Methods and systems for fraud containment

US 10,339,306 B1
Filed: 03/28/2017
Issued: 07/02/2019
Est. Priority Date: 03/01/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for device identification in a fraudulent electronic transaction, the computer-implemented method comprising:

by one or more processors;

accessing an electronic repository storing at least;

a plurality of data records corresponding to a plurality of device identifiers, a plurality of account identifiers, and a plurality of relationship indicators, each of the plurality of relationship indicators associated with one more relationships among one or more of the plurality of device identifiers and one or more of the plurality of account identifiers;

receiving an electronic information data packet associated with an electronic fraudulent transaction and including a fraud event indicator;

parsing the electronic information data packet to identify a first fraud device identifier used to carry out the electronic fraudulent transaction, the first fraud device identifier corresponding to one of the plurality of device identifiers stored in the electronic repository;

executing an automated search of the electronic repository using one or more of the plurality of relationship indicators to identify;

(a) a first set of device identifiers of the plurality of device identifiers, the first set of device identifiers potentially related to the electronic fraudulent transaction, and (b) a first set of account identifiers of the plurality of account identifiers, the first set of account identifiers potentially related to the electronic fraudulent transaction;

calculating a first plurality of proximity indicators each associated with each of the first set of device identifiers, each of the first plurality of proximity indicators indicating a number of device identifiers or account identifiers between a device and the first fraud device identifier, the device flagged as a master perpetrator device if the proximity indicator is zero such that the device is used to access an account for committing the electronic fraudulent transaction;

generating a first plurality of assessment indicators based on the first plurality of proximity indicators and involvement factor rules, each of the first plurality of assessment indicators representing a first confidence level that the device is involved with a perpetrator associated with the electronic fraudulent transaction;

identifying a subset of the first set of device identifiers based at least on the first plurality of assessment indicators;

generating one or more electronic flags indicating that the subset of the first set of device identifiers are likely involved with the perpetrator associated with the electronic fraudulent transaction; and

generating a risk score for a victim circle the risk score representing a second confidence level that one or more potential victim accounts are compromised.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for fraud containment are provided in accordance with an embodiment of the invention. A fraud event may be detected. One or more devices that may be used in perpetrating the fraud event may be detected. Additionally one or more potential fraud victims, who may be grouped into victim circles may be detected. The threat level to the victims and/or victim circles may be assessed. In some instances, behavioral profiles may be utilized to make fraud assessments. Based on the threat level, recommendations for fraud containment responses may be provided.

45 Citations

View as Search Results

17 Claims

1. A computer-implemented method for device identification in a fraudulent electronic transaction, the computer-implemented method comprising:
- by one or more processors;
  
  accessing an electronic repository storing at least;
  
  a plurality of data records corresponding to a plurality of device identifiers, a plurality of account identifiers, and a plurality of relationship indicators, each of the plurality of relationship indicators associated with one more relationships among one or more of the plurality of device identifiers and one or more of the plurality of account identifiers;
  
  receiving an electronic information data packet associated with an electronic fraudulent transaction and including a fraud event indicator;
  
  parsing the electronic information data packet to identify a first fraud device identifier used to carry out the electronic fraudulent transaction, the first fraud device identifier corresponding to one of the plurality of device identifiers stored in the electronic repository;
  
  executing an automated search of the electronic repository using one or more of the plurality of relationship indicators to identify;
  
  (a) a first set of device identifiers of the plurality of device identifiers, the first set of device identifiers potentially related to the electronic fraudulent transaction, and (b) a first set of account identifiers of the plurality of account identifiers, the first set of account identifiers potentially related to the electronic fraudulent transaction;
  
  calculating a first plurality of proximity indicators each associated with each of the first set of device identifiers, each of the first plurality of proximity indicators indicating a number of device identifiers or account identifiers between a device and the first fraud device identifier, the device flagged as a master perpetrator device if the proximity indicator is zero such that the device is used to access an account for committing the electronic fraudulent transaction;
  
  generating a first plurality of assessment indicators based on the first plurality of proximity indicators and involvement factor rules, each of the first plurality of assessment indicators representing a first confidence level that the device is involved with a perpetrator associated with the electronic fraudulent transaction;
  
  identifying a subset of the first set of device identifiers based at least on the first plurality of assessment indicators;
  
  generating one or more electronic flags indicating that the subset of the first set of device identifiers are likely involved with the perpetrator associated with the electronic fraudulent transaction; and
  
  generating a risk score for a victim circle the risk score representing a second confidence level that one or more potential victim accounts are compromised.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer-implemented method of claim 1, wherein the electronic information data packet associated with the fraud event comprises information for at least one of:
    - time of the electronic fraudulent transaction, or devices active at or around the time of the electronic fraudulent transaction.
  - 3. The computer-implemented method of claim 1, wherein the victim circle comprises the one or more potential victims accounts associated with the master perpetrator device, the one or more potential victim accounts sharing at least one similar characteristic.
  - 4. The computer-implemented method of claim 3, the victim circle comprises one or more accounts accessed from the master perpetrator device.
  - 5. The computer-implemented method of claim 3, wherein the second confidence level that the one or more potential victim accounts are compromised is determined based on at least one of:
    - behavior patterns exhibited by the master perpetrator device, or activities taken by the one or more potential victim accounts which deviate from normal activities of the one or more potential victim accounts.
  - 6. The computer-implemented method of claim 1, wherein the subset of the first set of device identifiers represents recipients of a benefit of the electronic fraudulent transaction.

7. A system for device identification in a fraudulent electronic transaction, the system comprising:
- a web server for comprising one or more processors configured to execute at least a portion of a fraud containment system;
  
  a memory for storing computer instructions of the fraud containment system, the computer instructions, when executed, causing the one or more processors of the web server to;
  
  access an electronic repository storing at least;
  
  a plurality of data records corresponding to a plurality of device identifiers, a plurality of account identifiers, and a plurality of relationship indicators, each of the plurality of relationship indicators associated with one more relationships among one or more of the plurality of device identifiers and one or more of the plurality of account identifiers;
  
  receive an electronic information data packet associated with an electronic fraudulent transaction and including a fraud event indicator;
  
  parse the electronic information data packet to identify a first fraud device identifier used to carry out the electronic fraudulent transaction, the first fraud device identifier corresponding to one of the plurality of device identifiers stored in the electronic repository;
  
  execute an automated search of the electronic repository using one or more of the plurality of relationship indicators to identify;
  
  (a) a first set of device identifiers of the plurality of device identifiers, the first set of device identifiers potentially related to the electronic fraudulent transaction, and (b) a first set of account identifiers of the plurality of account identifiers, the first set of account identifiers potentially related to the electronic fraudulent transaction;
  
  calculate a first plurality of proximity indicators each associated with each of the first set of device identifiers, each of the first plurality of proximity indicators indicating a number of device identifiers or account identifiers between a device and the first fraud device identifier, the device flagged as a master perpetrator device if the proximity indicator is zero such that the device is used to access an account for committing the electronic fraudulent transaction;
  
  generate a first plurality of assessment indicators based on the first plurality of proximity indicators and involvement factor rules, each of the first plurality of assessment indicators representing a first confidence level that the device is involved with a perpetrator associated with the electronic fraudulent transaction;
  
  identify a subset of the first set of device identifiers based at least on the first plurality of assessment indicators;
  
  generate one or more electronic flags indicating that the subset of the first set of device identifiers are likely involved with the perpetrator associated with the electronic fraudulent transaction; and
  
  generate a risk score for a victim circle the risk score representing a second confidence level that one or more potential victim accounts are compromised.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein the electronic information data packet associated with the electronic fraudulent transaction comprises information for at least one of:
    - time of the electronic fraudulent transaction, or devices active at or around the time of the electronic fraudulent transaction.
  - 9. The system of claim 7, wherein the victim circle comprises the one or more potential victim accounts associated with the master perpetrator device, the one or more potential victim accounts shares at least one similar characteristic.
  - 10. The system of claim 9, the victim circle comprises one or more accounts accessed from the master perpetrator device.
  - 11. The system of claim 9, wherein the second third confidence level that the one or more potential victim accounts are compromised is determined based on at least one of:
    - behavior patterns exhibited by the master perpetrator device, or activities taken by the one or more potential victim accounts which deviate from normal activities of the one or more potential victim accounts.
  - 12. The system of claim 7, wherein the subset of the first set of device identifiers represents recipients of a benefit of the electronic fraudulent transaction.

