# 10) Abstraction Rule Calculation for Fraud Prevention

This Blog entry is from the Getting Started in Jube section in Learn Jube.

An Abstraction Calculation compares one Abstraction Rule value to another using reasonably simple arithmetic. For example, it is useful to take two values, dividing one by another to create a more powerful ratio.

The page is available by navigating through the menu as Entity Models > Abstraction and Fitting >>> Abstraction Calculation:

Clicking the required entity model in the tree towards the left hand side exposes the page for creating a new Abstraction Calculation:

The parameters available to the page are described in the following table:

 Name Description This Example Abstraction Calculation Type The Abstraction Type as documented in the Abstraction Calculation Execution section of this document. For example Divide would cause a division of the Left hand Abstraction Rule Value by the Right hand Abstraction Rule Value. Divide Abstraction Left The name of the Abstraction Rule to occupy the Left hand side of the arithmetic. Refunds Sum Abstraction Right The name of the Abstraction Rule to occupy the Right hand side of the arithmetic. Total Sales Sum

Complete the Abstraction Calculation a per the above table and as below:

Click the Add button to create a version of the Abstraction Deviation:

Allow the model a couple of moments to syncronise and then post an Account Financial Transaction using the HTTP Post Tool:

It can be seen that a new element block has been created in the response detailing the Calculations. In this case, the Abstraction has been multiplied by itself to create a square, although it is more commonly used in the creation of ratios using Divide.

# 9) Abstraction Deviation for for Fraud Prevention using Account Financial Transactions.

This Blog entry is from the Getting Started in Jube section in Learn Jube.

An Abstraction Deviation compares an Abstraction Rule value calculated for a transaction in process with what typically is observed against previous Abstraction Rules stored in the cache.

The page is available by navigating through the menu as Entity Models > Abstraction and Fitting >>> Abstraction Deviation:

Clicking on the Example Fraud Prevention model in the tree towards the left hand side starts the process of adding an Abstraction Deviation:

The parameters available to the Abstraction Deviation page as detailed in the following table:

 Name Description This Example Abstraction Deviation Type The type of Abstraction Deviation to be calculated as documented in the Abstraction Deviation Rule Aggregation and Comparison section of this documentation. Z Score Abstraction The Abstraction Rule name to to compare across historic values and the current value. Velocity

Complete the page with the parameters that are set forth in the table above:

Clicking the Add button to create a version of the Abstraction Deviation:

Posting an Account Financial Transaction to the model:

It can be observed that a new element block called Deviation has been created which is comparing the current Abstraction with that of the history of that Abstraction.

# 8) Cross Model Abstraction Reference

This Blog entry is from the Getting Started in Jube section in Learn Jube.

The Cross Model Abstraction Page allows for the retrieval of Abstraction Rule values from other Entity Models. Cross Model Abstractions are a useful means of cross model communication alongside TTL Counters, which can also be incremented across models. A Cross Model Abstraction Value fetch is the process of retrieving the most current execution of a transaction in another model for that entity value. For example, if there are two models which share the same entity (e.g. an Account Identifier) yet they process inherently different data, the values created in Abstraction Rules in one model can be referenced in another model. Cross Model Abstraction Rules are one means of communicating between models with another possible means being TTL counters.

The page is available by navigating through the menu as Entity Models >>> Abstraction and Fitting > Cross Model Abstraction Reference. The page is presented as a tree objects for the purposes of administering a model child objects:

The general administration of this tree is as documented in the child object section of this documents, with the fields as defined follows:

 Name Description This Example Model The name of the model that the required Cross Model Abstraction belongs to. The model will be integrated for the most recent Abstraction Rule values for the last transaction for the Entity Key. Traffic Abstraction The Abstraction Rule to be returned from the most recent Abstraction for the Entity Key. Is_Windows

If following the Blog entries step by step, there exists only one Entity Model at this time, hence there would not be a Entity Model available. For the purposes of demonstration, a second model titled Account Non Monetary Events has been created. The second model processes audit events from customer accounts, such as change of address:

With the following Request XPath configuration example:

The IP is specified as a Search Key. A simple Abstraction Rule has been created in the new model, which counts up all events on an IP:

For completeness, a some events have been processed through the new Entity Model, but that is outside the scope of this Blog Entry however, the AccountID element as the same value as contained in the Account Financial Transaction messages taken from the formats document (Rich16).

