Analyze Transactions Report
aa813test
Viewing the Analyze Transactions report in CA Risk Authentication is a multi-step process. Look at the transactions that are based on the criteria that you specified in the Transactions Summary page (Step 1). Locate one or more suspect transactions, then look into the details of these transactions (Step 2). You can further locate a pattern by viewing similar transactions (Step 3). After analyzing the details and discovering patterns, mark suspect transactions for further investigation by the CSRs (Step 4).
Only GAs, OAs, and Fraud Analysts (FAs) can analyze the user transactions for the organizations that are in their scope. The MA, UAs, and CSRs
cannot
perform this task.2
Step 1: Viewing Transaction Summary
To view the Transactions Summary, perform the following steps:
- Ensure that you are logged in with proper credentials.
- Activate theReportstab in the main menu.
- Click theReportssubmenu.The corresponding links for the report type appear in the left-handle task panel.
- Click theAnalyze Transactions Reportlink.
- From theSelect Organizationlist, select the organization whose data you want to filter in the report.The Select Transactions page appears.
- From theSelect Channeldrop-down list, select the channel for which you want to view the transactions.
- Enter User Identificationfor the user whose transactions you want to view.You can search based on either the user name or the account type. If no accounts are configured for the organization, you are prompted to enter the user name.If you do not specify any user details, then all the transactions for the specifiedOrganizationare displayed.
- To filter the transactions based on one of following criteria:
- Select the pre-defined date range to filter the transaction data in theTransaction Date FromandTofields.
- Select theLast Transactionsoption and then select the time interval (in minutes) see the latest transactions that were performed.
- From theRisk Advicelist, select the advice choices to filter the data.
- From theSecondary Authentication Statuslist, select the statuses to filter the data.
- From theFraud Statuslist, select the statuses to filter the data.
- From theRulelist, select the rule to filter the transaction data.If you want to see the transactions for all rules that matched, then ensure that the defaultAll Rulesoption is selected.
- (Only for 3D Secure)Enter the merchant name in theMerchantfield, and select the criteria (Exact,Starts with,Ends with,Contains) based on which you want to filter the transaction data.
- Enter theDevice IDof the device for which to filter the transaction data.
- SelectDecrypt Sensitive Informationif you want to display the data in clear text.
- ClickSubmitto generate the Transactions Summary page.You can export the information directly to a CSV file by clicking theExportbutton.You can view transactions specific to a channel by clicking theDefaultor3D Securetabs.The following table describes the fields that are listed in the Transactions Summary page.
Fields | Description |
Details | Click the detail link to look into the details of the transaction. |
User Name | The name of the user performing the transaction |
Fraud Status | The fraud status of the case. This field can have one of the following statuses: Assumed Fraud Assumed Genuine Confirmed Fraud Confirmed Genuine Undetermined |
Country | Based on the IP Address, the country from which the transaction was performed |
IP Address | The IP address of the system or device used for the purchase transaction |
Matched Rule | The rule that matched and for which CA Risk Authentication flagged the transaction as risky |
Transaction Date | The timestamp when the transaction was performed |
Risk Score | The overall risk score returned by CA Risk Authentication for the corresponding transaction. This is a value between 0 and 100. |
Risk Advice | The action suggested by CA Risk Authentication after evaluating the Risk Score of the transaction. The possible actions are: ALLOW ALERT DENY INCREASE AUTHENTICATION |
Device ID | The ID of the device used for the transaction |
Model Score | The risk score returned by the Model for the transaction. This is a value between 0 and 100. |
Secondary Auth Status | If the Risk Advice is INCREASE AUTHENTICATION , then this column specifies the result of the additional authentication that your application returned as feedback to CA Risk Authentication. |
Account Type | The account type associated with the transaction This column is displayed only if you have configured account types for the organization. |
Rule Results | The result of all the rules for the transaction. The result is Y or N . |
Account ID | If there is an account ID associated with the user, then this column specifies the account ID that was used to perform the transaction. |
Device Type | The type of device involved in the transaction |
Transaction ID | The unique ID generated for each user transaction |
OS | The operating system on the device that was used to perform the transaction |
Browser | The browser that was used to perform the transaction |
Device ID Status | The status of the Device ID: READ : The Device ID was read from the device.NEW : The Device ID was assigned to the device.REVERSE LOOKUP : The Device ID was determined by matching the input device signature against the device signatures that were successfully associated with the user. |
Action | The type of transaction that is performed by the user, which can be: Login Wire Transfer Any other value that you specify through your application |
tep 2: Viewing Case Details
The Transactions Summary page can also be used to view details of any specific transaction or case. To view details of a specific case:
- In the Transactions Summary page, click the requireddetaillink in the correspondingDetailscolumn.The transaction details are displayed on the page. It lists the details of the selected transaction, and allows you to further filter transactions based on available parameters.The following table describes the fields that are listed in the Transaction Details page.