13. Non-transitory computer readable medium having stored thereon a computer program for device identification in a fraudulent electronic transaction, the computer program including executable instructions that instruct a computer system to at least:
- access an electronic repository storing at least;
  
  a plurality of data records corresponding to a plurality of device identifiers, a plurality of account identifiers, and a plurality of relationship indicators, each relationship indicator associated with one more relationships among one or more of the plurality of device identifiers and one or more of the plurality of account identifiers;
  
  receive an electronic information data packet associated with an electronic fraudulent transaction and including a fraud event indicator;
  
  parse the electronic information data packet to identify a first fraud device identifier used to carry out the electronic fraudulent transaction, the first fraud device identifier corresponding to one of the plurality of device identifiers stored in the electronic repository;
  
  execute an automated search of the electronic repository using one or more of the plurality of relationship indicators to identify;
  
  (a) a first set of device identifiers of the plurality of device identifiers, the first set of device identifiers potentially related to the electronic fraudulent transaction, and (b) a first set of account identifiers of the plurality of account identifiers, the first set of account identifiers potentially related to the electronic fraudulent transaction;
  
  calculate a first plurality of proximity indicators each associated with each of the first set of device identifiers, each of the first plurality of proximity indicators indicating a number of device identifiers or account identifiers between a device and the first fraud device identifier, the device flagged as a master perpetrator device if the proximity indicator is zero such that the device is used to access an account for committing the electronic fraudulent transaction;
  
  generate a first plurality of assessment indicators based on the first plurality of proximity indicators and involvement factor rules, each of the first plurality of assessment indicators representing a first confidence level that the device is involved with a perpetrator associated with the electronic fraudulent transaction;
  
  identify a subset of the first set of device identifiers based at least on the first plurality of assessment indicators;
  
  generate one or more electronic flags indicating that the subset of the first set of device identifiers are likely involved with the perpetrator associated with the electronic fraudulent transaction; and
  
  generate a risk score for a victim circle the risk score representing a second confidence level that one or more potential victim accounts are compromised.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The non-transitory computer readable medium of claim 13, wherein the electronic information data packet associated with the electronic fraudulent transaction comprises information for at least one of:
    - time of the fraudulent transaction, or devices active at or around the time of the fraudulent transaction.
  - 15. The non-transitory computer readable medium of claim 13, wherein the victim circle comprises the one or more potential victim accounts associated with the master perpetrator device, the one or more potential victim accounts sharing at least one similar characteristic.
  - 16. The non-transitory computer readable medium of claim 15, the victim circle comprises one or more accounts accessed from the master perpetrator device.
  - 17. The non-transitory computer readable medium of claim 15, wherein the second confidence level that the one or more potential victim accounts are compromised is determined based on at least one of:
    - behavior patterns exhibited by the master perpetrator device, or activities taken by the one or more potential victim accounts which deviate from normal activities of the one or more potential victim accounts.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The 41st Parameter, Inc. (Experian plc)
Original Assignee
The 41st Parameter, Inc. (Experian plc)
Inventors
Katz, Elazar
Primary Examiner(s)
Pearson, David J
Assistant Examiner(s)
Champakesanatusptodotgov, Badridot

Application Number

US15/471,990
Time in Patent Office

826 Days
Field of Search

726 22
US Class Current
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

G06F 21/552   involving long-term monitor...

G06F 21/577   Assessing vulnerabilities a...

G06Q 30/00   Commerce

G06Q 40/02   Banking, e.g. interest calc...

Methods and systems for fraud containment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

45 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for fraud containment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

45 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links