Return to the Cross Model Abstraction Reference and create an entry as per the parameters set out in the table above and the following:

Click the Add button to create a version of this Cross Model Abstraction Rule:

On recalling the Account Financial Transactions XML Post, it can be see that an entry has been created reaching into the value created in the new model:

It can be seen that the Abstraction Rule has been returned and merged as if it were originating from the same entity model.

# 7) Abstraction for Fraud Prevention using Account Financial Transactions.

This Blog entry is from the Getting Started in Jube section in Learn Jube.

The In Model Abstraction Rules page is where rules are created for the aggregation of data available in the Cache. The Abstractions Rules functionality is one of the most intrinsic processes in the Entity Model processing being responsible for the creations of aggregate statistics based on the content of the cache of data retained for that model. The abstraction rules are grouped together by their search keys.

A search key is a value that will be used as a predicate in retrieval of data for the subsequent execution of Abstraction rules that use that search key. For example, if a transaction is being processed through a model, if an account identifier is configured to be a search key, a selection of all records in the model cache will be returned where that account identifier matches (put simply it will return all transactions for that customer account). Search keys are defined in the Request XPath definition and there can be many search keys - thus cache database queries - per transaction being executed through the model. The process is different when a Search Key is defined to be retrieved from a cache, as these values are pre-calculated by the Search Key Cache thread, documented extensively in its own right.

Firstly, Search Keys need to be set up, in this example IP, by revisiting the Request XPath page via Entity Models >>> References >>> Request XPath:

Expand on the mode tree on the left hand side to expose all Request XPath for this model, then click on IP:

For the Request XPath, click the checkbox titled Search Key:

With Search Key having been checked, click on the Update button towards the base of the page:

With a search key now being available, navigate through the menu as Entity Models >>> Abstraction and Fitting >>> In Model Abstraction. The page is presented as a tree objects for the purposes of administering a model child objects:

Click on the model towards the left hand side to add an Abstraction Rule:

The Page exists to create Abstraction Rules which are code fragments will will be compiled into the Jube Engine. Abstraction Rules accept data and TTL Counter objects and tests the code fragment for equality, returning a boolean flag to that effect. The Rule and Code Constructor Comprises the following:

 Name Description Data The fields created in the Request XPath page and Inline Scripts (if allocated). TTL Counters The TLL Counter and their current incremented values.

The page accepts the following parameters in the construction of Abstraction Rules:

 Name Description This Example Scope The scope whether the rule is to be executed on a list of records having been returned from the Cache or only upon the transaction currently being processed through the model. None would imply that the scope of the Abstraction Rule is only the current transaction being processed and if it matches, then a 1 will be returned, otherwise zero (keeping in mind that Neural Networks will seek to weight it, hence the numeric values). If Entity Search would imply that a retrieval from the Mongo Datbase need be taken place and the Abstraction Rule is going to be tested against each transaction returned. Entity Search Search Key The Search Key is the basis for several data retrievals to be made of the Mongo Database. For example, if a Search Key is specified to be an IP, then it would imply that a select is going to be made of the Mongo Database for all transaction matching on the IP of the current transaction thereafter applying the Abstraction Rule on each of the records to test for a match. IP Search Interval The Search Interval is the time threshold reaching back from the Reference Date for the transaction being processed whereby only transactions exceeding this threshold are eligible for matching. For example, if a Search Interval is configured for 1 Day (taking the Search Interval and Search Value together) then this would imply that only records greater than the Reference Date minus One Day is eligible. It is worthy of note that the Search Interval and Search Value are not used in the recall from the Mongo Database, that will still return everything matching on the key up to the fetch limit specified in the model definition. The Search Interval is taken together with the Search Value. d Search Value As Search Interval, with the Search value being comprising the length of time to reach back from the Reference Date. 1 Offset Type All data matching on a search key is retrieved from the cache. The Offset type helps to select data from a subset of these records. This can be helpful if analysis need be done only on the last x records, for example. In most cases it will be set to none. None Offset Interval The number of intervals to be offset by, for example the last x number of records returned from the cache. 3 Function Type The process of aggregating the matches is different from the process of testing and matching the Abstraction Rules itself. The process of aggregation takes place after all matching has take place and the transaction matches for the rule have been set aside. The Function Type is the aggregation type to take place and is extensively documented in the Abstraction Function Definitions of this document. For example, if a Sum function is specified, then the function will look to count up records using the Function Key field (e.g. Transaction Amount). Sum Function Key The Function Key is available only on certain Function Types and represents the fields inside the transaction that are to be used for aggregation. For example, if the Sum Function Type is specified and the Function Key is specified as the Transaction Amount, the aggregation will seek to create a Sum for all of the Transaction Amounts. In the case of a Count, no Function Key would be available, as the Function Type would seek to count up the matches only. CurrencyAmount

