Set custom signals to ThreatMetrix signal group
Passing the ThreatMetrix configuration parameters during the SDK initialization allows the application to enable the ThreatMetrix signal group.
By default, the ThreatMetrix signal group adds the sessionID value to the collected signals. The application can add additional signals to the ThreatMetrix group.
Obtaining the sessionID
To obtain the sessionID, Threatmetrix transmits local device identifiers, attributes, application information, and security health information to the Threatmetrix server. This process is affected by the internet speed. The following table provides the signal collection time for different internet speeds.
To maximize the success rate of obtaining the sessionID, refer to signal collection timeout and set the timeout to maximize success for signal collection and visitID.
| Device | ~460 Mbps | ~43 Mbps | ~0.27 Mbps |
|---|---|---|---|
| Android | |||
| Nexus 7 (2012) | 6.9 s | 8.1 s | 9.9 s |
| Xperia Z5 | 3.7 s | 4.2 s | 6.4 s |
| Blackberry Priv | 4.0 s | 4.8 s | 6.7 s |
| OnePlus 5T | 1.9 s | 2.4 s | 4.9 s |
| iOS | |||
| iPhone 5s | 1.7 s | 2.3 s | 4.9 s |
| iPhone 7 Plus | 1.5 s | 2.0 s | 4.5 s |
| iPad 6th gen (2018) | 1.7 s | 2.2 s | 4.4 s |
Android
// Setup core config, set other optional params, if required
GAHCoreConfig coreConfig = new GAHCoreConfig.Builder(this.getApplication(), FPP_URL)
.build();
// Gemalto Signal collection is mandatory.
GAHGemaltoSignalConfig signalConfig = new GAHGemaltoSignalConfig.Builder()
.build();
// Setup ThreatMetrix signal group config if you wish to consider ThreatMetrix signal group signals for risk calculation, set other optional params, if required
GAHTMXConfig threatMetrixConfig = new GAHTMXConfig.Builder(TMX_ORG_ID, TMX_FP_SERVER)
.build();
//Initialize Risk Management SDK with basic and ThreatMetrix signal groups for risk calculation
GAHCore.initialize(coreConfig, signalConfig, threatMetrixConfig);
iOS - Objective C
// Setup core config, set other optional params, if required
GAHCoreConfig *coreConfig = [GAHCoreConfig sharedConfigurationWithUrl:kRiskEngineURL];
// Gemalto Signal collection is mandatory.
GAHGemaltoSignalConfig *signalConfig = [GAHGemaltoSignalConfig sharedConfiguration];
// Setup TMX signal group config if you wish to consider ThreatMetrix signal group signals for risk calculation , set other optional params, if required
GAHTMXConfig *threatMetrixConfig = [GAHTMXConfig sharedConfigurationWithOrgID:kTMXOrigId andFingerprintServer:kTMXFpServer];
//Initialize Risk Management SDK with basic and ThreatMetrix signal groups for risk calculation
[GAHCore initialize:[NSSet setWithObjects:coreConfig, signalConfig, threatMetrixConfig, nil]];
Swift
// Setup core config, set other optional params, if required
let coreConfig = GAHCoreConfig.sharedConfiguration(withUrl: riskEngineURL)!
// Gemalto Signal collection is mandatory.
let signalConfig = GAHGemaltoSignalConfig.sharedConfiguration()!
// Setup TMX signal group config if you wish to consider ThreatMetrix signal group signals for risk calculation , set other optional params, if required
let threatMetrixConfig = GAHTMXConfig.sharedConfiguration(withOrgID: TMXOrigId, andFingerprintServer: TMXFpServer)!
//Initialize Risk Management SDK with basic and ThreatMetrix signal groups for risk calculation
GAHCore.initialize([coreConfig, signalConfig, threatMetrixConfig])
Android
Location customLocation = new Location("GPS");
customLocation.setAccuracy(800);
customLocation.setAltitude(10);
customLocation.setLatitude(48.92065715789795);
customLocation.setLongitude(19.50443267822266);
GAHProfilingOptions.Builder builder = new GAHProfilingOptions.Builder();
GAHProfilingOptions tmxOptions = builder.setLocation(customLocation).setSessionID("sessionID value").build();
GAHCore.setCustomSignalOptionsTMX(tmxOptions);
iOS - Objective C
GAHProfilingOptions *profileModel = [GAHProfilingOptions new];
[profileModel setCustomAttributes:@[@"attribute 1", @"attribute 2"]];
[profileModel setSessionID:@"session id value"];
[GAHCore setCustomSignalOptionsTMX:profileModel];
Swift
let profileModel = GAHProfilingOptions()
profileModel.customAttributes = ["attribute 1", "attribute 2"]
profileModel.sessionID = "session id value"
GAHCore .setCustomSignalOptionsTMX(profileModel)
Configurable parameters of the GAHTMXConfig object
Since Risk Management SDK v2.7.0, on the Android platform, the profiling connections can be customized while communicating with the ThreatMetrix back end. For more information, refer to Using Custom Profiling Connections.
