Which parameters are compulsory and which are optional in MFP Risk Calculation?

Document ID : KB000100874
Last Modified Date : 12/06/2018
Show Technical Document Details
Introduction:

Machine FingerPrint (MFP)

Machine FingerPrint (also referred to as Device fingerprinting or PC fingerprinting in industry terms) represents the browser information and device identification attributes. These attributes include operating system, installed software applications, screen display settings, multimedia components, and other attributes. The attributes are gathered from the end users system and are analyzed to generate a device risk profile in realtime. Some of the attributes that are collected from the end user\xE2\x80\x99s device include:

  • Browser information (such as name, UserAgent, major version, minor version, JavaScript version, HTTP headers)
  • Operating system name and version
  • Screen settings (such as height, width, color depth)
  • System information (such as time zone, language, system locale)

For every transaction performed by the end user, CA Risk Authentication matches the corresponding MFP stored in its database with the incoming information. If this match percentage (%) is equal to or more than the value specified for the Device-MFP Match rule in Administration Console, then it is considered "safe".

Question:
Which parameters are compulsory and which are optional in MFP Risk Calculation?
Environment:
CA Risk Authentication (CA RiskMinder or Arcot Riskfort)
Answer:
There are some mandatory parameters that are required always in the MFP. If for some reason that mandatory parameter is not present in the incoming request, the MFPMISMATCH rule will trigger, it does not matter what percentage of MFP is matched.

Whether the MFP parameter is mandatory, this is controlled through tables ARRFBUCKETCONFIG and ARRFBUCKETELEMENTCONFIG, there is a column called ISMANDATORY which is a Boolean value and if set to 1 then that parameter is Mandatory for MFP matching. 

There should not be any issue in changing that mandatory parameter check, but this is not suggested without proper test and evaluation.