Risk Profile Manager

Risk Profile Manager (RPM) is an innovative product that works seamlessly with the ACI Postilion™ platform and allows a bank to provide a significant level of control of the authorization process to their cardholders and has been in production since 2010.

Typically the Postilion card management (PostCard™) solution allows the reduction of fraudulent transactions using a combination of simple mechanisms:

  • By enforcing security checks (like PIN & EMV),
  • by enforcing velocity checks,
  • by having a set of pre-arranged risk profiles that identify certain transaction rules and decline or authorize transactions based on these rules.

Security checks represent the strongest safeguard against fraudulent activity but can become irrelevant depending on the environment (CNP) or special circumstances (card theft, cloning). Velocity checks and risk profiles are very useful mechanisms to prevent fraud but are, in essence, fixed and cannot be rapidly changed to adapt to a cardholder's continuously changing requirements.

RPM allows the cardholder to control a large part of the authorization process without violating these security mechanisms. By overriding certain rules defined in existing risk profiles, RPM allows enabling or disabling access to the card according to rules defined by the cardholder.


  • Click to enlarge image img_rpm_01.jpg
View the embedded image gallery online at:

RPM highlights

RPM allows a cardholder to perform any of the following functions:

  • Lock and unlock their card. This is the simplest action a cardholder can take in order to prevent unauthorized card usage. This can be done for all channels or can be granular per channel (ATM/Kiosk, POS, Card-not-present).
  • Change the maximum transaction amount. This action limits the exposure of linked accounts to cash or purchase transactions. An example would be setting a maximum allowed amount of $150 just before buying a $150 item from an internet merchant.
  • Limit the date and time that the card is unlocked for transactions per channel.
  • Specify allowed countries of transaction origin (for ATM and POS only). This setting can be used to restrict fraud in general and scheming fraud in particular. When a UK cardholder is not traveling, it would make sense to specify that only transactions originating from the UK are permitted. When the cardholder goes to France on business or vacation, then France can be added to the list of allowed countries for the duration of the trip and removed afterwards.
  • Block specific merchant types from sending transactions (Card-not-present environment only). Prepaid cards given to other family members can be additionally controlled in this manner. For example, a parent may specify that internet betting merchants are not allowed.

All these functions can be made available to a cardholder via any channel, such as mobile or the internet. In addition, an issuer can use RPM in order to create predefined cardholder risk profiles (for example, "Student's Visa") that address specific market needs.