Uploading Rule List Data

If any rule that you deployed requires additional data in the form of a list, then you must perform the tasks in this section. You can add, modify, or delete list data by using the Manage List Data and Category Mappings page in .
aatest
If any rule that you deployed requires additional data in the form of a list, then you must perform the tasks in this section. You can add, modify, or delete list data by using the Manage List Data and Category Mappings page in
Advanced Authentication
.
All the configurations and tasks discussed in this section should primarily be performed by Organization Administrators. See “Accessing Organization-Specific CA Risk Authentication Configurations” for more information to access the task page for performing the organization-specific configurations.
If required, these steps can also be performed by Global Administrators. However, they must be performed at the organization level (through the Organizations tab).
See the following topics for more information:
Configure Negative Country List
Negative Country list
 comprises all countries from which fraudulent or malicious transactions are known to have originated in the past. Enterprises may also maintain this list in line with the regulations of their country.
CA Risk Authentication derives the country information based on the input IP address. It, then, uses this data to score the potential for fraud for online transactions originating from such countries. For this purpose, CA Risk Authentication also integrates with Quova, which enhances the analysis by providing detailed geographic information for each IP address by mapping it to a region.
For more information about Quova see:
CA Risk Authentication evaluates the incoming transactions and checks if these transactions originated from an IP address that belongs to a country marked as negative. Such transactions are typically denied.
Use the Manage List Data and Category Mappings page to add a country to the Negative Country list or remove a country from the list.
Follow these steps
:
  1. Ensure that you are logged in as a GA.
  2. Activate the 
    Organizations
     tab.
  3. Under 
    Manage Organizations
    , click the 
    Search Organization
     link.
  4. Click the 
    Search 
    button on the Search Organization page to display the list of organizations.
  5. Under 
    Select Organizations to Modify
    , click the link with the organization’s name to which you want to apply the rule.
  6. Click the 
    CA Risk Authentication Configuration
     tab.
  7. Under the 
    Rules Management
     section on the side-bar menu, click the 
    Manage List Data and Category Mappings
     link.
    The Manage List Data and Category Mappings page is displayed.
  8. From the 
    Select Existing Ruleset
     list, select the ruleset that for which this configuration is applicable.
  9. Select the 
    Manage List Data 
    option.
  10. From the 
    Select List Type
     list, select 
    Negative Country Lists
    .
  11. From the 
    Select List
     drop-down list, select the list identifier
     
    that you specified while creating the corresponding list.
  12. Select Negative Countries 
    that you want to add to the list.
  13. Click the > or < button to move selected countries to the desired list.
    You can also click
     
    the 
    >>
     or 
    <<
     buttons to move all countries to the desired lists.
  14. Click 
    Save
     to save the changes.
    The changes are not yet active and are not available to your end users.
  15. To make the changes active, you must migrate them to production.
Configure Untrusted IP Addresses
The 
Untrusted IP address list
 is a collection of IP addresses that have been the origin of known anonymizer proxies or fraudulent and malicious transactions in the past. This list is the source of the Negative category discussed in the "Configuring Untrusted IP Types" section.
Use the Manage List Data and Category Mappings page to configure the untrusted IP address ranges for your organization.
Follow these steps
:
  1. Ensure that you are logged in as a GA.
  2. Activate the 
    Organizations
     tab.
  3. Under 
    Manage Organizations
    , click the 
    Search Organization
     link.
  4. Click the 
    Search 
    button on the Search Organization page to display the list of organizations.
  5. Under 
    Select Organizations to Modify
    , click the link with the organization’s name to which you want to apply the rule.
  6. Click the 
    CA Risk Authentication Configuration
     tab.
  7. Under the 
    Rules Management
     section on the side-bar menu, click the 
    Manage List Data and Category Mappings
     link.
    The Manage List Data and Category Mappings page is displayed.
  8. From the 
    Select Existing Ruleset
     list, select the ruleset that for which this configuration is applicable.
    The ruleset configuration information is displayed.
  9. Select the 
    Manage List Data
     option.
  10. From the 
    Select List Type
     list, select 
    Untrusted IP Lists
    .
  11. From the 
    Select List
     drop-down list, select the list identifier
     