Fields | Description |
Basic Transaction Details | |
Transaction ID | The unique identifier of the transaction |
Transaction Date | The timestamp when the transaction was performed |
Action | The type of transaction that is performed by the user, which can be: Login Wire Transfer Any other value that you specify through your application |
User Name | The name of the user who performed the transaction |
Fraud Status | The current status of the fraud. Possible values are: Undetermined Assumed Fraud Assumed Genuine Confirmed Fraud Confirmed Genuine |
Device ID | The ID of the device that is used for the transaction |
Risk Advice | An action suggested by the Risk Assessment module after evaluating the risk score of the selected transaction. The possible actions are: ALLOW ALERT DENY INCREASEAUTH |
Matched Rule | The rule that matched and for which CA Risk Authentication flagged the transaction as risky |
Secondary Auth Status | If the Risk Advice is INCREASE AUTHENTICATION , then this column specifies the result of the additional authentication that your application returned as feedback to CA Risk Authentication. The possible values are Success and Failure. |
Account Type | The account type that is associated with the transaction |
Account ID | The account ID of the user who performed the transaction |
Model Score | The risk score that is returned by the Model for the transaction |
Risk Score | The overall risk score that is returned by CA Risk Authentication for the corresponding transaction. This is a value from 0 through 100. |
Location Details | |
IP Address | The IP address of the system or device used for the purchase transaction |
City | The city where the user performed the transaction |
State | The state where the user performed the transaction |
Country | The country where the user performed the transaction |
Connection Type | The connection type between the user device and their Internet Service Provider. The possible values are: Satellite OCX Frame Relay TX Dialup Cable DSL ISDN Fixed Wireless Mobile Wireless |
Line Speed | The speed of the user internet connection. This is based on the Connection Type. |
IP Routing Type | The IP routing method that is used for the connection. The possible values are: Fixed: Cable, DSL, OCX AOL: AOL users POP: Dial up to regional ISP Super POP: Dial up to multi-state ISP Cache Proxy: Accelerator proxy, content distribution service Regional Proxy: Proxy for multiple states in a country Anonymizer: Anonymizing proxy Satellite: Consumer satellite or backbone satellite ISP International Proxy: Proxy funneling international traffic Mobile Gateway: Mobile device gateway to Internet Unknown: IP routing type cannot currently be determined |
Anonymizer Type | The type of anonymizer, if any, used for the connection. The possible values are: Private: Anonymous proxies that are not publicly accessible. This type of anonymizer typically belongs to commercial ventures.Active : Anonymous proxies that tested positive within the last six monthsSuspect : Anonymous proxies that tested positive within the last two years, but not the last six monthsInactive : Anonymous proxies that did not test positive in the last two yearsUnknown : Anonymous proxies for which no positive test results are currently available |
Risk Assessment Details | |
MFP Match % | The match percentage of the incoming Machine FingerPrint (MFP) with the value stored in the CA Risk Authentication database This is a numeric value. |
Unknown User | Whether the Unknown User rule matched. The possible values are: Yes: If the rule matchedNo: If the rule did not matchN/A: If the information was not available during risk evaluation |
Exception User Check | Whether the Exception User Check rule matched. The possible values are: Yes: If the rule matchedNo: If the rule did not matchN/A: If the information was not available during risk evaluation |
Negative Country Check | Whether the Negative Country Check rule matched. The possible values are: Yes: If the rule matchedNo: If the rule did not matchN/A: If the information was not available during risk evaluation |
Device MFP Not Match | Whether the Device MFP Not Match rule matched. The possible values are: Yes: If the rule matchedNo: If the rule did not matchN/A: If the information was not available during risk evaluation |
Trusted IP/Aggregator Check | Whether the Trusted IP/Aggregator Check rule matched. The possible values are: Yes: If the rule matchedNo: If the rule did not matchN/A: If the information was not available during risk evaluation |
