Hi all,
Can we kindly discuss how CA Risk Authentication perform device id comparison?
We have discovered something odd in regard to the comparison.
A customer was allowed to access our web application as they are already associated to their devices.
However, when trying to perform certain actions they were denied by Risk Authentication.
The deny occurred as we have a rule similar to the maturity rule that looks at the association age of the user and device.
During this comparison, it has come to our attention that the device id that the customer is using does not exist on our Production database. It however does exist on our UAT environment.
This may have been caused during testing, as our UAT and Production channel names are the same.
I ran an investigation to try make sense of all of this, and it has come to my attention that Risk Authentication does not compare the device id string. It does however search and compare the device sequence id.
If the device sequence id exists on the customer association table, the customer will be allowed to transact. Regardless of the device id string mismatch.sudaw01@