Default connections can be used by integrating the TMXProfilingConnections AAR file from 3pty.
The following table describes the other options that can be configured:
| Configurable parameter | Description | Mandatory or Optional |
|---|---|---|
context |
Application context | Mandatory in Deprecated API |
OrgId |
Unique ID assigned to organization. To get this value, send a request to Thales. | Mandatory |
FPServer |
Sets the fingerprint server to use. This is a domain name, not a URL. | Mandatory |
ApiKey |
API key for the profiling request | Optional |
DisableAppHashing |
Disables app hashing, which can potentially be slow. This affects both initialize(Config) and subsequent signal collection requests. |
Optional |
DisableInitPackageScan |
Allows control over the package scan during the init call. | Optional |
InitPackageScanTimeLimit |
During initialize(), a package scan occurs, the init package scan limit controls the behavior of this scan. |
Optional |
DisableProfilePackageScan |
Allows control over the package scan during profiling | Optional |
PackageScanTimeLimit |
Sets the maximum time required to process the packages during init() |
Optional |
RegisterForLocationServices |
Allows registration for location services. Set this to true to register for location services. |
Optional |
LocationAccuracy |
Sets the configured accuracy to request from the location services. | Optional |
DisableLocSerOnBatteryLow |
Allows the location services to be paused when the battery is low. This resumes when the device is charging or when the battery level is OK when this is set to true. |
Optional |
Timeout |
Timeout for individual network requests. | Optional Android: REMOVED from 2.7.0 |
LowPowerUpdateTime |
The time interval between the low power location updates | Optional |
HighPowerUpdateTime |
The time interval between the high power location updates | Optional |
EnableOption |
Enables a profiling option, which directly affects how the profiling behaves and the attributes to gather | Optional |
DisableOption |
Disables a profiling option, which affects how the profiling behaves and the attributes to gather | Optional |
RegisterForPush |
Reserved for future use | Optional Android: REMOVED from 2.7.0 |
ScreenOffTimeout |
Sets the screen off timeout (in seconds) | Optional |
DisableWebView |
A convenient function to disable the WebView in the options bitmask | Optional Android: REMOVED from 2.7.0 |
Certificate |
Sets the X509 certificate for secure communication to ThreatMetrix back-end server | Optional Android: REMOVED from 2.7.0 |
SessionIDTimeout |
Sets the timeout value for ThreatMetrix sessionID. Default value is set to 300 seconds. |
Deprecated/Optional |
ProfileRequestTimeout |
The time (in seconds) to wait for the session ID value from the TMX SDK before returning an error. Default value is set to 5 seconds. | Deprecated/Optional |
PackageScanTimeout |
The time (in seconds) for the ThreatMetrix package scan. Default value is set to zero, representing no timeout. | Optional |
disableNonfatalLogs |
Disables the collection of non-fatal logs. | Optional Android: from 2.7.0 |
setDisableAuthenticationModule |
Disables the Authentication module | Optional Android: from 2.7.0 |
Enable ThreatMetrix Certificate Pinning
ThreatMetrix sessionID collection involves integrating with the Threatmatrix server. For secure communication with the Threatmetrix server, SSL pinning is required for which a certificate must be passed to the Threatmetrix configuration object before initializing the GAH core.
Extract ThreatMetrix host certificate
There are different steps to extract a certificate from TMX host and the format is different for iOS and Android.
The process of extracting certificate is detailed under exporting a ThreatMetrix certificate from a browser.
iOS- Objective C
GAHTMXConfig *threatMetrixConfig = [GAHTMXConfig sharedConfigurationWithOrgID:kTMXOrigId andFingerprintServer:kTMXFpServer];
NSString * pathToTMXValidCert = [[NSBundle mainBundle]pathForResource:@"tmx_rnd_gemaltodigitalbankingidcloud_com" ofType:@"cer"];
NSData * tmxValidCertificate = [NSData dataWithContentsOfFile:pathToTMXValidCert];
[tmxConfig setCertificatesArray:[NSArray arrayWithObjects: tmxValidCertificate,nil]];
Swift
let tmxValidCertificatePath = bundle.path(forResource: "tmx_rnd_gemaltodigitalbankingidcloud_com", ofType: "cer")!
let tmxValidCertificateData = try! Data(contentsOf: URL(fileURLWithPath: tmxValidCertificatePath))
tmxConfig.certificatesArray = [tmxValidCertificateData]
