The PingOne Fraud connector lets you use PingOne Fraud to distinguish legitimate customers from fraudsters in your PingOneDaVinci flow.
PingOne Fraud combines real-time behavioral navigation, behavioral biometrics, device attributes, network attributes and much more to detect sophisticated fraud attacks that bypass other detection tools while ensuring a hassle-free experience for trusted customers. It conducts real-time unique session analysis to identify a user’s intent so that you can distinguish legitimate between fraudsters and legitimate users. The PingOne Fraud connector can:
- Collect data from a PingOneDaVinci flow, such as PingOne MFA for use by PingOne Fraud’s decision engine.
- Provide a fraud score for decision making in a DaVinci flow, such as PingOne MFA.
Setup
- Resources
- PingOne Fraud documentation:DaVinci documentation:
Requirements:
- Sign up for PingOne and configure an environment with PingOne Fraud. See Getting started with PingOne Fraud, and Getting started with PingOne.
- Enable a PingOne worker app. See Adding an application.
- Integrate PingOne Fraud SDK
into the relevant client side:
- Android SDK client
- iOS SDK client
- Web SDK: Integrate the Web SDK client either:
- (Recommended) Directly: This method provides more data to the fraud engine. Follow the developer instructions to Integrate the Web SDK client and then follow the procedure Integrate PingOne Fraud Web SDK client directly described later in this section.
- Integrate through DaVinci. See Integrate PingOne Fraud Web SDK client through DaVinci, described later in this section.
Note: You can only use one of these methods to integrate the PingOne Fraud Web SDK client.
Setting up the connector
In DaVinci, go to Connections and add a PingOne Fraud connection. For help, see Adding a connection.
Connector settings
Environment ID
Client ID
Client Secret
- Region
- Your PingOneenvironment region. In PingOne, see .
Integrate PingOne Fraud Web SDK client through DaVinci
If you want to Integrate PingOne Fraud Web SDK client through DaVinci, you need to configure the
skfraud
component. This procedure should be done in combination
with the flows described in the previous section.
- In the relevant DaVinci flow, select the HTTP connector and select the Custom HTML Template capability.
- In the HTTP connector, in the HTML Template section, click
Switch View, add the following
div
tag, and edit the relevant fields:<div data-skcomponent="skfraud" data-skappid="APPLICATION_ID" data-skappsecret="APPLICATION_SECRET" data-skhost="SERVER_HOST" data-skappsessionid="APPLICATION_SESSION_ID" data-skuserid="USER_ID" data-skappsessionidpropertyname="fraudAppSessionID" data-skclienttokenpropertyname="fraudClientToken"> </div>
- Application ID, Application
Secret, Server Host:
- In the PingOne admin console, go to Overview and select the PingOne Fraud Service. The PingOne Fraud admin console opens.
- Click Control Panel to view and copy the relevant values.
- Application Session ID: A unique identifier for the
session. Click Switch View, click the tag, click
{}, and select the variable you want to use as the
External Session ID, if applicable, otherwise leave this field blank. If no
session identifier is specified, the
skfraud
component generates a random UUID as the session identifier, and exposes it as an output, and inriable described in the next step.Tip: To ensure sessions are easier to find in the PingOne Fraud dashboard, it is recommended you specify a variable, rather than leaving the field blank.
- User ID: If the user is signed on to your application, click the tag, click {}, and then select the variable you want to use as the User ID.
- Application ID, Application
Secret, Server Host:
- In HTTP Connector, in the Output Fields area, click
Add, and add two fields corresponding to the output fields
provided by the
skfraud
component. For each field, define a meaningful name for the Property name and Display name fields. For example:- fraudAppSessionID
- fraudClientToken
Note: These fields are used to supply the External Session ID and Client Token input fields in the Fraud Evaluation connector, as described in the next step. - For flows that include login or registration form: In the Custom HTML
Template, add
data-st-field
attributes to the user credentials input elements.<input id="username" placeholder="..." data-st-field="username"> <input type="password" id="password" data-st-field="password">
Note: The value of theid
attribute in this example is for demonstration purposes only. - For flows that include login or registration form: In the Custom HTML
Template, add the
data-st-tag
attribute to the submit button element.- For a registration button,
add:
data-st-tag="registration.registration_attempt"
<button class="..." type="submit" data-st-tag="registration.registration_attempt">
- For a login button,
add:
data-st-tag="login.login_attempt"
<button class="..." type="submit" data-st-tag="login.login_attempt">
- For a registration button,
add:
- Select the PingOne Fraud
Connector with the Fraud Evaluation capability, and on the
General tab, configure the following:
- External Session ID: Select the HTTP
connector, and then select the Property
name you defined in the
skfraud
component in the previous step (in this example,the fraudAppSessionID
). - Client Token: select HTTP
connector, and then select the Property
name you defined in the
skfraud
component in the previous step (in this example, thefraudClientToken
).
- External Session ID: Select the HTTP
connector, and then select the Property
name you defined in the
Integrate PingOne Fraud Web SDK client directly
- In DaVinci, select the
relevant PingOne Fraud
connector with the fraud evaluation capability, and on the
General tab, configure the following:
- External Session ID: Enter the same Session ID as the Session ID passed to the client side Web SDK during integration.
- Client Token: Enter the Client Token that was retrieved from the client side Web SDK during integration.
Using the connector in a flow
You can use the PingOne Fraud connector to add fraud evaluation and feedback to different types of flows, such as sign on with MFA. The PingOne Fraud connector is usually added to an existing flow, such as a registration flow, sign on flow, or customer purchase flow.
For an example of the PingOne Fraud connector in a flow, search for PingOne - Sign On and Adaptive MFA using Fraud in the Flow Library.
The PingOne Fraud connector is typically added to the flow twice:
- (Mandatory) At the beginning of the flow to provide a fraud score for decision evaluation before a challenge.
- (Recommended) At the end of the flow to provide feedback to PingOne Fraud’s decision engine after the challenge is complete.
Provide a fraud score for decision evaluation
Add the PingOne Fraud connector to provide a fraud score to a flow before an action or challenge is executed.
To add a fraud evaluation capability:
- Place the PingOne Fraud
connector with the Create Fraud Evaluation capability before
the connector that enables the desired action. This connector provides a fraud
assessment score (
HIGH_RISK
,MEDIUM_RISK
,NO_THREAT
,SAFE
). - Add a requirement into the flow that could be triggered based on the fraud score, such as step up to multi-factor authentication (MFA).
In this example, the PingOne Fraud connector is added to provide a fraud score to the flow, before the
main action. In this example, if the fraud score is SAFE
, or
NO_THREAT
, the user is automatically authorized. If the fraud score
is MEDIUM_RISK
, the user receives an MFA challenge. A
HIGH_RISK
score blocks the user.
Provide feedback to PingOne Fraud’s decision engine
Add the PingOne Fraud connector with the Provide Fraud Feedback capability to capture the results of a challenge after the relevant flow action is complete.
You should always add this connector to improve PingOne Fraud's performance and accuracy.
Add a separate PingOne Fraud connector for each label type for which you want to provide feedback about the challenge results, for example, Fraud or Non-Fraud.
Example:
In this example, two PingOne Fraud connectors with the Provide Fraud Feedback capability are added after the challenge is complete:
- In the event of a failed challenge, feedback is sent to the PingOne Fraud engine.
- If the challenge is successful, feedback is sent to the PingOne Fraud engine.
Capabilities
- Create Fraud Evaluation Score
-
Create a Fraud risk evaluation score based on the session ID
Properties - Provide session feedback data
-
This service provides a way to enrich PingOne Fraud knowledge about session risk indicators
Properties