Analyze Transactions Report

 
aatest
 
Viewing the Analyze Transactions report in CA Risk Authentication is a multi-step process. Look at the transactions that are based on the criteria that you specified in the Transactions Summary page (Step 1). Locate one or more suspect transactions, then look into the details of these transactions (Step 2). You can further locate a pattern by viewing similar transactions (Step 3). After analyzing the details and discovering patterns, mark suspect transactions for further investigation by the CSRs (Step 4).
Only GAs, OAs, and Fraud Analysts (FAs) can analyze the user transactions for the organizations that are in their scope. The MA, UAs, and CSRs
cannot
perform this task.
2
Step 1: Viewing Transaction Summary
To view the Transactions Summary, perform the following steps:
  1. Ensure that you are logged in with proper credentials.
  2. Activate the
    Reports
    tab in the main menu.
  3. Click the
    Reports
    submenu.
    The corresponding links for the report type appear in the left-handle task panel.
  4. Click the
    Analyze Transactions Report
    link.
  5. From the
    Select Organization
    list, select the organization whose data you want to filter in the report.
    The Select Transactions page appears.
  6. From the
    Select Channel
    drop-down list, select the channel for which you want to view the transactions.
  7. Enter User Identification
    for the user whose transactions you want to view.
    You can search based on either the user name or the account type. If no accounts are configured for the organization, you are prompted to enter the user name.
    If you do not specify any user details, then all the transactions for the specified
    Organization
    are displayed.
  8. To filter the transactions based on one of following criteria:
    • Select the pre-defined date range to filter the transaction data in the
      Transaction Date From
      and
      To
      fields.
    or
    • Select the
      Last Transactions
      option and then select the time interval (in minutes) see the latest transactions that were performed.
  9. From the
    Risk Advice
    list, select the advice choices to filter the data.
  10. From the
    Secondary Authentication Status
    list, select the statuses to filter the data.
  11. From the
    Fraud Status
    list, select the statuses to filter the data.
  12. From the
    Rule
    list, select the rule to filter the transaction data.
    If you want to see the transactions for all rules that matched, then ensure that the default
    All Rules
    option is selected.
  13. (Only for 3D Secure)
    Enter the merchant name in the
    Merchant
    field, and select the criteria (
    Exact
    ,
    Starts with
    ,
    Ends with
    ,
    Contains
    ) based on which you want to filter the transaction data.
  14. Enter the
    Device ID
    of the device for which to filter the transaction data.
  15. Select
    Decrypt Sensitive Information
    if you want to display the data in clear text.
  16. Click
    Submit
    to generate the Transactions Summary page.
    You can export the information directly to a CSV file by clicking the
    Export
    button.
    You can view transactions specific to a channel by clicking the
    Default
    or
    3D Secure
    tabs.
    The following table describes the fields that are listed in the Transactions Summary page.
Fields
Description
Details
Click the
detail
link to look into the details of the transaction.
User Name
The name of the user performing the transaction
Fraud Status
The fraud status of the case. This field can have one of the following statuses:
Assumed Fraud
Assumed Genuine
Confirmed Fraud
Confirmed Genuine
Undetermined
Country
Based on the IP Address, the country from which the transaction was performed
IP Address
The IP address of the system or device used for the purchase transaction
Matched Rule
The rule that matched and for which CA Risk Authentication flagged the transaction as risky
Transaction Date
The timestamp when the transaction was performed
Risk Score
The overall risk score returned by CA Risk Authentication for the corresponding transaction. This is a value between 0 and 100.
Risk Advice
The action suggested by CA Risk Authentication after evaluating the Risk Score of the transaction. The possible actions are:
ALLOW
ALERT
DENY
INCREASE AUTHENTICATION
Device ID
The ID of the device used for the transaction
Model Score
The risk score returned by the Model for the transaction. This is a value between 0 and 100.
Secondary Auth Status
If the Risk Advice is
INCREASE AUTHENTICATION
, then this column specifies the result of the additional authentication that your application returned as feedback to CA Risk Authentication.
Account Type
The account type associated with the transaction
This column is displayed only if you have configured account types for the organization.
Rule Results
The result of all the rules for the transaction. The result is
Y
or
N
.
Account ID
If there is an account ID associated with the user, then this column specifies the account ID that was used to perform the transaction.
