This topic describes how to create a policy.
Background information
Introduction to a policy: A policy is an orchestrated computing logic. When a request is received, the decision engine checks the request based on your preset policy. If the policy is hit, the results that are generated by running the policy are returned.
Scenarios: If complex computing logic is required, you can configure a policy with a set of rules. For example, if you want to recognize high-risk borrowers during loan approval, you can check whether the mobile numbers, email addresses, and accounts of borrowers are included in a blacklist. If the mobile number, email address, or account of a borrower is included in the blacklist, the borrower is considered high-risk. You can configure a policy to implement the preceding logic.
Procedure
You must create an event to configure a policy. For more information, see Create an event.
Log on to the Fraud Detection console.
In the left-side navigation pane, choose Decision Engine > Policy Center > Policy Management.
On the Policy Center page, click Create Policy.
Configure the basic information, including the policy name and policy description.
Configure the Associated Event, Policy Name, and Policy Description parameters.
Variables are associated with events. Misoperations on events may cause variables to become unavailable, which affects policy computing. To prevent misoperations, the system does not allow you to modify the associated event of a policy after the policy is created.
Configure the computing logic of the policy
The following list describes the parameters and configuration modules in the computing logic configuration section.
Rule Name: Optional. We recommend that you specify a name that can reflect the logic to help you understand the rule.
Left variable: You can select an event field, device variable, custom variable, system variable, or intermediate variable. If you select an event field, you can select a function to compute the event field.
Operator: You can select an operator to check the value of the left variable. The system provides operators based on the data type of the left variable. For example, if the left variable is a
string, operators are unavailable. The operators include Greater than, Less than, and Equal to.Right variable: After you select the left variable and operator, you can enter a constant or variable as the right variable.
If you select an event field, you can select a function to compute the event field. For example, you can select a function to convert the values of the email field into lowercase.
To configure more rules, click Add Rule. You can also copy and modify a rule to create a rule that has similar logic.
Preview the computing logic of the policy
To orchestrate the logic, you can use the sequence numbers of rules, such as 1, 2, and 3, and the following logical operators: vertical bar (|), ampersand (&), and parentheses (). The vertical bar (|) indicates OR, and the ampersand (&) indicates AND. After you complete the orchestration, click View Rules Tree to preview the computing logic. The system displays the names of rules based on their sequence numbers. If you have not specified a name for a rule, the system displays the sequence number of the rule.
To prevent logic chaos caused by multiple negation, the NOT operator exclamation point (!) is not supported. To perform the NOT operation, change the operator to the opposite operator for the rule. For example, change null to Not null.
Configure policy output
The policy output indicates the content returned by the decision engine when a policy is hit. The policy output includes the tags, score, intermediate variables, and output variables.
Tags: We recommend that you specify an output tag that is easy to understand, such as
highRiskorpass. Separate multiple tags with commas (,). If multiple policies that are associated with an event use the same output tag, the decision engine removes duplicate tags to return unique tags.Score: The score is an integer that ranges from -1000 to 1000. If a policy is hit, the policy score is added to the event score. The event score is the sum of the scores of all hit policies that are associated with the event.
Intermediate variable: Intermediate variables are process variables that are used during policy computing. When a policy that has intermediate variables is hit, the intermediate variables are computed or returned based on the specified logic. Intermediate variables can be used in other policies that are associated with the same event.
Output Variable: In addition to the score and tags, you can configure custom output variables. For example, you can configure input parameters and intermediate variables. When the policy is hit, the custom output variables are returned in the policy output.
Decision: You can select Reject, Pending, Pass from the drop-down list. If you do not select a value, the parameter is left empty. If you configure the parameter, the
finalDecisionoutput field is added in API operations.
The final output is overwritten based on the following priorities: Reject, Pending, Pass.
Verify the policy
The policy status includes Draft, Test, and Run. We recommend that you set a policy to the Test state to ensure that the policy can run as expected before you set the policy to the Run state. This can help reduce risks caused by misoperations. The following table describes the status of a policy.
Status | Save | Execution | Output |
Draft | ✓ | × | × |
Test | ✓ | ✓ | × |
Run | ✓ | ✓ | ✓ |
To publish a policy, perform the following steps:
Change the status of the policy: The first time you save a policy, the policy is in the Draft state by default. You can click Run and Test to change the status of the policy.
Wait until the policy takes effect: After the status of the policy is modified, the policy takes effect within 2 minutes.
