System and method for identity-based fraud detection

US 10,521,857 B1
Filed: 05/07/2004
Issued: 12/31/2019
Est. Priority Date: 05/12/2003
Status: Active Grant

First Claim

Patent Images

1. A method for determining a likelihood of fraud associated with an input identity record, said method being implemented by a processor which executes instructions of computer readable program code stored within a memory operatively coupled to the processor, said method comprising:

identifying the input identity record, wherein the input identity record comprises one or more identity-related fields associated with a user and is associated with an adjaceny matrix, the adjacency matrix comprising one or more sub-matrices indicating a respective identity-related field of the input identity record;

determining characteristics of the input identity record by examining content of the one or more identity-related fields that is associated with a sub-matrix of the adjacency matrix, wherein determining the characteristics of the input identity record comprises computing one or more nodal features of the input identity record based at least in Dart on the content of the one or more identity-related fields that is associated with the sub-matrix;

retrieving, from the memory, historical identity records related to the input identity record so as to define a set of linked identity records;

computing one or more network-based features of the set of linked identity records based at least in Dart on a decomposition and block diagonalization of one or more adjacency matrices;

generating a non-linear decision model based at least in part on computing the one or more nodal features of the input identity record and computing the one or more network-based features of the set of linked identity records;

determining a fraud score based upon the generated non-linear decision model, wherein the fraud score is based at least in part on a correlation between the one or more nodal features of the input identity record and the one or more network-based features of the set of linked identity records;

generating a reason code based at least in part on determining the fraud score, the reason code comprising an indication of a characteristic of fraud associated with the input identity record;

examining other identity records related to the input identity record subsequent to generating the reason code and issuing a retro-alert with respect to the input identity record when the other identity records are determined to increase a level of fraud-related suspicion attaching to the input identity record, wherein the retro-alert comprises the reason code; and

communicating the retro-alert to an administrator associated with the input identity record.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for determining a likelihood of fraud associated with an input identity record is disclosed herein. The disclosed method contemplates determining characteristics of the input identity record by examining content of one or more fields of the input identity record. Historical identity records related to the input identity record may then be retrieved so as to define a set of linked identity records. The method further includes computing one or more network-based features of the set of linked identity records. A fraud score may then be generated based upon the characteristics of the input identity record and the one or more network-based features.

48 Citations

View as Search Results

29 Claims

1. A method for determining a likelihood of fraud associated with an input identity record, said method being implemented by a processor which executes instructions of computer readable program code stored within a memory operatively coupled to the processor, said method comprising:
- identifying the input identity record, wherein the input identity record comprises one or more identity-related fields associated with a user and is associated with an adjaceny matrix, the adjacency matrix comprising one or more sub-matrices indicating a respective identity-related field of the input identity record;
  
  determining characteristics of the input identity record by examining content of the one or more identity-related fields that is associated with a sub-matrix of the adjacency matrix, wherein determining the characteristics of the input identity record comprises computing one or more nodal features of the input identity record based at least in Dart on the content of the one or more identity-related fields that is associated with the sub-matrix;
  
  retrieving, from the memory, historical identity records related to the input identity record so as to define a set of linked identity records;
  
  computing one or more network-based features of the set of linked identity records based at least in Dart on a decomposition and block diagonalization of one or more adjacency matrices;
  
  generating a non-linear decision model based at least in part on computing the one or more nodal features of the input identity record and computing the one or more network-based features of the set of linked identity records;
  
  determining a fraud score based upon the generated non-linear decision model, wherein the fraud score is based at least in part on a correlation between the one or more nodal features of the input identity record and the one or more network-based features of the set of linked identity records;
  
  generating a reason code based at least in part on determining the fraud score, the reason code comprising an indication of a characteristic of fraud associated with the input identity record;
  
  examining other identity records related to the input identity record subsequent to generating the reason code and issuing a retro-alert with respect to the input identity record when the other identity records are determined to increase a level of fraud-related suspicion attaching to the input identity record, wherein the retro-alert comprises the reason code; and
  
  communicating the retro-alert to an administrator associated with the input identity record.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein the examining content is performed without reference to historical identity record data.
  - 3. The method of claim 1 wherein the historical identity records are related to the input identity record by way of a common identity-related parameter.
  - 4. The method of claim 1 wherein at least one of the one or more network based features comprises a graphically-represented statistical summary.
  - 5. The method of claim 1 wherein one of the fields of the input identity record includes a telephone number and wherein at least one of the characteristics of the input identity record relates to whether the phone number is determined to be valid.
  - 6. The method of claim 1 wherein one of the fields of the input identity record includes a social security number and wherein at least one of the characteristics of the input identity record relates to whether the social security number is determined to be valid.
  - 7. The method of claim 1 wherein one of the fields of the input identity record includes a telephone number and wherein at least one of the characteristics of the input identity record relates to whether the telephone number corresponds to a wireless communications unit.
  - 8. The method of claim 1 wherein one of the one or more fields of the input identity record includes an address and wherein at least one of the characteristics of the input identity record relates to whether the address is determined to be valid and deliverable.