Complete the page with the parameters as prescribed above, setting a rule to match on everything:

Click the Add button to create a version of this Abstraction Rule:

Allow the platform a couple of moments to syncronise then post an Account Financial Transaction:

It can be seen that the sum of all events in the last day has been aggregated, and this will increase on each event. This value is available for subsequent rules.

# 6) TTL Counters for for Fraud Prevention using Account Financial Transactions.

This Blog entry is from the Getting Started in Jube section in Learn Jube.

Time to Live Counters are an alternative way to create model memory without needing to store the full transaction data in the Cache. TTL Counters are incremented as the result of an Activation Rule matching and are set to live for only a prescribed amount of time upon having been created. TTL Counters allow for a condition only counter, storing a lightweight counter entry and not the entire transaction picture. It follows that the storage of TTL Counters is substantially less than maintaining the cache.

Upon a TTL Counter Definition having been created it will be available in the Activation Rules page such that it can be incremented as a consequence of an Activation Rule matching.

The page is available by navigating through the menu as Entity Models >>> Abstraction and Fitting >>> TTL Counters. The page is presented as a tree objects for the purposes of administering a model child objects:

Click on the model tree entry towards the left hand side to add a new TTL Counter:

The fields available to this form are described in the following table:

 Name Description This Example TTL Counter Interval Type The amount of time before the TTL Counter is to be decremented upon a counter entry having been created and incrementing the counter. The TTL Counter Interval Type is taken together with the TTL Counter Interval Value. d TTL Counter Interval Value The amount of time before the TTL Counter is to be decremented upon a counter entry having been created and incrementing the counter. The TTL Counter Interval Type is taken together with the TTL Counter Interval Value. 1

Complete the page fields as set forth in the table above:

Click the add button to create a version of this TTL Counter:

Allow the platform a couple of moments to synchronise the configuration.

Mindful that a TTL Counter must be incremented by an Actvation Rule match, hence when recalled at this time would return zero, proceed to post the Account Financial Transaction XML:

It can be seen that TTL Counters are being recalled and aggregated and are available for subsequent rule processing.

# 5) Lists for Fraud Prevention using Account Financial Transactions.

This Blog entry is from the Getting Started in Jube section in Learn Jube.

The Lists Page is facilitates the creation of lists of data that can be referenced as an operator in all rules recalled in the Entity subsystem. For example, in Fraud, the Lists page can be used to maintain a list of bad customers which can be referenced using an 'is in list' or 'is not in list' operator in the Rule and Code Constructor. Lists are a good way to create Deny and Accept lists without having to embed large amounts of complexity into the Rule and Code Constrictor.

