11 Adding Fraud Detection

This chapter describes how Oracle SOA Suite addresses the business challenge of creating a fraud detection system. Overviews of how key components are created and used to address this challenge are provided, including Oracle Event Processing and the Event Delivery Network (EDN).

This chapter includes the following sections:

11.1 Business Challenge

Company X has a requirement that a new credit card fraud detection system be implemented to eliminate potential credit card abuses.

11.2 Business Solution

To address this business challenge, Company X designs a business solution that uses the components described in Table 11-1.

Table 11-1 Components That Provide the Business Solution

Component How This Component Addresses The Business Challenge Component Description

Oracle Event Processing application

An Oracle Event Processing application provides real-time, time-based analysis of orders (events) placed by customers recognized specifically by an associated email address. As each order (event) is passed to the Oracle Event Processing server, it is dynamically accessed for possible fraudulent activity by observing event patterns with an aggregated order dollar amount that exceeds $1000 in any 24 hour period.

Oracle Event Processing is a high throughput and low latency platform for developing, administering, and managing applications that monitor real-time streaming events. Oracle Event Processing processes event data in real time.

Business events and the Event Delivery Network (EDN)

The Oracle Event Processing application receives events arriving from a composite that publishes an event (named FraudCheckRequest) and subscribes to an event (named FraudCheckResponse) on the EDN.

Business events are raised when a situation of interest occurs. For example, in a loan flow scenario, a BPEL process service component executing a loan process can raise a loan completed event at the completion of the process. Business events are published to the EDN.

SOA composite application

A SOA composite application is used to test the Oracle Event Processing application by publishing an order event to the Oracle Event Processing application and subscribing to the resulting event that includes an analysis of the results.

See Table 3-1 for a description of SOA composite applications.

Subsequent sections of this chapter provide more specific details about how the components in Table 11-1 are used to address the fraud detection system business challenge.

11.2.1 Creating an Oracle Event Processing Application

To address the credit card fraud detection challenge, Company X uses Oracle Event Processing to dynamically access each inbound order (event) and observe the event patterns for possible fraudulent activity.

Company X creates an Oracle Event Processing application named FraudOEPApplication in Oracle JDeveloper. This application receives events arriving from a composite that publishes an event (named FraudCheckRequest) and subscribes to an event (named FraudCheckResponse) on the EDN. The definitions for these events are provided in an event definition language (EDL) file with a related schema file. An EDL file is a schema used to build business event definitions.

The EDN is based on a standard JMS messaging infrastructure. Company X uses a JMS implementation with the Oracle Event Processing application by creating a JMS topic within the SOAJMSModule in Oracle WebLogic Server Administration Console. Figure 11-1 provides details.

Figure 11-1 JMS Topic Configuration

Description of Figure 11-1 follows
Description of "Figure 11-1 JMS Topic Configuration"

Company X designs the Oracle Event Processing application with the following components that are dragged from the Components window and configured:

  • An EDN Inbound Adapter named edn-inbound-adapter configured with the following artifacts:

    • An EDL file (FraudCheckEvent.edl) that contains the EDN event type names used by the application:

      <?xml version = '1.0' encoding = 'UTF-8'?>
      <ns0:definitions xmlns:ns0="http://schemas.oracle.com/events/edl"
        targetNamespace="http://xmlns.oracle.com/Application2/Project1/
          FraudCheckEvent">
          <ns0:schema-import location="../Schemas/FraudCheckType.xsd"
         namespace="http://www.oracle.com/oep/"/>
          <ns0:event-definition name="FraudCheckRequest">
            <ns0:content xmlns:ns1="http://www.oracle.com/oep/"
             element="ns1:FraudCheckRequest"/>
            </ns0:event-definition>
          <ns0:event-definition name="FraudCheckResponse">
            <ns0:content xmlns:ns2="http://www.oracle.com/oep/"
             element="ns2:FraudCheckResponse"/>    
          </ns0:event-definition>
      </ns0:definitions>
      
    • An event type named FraudCheckRequest.

    • A schema file associated with the EDL file.

  • An event Channel named ednInputChannel associated with a FraudCheckRequest event type that is selected in the Context Properties section, as shown in Figure 11-2. This associates the event type with the channel.

    Figure 11-2 Event Type Associated with Inbound Channel

    Description of Figure 11-2 follows
    Description of "Figure 11-2 Event Type Associated with Inbound Channel"
  • A Processor named ednProcessor that is populated with a Complex Query Language (CQL) rule to be applied to the streaming event data. The required CQL relates to fraud detection, as shown in Figure 11-3. For requests of $1000 and over, the threshold is exceeded.

    Figure 11-3 Fraud Detection CQL in Processor

    Description of Figure 11-3 follows
    Description of "Figure 11-3 Fraud Detection CQL in Processor"
  • A second event Channel named ednOutputChannel associated with a FraudCheckResponse event type that is selected in the Context Properties section, as shown in Figure 11-4. This associates the event type with the channel.

    Figure 11-4 Event Type Associated with Outbound Channel

    Description of Figure 11-4 follows
    Description of "Figure 11-4 Event Type Associated with Outbound Channel"
  • An EDN Outbound Adapter named edn-outbound-adapter is configured with the following artifacts:

    • The EDL file (FraudCheckEvent.edl) that contains the EDN event type names used by the application.

    • An event type of FraudCheckResponse.

      Note:

      A schema file is not required.

These components are wired together in the following order in the designer.

edn-inbound-adapter > ednInputChannel > ednProcessor > ednOutputChannel > edn-outbound-adapter

11.2.2 Sending Events to the Oracle Event Processing Application

To test the Oracle Event Processing application, Company X first creates a connection to the Oracle Event Processing server, then deploys the application. Once deployed, the application can wait for events to arrive for analyzing.

Company X has a test composite (EDNOEPv2Proj) that can send EDN events to the Oracle Event Processing application. The resulting EDN events are then sent back to the test composite, which uses a file adapter to write the information to a file for review and analysis. Figure 11-5 provides details. The test application consists of two Oracle Mediator service components. Oracle Mediator enables you to route events between different components.

  • The first Oracle Mediator publishes the FraudCheckRequest event sent to the Oracle Event Processing application.

  • The second Oracle Mediator subscribes to the FraudCheckResponse event returned to the test composite.

Figure 11-5 Test Composite for Sending and Receiving Events

Description of Figure 11-5 follows
Description of "Figure 11-5 Test Composite for Sending and Receiving Events"

The Subscriptions tab of the Business Events page in Oracle Enterprise Manager Fusion Middleware Control displays both event types. The test composite uses the Oracle WebLogic Server JMS topic mapping for the FraudCheckRequest and FraudCheckResponse event types shown on this page. Figure 11-6 provides details.

11.2.3 Sending Event Data from Oracle Enterprise Manager Fusion Middleware Control

Company X uses the Test Web Service page in Oracle Enterprise Manager Fusion Middleware Control to send event data to the SOA composite to test its integration with the Oracle Event Processing application. This is the email address used by the CQL Group By clause to identify each collection of related orders and the dollar amount value. Figure 11-7 provides details.

Figure 11-7 Test Web Service Page

Description of Figure 11-7 follows
Description of "Figure 11-7 Test Web Service Page"

Once the composite executes with the specified data, a message indicates that the request was successfully processed by the Oracle Event Processing application. The EDN event is successfully published and received by the application, and its payload is analyzed. The results are provided in the output file. If a value of $1000 or more is specified, the output file indicates that the threshold is exceeded. This may be a potential indicator of credit card fraud by an unauthorized user. The status is determined by the CQL statements specified in the Oracle Event Processing application in Creating an Application. Figure 11-8 provides details.

After testing is complete, Company X can integrate the Oracle Event Processing application with the business solution described in the previous chapters.

11.3 Related Documentation

Table 11-2 provides references to documentation that more specifically describes the components and features described in this chapter.

Table 11-2 Related Documentation

For Information About... See...

Developing Oracle Event Processing applications

"Introduction to Application Development" of Developing Applications for Oracle Event Processing

Administering Oracle Event Processing

"Introduction to Server Administration" of Administering Oracle Event Processing

Creating and managing business events and using the EDN

"Using Business Events and the Event Delivery Network" of Developing SOA Applications with Oracle SOA Suite

"Managing Business Events" of Administering Oracle SOA Suite and Oracle Business Process Management Suite

Using Oracle Mediator to publish and subscribe to business events

"Using the Oracle Mediator Service Component" of Developing SOA Applications with Oracle SOA Suite

Creating test instances in Oracle Enterprise Manager Fusion Middleware Control

"Initiating a Test Instance of a Business Flow" of Administering Oracle SOA Suite and Oracle Business Process Management Suite