9. A method for determining a likelihood of fraud associated with an input identity record, said method being implemented by a processor which executes instructions of computer readable program code stored within a memory operatively coupled to the processor, said method comprising:
- identifying the input identity record, wherein the input identity record comprises one or more identity-related fields associated with a user and is associated with an adjacency matrix, the adjacency matrix comprising one or more sub-matrices indicating a respective identity-related field of the input identity record;
  
  determining characteristics of the input identity record by examining content of the one or more identity-related fields that Is associated with a sub-matrix of the adjacency matrix, wherein determining the characteristics of the input identity record comprises computing one or more nodal features of the input identity record based at least in Dart on the content of the one or more identity-related fields that is associated with the sub-matrix;
  
  retrieving, from the memory, historical identity records related to the input identity record so as to define a set of linked identity records;
  
  computing one or more nodal features of the input identity record;
  
  computing one or more network-based features of the set of linked identity records based at least in Dart on a decomposition and block diagonalization of one or more adjacency matrices;
  
  generating a non-linear decision model based at least in part on computing the one or more nodal features of the input identity record and computing the one or more network-based features of the set of linked identity records;
  
  determining a fraud score based upon the generated non-linear decision model, wherein the fraud score is based at least in part on a correlation between the one or more nodal features of the input identity record and the one or more network-based features of the set of linked identity records;
  
  generating a reason code based at least in part on determining the fraud score, the reason code comprising an indication of a characteristic of fraud associated with the input identity record;
  
  examining other identity records related to the input identity record subsequent to generating the reason code and issuing a retro-alert with respect to the input identity record when the other identity records are determined to increase a level of fraud-related suspicion attaching to the input identity record, wherein the retro-alert comprises the reason code; and
  
  communicating the retro-alert to an administrator associated with the input identity record.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. The method of claim 9 wherein one of said one or more fraud indicators comprises an early high balance in an account associated with one of said one or more historical identity records.
  - 11. The method of claim 10 wherein another of said one or more fraud indicators comprises the failure to make a payment in connection with said account prior to a due date.
  - 12. The method of claim 10 wherein another of said one or more fraud, indicators comprises the existence of plural missed monthly payments in connection with said account.
  - 13. The method of claim 9 wherein one of said one or more fraud indicators comprises the classifying, by a third party, of one of said one or more historical identity records as potentially fraudulent.
  - 14. The method of claim 9 wherein one of said one or more fraud indicators comprises the receipt of a fraud affidavit relating to one of said one or more historical identity records.
  - 15. The method of claim 9 wherein one of said one or more fraud indicators comprises the association of a fraud score in excess of a predefined value with one of said one or more historical identity records.
  - 16. The method of claim 9 further including:
    - weighting ones of said one or more fraud indicators in accordance with a predictive strength associated with each of said indicators so as to generate a plurality of weighted fraud indicators, andcomputing a weighted average of said one or more fraud indicators using said plurality of weighted fraud indicators wherein said indication of said likelihood of fraud is based at least in part upon the weighted average.
  - 17. The method of claim 16 wherein said one or more fraud indicators are also weighted in accordance with the relative recency of the corresponding ones of said one or more historical identity records.

18. A method for determining a likelihood of fraud associated with an input identity record, said method being implemented by a processor which executes instructions stored within a memory operatively coupled to the processor, said method comprising:
- identifying the input identity record, wherein the input identity record comprises one or more identity-related fields associated with a user and is associated with an adjacency matrix, the adjacency matrix comprising one or more sub-matrices indicating a respective identity-related field of the input identity record;
  
  determining characteristics of the input identity record by examining content of the one or more identity-related fields that is associated with a sub-matrix of the adjacency matrix, wherein determining the characteristics of the input identity record comprises computing one or more nodal features of the input identity record based at least in Dart on the content of the one or more identity-related fields that is associated with the sub-matrix;
  
  retrieving, from the memory, historical identity records related to the input identity record so as to define a set of linked identity records;
  
  computing one or more network-based features of the set of linked identity records by generating a connectivity graph comprised of a plurality of nodes connected by a set of links based at least in Dart on a decomposition and block diagonalization of one or more adjacency matrices, each of the nodes corresponding to at least one of the linked identity records and each of the links being representative of the occurrence of a common characteristic within two or more of the linked identity records;
  
