PingOne Fraud Connector - PingOne Cloud Platform - PingOne Services - PingOne - PingOne Fraud

Page created: 21 Jan 2022 |

Page updated: 13 Dec 2022

| 11 min read

PingOne DaVinci PingOne Fraud Product PingOne Cloud Platform PingOne PingOne Services Home Page Doc Tools

The PingOne Fraud connector lets you use PingOne Fraud to distinguish legitimate customers from fraudsters in your PingOneDaVinci flow.

PingOne Fraud combines real-time behavioral navigation, behavioral biometrics, device attributes, network attributes and much more to detect sophisticated fraud attacks that bypass other detection tools while ensuring a hassle-free experience for trusted customers. It conducts real-time unique session analysis to identify a user’s intent so that you can distinguish legitimate between fraudsters and legitimate users. The PingOne Fraud connector can:

Collect data from a PingOneDaVinci flow, such as PingOne MFA for use by PingOne Fraud’s decision engine.
Provide a fraud score for decision making in a DaVinci flow, such as PingOne MFA.

Setup

Resources

PingOne Fraud documentation:

DaVinci documentation:

Requirements:

To use the PingOne Fraud connector, you must configure a PingOne environment and integrate PingOne Fraud into the relevant client side:

Sign up for PingOne and configure an environment with PingOne Fraud. See Getting started with PingOne Fraud, and Getting started with PingOne.
Enable a PingOne worker app. See Adding an application.
Integrate PingOne Fraud SDK into the relevant client side:
1. Android SDK client
2. iOS SDK client
3. Web SDK: Integrate the Web SDK client either:
  - (Recommended) Directly: This method provides more data to the fraud engine. Follow the developer instructions to Integrate the Web SDK client and then follow the procedure Integrate PingOne Fraud Web SDK client directly described later in this section.
  - Integrate through DaVinci. See Integrate PingOne Fraud Web SDK client through DaVinci, described later in this section.
  Note: You can only use one of these methods to integrate the PingOne Fraud Web SDK client.

Setting up the connector

In DaVinci, go to Connections and add a PingOne Fraud connection. For help, see Adding a connection.

Connector settings

Environment ID

Your PingOne Environment ID. In PingOne, see Environment > Properties.

Client ID

The Client ID of your PingOne Worker application. In PingOne, go to Connections > Applications > (Your Application) > Configuration. Expand the General section.

Client Secret

The Client Secret of your PingOne Worker application. In PingOne, go to Connections > Applications > (Your Application) > Configuration. Expand the General section and then click the button to reveal the client secret.

Region: Your PingOneenvironment region. In PingOne, see Enironment > Properties.

Integrate PingOne Fraud Web SDK client through DaVinci

If you want to Integrate PingOne Fraud Web SDK client through DaVinci, you need to configure the skfraud component. This procedure should be done in combination with the flows described in the previous section.

In the relevant flow, add an HTTP connector somewhere before the PingOne Fraud connector with the Create Fraud Evaluation capability.

