OneSpan Developer: Triggering Risk Analytics Monetary Events

Hakim Aldaoub,

OneSpan Risk Analytics is the backbone of Intelligent Adaptive Authentication. It evaluates the data associated with a transaction to give a real time-verdict whether a transaction should be approved or an authentication step up is required. Today, we will explain how to configure a rule in Risk Analytics to handle a monetary event initiated by an end-user through transactions/validate RESTful API.

Before We Begin

Prior to this tutorial, you must be a OneSpan Community member and sign up for a free Intelligent Adaptive Authentication sandbox account. Here are step-by-step instructions on how to do so.

You must also have the sample Orchestration SDK app activated on a trusted mobile device as explained here. This will allow you to perform the authentication method prompted by Risk Analytics.

Risk Analytics in the OneSpan Community 

To access risk analytics, you must login to your OneSpan Community Account, then navigate to “Risk Analytics” tab, which is listed under the “Sandbox” tab as shown below.


If it’s your first time accessing the Risk Analytics presentation service, you should use the initial administrator password for digital or corporate banking provided in the same page and as shown in the screenshot below. In your first login, you will be prompted to provide a new password. Also, your user name will be provided in the “Your Sandbox Details” section.

Follow the provided link to Risk Analytics Presentation Service, then enter your credentials to sign-in.

Configure a New Rule on Risk Analytics

After you logon to Risk Analytics, from the main dashboard navigate to “DESIGN RULES & ACTIONS” > “Rule Management” in the menu bar at the top. From the “Rules” section in the navigation pane on the left, expand “Transactions” and then “Adaptive Authentication Web Payments" campaign. As you see below, this campaign is set to receive transactions of type “ExternalTransfer”. This transaction type could be edited if required, or a new campaign could be added with a new transaction type, like “MobileExternalTransfer”. 

Note: The event type triggered in Risk Analytics will be matched to the transactionType filed coming in the JSON request payload of the transaction/validate endpoint. 


Click on “Challenged TXN” division to find a list of the default rules that handle a payment from a web application.

Now we will  add a new rule to this list to handle payments above $100,000. To do so, click on the green icon to add a new rule.


Name the rule “ExtremeAmount”, set its priority to high, and click “Save & Next” to finish the first step of the rule creation process.

Next, steps 2 to 5 for creating History criteria, Match Criteria, Match Key, and Create Action are advanced Risk Analytics options to refine the criteria and customize the rule. They are not required for this specific scenario.  Select “No” then click “Save & Next” for each of these steps.


In step 6, “Create Response/Status”, set the Response value to “ChallengePIN” from the dropdown list. Click “Save Response / Status”. This will acquire a PIN authentication from the trusted device every time you make a transaction for an amount higher than $100,000. Configure the response as shown in the image below:


Click “Save” to confirm the creation of the new rule, then toggle it to active using the orange icon.

Try It Out

At this point, let’s make an External Transfer using the transactions/validate API to try out the new rule. You could use the JSON payload below to make the RESTful call, or navigate to the OneSpan IAA Sandbox Interactive API.
For a complete reference of the transaction validation endpoint, read this blog.


  "objectType": "AdaptiveTransactionValidationInput",

  "accountRef": "ACC123",

  "amount": "100000.99",

  "transactionType": "ExternalTransfer",

  “orchestrationDelivery”: [ "pushNotification” ],

  "cddc": {

    "browserCDDC": {

      "fingerprintRaw": "{browser:{\"userAgent\":Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36},support:{\"ajax\":true,\"boxModel\":undefined,\"changeBubbles\":undefined,\"checkClone\":true,\"checkOn\":true,\"cors\":true,\"cssFloat\":undefined,\"hrefNormalized\":undefined,\"htmlSerialize\":undefined,\"leadingWhitespace\":undefined,\"noCloneChecked\":true,\"noCloneEvent\":undefined,\"opacity\":undefined,\"optDisabled\":undefined,\"style\":undefined,\"submitBubbles\":undefined,\"tbody\":undefined},computer:{\"screenWidth\":2560,\"screenHeight\":1440,\"OS\":\"Microsoft Windows\",\"platform\":\"Win32\"},additional:{}}",

      "fingerprintHash": "e96dadc9651f5fe8f071110eb174fe8e7a17a9d7a96b3b1980c13e5b4af3a4d7"



  "currency": "EUR",

  "data": {

    "transactionMessage": {

      "dataFields": [


          "key": {

            "text": "Transaction Value"


          "value": {

            "text": "EUR 100000.99 "






  "relationshipRef": "iaa_user",

  "sessionID": "4ed23ea44f23",

  "clientIP": "",

  "creditorBank": "MYBANK",

  "creditorIBAN": "BE68539007547034",

  "creditorName": "John Doe",

  "creditorOtherInstruction": "0",

  "debtorIBAN": "BE71096123456769",

  "timeout": 60


Authentication Through the Trusted Device

Since the delivery method of the authentication was a push notification through an orchestration command, the end-user will receive that notification on their trusted device. Once the end-user accepts the notification of the transaction, they will be prompted by the Orchestration SDK on the trusted device to present their PIN as an authentication method.

Finally, you could check the latest events from Risk Analytics to see which events were triggered and which rules were matched. This could be displayed from “SUPERVISE &INVESTIGATE” > “Latest Events” in the menu bar of the Risk Analytics presentation service. As you could see in the screenshot below, ExternalTransfer rule has been matched. 


We have seen how to enforce a rule using Risk Analytics to authenticate a high amount external transfer with a PIN. You could try the transaction validation endpoint with another event type and see the authentication response from the trusted device. If you have any questions, feel free to reach us on the OneSpan Community Portal Forums.

OneSpan Developer: Intelligent Adaptive Authentication – Authenticator Assignment Endpoint

OneSpan Developer Community

Join the OneSpan Developer Community! Forums, blogs, documentation, SDK downloads, and more.

Join Today