[WIP] feat: add optional 'ageTiers' for granular risk assessment#81
Open
yyeAduna wants to merge 2 commits intocamaraproject:mainfrom
Open
[WIP] feat: add optional 'ageTiers' for granular risk assessment#81yyeAduna wants to merge 2 commits intocamaraproject:mainfrom
yyeAduna wants to merge 2 commits intocamaraproject:mainfrom
Conversation
Introduce an optional input parameter ageTiers (list of integers) that enables a "Tiered Response" mode, where the highest tier is the maxAge.
[WIP] feat: add optional 'ageTiers' for granular risk assessment
yyeAduna
requested review from
bigludo7,
jgarciahospital and
krishvenkatachalam
as code owners
Collaborator
|
Thanks @yyeAduna let discuss your proposal in next Number Insights meeting next week! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Introduce an optional input parameter ageTiers (list of integers) that enables a "Tiered Response" mode, where the highest tier is the maxAge.
What type of PR is this?
enhancement/feature
What this PR does / why we need it:
Introduces an additive, optional mechanism to query device swap "recency tiers" without exposing exact timestamps.
Current consumers of the API (e.g., banks) often need more granular signals to assess account-takeover risk alongside their own data for their ML based risk engine. A simple boolean result (True/False) is form of lossy compression and doesn’t provide enough detail, while returning the underlying event date/time isn’t feasible due to strict privacy requirements (e.g., GDPR) and operator restrictions.
Also due to privacy and security reasons, a bank won't want to leak the value/risk of their customer's operation or disclose their internal risk policies to third party by using different maxAge for each individual transactions. The standard age-tier approach will help to protect bank customers' privacy and bank's corporate security.
Solution:
Adds ageTiers (Request): An optional list of integer buckets (e.g., [1, 4, 24]).
Adds tierIndex (Response): An optional integer indicating which bucket the swap falls into.
Which issue(s) this PR fixes:
Fixes #80
Special notes for reviewers:
Backward Compatibility Analysis: This change is strictly additive.
The maxAge parameter remains required and continues to drive the standard swapped boolean logic.
If ageTiers is omitted by the client (legacy behavior), the API behaves exactly as the current v1.0.0 spec, and tierIndex is not returned.
Privacy Impact: This improvement enhances privacy by allowing operators to share risk granularity without revealing the exact time of the swap (PII).Also allow the banks (Clients) take full advantage of the function without revealing the value/risk of customer's bank transactions/operations.