    that you specified while creating the corresponding list.
  12. In the 
    Upload Untrusted IP Ranges
     section, select the appropriate mode for writing data:
    • Append
      : This option appends the data that you are uploading to a list or dataset.
      You must select this option if the list does not exist.
    • Replace
      : This option overwrites the existing data in the specified list or dataset.
  13. Click 
    Browse
     to navigate to the data file that contains the list of entries.
  14. Click 
    Upload
     to complete the task.
  15. In the 
    Add/Delete Untrusted IP Range 
    section
    :
    1. Enter the starting IP address in the 
      IP Address
       field.
    2. Select one of the following options:
      • Subnet Mask:
         If you want to specify a range of IP addresses based on the subnet mask to be added to the Untrusted IP Address List.
      • End IP Address:
         If you want to specify a simple range of IP addresses to be added to the Untrusted IP Address List.
    3. Specify the 
      Information Source
       (or vendor) of the untrusted IP address range.
  16. Click one of the following buttons, as required:
    • Add Range: 
      To add the specified IP address or range to the database.
    • Delete Range: 
      To delete the specified IP address or range from the database.
    The appropriate message is displayed.
    The changes are not yet active and are not available to your end users.
  17. To make the changes active, you must migrate them to production.
Configure Trusted IP Addresses
In CA Risk Authentication, transactions that either originate from or are routed through IP addresses and ranges that belong to the 
Trusted IP address list
 are considered low risk. As a result, CA Risk Authentication bypasses these transactions from risk evaluations and assigns them a low Score and the ALLOW Advice.
Use the Manage List Data and Category Mappings page to perform the following tasks related to trusted IP addresses and ranges:
  • Adding a Trusted IP Address Range
  • Updating a Trusted IP Address Range
  • Deleting a Trusted IP Address Range
Follow these steps
:
  1. Ensure that you are logged in as a GA.
  2. Activate the 
    Organizations
     tab.
  3. Under 
    Manage Organizations
    , click the 
    Search Organization
     link.
  4. Click the 
    Search 
    button on the Search Organization page to display the list of organizations.
  5. Under 
    Select Organizations to Modify
    , click the link with the organization’s name to which you want to apply the rule.
  6. Click the 
    CA Risk Authentication Configuration
     tab.
  7. Under the 
    Rules Management
     section on the side-bar menu, click the 
    Manage List Data and Category Mappings
     link.
    The Manage List Data and Category Mappings page is displayed.
  8. From the 
    Select Existing Ruleset
     list, select the ruleset that for which this configuration is applicable.
    The ruleset configuration information is displayed.
  9. Select the 
    Manage List Data
     option.
  10. From the 
    Select List Type
     list, select 
    Trusted IP Lists
    .
  11. From the 
    Select List
     drop-down list, select the list identifier
     