The page is available by navigating through the menu as Entity Models > References > Lists. The page is presented as a tree objects for the purposes of administering a model child objects:

To create a list, click on the Entity Model in the tree towards the left hand side:

Creating a list by the name of Bad_Customers:

Click the Add button to confirm creation of the List:

In the following example, the Bad_Customer list is now available for comparison in the Gateway Rule using the 'is in list' operator:

Upon creation of the List it can be seen that the child values of this list can be administered. The list values are maintained using a List control facilitating the addition, updating and removal of List Values:

To add a value to the list, a button is implemented titled 'Add Value':

Clicking the Add button will overlay a form and create a new entry in the List control:

Enter the required value, in this case a Bad Customer AccountID:

To commit the new value, click on the tick icon:

Or to cancel the creation of the Value click the opposing icon:

Upon the successful commit of the Value, it will appear in the List control:

To update a List Value, click on the pen icon for the list value to be updated:

Upon clicking the Pen icon, a form with a text box will be over lay:

Update the text box with the new value:

Commit by clicking on the Tick icon:

Or to cancel the creation of the Value click the opposing icon:

Upon the successful commit of the Value, it will appear updated in the List control:

To delete a List value entry, it is a simple matter of clicking on the Disk Icon next to the List Value targeted for deletion:

A confirmation of the delete will be sought:

Upon confirming the delete, it will be removed from the list of values:

# 4) Gateway Rules for Fraud Prevention using Account Financial Transactions.

This Blog entry is from the Getting Started in Jube section in Learn Jube.

In anticipation for this Blog entry, the all elements in the Account Financial Transactions XML document has been represented as a Request XPath:

All Request XPath has been configured as Response Payload hence will be returned in the HTTP response:

Gateway Rules are pre filtering and sampling to reduce the transaction traffic volume for the processing of intensive model functions. Transactions will only proceed to subsequent steps in model processing in the event that Gateway Rule matches. Upon a Gateway Rule matching, it will be tested against a random sample as another means to reduce the volume. The random sample at the Gateway Rule level is used quite often in Advertising Technology where there may be an abundance of advertising impressions available yet it is not practical to acquire all, hence processing need only take place upon a smaller yet representative sample.

The page is available by navigating through the menu as Entity Models > References > Gateway Rules. The page is presented as a tree objects for the purposes of administering a model child objects:

The Page exists to create Gateway Rules which are code fragments will will be compiled into the Jube Engine. Gateway Rules accept data objects and tests the code fragment for equality, returning a boolean flag to that effect. The Rule and Code Constructor Comprises the following data Objects:

 Name Description Data The fields created in the Request XPath page and Inline Scripts (if allocated).

To add a new Gateway rule, click on the Entity Model in the tree towards the left hand side:

The parameters for the Gateway Rule are described as follows:

 Name Description This Example Gateway Sample A percentage value, between 0 and 1, detailing the sample that should be allowed through to subsequent processing. The sample will only be taken in the event that the Rule returns as true. For example, if the Gateway Sample is set to .2, it would imply that only 20% of the matching transactions will be passed through for subsequent processing. It is extremely useful in Advertising Technology where there is an extremely large volume of impressions yet it is not practical for each impression to be acquired, hence a representative sample of the large universe is adequate. 1 (for 100%) Max Response Elevation Upon a Gateway Rule Matching, the Maximum Response Elevation is set such to provide some risk management to the magnitude of the response elevation. For example, if the Response Elevation is used to instruct a bid, the open end of this could be cause for alarm. This value is the largest response elevation that may be responded, with any values exceeding this value being truncated to this value. Keep in mind that there are similar limits at the model level also. 11.0000

Complete the parameters for the Gateway Rule as the aforementioned parameters and as below:

Only in the event that a Gateway rule matches will processing continue. If no Gateway rules match, the response message will simply be sent back upon termination of processing:

The the event that no subsequent processing has taken place, yet there is configuration in place, it is most likely that an event has failed to match upon a Gateway Rule.

# 3) Inline Scripts Allocation for Fraud Prevention using Account Financial Transactions.

This Blog entry is from the Getting Started in Jube section in Learn Jube.

The Entity Models inside Jube are quite extensible via the use of Inline Scripts, which are documented comprehensively in a separate section of this document. Inline Scipts once registered in the database are available for all Entity Models, however they must be registered in a model. The Inline Script page is to facilitate the linking of Inline Scripts registered in the Jube platform and this model.

