Method and system for providing fraud detection for remote access services

US 20050160280A1
Filed: 05/12/2004
Published: 07/21/2005
Est. Priority Date: 05/15/2003
Status: Active Grant

First Claim

Patent Images

1. A method for providing fraud detection in support of data communication services, the method comprising:

monitoring a usage pattern associated with an account for remote access to a data network;

comparing the usage pattern with a reference pattern specified for the account; and

selectively generating a fraud alert based on the comparison.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An approach provides fraud detection in support of data communication services. A usage pattern associated with a particular account for remote access to a data network is monitored. The usage pattern is compared with a reference pattern specified for the account. A fraud alert is selectively generated based on the comparison.

Citations

43 Claims

1. A method for providing fraud detection in support of data communication services, the method comprising:
- monitoring a usage pattern associated with an account for remote access to a data network;
  
  comparing the usage pattern with a reference pattern specified for the account; and
  
  selectively generating a fraud alert based on the comparison.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method according to claim 1, further comprising:
    - categorizing the account according to one of a plurality of behavioral groups, wherein the reference pattern corresponds to the one behavioral group.
  - 3. A method according to claim 1, further comprising:
    - establishing the usage pattern based on one or more factors including log-in frequency of attempts to access the data network, geographic diversity of the attempts, and simultaneity of usage of resources of the data network.
  - 4. A method according to claim 1, further comprising:
    - designating a different reference pattern for the account, wherein the usage pattern is compared with the different reference pattern.
  - 5. A method according to claim 1, further comprising:
    - assigning a plurality of user identifiers for the account for access to the data network, wherein login activities associated with the user identifiers are monitored to establish the usage pattern.
  - 6. A method according to claim 5, wherein the fraud alert is generated based on overlap of times of communication sessions established over the data network, login from separate geographic locations, and duration of the communication sessions.
  - 7. A method according to claim 1, wherein the data network interfaces a telephony network supporting a call for communicating with a host within the data network, the method further comprising:
    - establishing the usage pattern based on one of origin of the call and type of call used to reach the host.

8. A system for providing fraud detection in support of data communication services, the system comprising:
- a monitoring device communicating with a data network, the monitoring device being configured to monitor a usage pattern associated with an account for remote access to the data network; and
  
  a fraud detection system in communication with the monitoring device and being configured to compare the usage pattern with a reference pattern specified for the account, and to selectively generate a fraud alert based on the comparison.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. A system according to claim 8, wherein the account is categorized according to one of a plurality of behavioral groups, and the reference pattern corresponds to the one behavioral group.
  - 10. A system according to claim 8, wherein the fraud detection system establishes the usage pattern based on one or more factors including log-in frequency of attempts to access the data network, geographic diversity of the attempts, and simultaneity of usage of resources of the data network.
  - 11. A system according to claim 8, wherein the fraud detection system designates a different reference pattern for the account, and the usage pattern is compared with the different reference pattern.
  - 12. A system according to claim 8, wherein a plurality of user identifiers are assigned for the account for access to the data network, and login activities associated with the user identifiers are monitored to establish the usage pattern.
  - 13. A system according to claim 12, wherein the fraud alert is generated based on overlap of times of communication sessions established over the data network, login from separate geographic locations, and duration of the communication sessions.
  - 14. A system according to claim 8, wherein the data network interfaces a telephony network supporting a call for communicating with a host within the data network, the usage pattern being established based on one of origin of the call and type of call used to reach the host.

15. A computer-readable medium carrying one or more sequences of one or more instructions for providing fraud detection in support of data communication services, the one or more sequences of one or more instructions including instructions which, when executed by one or more processors, cause the one or more processors to perform the steps of:
- monitoring a usage pattern associated with an account for remote access to a data network;
  
  comparing the usage pattern with a reference pattern specified for the account; and
  
  selectively generating a fraud alert based on the comparison.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. A computer-readable medium according to claim 15, further including instructions for causing the one or more processors to perform the step of:
    - categorizing the account according to one of a plurality of behavioral groups, wherein the reference pattern corresponds to the one behavioral group.
  - 17. A computer-readable medium according to claim 15, further including instructions for causing the one or more processors to perform the step of:
    - establishing the usage pattern based on one or more factors including log-in frequency of attempts to access the data network, geographic diversity of the attempts, and simultaneity of usage of resources of the data network.
  - 18. A computer-readable medium according to claim 15, further including instructions for causing the one or more processors to perform the step of:
    - designating a different reference pattern for the account, wherein the usage pattern is compared with the different reference pattern.
  - 19. A computer-readable medium according to claim 15, further including instructions for causing the one or more processors to perform the step of:
    - assigning a plurality of user identifiers for the account for access to the data network, wherein login activities associated with the user identifiers are monitored to establish the usage pattern.
  - 20. A computer-readable medium according to claim 19, wherein the fraud alert is generated based on overlap of times of communication sessions established over the data network, login from separate geographic locations, and duration of the communication sessions.
  - 21. A computer-readable medium according to claim 15, wherein the data network interfaces a telephony network supporting a call for communicating with a host within the data network, the computer-readable medium further including instructions for causing the one or more processors to perform the step of:
    - establishing the usage pattern based on one of origin of the call and type of call used to reach the host.

22. A method for detecting fraudulent use of data communication services, the method comprising the steps of:
- detecting an attempt by a party to establish communications with a server through a telephony connection;
  
  determining an attribute associated with the attempted communications; and
  
  determining a fraud-indicating value based on the attribute, the fraud-indicating value relating to likelihood of the attempt as fraudulent.
- View Dependent Claims (23)
- - 23. A method according to claim 22, further comprising:
    - denying a subsequent attempt by the party to establish communications with the server based on the fraud indicating value.

24. A method of detecting possible fraudulent use of communications services with respect to a usage account in a communications system, the method comprising the steps of:
- determining excessiveness of a communication session duration;
  
  determining that communications services have been accessed via the usage account;
  
  determining location of a host from which the communications services have been accessed;
  
  retrieving one datum associated with the location and relating likelihood of fraudulent usage from the location; and
  
  responsive to the datum, determining a fraud-indicating value indicative of the likelihood that the usage account is being used fraudulently.
- View Dependent Claims (25, 26)
- - 25. A method according to claim 24, wherein the location is a country.
  - 26. A method according to claim 24, wherein the communications services include data communication services.

27. A method of detecting possible fraudulent use of communications services with respect to a usage account in a communications system, the method comprising the steps of:
- determining a first pattern of an attribute of usage of the communications services associated with the usage account;
  
  from an instance of usage of the communications services associated with the usage account, determining a second pattern of the attribute;
  
  comparing the second pattern to the first pattern; and
  
  determining a likelihood of fraud responsive at least to the comparing step.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34)
- - 28. A method according to claim 27, wherein the attribute is a rate of usage of the communications service per unit time.
  - 29. A method according to claim 27, wherein the attribute is a distribution of locations involved in usage of the communications services.
  - 30. A method according to claim 29, wherein the locations are countries.
  - 31. A method according to claim 27, wherein the first pattern is established responsive at least to instances of actual use of the communications services associated with the usage account.
  - 32. A method according to claim 27, wherein the first pattern is arbitrarily established by at least one of a first party responsible for the usage account and a second party providing the communications services.
  - 33. A method according to claim 27, wherein the communications services are data communications services.
  - 34. A method according to claim 27, wherein the communications services are remote access communications services.

35. A method of detecting possible fraudulent use of communications services with respect to a usage account in a communications system, the method comprising the steps of:
- over a period of time, determining a total amount of time that the usage account uses communications services; and
  
  determining whether the total amount of time exceeds a predetermined duration specified for the period of time.

36. A method of detecting possible fraudulent use of communications services with respect to a usage account in a communications system, the method comprising the steps of:
- determining that the user account is used to access communications services from a first location during a first time period;
  
  determining that the user account is used to access communications services from a second location during a second time period; and
  
  determining likelihood of fraudulent use responsive to at least one of;
  
  the distance between the first location and the second location and the occurrence time of the first time period relative to the second time period.
- View Dependent Claims (37, 38)
- - 37. A method according to claim 36, wherein the communications services are data communications services.
  - 38. A method according to claim 36, wherein the communications services are remote access communications services.

39. A method of detecting possible fraudulent use of communications services, the method comprising the steps of:
- monitoring access of the communication services for a usage account; and
  
  determining a quantity of distinct locations from which the communications services have been accessed on behalf of the usage account for a predetermined time interval.
- View Dependent Claims (40)
- - 40. A method according to claim 39, wherein the distinct locations are countries.

41. A method of detecting possible fraudulent use of communications services, the method comprising the steps of:
- for a usage account, determining a first pattern of likelihood of communications usage involving each location among a set of locations;
  
  for the usage account, determining a second pattern of communications actually occurring;
  
  comparing the second pattern to the first pattern; and
  
  determining a likelihood of fraud responsive to the comparing the second pattern to the first pattern.
- View Dependent Claims (42, 43)
- - 42. A method according to claim 41, wherein the first pattern is determined responsive to incidences of actual communications for the usage account.
  - 43. A method according to claim 42, wherein the first pattern is arbitrarily established by at least one of a first party responsible for the usage account and a second party providing the communications services.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Business Global LLC (Verizon Communications Inc.)
Inventors
Van Arkel, John Hans, Gilbert, Mutthew J., Stepp, Thomas E., Caslin, Michael F., Springer, Arthur Lance

Granted Patent

US 7,971,237 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

H04L 12/2856   Access arrangements, e.g. I...

H04L 43/00   Arrangements for monitoring...

H04L 63/1408   by monitoring network traff...

H04L 67/535   Tracking the activity of th...

Method and system for providing fraud detection for remote access services

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

43 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for providing fraud detection for remote access services

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

43 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links