In the relevant DaVinci flow, select the HTTP connector and select the Custom HTML Template capability.
In the HTTP connector, in the HTML Template section, click Switch View, add the following div tag, and edit the relevant fields:
```
<div data-skcomponent="skfraud"
     data-skappid="APPLICATION_ID"
     data-skappsecret="APPLICATION_SECRET"
     data-skhost="SERVER_HOST"
     data-skappsessionid="APPLICATION_SESSION_ID"
     data-skuserid="USER_ID"
     data-skappsessionidpropertyname="fraudAppSessionID"
     data-skclienttokenpropertyname="fraudClientToken">
</div>
```
- Application ID, Application Secret, Server Host:
  1. In the PingOne admin console, go to Overview and select the PingOne Fraud Service. The PingOne Fraud admin console opens.
  2. Click Control Panel to view and copy the relevant values.
- Application Session ID: A unique identifier for the session. Click Switch View, click the tag, click {}, and select the variable you want to use as the External Session ID, if applicable, otherwise leave this field blank. If no session identifier is specified, the skfraud component generates a random UUID as the session identifier, and exposes it as an output, and inriable described in the next step.
  Tip: To ensure sessions are easier to find in the PingOne Fraud dashboard, it is recommended you specify a variable, rather than leaving the field blank.
- User ID: If the user is signed on to your application, click the tag, click {}, and then select the variable you want to use as the User ID.
In HTTP Connector, in the Output Fields area, click Add, and add two fields corresponding to the output fields provided by the skfraud component. For each field, define a meaningful name for the Property name and Display name fields. For example:
- fraudAppSessionID
- fraudClientToken
Note: These fields are used to supply the External Session ID and Client Token input fields in the Fraud Evaluation connector, as described in the next step.
For flows that include login or registration form: In the Custom HTML Template, add data-st-field attributes to the user credentials input elements.
```
<input id="username" placeholder="..." data-st-field="username">

<input type="password" id="password" data-st-field="password">
```
Note: The value of the id attribute in this example is for demonstration purposes only.
For flows that include login or registration form: In the Custom HTML Template, add the data-st-tag attribute to the submit button element.
- For a registration button, add:
```
data-st-tag="registration.registration_attempt"
```
```
<button class="..." type="submit" 
data-st-tag="registration.registration_attempt">
```
- For a login button, add:
```
data-st-tag="login.login_attempt"
```
```
<button class="..." type="submit" 
data-st-tag="login.login_attempt">
```
Select the PingOne Fraud Connector with the Fraud Evaluation capability, and on the General tab, configure the following:
- External Session ID: Select the HTTP connector, and then select the Property name you defined in the skfraud component in the previous step (in this example, the fraudAppSessionID).
- Client Token: select HTTP connector, and then select the Property name you defined in the skfraud component in the previous step (in this example, the fraudClientToken).

Integrate PingOne Fraud Web SDK client directly

After following the developer steps to integrate the PingOne Fraud Web SDK directly (see Integrating the Web SDK client (developer), you need to define the External Session ID and Client Token in the PingOne Fraud connector Fraud Evaluation capability, for the relevant DaVinci flow.

In DaVinci, select the relevant PingOne Fraud connector with the fraud evaluation capability, and on the General tab, configure the following:
1. External Session ID: Enter the same Session ID as the Session ID passed to the client side Web SDK during integration.
2. Client Token: Enter the Client Token that was retrieved from the client side Web SDK during integration.

Using the connector in a flow

You can use the PingOne Fraud connector to add fraud evaluation and feedback to different types of flows, such as sign on with MFA. The PingOne Fraud connector is usually added to an existing flow, such as a registration flow, sign on flow, or customer purchase flow.

For an example of the PingOne Fraud connector in a flow, search for PingOne - Sign On and Adaptive MFA using Fraud in the Flow Library.

The PingOne Fraud connector is typically added to the flow twice:

(Mandatory) At the beginning of the flow to provide a fraud score for decision evaluation before a challenge.
(Recommended) At the end of the flow to provide feedback to PingOne Fraud’s decision engine after the challenge is complete.

Provide a fraud score for decision evaluation

Add the PingOne Fraud connector to provide a fraud score to a flow before an action or challenge is executed.

To add a fraud evaluation capability:

Place the PingOne Fraud connector with the Create Fraud Evaluation capability before the connector that enables the desired action. This connector provides a fraud assessment score (HIGH_RISK, MEDIUM_RISK, NO_THREAT, SAFE).
Add a requirement into the flow that could be triggered based on the fraud score, such as step up to multi-factor authentication (MFA).

Example:

In this example, the PingOne Fraud connector is added to provide a fraud score to the flow, before the main action. In this example, if the fraud score is SAFE, or NO_THREAT, the user is automatically authorized. If the fraud score is MEDIUM_RISK, the user receives an MFA challenge. A HIGH_RISK score blocks the user.

Diagram showing the PingOne Fraud connector with the Create Fraud Evaluation capability at the beginning of a flow.

