Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Advanced use cases

Integrating BehavioSec SDK at Host Application

search

Please Note:

Integrating BehavioSec SDK at Host Application

Description

BehavioSec SDK is a layer in the security process to authenticate users based on their behaviors using sophisticated data collection without interrupting the user experience. It enables passive verification and makes it even more difficult for bad actors to mimic or compromise the security of the interaction.

BehavioSec SDK is part of a multilayered fraud analysis system. It adds dynamic behavior parameters to provide better decision intelligence and continuous protection for customers and their users. It does this by gathering and analyzing static contextual parameters and generates a risk score based on how similar the user’s behavior is to the stored profile.

BehavioSec signal group in OIP Risk Management SDK uses BehavioSec SDK internally to get the behavior signals. It enables the collection of timing summary signals generated from user’s behavior. This is one of the important signals along with all other signals collected in OIP Risk Management SDK for risk assessment by Risk Engine backend.

Integration

There are some mandatory steps to perform to enable the BehavioSec signal group signal collection in OIP Risk Management SDK using BehavioSec SDK.

Refer to the following BehavioSec websites for a detailed step-by-step integration at the application:

On Andoid

For BehavioSec signal group signal on Android, refer to https://developer.behaviosec.com/dw/android_sdk for more information.

Note

IFP SDK on Android still uses Integration API V1.10.0.

Since IFP SDK V2.7.0, Application build.gradleand ProGuard rules may be updated to include more signals shown as follows.

Note

The BehavioSec SDK embedded in IFP SDK will work even if certain (or all) dependencies are not included in your app. 

//Play Services for Activity Recognition
implementation 'com.google.android.gms:play-services-location:18.0.0'

//SafetyNet for list of harmful apps
implementation 'com.google.android.gms:play-services-safetynet:17.0.0'

//RootBeer lib for root detection
implementation 'com.scottyab:rootbeer-lib:0.0.8'



-keep public class com.scottytab.** { *; }
-keep public class com.google.android.gms.** { *; }

On iOS

For BehavioSec signal group signal on iOS, refer to https://developer.behaviosec.com/dw/ios_sdk for more information.

Note

IFP SDK on iOS still uses Integration API V2.1.1.

Integration of hybrid apps having webview instance

When the application lives inside a WebView (instance of a browser webkit object), best results are accomplished by passing data between the native layer and the WebView. There are many ways to do this, but the principle is the same. Set up a callback to the native layer from within the WebView application.

For more information, refer to https://developer.behaviosec.com/dw/sdk_integration#hybrid_apps_for_android_and_ios

Warning

In the case of a complex transaction where the size of user input data through keypad is significantly large, you may increase the data size of “timing” to collect signal in BehavioSec Signal group which exceed 70KB. As a result, OIP Risk Management SDK may get a "403 - Forbidden error" from the Risk Engine backend server due to size limitation.

Note

  • In general, it is not recommended to send very large transaction data in order to avoid any latency at the Risk Engine server. BehavioSec SDK is capable in training the system to using fewer number of fields in any transaction screen.

  • All the links mentioned in this section require valid login credentials to the BehavioSec website. Please contact Thales for more information about the credentials. As BehavioSec SDK is added to OIP Risk Management SDK, the host does not have to add this as a dependency at the application.

On this page