专业剑 : ms-fraud-management

服务描述

负责反欺诈管理的服务，包括验证用户的IP，设备信息，loginlD信息，国家地区，APP。

ms-fraud-surveillance 欺诈监控服务。

AFMS Anti Fraud M Service

主要API

/settings

/risk-score/retrieve

根据请求参数的短token和token type hint，校验该短token是否有效。

流程

主要业务流程

步骤1： MFE(web/mb) -> ms-fraud-management/settings

pass functionCode, return isEnable (true or false) and orgID.

某些场景下，该步骤可能忽略，因为functionCode和orgID属于固定配置。

步骤2：  MFE → AFMS

if isEnable=true, MFE(web/mb) pass deviceld, generated afms_session_ID and orglD -> AFMS

request header with origin IP, AFMS store deviceld, afms_session_ID and orglD.

该步骤不能忽略，因为AFMS需要登记afms_session_ID等，afms_session_ID属于transaction level.

MFE通过JS，mobile通过SDK创建afms_session_ID。

步骤3：  MFE → ms-fund-transfer → ms-fraud-management/risk-score/retrieve → AFMS

MFE(web/mb) -> ms-fund-transfer with afms_session_ID -> ms-fraud-management/risk-score/retrieve with afms_session_ID, origin IP -> AFMS(session_ID)

return reason_cd and review_status.

PASS: pass

REVIEW: retrieve db, if review_status= review and func_cd and reason_cd 交集不为空, then pass and email customer.

如果交集为空，then pass.

REJECT: retrieve db, review_status= reject and func_cd and reason_cd  交集不为空, then reject and  email customer and bank side call center.

如果交集为空，then pass.

if AFMS response review_status = pass, will return pass, if AFMS response review_status = pass.

if AFMS response review_status = review, and AFMS response reason_cd contains the reason_cd configured in table anti_malware_dti, will return pass, and send alert notification to customer.

if AFMS response review_status = reject, and AFMs response reason_cd contains the reason_cd configured in table anti_malware_dti, will return block, and send alert notification to customer and internal call center.

AFMS Resp review_status = "reject" but the reason_cd did not include the ms db configuration "RC1305", so ms-fraud-management return pass.

AFMS reject 的原因有哪些？

rc6310 Blacklisted IP

rc5309 Sanctioned Jurisdiction 受制裁的司法管辖区

rc1305 Financial Malware 财务恶意软件

rc4308 Jailbroken/Rooted 越狱/获得根权限

rc3307 Blacklisted Device 黑名单中的设备

rc2306 New Device 新设备 （和上次设备不一样）

rc1000 Sanctioned Countries 受制裁国家

AFMS对用户的IP，设备信息，loginlD信息，国家地区，APP进行校验。

数据依赖和同步

1. /v1/v2接口 passthrough mode -> SOA -> INB, inb db

2. /v4 standalone mode with toggle (on in Prod) -> USP inb db.

3. ms-fraud-mgn batch jobb sync up inb db to ms db fn status every Fri.

Dependency

1. Some upstream invoke v1/v2 still.

2. inb db datastill update still.

主要架构设计方案

主要数据库设计

token

token信息表，包括token取值，channel，group，用户ID，是否撤销，撤销原因。

遇到的问题和解决方案

优缺点和改进方案分析，业界对比