Device Type
The type of device involved in the transaction
Transaction ID
The unique ID generated for each user transaction
OS
The operating system on the device that was used to perform the transaction
Browser
The browser that was used to perform the transaction
Device ID Status
The status of the Device ID:
READ
: The Device ID was read from the device.
NEW
: The Device ID was assigned to the device.
REVERSE LOOKUP
: The Device ID was determined by matching the input device signature against the device signatures that were successfully associated with the user.
Action
The type of transaction that is performed by the user, which can be:
Login
Wire Transfer
Any other value that you specify through your application
Step 2: Viewing Case Details
The Transactions Summary page can also be used to view details of any specific transaction or case. To view details of a specific case:
  1. In the Transactions Summary page, click the required 
    detail
     link in the corresponding 
    Details
     column.
    The transaction details are displayed on the page. It lists the details of the selected transaction, and allows you to further filter transactions based on available parameters.
    The following table describes the fields that are listed in the Transaction Details page.
Fields
Description
Basic Transaction Details
Transaction ID
The unique identifier of the transaction
Transaction Date
The timestamp when the transaction was performed
Action
The type of transaction that is performed by the user, which can be:
Login
Wire Transfer
Any other value that you specify through your application
User Name
The name of the user who performed the transaction
Fraud Status
The current status of the fraud. Possible values are:
Undetermined
Assumed Fraud
Assumed Genuine
Confirmed Fraud
Confirmed Genuine
Device ID
The ID of the device that is used for the transaction
Risk Advice
An action suggested by the Risk Assessment module after evaluating the risk score of the selected transaction. The possible actions are:
ALLOW
ALERT
DENY
INCREASEAUTH
Matched Rule
The rule that matched and for which CA Risk Authentication flagged the transaction as risky
Secondary Auth Status
If the Risk Advice is
INCREASE AUTHENTICATION
, then this column specifies the result of the additional authentication that your application returned as feedback to CA Risk Authentication. The possible values are Success and Failure.
Account Type
The account type that is associated with the transaction
Account ID
The account ID of the user who performed the transaction
Model Score
The risk score that is returned by the Model for the transaction
Risk Score
The overall risk score that is returned by CA Risk Authentication for the corresponding transaction. This is a value from 0 through 100.
Location Details
IP Address
The IP address of the system or device used for the purchase transaction
City
The city where the user performed the transaction
State
The state where the user performed the transaction
Country
The country where the user performed the transaction
Connection Type
The connection type between the user device and their Internet Service Provider. The possible values are:
Satellite
OCX
Frame Relay
TX
Dialup
Cable
DSL
ISDN
Fixed Wireless
Mobile Wireless
Line Speed
The speed of the user internet connection. This is based on the Connection Type.
IP Routing Type
The IP routing method that is used for the connection. The possible values are:
Fixed: Cable, DSL, OCX
AOL: AOL users
POP: Dial up to regional ISP
Super POP: Dial up to multi-state ISP
Cache Proxy: Accelerator proxy, content distribution service
Regional Proxy: Proxy for multiple states in a country
Anonymizer: Anonymizing proxy
Satellite: Consumer satellite or backbone satellite ISP
International Proxy: Proxy funneling international traffic
Mobile Gateway: Mobile device gateway to Internet
Unknown: IP routing type cannot currently be determined
Anonymizer Type
The type of anonymizer, if any, used for the connection. The possible values are:
Private:
Anonymous proxies that are not publicly accessible. This type of anonymizer typically belongs to commercial ventures.
Active
: Anonymous proxies that tested positive within the last six months
Suspect
: Anonymous proxies that tested positive within the last two years, but not the last six months
Inactive
: Anonymous proxies that did not test positive in the last two years
Unknown
: Anonymous proxies for which no positive test results are currently available
Risk Assessment Details
MFP Match %
The match percentage of the incoming Machine FingerPrint (MFP) with the value stored in the CA Risk Authentication database
This is a numeric value.
