Managing Knowledge-Based Authentication 7-5 question from category D. This continues in a round robin fashion as needed. If there are any categories with an insufficient number of questions or an insufficient number of categories duplicate questions can result. The following is an example of a configuration to avoid: ■ Number of questions user registers: 3 The number of questions that a user must register. The new user registration should display the same number of question menus as the number of questions that a user must register. ■ Number of questions per menu: 5 The number of questions that appear on each menu. The new user registration should display the same number of questions in each menu as the number of categories for each menu. The total number of questions from all the menus number of questions multiplied by the questions in each menu cannot exceed the total number of questions available in the database. ■ Number of categories per menu: 5 The number of categories per menu. The new user registration should display the same number of categories for each menu as the number of questions in each menu. The Question Set is the fixed set of questions that is allotted to the user. This set is allotted at random and once for the user. This is to avoid the user from discovering all the questions. In the example, fifteen or more categories are required, each with at least one question enabled. But if there are fewer than 15 categories and one of these categories has only one question enabled, some Question Sets have that question twice. The algorithm tries to use as many available categories as possible. For example to generate a Question Set with: ■ 3 menus ■ 5 questions per menu ■ 5 categories per menu The algorithm tries to pick one question each from 15 categories if 15 categories are available. The minimum number of questions per category should be equal to the number of questions in the Question Set divided by the total number of categories. Pre-requisite for Configuring Registration Logic for Locales The deployment administrator must ensure that there are enough questions in the database for each of the supported locale as configured in OAAM Admin during deployment; otherwise, the application displays only the English language questions during registration. The number of locale-specific questions must be equal to or greater than the Questions User Will Register multiplied by the Questions per Menu multiplied by the Categories per Menu.

7.1.8 Answer Logic

Answer Logic checks to see if the answer provided by the user matches closely to the ones provided during registration. 7-6 Oracle Fusion Middleware Administrators Guide for Oracle Adaptive Access Manager Answer Logic is made up of advanced matching algorithms used by the system to intelligently detect the correct answers in the challenge response process. The algorithms and the levels of logic are factors in evaluating answers. Errors can be caused by simple input errors such as fat fingering, extra characters, misspellings, and so on. Common misspellings and abbreviations for example can be accepted if the basic information of the answer is correct. The following algorithms are available and can be configured for your requirements: ■ Phonetics ■ Missing characters ■ Extra characters ■ Common misspellings ■ Common abbreviations ■ Common acronyms ■ Keyboard fat fingering ■ Common nicknames ■ Regional spelling differences ■ Date Format The Answer Logic algorithms can be enabled or disabled and the intensity or strength of some algorithms the level of Answer Logic used to evaluate answers given for challenge questions can also be configured. For example, high risk transactions such as wire transfers may require a high degree of certainty i.e. exact match whereas accessing personal, non-sensitive information may require a lower degree of response certainty. Answer Logic algorithms are available for both the online challenge and CSR phone challenge processes. Online settings are applied for answers the user provided online using the application. Phone challenge settings are applied for answers provided by users over the phone and entered by the CSR. The online challenge and CSR phone challenge Answer Logic are completely independent of each other. They can be configured separately. For example, you can set the online challenge logic strength to high and the CSR phone challenge logic strength to low. For the CSR phone challenge logic strength, you may have provided more margin for error, because CSRs are listening to the answers over the phone and entering the answers.

7.1.9 Validations

Validations are used to validate the answers given by a user at the time of registration. Validations can be at the local level, to associated with each individual question, or at the global level, to be applied to all the questions presented to the user. There are no automated validations to ensure that question specific validations and global validations do not conflict. Administrators must take care not to configure the same validations for local and global. For example, validation for a question should not be set to numeric only if the alpha only is set as a global validation.