Fraudulent activity shell

US 10,546,299 B1
Filed: 06/18/2015
Issued: 01/28/2020
Est. Priority Date: 06/18/2015
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a processor that executes the following;

A processor that executes the following;

an application configured to receive a request for an action by a user, the application having a default mode having a normal environment that initiates action with external systems and a shell environment that mirrors the normal environment, but is not capable of initiating actions with external systems; and

a trigger logic configured to;

determine that the requested action satisfies a trigger condition; and

trigger the application to override the default mode and enter a fraudulent activity mode in response to determining that the requested action satisfies the trigger condition, wherein the normal environment is configured to hold the action in the fraudulent activity mode such that the action cannot be executed, and wherein the shell environment is configured to stop mirroring the normal environment and to display the requested action to the user such that the requested action appears to the user to be executed;

a risk analysis logic configured to calculate a fraudulent score for the action when the application is in the fraudulent activity mode, wherein the risk analysis logic is further configured to verify the action, and wherein upon verification the action is released and replayed in the normal environment.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and other embodiments associated with a fraudulent activity shell. According to one embodiment, a system includes an application having a normal environment and a shell environment. The system also includes a trigger logic that determines whether an action satisfies a trigger condition. In response to determining that the action satisfies the trigger condition, the trigger logic triggers the application to enter a fraudulent activity mode from a default mode. In the fraudulent activity mode, the normal environment is configured to hold the action. The shell environment is configured to display the action as executed in the fraudulent activity mode.

25 Citations

16 Claims

1. A system, comprising:
- a processor that executes the following;
  
  A processor that executes the following;
  
  an application configured to receive a request for an action by a user, the application having a default mode having a normal environment that initiates action with external systems and a shell environment that mirrors the normal environment, but is not capable of initiating actions with external systems; and
  
  a trigger logic configured to;
  
  determine that the requested action satisfies a trigger condition; and
  
  trigger the application to override the default mode and enter a fraudulent activity mode in response to determining that the requested action satisfies the trigger condition, wherein the normal environment is configured to hold the action in the fraudulent activity mode such that the action cannot be executed, and wherein the shell environment is configured to stop mirroring the normal environment and to display the requested action to the user such that the requested action appears to the user to be executed;
  
  a risk analysis logic configured to calculate a fraudulent score for the action when the application is in the fraudulent activity mode, wherein the risk analysis logic is further configured to verify the action, and wherein upon verification the action is released and replayed in the normal environment.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the normal environment is configured to process the action in the default mode, and wherein the shell environment is configured to mimic the normal environment in the default mode.
  - 3. The system of claim 1, wherein the action is a financial action, and wherein the trigger condition indicates that the financial action is fraudulent.
  - 4. The system of claim 1, wherein the trigger condition includes a first fraudulent activity indicator and a second fraudulent activity indicator.
  - 5. The system of claim 1, wherein the trigger condition is defined by a fraudulent activity indicator, and wherein the fraudulent activity indicator is based, at least in part, on metadata of the action.
  - 6. The system of claim 1, wherein the trigger logic is configured to cause the application to maintain the fraudulent activity mode for a subsequent action.
  - 7. The system of claim 1, wherein the trigger logic is configured to cause the application to re-enter the default mode for a subsequent action.

8. A method, comprising:
- receiving, via a processor, a request for an action by a user at an application, theapplication having a default mode having a normal environment that initiates action with external systems and a shell environment that mirrors the normal environment, but is not capable of initiating actions with external systems;
  
  determining, via a processor, that the requested action satisfies a trigger condition;
  
  triggering, via a processor, the application to override the default mode and enter a fraudulent activity mode in response to determining that the requested action satisfies the trigger condition;
  
  holding, via a processor, the requested action in the normal environment based, at least in part, on the fraudulent activity mode;
  
  stopping, via a processor, the mirroring of the normal environment in the shell environment;
  
  displaying to the user, via a processor, the requested action such that the requested action appears to the user to be executed; and
  
  calculating, via a processor, a fraudulent score for the action when the application is in the fraudulent activity mode, and verifying, via a processor the action based, at least in part, on the fraudulent score.
- View Dependent Claims (9, 10, 11)
- - 9. The method of claim 8, wherein the trigger condition is defined by one more fraudulent activity indicators, and wherein a fraudulent activity indicator is based, at least in part, on metadata of the action.
  - 10. The method of claim 8, further comprising re-entering the default mode for a subsequent received action.
  - 11. The method of claim 8, further comprising maintaining the fraudulent activity mode for a subsequent received action.

12. A non-transitory computer-readable medium storing computer-executable instructions that when executed by a computer cause the computer to perform a method, the method comprising:
- receiving a request for an action from a user at an application, the application having a default mode having a normal environment that initiates action with external systems and a shell environment that mirrors the normal environment, but is not capable of initiating actions with external systems;
  
  determining that the requested action satisfies a trigger condition;
  
  triggering the application to override the default mode and enter a fraudulent activity mode in response to determining that the requested action satisfies the trigger condition;
  
  holding the requested action in the normal environment based, at least in part, on the fraudulent activity mode,stopping the mirroring of the normal environment by the shell environment and displaying to the user the requested action such that the requested action appears to the user to be executed; and
  
  calculating a fraudulent score for the action when the application is in the fraudulent activity mode, and verifying the action based at least in part on the fraudulent score.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The non-transitory computer-readable medium of claim 12, further comprising:
    - comparing the fraudulent score to a threshold value;
      
      re-entering the default mode when the fraudulent score meets the threshold value; and
      
      executing the action in the default mode.
  - 14. The non-transitory computer-readable medium of claim 12, wherein the trigger condition is defined by one more fraudulent activity indicators, and wherein a fraudulent activity indicator is based, at least in part, on metadata of the action.
  - 15. The non-transitory computer-readable medium of claim 12, further comprising reentering the default mode for a subsequent received action.
  - 16. The non-transitory computer-readable medium of claim 12, further comprising maintaining the fraudulent activity mode for a subsequent received action.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Wells Fargo Bank NA (Wells Fargo & Company)
Original Assignee
Wells Fargo Bank NA (Wells Fargo & Company)
Inventors
Garner, IV, Andrew J., Martinez, Matthew, Moss, Beth S., Spratley, Jennifer G.
Primary Examiner(s)
Jacob, William J

Application Number

US14/743,378
Time in Patent Office

1,685 Days
Field of Search

705 44
US Class Current
CPC Class Codes

G06Q 20/40 Authorisation, e.g. identif...

G06Q 20/4016 involving fraud or risk lev...

Fraudulent activity shell

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

25 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Fraudulent activity shell

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links