The page is available by navigating through the menu as Entity Models > References > Inline Scripts. The page is presented as a tree objects for the purposes of administering a model child objects:

Add a new Inline Script by clicking an Entity Model entry in the tree towards the left hand side:

The parameters available to Inline Script allocation are described in the following table:

 Name Description This Example Inline Script The Inline Script to be invoked on each request being made to the Entity Model. Inline Scripts are documented extensively in another section of this documentation and this functionality serves to link that Inline Script with a model. In this example, the model has been linked with an Inline Script responsible for taking an IP address and looking up the geographic location of the IP address. IP

Complete the Inline Script page as the above table of parameters:

Click Add to create the first version of this Inline Script allocation in the Entity Model:

Allow the platform a few moments to syncronise the Inline Script Allocation across all of the nodes, then repeat the HTTP Post as described in previous Blog Entries using Account Financial Transactions.

Any properties that have been specified as Response Payload will be written out, more importantly all properties will be available for the creation of Gateway Rules, as dealt with in subsequent Blog entries.

# 2) Request XPath for Fraud Prevention using Account Financial Transactions.

This Blog entry is from the Getting Started in Jube section in Learn Jube.

In previous Blog Entries and Entity Model was configured to consume XML and extract some important parameters from the XML body (but it could also be JSON).

When a request is received from a HTTP Endpoint for a model it will have data contained within either the Querystring or more likely the POST body of the request. Depending on whether the Message Type has been configured to be XML or JSON will determine the parsing algorithm to be applied to it. Once parsed data can be extracted from using either XPath or JSON Path. The Request XPath page is where model fields are specified alongside their position in the POST Body or the Querystring. Various other parameters specifying how this field should be processed by the model are included also.

The page is available by navigating through the menu as Entity Models > References > Request XPath. The page is presented as a tree objects for the purposes of administering a model child objects:

The general administration of this tree is as documented in the child section of this Blog, with the fields as defined follows:

