Customer claimed that the device maturity score was the candidate of lost score after switching to the winter standard time (1 hour back) at the night from 29th to 30th October. The Splunk graph displays one week before the issue and one week after device scores as below.
Release : CA Risk Authentication 9.1
The Device User Maturity rule enables setting a level of trust in the device. The Device User Maturity rule is based on the following parameters:
These parameters determine the strength of the User-Device association. The Device User Maturity rule returns True if the user has used the device for at least the specified number of days (which is 30 and 365 in our case) and the number of successful transactions is greater than or equal to the configured value.
Customer is using a NON Out Of Box rule called - DEVICE_USER_MATURITY (365 & 30)). On Sunday, October 30th 2022 time shift (DST to Standard time) took place and transactions with a advice score of 65 are triggered more.
After issue reproduction, the rules were tested with Risk sample application. Based on the screenshots as shown in Additional Information section, the rules with a Risk score of 65 have higher priority than the device maturity rules. So, if any rule with higher priority is triggered, device maturity rule will not be set as matched rule even though it is triggered. It is evident as per Splunk report that only six rules are configured and among them, the velocity rule has the potential to be triggered if there are multiple transactions initiated from the same user within the configured time interval.
Note: The device maturity rule wasn't the candidate for risk score change during the time shift as it uses epoch time (UNIX time) which work on second's increment.
Device Maturity rules created by customer: