Fraud detection and analysis system
First Claim
1. A system comprising:
- a processor;
a processor implemented risk engine configured to ascertain the risk of fraud associated with electronic access of financial systems, comprising one or more applications running on the processor and coupled to an account at a financial system of a financial institution, wherein the risk engine is configured to receive from the financial system account data of a user, and a first set of event parameters comprising network session parameters corresponding to actions taken in the account by the user of the account during electronic access of the account during a network session, and to dynamically generate from the account data and event parameters an account model characterizing the user, wherein the risk engine is configured to generate the account model using the event parameters of a previous event performed by the user in the account to generate predicted distributions comprising a first plurality of conditional probability distributions representing the event parameters for a next event in the account, wherein the risk engine is configured to receive a second set of event parameters of the next event as the next event occurs, said second set of event parameters comprising network session parameters corresponding to network based electronic access of the account during the next event, wherein the risk engine is configured to use the account model to generate a first probability that is a probability of observing the event parameters assuming the user is conducting the next event, wherein the risk engine is configured to use a fraud model to generate a second probability that is a probability of observing the event parameters assuming a fraudster is conducting the next event, wherein the fraud model includes a second plurality of conditional probability distributions generated from data of actions taken by a plurality of fraudsters excluding the user, wherein the events conducted in the account comprise the previous event and the next event, wherein the risk engine is configured to generate and output a risk score that represents the relative likelihood the next event is performed by the user versus the fraudster, wherein said risk score is generated based on combining the first probability of observing the event parameters assuming the user is conducting the next event, with the second probability of observing the event parameters assuming a fraudster is conducting the next event, and using the risk score to generate an alert; and
a risk application running on the processor, the risk application comprising an analytical user interface (AUI) that is configured to display for any event in the account at least one of the risk score and the event parameters,wherein the network session parameters comprise one or more of detected Internet Protocol (IP) data and Hypertext Transfer Protocol (HTTP) data relating to a network session.
9 Assignments
0 Petitions
Accused Products
Abstract
A system is provided comprising a risk engine coupled to a financial system that includes an account. The risk engine generates an account model corresponding to a user and events of the account. Generation of the account model uses event parameters of a previous event performed by the user in the account. The risk engine uses the account model to generate a first probability of observing event parameters assuming the user is conducting the next event. The risk engine uses a fraud model to generate a second probability of observing event parameters assuming a fraudster is conducting the next event. The risk engine generates a risk score, using the first and second probabilities, which indicates the relative likelihood the next event is performed by the user. The system includes a risk application comprising an analytical user interface that displays for any event the risk score and/or event parameters.
-
Citations
66 Claims
-
1. A system comprising:
-
a processor; a processor implemented risk engine configured to ascertain the risk of fraud associated with electronic access of financial systems, comprising one or more applications running on the processor and coupled to an account at a financial system of a financial institution, wherein the risk engine is configured to receive from the financial system account data of a user, and a first set of event parameters comprising network session parameters corresponding to actions taken in the account by the user of the account during electronic access of the account during a network session, and to dynamically generate from the account data and event parameters an account model characterizing the user, wherein the risk engine is configured to generate the account model using the event parameters of a previous event performed by the user in the account to generate predicted distributions comprising a first plurality of conditional probability distributions representing the event parameters for a next event in the account, wherein the risk engine is configured to receive a second set of event parameters of the next event as the next event occurs, said second set of event parameters comprising network session parameters corresponding to network based electronic access of the account during the next event, wherein the risk engine is configured to use the account model to generate a first probability that is a probability of observing the event parameters assuming the user is conducting the next event, wherein the risk engine is configured to use a fraud model to generate a second probability that is a probability of observing the event parameters assuming a fraudster is conducting the next event, wherein the fraud model includes a second plurality of conditional probability distributions generated from data of actions taken by a plurality of fraudsters excluding the user, wherein the events conducted in the account comprise the previous event and the next event, wherein the risk engine is configured to generate and output a risk score that represents the relative likelihood the next event is performed by the user versus the fraudster, wherein said risk score is generated based on combining the first probability of observing the event parameters assuming the user is conducting the next event, with the second probability of observing the event parameters assuming a fraudster is conducting the next event, and using the risk score to generate an alert; and a risk application running on the processor, the risk application comprising an analytical user interface (AUI) that is configured to display for any event in the account at least one of the risk score and the event parameters, wherein the network session parameters comprise one or more of detected Internet Protocol (IP) data and Hypertext Transfer Protocol (HTTP) data relating to a network session. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 65)
-
-
64. A system comprising:
-
a processor; a processor implemented risk engine configured to ascertain the risk of fraud associated with electronic access of financial systems, comprising one or more applications running on the processor, wherein the risk engine is configured to receive from a remote financial system of a financial institution observed network session parameters corresponding to a prior event, the prior event including data of actions taken by a user in an account of the financial institution during electronic access of the account by the user, wherein the risk engine is configured to use the observed network session parameters to generate estimated parameters and dynamically generate an account model from the parameters, wherein the account model includes a first plurality of conditional probability distributions generated from the data of actions taken by the user, wherein the risk engine is configured to use the account model in combination with a fraud model that includes a second plurality of conditional probability distributions generated from data of actions taken by a plurality of fraudsters excluding the user to generate and output a risk score that is a relative likelihood an event in the account following the prior event is performed by the user versus a fraudster, wherein said risk score is generated based on a set of network session parameters corresponding to network based electronic access of the account during said event that follows the prior event, and wherein said risk score is based on combining an account model generated first probability of observing the event in the account assuming the user is conducting the event, with a fraud model generated second probability of observing the event in the account assuming a fraudster is conducting the event, and using the risk score to generate an alert; and a risk application running on the processor, the risk application comprising an analytical user interface (AUI) that is configured to display for any event in the account at least one of the risk score and event parameters of any event in the account. - View Dependent Claims (66)
-
Specification