How rules works

Note

This service is currently preview only, and only available for customers upon request.

Rule types

You can create the following types of decisioning rules:

  • Risk - Rules for risk detection and response that determine how to mitigate risk for sensitive user actions (such as login, registration, checkout, etc.) using indicators related to the user, device, and network.
  • Identity proofing - Rules for identity verification used to handle the result of a document verification process, which is done to confirm the real-world identity of a user using a government-issued ID document
  • Data validation - Rules for data validation used to handle the result of a data validation process, which validates the integrity of the user's identity data (e.g., name, address, email, etc.) using third-party validation providers.

Rule conditions

Rule conditions define the criteria that must be satisfied for the rule to match, and vary based on rule type:

  • Risk conditions are based on user, device, and network attributes. For example, this includes IP address, user ID, device ID, device location country, OS version, and browser name.
  • Identity verification conditions are based on the user's personal info or data related to the document used in the verification process. For example, this includes the document type, the country/region in which the document was issued, and the user's age.
  • Data validation conditions are based on various risk indicators returned by the third-party providers used to validate the user identity data. These indicators will vary based on the type of data, and the provider that was used.

Rule decisions

Each rule is created with one of the following decisions:

  • Trust : Indicates low risk. You can trust the identity process and lower friction.
  • Allow : Indicates low risk. No risk mitigation is needed and you can proceed as usual.
  • Challenge : Risk mitigation is required by providing an appropriate challenge based on the use case.
  • Deny : Indicates a high risk. You shouldn't proceed with the identity process.

Rule mode and status

The combination of rule mode and status determines whether or not rules will impact decisions in production. The rule mode can be either Production or Preview. Preview mode allows you to dry-run the rule to understand its impact before releasing it in production. The rule status is either enabled (Active) or disabled (Inactive) which can be used to control which rules will be evaluated when a decision is needed.

Rule evaluation

When a decision is needed, rules are evaluated according to priority, which is reflected in the Rules page by their order in the table. Higher items have greater priority, so rules are evaluated from top to bottom. A rule is only evaluated if it is both enabled (status is Active) and in production mode. If all the conditions of a rule are satisfied, it's considered a match. Only the first rule to match will apply.

Managing rules

Rules can be managed from the Rules page of the Admin Portal. In addition to the rule definition, you can manage the rule mode, status, and priority. For more, see Manage rules.