Provide feedback to PingOne Fraud’s decision engine

Add the PingOne Fraud connector with the Provide Fraud Feedback capability to capture the results of a challenge after the relevant flow action is complete.

Tip:

You should always add this connector to improve PingOne Fraud's performance and accuracy.

Add a separate PingOne Fraud connector for each label type for which you want to provide feedback about the challenge results, for example, Fraud or Non-Fraud.

Example:

In this example, two PingOne Fraud connectors with the Provide Fraud Feedback capability are added after the challenge is complete:

In the event of a failed challenge, feedback is sent to the PingOne Fraud engine.
If the challenge is successful, feedback is sent to the PingOne Fraud engine.

Diagram showing the PingOne Fraud connector with the Provide Fraud Feedback capability after an action has completed - in this case an MFA request.

Capabilities

Create Fraud Evaluation Score

Create a Fraud risk evaluation score based on the session ID

Properties

External Session ID textField required

The unique identifier for the session. The same identifier must be used by the PingOne Fraud SDKs for the session.

Client Token textField

This token is used for Fraud BOT detection capabilities and should be passed in every call to the Fraud Evaluations API, whether or not your use case includes bot detection.

User ID textField

If the user ID Type is PING_ONE, use PingOne's userID. If the user ID Type is EXTERNAL, use a non personal user identifier. Note: only use this field if the user is authenticated.

User ID Type dropDown

Type of user ID. PING_ONE indicating the user exists in the PingOne directory.

EXTERNAL (Default)
PING ONE

Action dropDown required

The context in which the API call is triggered.

login
registration
search_item
view_item
click_on_item
change_user_info
add_user_info
confirm_payment
add_payment_method
view_user_action_history
other

Client Platform dropDown required

The client that triggered the flow.

ANDROID
IOS
WEB

Client Version textField

The version of the client used (such as, "my.store.com-1.1.1" or "mobile-web"). The maximum string length is 128 UTF-8 characters.

Verbose toggleSwitch

If set to true, returns a list of indicators in the Fraud Evaluations response.

Schema

Input Schema

default object

externalSessionId string required
clientToken string
userId string
userIdType string
action string required
clientPlatform string required
clientVersion string maxLength: 128
verbose boolean

Output Schema

output object

rawResponse object session

properties object

id string

environment object

properties object

id string

createdAt string

updatedAt string

_embedded object

properties object

fraudSession object

properties object

id string

environment object

properties object

id string

createdAt string

updatedAt string

active boolean

externalIds array

items array

type object
properties

user object id,type

properties object

id string minLength: 1
type string

_links object

clientToken string

session object

properties object

id string
externalId string

user object id,type

properties object

id string minLength: 1
type string

action string maxLength: 128

client object

properties object

platform string
version string maxLength: 128

details object

properties object

modules object
policies object
indicators object

headers object

statusCode integer

level string

Provide session feedback data

This service provides a way to enrich PingOne Fraud knowledge about session risk indicators

Properties

External Session ID textField required

The unique identifier for the session. The same identifier must be used by the PingOne Fraud SDKs for the session.

User ID textField

If the user ID Type is PING_ONE, use PingOne's userID. If the user ID Type is EXTERNAL, use a non personal user identifier. Note: only use this field if the user is authenticated.

Possible Fraud dropDown

NON_FRAUD
POSSIBLE_FRAUD

Label Type dropDown

Fraud label label.

FRAUD
UNCERTAIN
NONE

Fraud Types dropDownMultiSelect

Type of fraudulent event.

ACCOUNT_TAKEOVER
NEW_ACCOUNT_FRAUD
PAYMENT
OTHER
NONE

Confidence dropDown

Confidence level of the fraud result.

VERY_HIGH
HIGH
MEDIUM
LOW
VERY_LOW

Schema

Input Schema

default object

externalSessionId string required

userId string

possibleFraud string

labelType string

fraudTypes array

items array

type string

confidence string

Output Schema

output object

statusCode integer