  generating a non-linear decision model based at least in part on computing the one or more nodal features of the input identity record and computing the one or more network-based features of the set of linked identity records;
  
  synthesizing, from the connectivity graph, one or more variables relating to the network-based features;
  
  determining a fraud score based upon the generated non-linear decision model, wherein the fraud score is based at least in part on a correlation between the one or more nodal features of the input identity record and the one or more network-based features of the set of linked identity records;
  
  generating a reason code based at least in part on determining the fraud score, the reason code comprising an indication of a characteristic of fraud associated with the input identity record;
  
  examining other identity records related to the input identity record subsequent to generating the reason code and issuing a retro-alert with respect to the input identity record when the other identity records are determined to increase a level of fraud-related suspicion attaching to the input identity record, wherein the retro-alert comprises the reason code; and
  
  communicating the retro-alert to an administrator associated with the input identity record.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
- - 19. The method of claim 18 wherein the examining content is performed without reference to historical identity record data.
  - 20. The method of claim 18 wherein the historical identity records are related to the input identity record by way of associated identity-related parameters.
  - 21. The method of claim 18, wherein at least one of the one or more network-based features comprises a graphically-represented statistical summary.
  - 22. The method of claim 18 wherein one of the fields of the input identity record includes a telephone number and wherein at least one of the characteristics of the input identity record relates to whether the phone number is determined to be valid.
  - 23. The method of claim 18 wherein one of the fields of the input identity record includes a social security number and wherein at least one of the characteristics of the input identity record relates to whether the social security number is determined to be valid.
  - 24. The method of claim 18 wherein one of the fields of the input identity record includes a telephone number and wherein at least one of the characteristics of the input identity record relates to whether the telephone number corresponds to a wireless communications unit.
  - 25. The method of claim 18 wherein one of the one or more fields of the input identity record includes an address and wherein at least one of the characteristics of the input identity record relates to whether the address is determined to be valid and deliverable.

26. A computer-usable medium having computer readable program code physically embodied therein for execution by a processor to perform a method for determining a likelihood of fraud associated with an input identity record, said method comprising:
- identifying the input identity record, wherein the input identity record comprises one or more identity-related fields associated with a user and is associated with an adjacency matrix, the adjacency matrix comprising one or more sub-matrices indicating a respective identity-related field of the input identity record;
  
  determining characteristics of the input identity record by examining content of the one or more identity-related fields that is associated with a sub-matrix of the adjacency matrix, wherein determining the characteristics of the input identity record comprises computing one or more nodal features of the input identity record based at least in Dart on the content of the one or more identity-related fields that is associated with the sub-matrix;
  
  retrieving, from the memory, historical identity records related to the input identity record so as to define a set of linked identity records;
  
  computing one or more network-based features of the set of linked identity records based at least in Dart on a decomposition and block diagonalization of one or more adjacency matrices;
  
  generating a non-linear decision model based at least in part on computing the one or more nodal features of the input identity record and computing the one or more network-based features of the set of linked identity records;
  
  synthesizing, from the connectivity graph, one or more variables relating to the network-based features;
  
  determining a fraud score based upon the generated non-linear decision model, wherein the fraud score is based at least in part on a correlation between the one or more nodal features of the input identity record and the one or more network-based features of the set of linked identity records;
  
  generating a reason code based at least in part on determining the fraud score, the reason code comprising an indication of a characteristic of fraud associated with the input identity record;
  
  examining other identity records related to the input identity record subsequent to generating the reason code and issuing a retro-alert with respect to the input identity record when the other identity records are determined to increase a level of fraud-related suspicion attaching to the input identity record, wherein the retro-alert comprises the reason code; and
  
  communicating the retro-alert to an administrator associated with the input identity record.
- View Dependent Claims (27, 28, 29)
- - 27. The computer-usable medium of claim 26 wherein the examining content is performed without reference to historical identity record data.
  - 28. The computer-usable medium of claim 26 wherein the historical identity records are related to the input identity record by way of associated identity-related parameters.
  - 29. The computer-usable medium of claim 26 wherein at least one of the one or more network-based features comprises a graphically-represented statistical summary.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
LexisNexis Risk Solutions, Inc. (RELX PLC)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Shao, Xuhui, Xie, Jianjun, Dunning, Ted, Hong, Tao, Blue, Joe
Primary Examiner(s)
Milef, Elda G

Application Number

US10/841,946
Time in Patent Office

5,716 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 40/02 Banking, e.g. interest calc...

System and method for identity-based fraud detection

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

48 Citations

29 Claims

Specification

Use Cases

Quick Links

Others

System and method for identity-based fraud detection

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

29 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others