Unknown User
Whether the Unknown User rule matched. The possible values are:
Yes:
If the rule matched
No:
If the rule did not match
N/A:
If the information was not available during risk evaluation
Exception User Check
Whether the Exception User Check rule matched. The possible values are:
Yes:
If the rule matched
No:
If the rule did not match
N/A:
If the information was not available during risk evaluation
Negative Country
Check
Whether the Negative Country Check rule matched. The possible values are:
Yes:
If the rule matched
No:
If the rule did not match
N/A:
If the information was not available during risk evaluation
Device MFP Not Match
Whether the Device MFP Not Match rule matched. The possible values are:
Yes:
If the rule matched
No:
If the rule did not match
N/A:
If the information was not available during risk evaluation
Trusted IP/Aggregator Check
Whether the Trusted IP/Aggregator Check rule matched. The possible values are:
Yes:
If the rule matched
No:
If the rule did not match
N/A:
If the information was not available during risk evaluation
Untrusted IP Check
Whether the Untrusted IP Check rule matched. The possible values are:
Yes:
If the rule matched
No:
If the rule did not match
N/A:
If the information was not available during risk evaluation
User Velocity Check
Whether the User Velocity Check rule matched. The possible values are:
Yes:
If the rule matched
No:
If the rule did not match
N/A:
If the information was not available during risk evaluation
Unknown DeviceID
Whether the Unknown DeviceID rule matched. The possible values are:
Yes:
If the rule matched
No:
If the rule did not match
N/A:
If the information was not available during risk evaluation
Device Velocity Check
Whether the Device Velocity Check rule matched. The possible values are:
Yes:
If the rule matched
No:
If the rule did not match
N/A:
If the information was not available during risk evaluation
Zone Hopping Check
Whether the Zone Hopping Check rule matched. The possible values are:
Yes:
If the rule matched
No:
If the rule did not match
N/A:
If the information was not available during risk evaluation
User Not Associated with DeviceID
 
Whether the User-Device Association was found in the CA Risk Authentication database. The possible values are:
Yes:
If the rule matched
No:
If the rule did not match
N/A:
If the information was not available during risk evaluation
Device Details
Device Type
Type of device involved in the transaction
OS
The operating system on the device that was used to perform the transaction
Browser
The browser that was used to perform the transaction
Device ID Status
The status of the Device ID:
READ: The Device ID was read from the device.
NEW: The Device ID was assigned to the device.
REVERSE LOOKUP: The Device ID was determined by matching the input device signature against the device signatures that were successfully associated with the user.
Step 3: Viewing Similar Transactions
The small table at the end of the transaction details enables you to specify filter criteria to extract fine-grained data for similar transactions from the database.
Transactions can be further filtered based on the following parameters:
  • Same User Name
    : By selecting this option, you can extract all transactions that belong to the same user whose data you are currently viewing.
  • Same Device ID
    : By selecting this option, you can extract all transactions done by using the same device that is used for the current transaction details that you are viewing.
  • Same IP Address
    : By selecting this option, you can extract all transactions that have the same IP address as the current transaction details that you are viewing.
  • Transaction Date
    : By specifying a date range (using the 
    From
     and 
    To
     fields), you can further filter all transactions that were performed in the specified time period.
    or
  • Last Transactions:
     By selecting the required time interval (in minutes), you can further filter all the latest transactions that were performed in the specified interval.
Viewing Related Transactions
To view the related transactions:
  1. In the Transaction Details page, select any or all of the following options:
    • Same User Name
    • Same Device ID
    • Same IP Address
  2. Either:
    1. Enter a date range in the 
      Transaction Date From
       and 
      To
       fields.
    or
    1. Select the 
      Last Transactions
       option and then select latest time interval for which you want to see the related transactions.
  3. Click 
    Show
    .
    The Transactions Summary page appears, displaying the records that matched the criteria.
Step 4: Marking Transactions for Further Investigation
After you have analyzed the details of suspect transactions or discovered patterns, you can mark suspect transactions for further investigation by the CSRs. To do so:
  1. Ensure that you are logged in with the required privileges.
  2. Display the Transactions Summary page, as discussed in "Step 1: Viewing Transactions Summary".
  3. Review the transactions that are displayed based on the criteria that you specified.
    See "Step 2: Viewing Case Details".
  4. If you want to display similar patterns, follow the steps in "Step 3: Viewing Similar Transactions".
  5. Scroll back to the Transactions Summary table.
  6. Select the transactions that you suspect by selecting the boxes corresponding to the transaction in the table.
  7. Click the 
    Mark for Investigation
     button to generate cases for the transactions you marked.
    These cases appears in the case lists for the CSRs to work on.