Real-time Rules
Note: This is a Premium feature.
Unit21 offers a real-time event monitoring solution to automatically approve, decline, or hold transactions in the payment authorization loop.
Agents can leverage this solution via an intuitive dropdown builder that allows them to create, activate, and modify real-time rules without any engineering intervention. All rule evaluations are automatically logged at the event level, and rules can also be configured to generate alerts within seconds of rule evaluation.
Real-time rules can be found on the Detection Models page and can be viewed, duplicated, and archived in the same way as Scenario Models and Dynamic Models. However, real-time rules only run on events sent to a specific Unit21 endpoint; for more information, please take a look at our API Reference guide on Real-time Rules.
Supported Rules
Transaction Property Rules
Agents can configure whether properties on a transaction match certain conditions. Examples include:
- If a transaction is over $100K
- If the sender entity and receiver entity on a transaction are the same
- If a transaction has a status of failed and is being sent by an entity with a high risk score
Action Property Rules
Agents can configure whether an action matches certain conditions. Examples include:
- Password changes from high-risk IP addresses
- Login attempts from high-risk IP addresses
Matchlist Rules
Agents can use dynamically modifiable matchlists in rules. Examples include:
- If a transaction originated from a known bad IP address
- If the sender entity on a transaction is from a high-risk country
Historical Deviation Rules
Agents can configure whether transactions deviate from historical behavior, either by a certain percentage or absolutely. Examples include:
- If a transaction is greater than the average transaction amount over the last week
- If a transaction is greater than 200% of the average transaction amount over the last month
Running Real-time Rules
To run real-time rules on events, events must be sent to a specific Unit21 endpoint, as per the API Reference guide on Real-time Rules.
Rule evaluations will result in PASS
, FAIL
or ERROR
API responses and will be automatically logged at the event level. For ERROR
API responses associated with missing data, a short explanation of what caused the error will also be provided.
Rule evaluations resulting in a FAIL
response can be configured to generate real-time alerts during rule creation or after activation from the Rule Details page.
Validating Real-time Rules
When creating real-time rules, a validation phase will occur before they become live. In this phase, rules can be validated based on previous event data, and relevant changes and optimization can be made before the rule goes live.
Performance of Real-time Rules
Real-time rules have a p99 response time of under 250 ms. Real-time alerts are generated within seconds of rule evaluation.
Limitations of Real-time Rules
By default, each customer is limited to 30 real-time rules per event subtype.
There is an average ingestion delay of 40 minutes that affects the calculation of averages and the ability to reference non-event level information. Consequently, we suggest that any information that cannot be ingested in advance be sent in as custom data on the transaction so that it can be evaluated in real-time.
Updated 3 months ago