 Name Description This Example Priority The processing priority of the Request XPath which is useful if there are two fields of the same name, but looking at different elements in the payload. 0 Hash Entity Key Composite A flag that specifies the field to be used in composite with other fields flagged in the same way. During transaction processing all fields which are flagged as such will be concatenated together before being hashed using MD5. This hashed value will become, hence overwrite, the value extracted as per the model definition. It is useful in the absence of a guaranteed unique value in the transaction yet also where storage of the data (i.e. PII) has regulatory restriction. False Hash Entry Key Composite A flag that specifies the field to be used in composite with other fields flagged in the same way. During transaction processing all fields which are flagged as such will be concatenated together before being hashed using MD5. This hashed value will become, hence overwrite, the value extracted as per the model definition. It is useful in the absence of a guaranteed unique value in the transaction yet also where storage of the data (i.e. PII) has regulatory restriction. False Hash Entry Key Composite Sequence Reserved for future use. False Hash Entity Key Composite Sequence Reserved for future use. False Payload Location A switch that specifies the location of the data for this field. If Body is specified then the Xpath field will be targeted at the parsed POST body whereas if Querystring is specified the XPath field will expect only the name of the Querystring value. Body XPath Depending upon whether the Querystring of Body is targeted, the location of the data to be extracted. In the event that Querystring is specified as the Payload Location then it will require the name of that Querystring value. In the event that Body is specified as the Payload location then it will require XPath or JSON Path depending upon the Message Type. //IP XPath Expression An expression has special meaning in the XPath language and allows for calculations to be performed in XPath (for example creating an average of several fields). This flag specifies if the XPath is an expression rather than a selector, allowing it to deal with the slightly different return type. False Search Key If the field is flagged as a search key it allows the value extracted to be used to query the cache in the Abstraction Rule processing. For example, if a count of all transactions having taken place on an IP address are required, this would be flagged as a Search Key which would mean that during execution the value extracted in this process will be used as a predicate in a select from the Cache (i.e.All from Cache where Cache IP = This IP). False Cache For a Search Key to retrieve data for each transaction it can place significant load on the Mongo Database and Engine and is quite impractical if there might be extremely large amounts of data available for that Search Key (e.g. consider a Merchant with millions of transactions a day). A Search Key Cache defers the processing of these Search Keys to a background engine to process each of the possible Search Keys, saving the calculations off to a Cache, with that Cache being referenced real-time rather than the raw data. NA Cache Key Interval Type The Cache Key Interval Type is the date interval taken together with the Cache Key Interval Value which specifies how frequently the Cache Keys should be recalculated (but even then, it is only done on new data). NA Cache Key Interval Value The Cache Key Interval Value is the date interval taken together with the Cache Key Interval Type which specifies how frequently the Cache Keys should be recalculated (but even then, it is only done on new data). NA Cache Key Sample In order to reduce processing demand in the calculation of Search Keys, a representative sample can be specified to reduce the number of records brought back for each possible search key. All distinct search keys will be processed but only a sample of data for that search key value will be returned. In most cases a sizeable representative sample is perfectly adequate. NA Fetch Limit For each distinct search key value, the maximum number of transactions that can be returned from the Mongo Database for calculations to be performed. NA Cache Key TTL Interval Type The Cache Key TTL Interval Type is the date interval taken together with Cache Key TTL Interval Value and is how long a distinct Search Key, once calculated, should live before being purged from the Cache. NA Cache Key TTL Interval Value The Cache Key TTL Interval Value is the date interval taken together with Cache Key TTL Interval Type and is how long a distinct Search Key, once calculated, should live before being purged from the Cache. NA Data Type The data type of the data being extracted from the HTTP Request. The data type specified is important as it effects the types of predication that can take place in the rules. Possible values are: String: Text and General Data Integer: Numbers without any decimal places Float: Numbers with decimal places. Date: Date and Time. Boolean: True or False String Encrypt At Rest If the encrypt at rest flag is specified it means that the data for this field will be encrypted using an AES key stored in the Engines configuration file just prior to it being committed to the database. Upon retrieval of the data, the field will be decrypted such that its contents are available in memory. Please check with support that this option is enabled. False

To add a new Request XPath, click on the Entity Model recently created in the top of the tree to the left hand side:

Complete the fields with the value as set forth in the table above, being certain to set the Response Payload flag to ensure that the extract value is returned for testing:

Clicking Add to create the first version of the Request XPath for this Entity Model:

Allow the platform a few moments to syncronise the new Request XPath across all of the nodes, then repeat the HTTP Post as described in previous Blog Entries using Account Financial Transactions.

Notice how the IP is present in the response payload which would indicate that the IP was extracted from the request, processed and then included in the response payload.

This Blog entry should be repeated for each element required in processing and available in the XML POST.

In the event that the request payload if of JSON format, the approach would be the same except in place of XPath, JSON path would be used.

# 1) Creating an Entity Model for Fraud Prevention using Account Financial Transactions.

This Blog entry is from the Getting Started in Jube section in Learn Jube.

In this Blog entry an Entity model will be created to consume the Account Financial Transactions format with the objective of creating a fraud management platform.

Before proceeding with this Blog post, review the XML for the Account Financial Transaction in the formats document available at:

It can be seen that the XML is comprised of many elements that make up a financial transaction such as Amount, Location, Authentication Type etc. These elements can be added to in subsequent procedures and most will not be absolutely required:

Before embarking on this procedure, be sure to have read the Blog entries on messaging and integration and how to use the Postman page in Jube.

Fraud Prevention would be an Entity Model as it is classification rather than numeric prediction, in so far as the goal of the model is to classify a transaction as being either fraudulent of genuine.

Start by navigating to Entity Models >>> Entity Models

The Entity Models screen is where a model is first defined and allocated an EntityAnalysisModelGUID for model recall. Start by clicking on the Add button to expose the models basic parameters:

The parameters required for the creation of a new Entity Model will be displayed:

The tables as follows gives an introduction to each parameter available in Entity Model creation, excluding those explained in the Blog entries dealing with general user interface concepts: