Investigation Using Agent Cases 5-5

2. Click Search.

If multitenancy is enabled, search results display all the cases whose users belong to the organizations that the CSR has access to if they match the search criteria. User less cases are part of the result set if the case owners Organization ID is on the agents access permission list and the case matches the search criteria. Searching for Overdue Cases By default Escalated and Agent cases expire after 24 hours and become overdue. The overdue flag is then set. When Investigators access the case, the expiration date is reset. To search for overdue Agent cases, select Shown Only Expired as the Expired filter. The cases with dates and time in red in the Expiration Column are overdue cases. Disposition To filter cases by dispositions, you can select: ■ Confirmed Fraud ■ Duplicate ■ False Negative ■ False Positive ■ Issue Pending ■ Issue Resolved ■ Not Fraud The disposition describes the way in which the issue was resolved in a case. Cases only have dispositions when they are closed. If a case has any status besides closed, the disposition is left blank. Last Action Search based on the last action that was taken in case. Notes Search for cases that contain specific keywords in their log. For example, if you search for all Agent type cases that contain the word chargeback, a case with a note that contains The device used seems to be related to a number of chargebacks would return in the list of cases. Created by Search by user name of the agent who created the case. Current Owner Search by user name of the agent who is working on this case currently who performed the last action Table 5–3 Cont. Search Filters Filter Description 5-6 Oracle Fusion Middleware Administrators Guide for Oracle Adaptive Access Manager Figure 5–1 Overdue Cases

5.5 Viewing, Editing, and Creating Cases

Procedures to view, edit, and create are listed below.

5.5.1 Viewing a List of Cases

From the Cases Search page, enter filter criteria and click Search. The Search Results table displays the list of cases you filtered for.

5.5.2 Viewing a List Cases You are Currently Working On

From the Cases Search page, enter your user name in the Current Owner field to locate cases that you are currently working on and click Search. The Search Results table displays the list of cases you are currently working on.

5.5.3 Viewing Agent Case Details

The Agent Case Details page is opened when you create a case successfully. You can also open the Agent Case Details from the Search results for cases that belong to any user belonging to a group you have access to or cases that are associated with your Organization ID. Agent and Escalated cases contain the following tabs: ■ Summary - Lists the details about the case Note: You can only open one case at a time. An error occurs if you try to open more than one case. Investigation Using Agent Cases 5-7 ■ Linked Sessions - Lists the sessions linked to the case ■ Logs - Lists the case action logs The Summary tab shows the case detail and if the case is an Escalated case then it shows the details of the user associated with the case. Agent cases that are user less show a User Details section.

5.5.3.1 Summary Tab

The Summary tab shows the case details for Agent cases. If the Agent case is an Escalated case, it also shows the detail of the user associated with the case.

5.5.3.1.1 Case Details The following information is displayed in Case Details.

Table 5–4 Case Details Details Description Organization ID The Organization ID of the case. Case Created The date when the Agent Case was created Case Status The case status is Pending when the Agent Case is created manually and New when an Agent Cases is created automatically with Configurable Action and changes to Pending once the case is accessed. The case status is Escalated for Escalated cases and changes to Pending when the agent accesses this case. Case status is changed when accessed by various administrators. Severity Level The severity level is set by the user who creates the case and used as a marker to communicate to users how severe the case is. Anyone can change the severity of cases Case Type Agent, CSR or Escalated Escalated cases cannot be created Case Number Unique Case ID Disposition When a case is closed the disposition describes the way in which the issue was resolved. Cases only have dispositions when they are closed. If a case has any status besides closed, the disposition is blank. Expiration Date Agent cases and Escalated cases have a default expiration date of 24 hours from the date of creation. If the case has not been accessed before the expiration date, it has the status of Overdue. Each time you access the case, the expiration date of the Agent case or Escalated Case is reset to a new value; by default the date is reset to 24 hours from the date of accessing the case. The length of time before a case expires is configurable. Refer to Section 5.10, Configuring ExpiryOverdue Behavior for Agent Cases for details for configuring the expiry behavior. Overdue If the case has not been accessed before the expiration date, the overdue flag is set to allow managers to see that the cases require attention. For example, if Agent cases are set to expire in 24 hours, then the flag is set to overdue if a case has not been accessed in more than 24 hours. When Investigators access the case, the overdue date is not affected. When they perform actions, the overdue is reset. The overdue behavior is configurable. Refer to Section 5.10, Configuring ExpiryOverdue Behavior for Agent Cases for details Description The details for the case. A description is required. Last Case Action The last action performed in the Escalated or Agent case. There are no user details in Agent cases. Date of Last Case Action The date when last action occurred. Last Global Case Action For an Agent case that is not created from an escalated CSR case, the last global case action field is always empty. For an Agent case associated to a user escalated case, the last global case action is the last case action performed by the user associated with the Agent case. The case action could be performed on any case CSRAgent 5-8 Oracle Fusion Middleware Administrators Guide for Oracle Adaptive Access Manager

5.5.3.1.2 User Data The following information is displayed in User Data for Escalated

cases.

5.5.3.2 Linked Sessions

The Linked Sessions tab displays all of the sessions that you linked for the case you are investigating. The tab also displays information such as the date at which it was linked and any notes provided at the time of linking. You can link any number of sessions as you think might be connected to an investigation by clicking the Link Sessions icon, which opens a Sessions search page. You can unlink one or more sessions already linked to this case.

5.5.3.2.1 Logs Tab in the Linked Sessions The Logs Tab displays all the actions, date of

action, and User IDs that were used for the action and notes. Date of Last Global Case Action The last action performed against the user online. Current Owner Name of agent who is working on this case currently Created By This displays the name of the agent who created the case. If the case was created by a configurable action Created by displays dynamic. Table 5–5 User Data Data Description User Name User for whom case is created User ID Auto generated? Organization ID The identifier of the application. In a multitenant deployment, CSRs only have access to cases limited to their primary Application ID. CSR Managers and Investigators can access cases from multiple applications Last Online Action The last action that user executed. For example, the Answered challenge question field show Challenge Question or if user is blocked, Block. Date of Last Online Action Date when last online action was executed. Temporary Allow Expiration Date When a temporary allow is enabled. This field shows you when it expires. If temporary allow is 7 days, the expiry date is a week from today. Temporary Allow Active If temporary allow is active, this field shows Yes, otherwise the field shows No. OTP Bypass Active Similar to temporary allow but OTP challenges are ignored instead of blocks OTP Bypass Expiration Date Date and time OTP Bypass is no longer be active Completed Registration If a user completed registration, this field shows Yes; otherwise it shows No. To be registered, a user may need to complete all of the following tasks: personalization image and phrase, registering KBA questionsanswers, and providing emailcell phone contact information. Questions Active If user completed registration, but questions were reset, and he did not go back to register new ones, this field displays No. This field shows Yes if the user completed registration and questions exist that can be used to challenge him. OTP Delivery method active User has either email or cell phone registered for the OTP challenge Personalization Active When an image, a phrase and questions are active for the user, this field displays, Yes. If anyone of these are reset, this field displays No. Table 5–4 Cont. Case Details Details Description Investigation Using Agent Cases 5-9

5.5.3.3 Logs

The logs sections to show the logs of action performed on the case. The search filters are as follows:

5.5.4 Creating Agent Cases

Agent cases can be created in one of three ways: ■ Manually ■ Automatically ■ CSR Escalation

5.5.5 Creating an Agent Case Manually

A new Agent case is created when a suspicious activity or fraud scenario is detected and needs investigation. Only an Investigator can create an Agent type case directly. No user information is shown or required for the creation of an Agent type case. The only required inputs to create an Agent case are Organization ID, severity, and description. To create a new user less Agent case:

1. In the Cases Search page, click New Case.

The Create Case dialog appears with Agent specified as the Case Type because the system already knows from the login that an Investigator is creating this case.

2. Enter the Organization ID you are creating the case for.

A list of Organization IDs for which you have access to is provided. From the list you can select one Organization ID. Later, you can create a case for a different Organization ID if you need to.

3. Select a severity level from the Severity Level list

The available severity levels are High, Medium, and Low. 4. Enter a description of the case in the Description text box, or select descriptions from the Description list, or do both. Table 5–6 Log Search Filters Filters Description Notes Keyword Keyword from Canned Notes ARM ID CSR identifier Action Last action in the case. For example, yesterday jsmith called customer service claiming to have lost money out of his account. The CSR escalated the case and told jsmith he would be contacted within 24 hours. About 36 hours later, jsmith calls back to see why he has not been contacted. The CSR must view the case escalated yesterday for jsmith. He searches cases for jsmith with an Escalate action and ones that are not overdue in the last 48 hours. Created Date Date case was created. Note: You do not have to enter a user name or User ID because the Agent case is a user less one. 5-10 Oracle Fusion Middleware Administrators Guide for Oracle Adaptive Access Manager The default description type is Custom Description. The Description text box can contain alphanumeric and special characters, but it should not exceed 4000 characters. You can select a description from the Description list, one at a time for any number of times. Each description selected from the list is appended to the previous. Description is a required field. The Create button is disabled until a description is entered.

5. Click Create.

The Create button is disabled until all the fields are entered. Required fields are marked with a asterisks. If invalid parameters were entered, an error message is displayed and the new case is not created. Click Cancel to cancel changes and return to the Cases Search page. Click Create to create a new case. The case is created and the Case Details page opens for the new case. For information, refer to Section 5.5.3.1.1, Case Details. The Case Details page shows Pending as the status of the case. The agent is listed in the Created by and Current Owner fields. There are no user details shown in the Case Details because the case is a user less Agent case. The new Agent case does not contain any linked sessions. When you view the logs, Create Case is displayed as the Action. Manual Agent Case Creation Example An Agent creates an Agent type case for the 1st Bank Organization ID. He is not given the option to create cases of other types CSR case. Organization ID is a required field. The new Agent case does not contain any linked sessions. He is not required to enter any user information to create the case since Agent cases are not linked to any single user.

5.5.6 Creating an Agent Case Automatically by a Configurable Action

To configure an action so that an Agent case is created automatically:

1. Create a custom rule action called create_agent_case.

2. Add a rule with the rule condition you want to a policy for the appropriate checkpoint. Configure it such a way that it triggers and returns the action create_ agent_case whenever the specified conditions are met. For example, whenever a suspicious activity occurs the create Agent case action is triggered.

3. Create an action instance of the action template CaseCreationAction and associate

it to the checkpoint.

4. Set the trigger criteria as the action by selecting create_agent_case action.

5. Set the parameters of CaseCreationAction as follows:

a. Enter 2 for Agent type as value of Case Type.

b. Enter 2 for Medium or 3 for High for the Severity.

c. Enter a case description. For example, Failed login. d. Enter the userId for Case Creator UserId parameter. Make sure that userId has a proper role and access permissions for creating the case. For our example, the Case Creator is Dynamic. 6. Save the action instance. 7. Log in to the application unsuccessfully.