ramiletus / fraud-detection

Mozilla Public License 2.0
1 stars 0 forks source link

Integrate with 3rd party platforms #10

Open jemacineiras opened 3 months ago

jemacineiras commented 3 months ago

As a Product Owner I want a way to enable or disable integration with 3rd party systems like Mobile Identity Certification or Risk Score in order to add more information to the Fraud detection logic. Those services should be integrating in a way we only should obtain a Positive/Negative answer or a percentage of risk (if that is the case). Technical issues should be linked here in order to track the evolution of this story.

ramiletus commented 2 months ago

I think it would be a good idea to integrate the CAMARA Project APIs. It is an iniciative from the Linux Foundation to create standard APIs for the companies to use, in order to offer common anti-fraud endpoints among different telco operators.

Also, MultiAPI is a Maven plugin that allows the automatic creation of calling and/or callable classes for AsyncApi and OpenAPI "yaml-defined" APIs.

CAMARA APIs are offered in the aforementioned specification.

Device Location API would be a good first start.

ramiletus commented 2 months ago

It is important to highlight that the proposal for managing consent regarding the processing of data, which is necessary to use these APIs, is well documented in some of CAMARA's code repositories. For a real use case for a client, it is essential to ensure the capture of the mentioned consent, which, according to the documentation, should be specific for each purpose for which the user data is used (in practice, one purpose per API).

ramiletus commented 2 months ago

Until the implementation of this task, the isFraud property of a Transaction was a boolean attribute. It will become now an integer indicating a kind of probability percentage of the transaction being fraudulent, with a minimum value of 0 and a maximum of 99. The idea is that this attribute can accumulate a fraud score as third-party APIs or internal fraud detection services are consumed.

ramiletus commented 2 months ago

I am using @ConditionalOnProperty tag on the component class DeviceLocationVerificationService so a property can be defined to load or not the location verification API.

Tests have to be changed by mocking this Bean, since the real connection with the location verificaion service providers is not yet configured. I am using Mockito to simulate a real call.

Consider this: for a real deployment of the app, it would be needed to replicate many clients as operators can be accesed. This may imply multiplicating the location-service.yaml file, configuring each duplciate with the proper URL corresponding to the given operator. This way, MultiAPI will generate for us the possible clients, and later we will be able to select a proper telco client depending on the Operator from the Device object, or the proper Internet Service Provider depending on the IP. Futhermore, the CAMARA project is under development and requires the collaboration of telecom operators to offer the services included in the specific APIs. According to my research, many of these operators require registration of API consumers, and some also charge for their use. For now, the fraud detection application is only responsible for preparing the consumption of CAMARA APIs and their configuration, but not for their actual consumption (which would require formal contact with the operators whose services we wish to utilize).

ramiletus commented 2 months ago

Tests have to be changed by mocking this Bean, since the real connection with the location verificaion service providers is not yet configured. I am using Mockito to simulate a real call.

No concrete tests are added, but the given are updated.