    that you specified while creating the corresponding list.
  12. Specify the required 
    IP Address
     that will be added to the Trusted IP List.
  13. Specify one of the following:
    • Subnet Mask:
       If you want to specify a range of IP addresses based on the subnet mask to be added to the Trusted IP List.
    • End IP Address:
       If you want to specify a simple range of IP addresses to be added to the Trusted IP List.
  14. Click 
    Add Range
     to add the IP addresses or ranges to the Trusted IP List.
    The Trusted IP List table with the range that you just added appears at the end of the page.
  15. Click 
    Update
     to save the changes.
    The changes are not yet active and are not available to your end users.
  16. To make the changes active, you must migrate them to production.
Delete a Trusted IP Address Range
Follow these steps
:
  1. Perform the tasks listed from Step 1 through Step 11in "Adding a Trusted IP Address Range" to display the 
    Trusted IP List 
    table.
  2. In the
     Trusted IP List t
    able, select the required IP address range(s) that you want to delete.
  3. Click 
    Delete
     to delete the ranges that you selected.
  4. To make the changes active, you must migrate them to production.
Configure Trusted Aggregators
Aggregators
 are third-party vendors who provide account aggregation services by collating login information of users across multiple enterprises. The originating IP addresses when users log in from a protected portal versus when they come in through such aggregators are different. Many enterprises use the services of these account and data aggregation service providers to expand their online reach.
Transactions originating from (or routed through) aggregators "trusted" to the organization are considered low-risk. For this purpose, CA Risk Authentication provides the ability to configure a list of these aggregators so that all transactions originating from the aggregators’ IP addresses are assigned a low Score, and the ALLOW Advice.
CA Risk Authentication uniquely identifies an aggregator by combining their IP address range and a unique Aggregator ID. This Aggregator ID must also be sent to CA Risk Authentication along with the transaction.
CA Risk Authentication also enables you to specify up to 
three
 unique IDs for each aggregator at any time. This allows for the periodical rotation of the ID for the purpose of enhanced security. During this rotation, CA Risk Authentication continues to recognize the previous ID in addition to the new ID to allow updates to the aggregator at a later time.
Follow these steps
:
  1. Ensure that you are logged in as a GA.
  2. Activate the 
    Organizations
     tab.
  3. Under 
    Manage Organizations
    , click the 
    Search Organization
     link.
  4. Click the 
    Search 
    button on the Search Organization page to display the list of organizations.
  5. Under 
    Select Organizations to Modify
    , click the link with the organization’s name to which you want to apply the rule.
  6. Click the 
    CA Risk Authentication Configuration
     tab.
  7. Under the 
    Rules Management
     section on the side-bar menu, click the 
    Manage List Data and Category Mappings
     link.
    The Manage List Data and Category Mappings page is displayed.
  8. From the 
    Select Existing Ruleset
     list, select the ruleset that for which this configuration is applicable.
    The ruleset configuration information is displayed.
  9. Select the 
    Manage List Data
     option.
  10. From the 
    Select List Type
     list, select 
    Trusted Aggregator Lists
    .
  11. From the 
    Select List
     drop-down list, select the list identifier
     
    that you specified while creating the corresponding list.
  12. Specify the name of the new aggregator in the 
    Add
     
