employee at the bank setup within the Digital Banking admin site.
2. An email can be generated and sent out to the user breaking the anomalous point cap. This email is fully customizable by the bank and it is recommended that the wording be reviewed prior to enabling this feature for all users.
3. The user will appear on the Overview tab under the section listed as "Over the Limit", designating that they broke the bank point cap based upon the business rules set in place for them.
4. A real time authentication (challenge) can require the user to prove they are who they say they are. If the real time authentication is passed, the user will still appear on an over the cap report within the FAD -> Overview tab, but will be able to continue with their Digital Banking activity. On the other hand, if the user fails the real time authentication, then they will be locked out of Digital Banking (the number of answer attempts before lockout is set by the bank in the admin). The user real time authentication method is determined by the bank from the following options below:
   • Out of Band Authentication
   • Token Authentication
   • Security Question

54086