Untrusted IP Check | Whether the Untrusted IP Check rule matched. The possible values are: Yes: If the rule matchedNo: If the rule did not matchN/A: If the information was not available during risk evaluation |
User Velocity Check | Whether the User Velocity Check rule matched. The possible values are: Yes: If the rule matchedNo: If the rule did not matchN/A: If the information was not available during risk evaluation |
Unknown DeviceID | Whether the Unknown DeviceID rule matched. The possible values are: Yes: If the rule matchedNo: If the rule did not matchN/A: If the information was not available during risk evaluation |
Device Velocity Check | Whether the Device Velocity Check rule matched. The possible values are: Yes: If the rule matchedNo: If the rule did not matchN/A: If the information was not available during risk evaluation |
Zone Hopping Check | Whether the Zone Hopping Check rule matched. The possible values are: Yes: If the rule matchedNo: If the rule did not matchN/A: If the information was not available during risk evaluation |
User Not Associated with DeviceID | Whether the User-Device Association was found in the CA Risk Authentication database. The possible values are: Yes: If the rule matchedNo: If the rule did not matchN/A: If the information was not available during risk evaluation |
Device Details | |
Device Type | Type of device involved in the transaction |
OS | The operating system on the device that was used to perform the transaction |
Browser | The browser that was used to perform the transaction |
Device ID Status | The status of the Device ID: READ: The Device ID was read from the device. NEW: The Device ID was assigned to the device. REVERSE LOOKUP: The Device ID was determined by matching the input device signature against the device signatures that were successfully associated with the user. |
Step 3: Viewing Similar Transactions
The small table at the end of the transaction details enables you to specify filter criteria to extract fine-grained data for similar transactions from the database.
Transactions can be further filtered based on the following parameters:
- Same User Name: By selecting this option, you can extract all transactions that belong to the same user whose data you are currently viewing.
- Same Device ID: By selecting this option, you can extract all transactions done by using the same device that is used for the current transaction details that you are viewing.
- Same IP Address: By selecting this option, you can extract all transactions that have the same IP address as the current transaction details that you are viewing.
- Transaction Date: By specifying a date range (using theFromandTofields), you can further filter all transactions that were performed in the specified time period.or
- Last Transactions:By selecting the required time interval (in minutes), you can further filter all the latest transactions that were performed in the specified interval.
Viewing Related Transactions
To view the related transactions:
- In the Transaction Details page, select any or all of the following options:
- Same User Name
- Same Device ID
- Same IP Address
- Either:
- Enter a date range in theTransaction Date FromandTofields.
- Select theLast Transactionsoption and then select latest time interval for which you want to see the related transactions.
- ClickShow.The Transactions Summary page appears, displaying the records that matched the criteria.
Step 4: Marking Transactions for Further Investigation
After you have analyzed the details of suspect transactions or discovered patterns, you can mark suspect transactions for further investigation by the CSRs. To do so:
- Ensure that you are logged in with the required privileges.
- Display the Transactions Summary page, as discussed in "Step 1: Viewing Transactions Summary".
- Review the transactions that are displayed based on the criteria that you specified.See "Step 2: Viewing Case Details".
- If you want to display similar patterns, follow the steps in "Step 3: Viewing Similar Transactions".
- Scroll back to the Transactions Summary table.
- Select the transactions that you suspect by selecting the boxes corresponding to the transaction in the table.
- Click theMark for Investigationbutton to generate cases for the transactions you marked.These cases appears in the case lists for the CSRs to work on.