    New Aggregator 
    field and click 
    Create.
    The updated Trusted Aggregator Configuration page appears.
  13. Select the 
    Aggregator 
    that you want to configure from the drop-down list.
  14. Enter the starting IP Address in the 
    IP Address
     field.
  15. Select one of the following options:
    • Subnet Mask:
       If you want to specify a range of IP addresses based on the subnet mask to be added to the Trusted Aggregator List.
    • End IP Address:
       If you want to specify a simple range of IP addresses to be added to the Trusted Aggregator List.
  16. Click 
    Add Range 
    to add this IP address or range to the database.
    The Trusted IP List table with the range that you just added for the aggregator appears at the end of the page.
    The changes are not yet active and are not available to your end users.
  17. To make the changes active, you must migrate them to production.
Update a Trusted Aggregator ID
CA Risk Authentication enables you to update the Aggregator IDs. The periodic update of these IDs is referred to as 
rotation of Aggregator IDs
.
Periodic rotation or change of the Aggregator IDs is recommended for security purposes. You can decide this rotation duration according to your business rules.
After an ID is updated, you must ensure that the latest Aggregator ID is conveyed to the aggregator. There might be a delay in propagating the Aggregator IDs. In this duration, CA Risk Authentication recognizes the old, as well as the new Aggregator ID associated with the IP address.
The transactions originating from the aggregator-end must contain this aggregator ID in the form specified by CA Risk Authentication APIs.
Follow these steps
:
  1. Complete Step 1 through Step 11 in "Add a Trusted Aggregator" to display the Trusted Aggregator Configuration information.
  2. Select an existing aggregator from the
     Aggregator 
    list.
    The Trusted Aggregator Configuration information with the Aggregator ID(s) for the selected aggregator appears.
  3. Click 
    Update Aggregator ID
     to generate a new Aggregator ID.
    The updated Aggregator ID(s) for the aggregator appears, and the next empty Aggregator ID is displayed.
  4. In the 
    Trusted IP List
     table, select the aggregator IP addresses or ranges you want to update.
  5. Make the required changes and click 
    Update
    .
    The changes are not yet active and are not available to your end users.
  6. To make the changes active, you must migrate them to production.
Delete a Trusted Aggregator
Follow these steps
:
  1. Complete Step 1 through Step 11 in "Adding a Trusted Aggregator" to display the Trusted Aggregator Configuration information.
  2. Select an existing aggregator from the
     Aggregator 
    list.
    The Trusted Aggregator Configuration information appears.
  3. In the 
    Trusted IP List
     table, select the aggregator IP addresses or ranges you want to delete.
  4. Click 
    Delete
     to delete the selected information.
    The changes are not yet active and are not available to your end users.
  5. To make the changes active, you must migrate them to production.
Upload List Data
Follow these steps
:
  1. Ensure that you are logged in as a GA.
  2. Activate the 
    Organizations
     tab.
  3. Under 
    Manage Organizations
    , click the 
    Search Organization
     link.
  4. Click the 
    Search
     button on the Search Organization page to display the list of organizations.
  5. Under the 
    Select Organizations to Modify
     section, click the link with the organization’s name to which you want to apply the rule.
  6. Click the 
    CA Risk Authentication Configuration
     tab.
  7. Under the 
    Rules Management
     section on the side-bar menu, click the 
    Manage List Data and Category Mappings 
    link
    .
    The Manage List Data and Category Mappings page appears.
  8. From the 
    Select Existing Ruleset 
    list, select the ruleset for which this configuration is applicable.
  9. Select the 
    Manage List Data
     option.
  10. From the 
    Select List Type
     list, select 
    Other Lists
    .
  11. From the 
    Select List
     drop-down list, select the list identifier that you specified while creating the corresponding list.
    The updated page appears.
  12. In the 
    Upload File Or Enter Data
     section, select the appropriate mode for writing data:
    • Append
      : This option appends the data that you are uploading to a list or dataset.
      You must select this option if the list does not exist.
    • Replace
      : This option overwrites the existing data in the specified list or dataset.
  13. Do 
    one
     of the following:
    • Click 
      Browse
       to navigate to the data file that contains the list of entries (separated by a newline character.)
      or
    • Type in the entries in the 
      Enter Data
       field, if a data file does not exist.
      Ensure that the entries are separated by a newline character (ENTER).
  14. Click 
    Upload
     to complete the task.
Upload Category Mappings Data
Follow these steps
:
  1. Ensure that you are logged in as a GA.
  2. Activate the 
    Organizations
     tab.
  3. Click the 
    Search
     button on the page to display the list of organizations.
  4. Under the 
    Select Organizations to Modify
     section, click the link with the organization’s name to which you want to apply the rule.
  5. Click the 
    CA Risk Authentication Configuration
     tab.
  6. Under the 
    Rules Management
     section on the side-bar menu, click the 
    Manage List Data and Category Mappings 
    link
    .
    The Manage List Data and Category Mappings page appears.
  7. From the 
    Select Existing Ruleset
     list, select the ruleset for which this configuration is applicable.
    The configuration information for the specified ruleset appears.
  8. Select the 
    Manage Category Mappings
     option.
  9. From the 
    Select Category Mapping
     list, select the mapping set identifier that you specified while creating the corresponding list.
    The updated page appears.
  10. In the 
    Upload File Or Enter Classification Data
     section, select the appropriate mode for writing data:
    • Append
      : This option appends the data that you are uploading to a list or dataset.
      You must select this option if the list does not exist.
    • Replace
      : This option overwrites the existing data in the specified list or dataset.
  11. Perform 
    one
     of the following:
    • Click 
      Browse
       to navigate to the data file that contains the list of entries (separated by a newline character.)
      or
    • Type in the entries in the 
      Enter Data
       field, if a data file does not exist.
      Ensure that the entries are separated by a newline character (ENTER).
  12. Click 
    Upload
     to complete the task.
For information on arrfupload, see arrfupload.