I'm building an enterprise application which has fraud rules. The rules will be based on a matrix, for example, how many times a user used this service in a month, is the total transaction amount exceeds a certain amount, what funding source does he use, etc?
Is rules engine the right choice for implementing fraud rules? What is the right choice for a Java EE6 application running in glassfishV3? And my boss doesn't want to spend money on it unfortunately, so has to be open source.
Thanks in advance.
An enterprise business rules engine (BRE) would be the appropriate place to capture and evaluate fraud rules. If you're going use open-source Java EE, I've seen JBoss Drools work well for several clients. In addition, based upon your requirements, you might also want to consider some type of event stream processing to allow real-time fraud flagging. The only open-source product I've seen in this space is Esper, although a bunch of other COTS (Commercial-Off-the-Shelf,) tools you may already have in place are being re-calibrated to address this need as well.