REAL-TIME SELECTION OF AUTHENTICATION PROCEDURES BASED ON RISK ASSESSMENT
First Claim
1. A non-transitory computer-readable medium storing instructions, the instructions comprising:
- one or more instructions that, when executed by one or more processors, cause the one or more processors to;
receive, from a server device, a real-time notification indicating that one or more fields of a user account are being modified,wherein the one or more fields that are being modified include;
data describing personal information of a user associated with the user account, ordata identifying one or more authorized users of the user account;
receive, from a user device, a request associated with a high-risk transaction involving the user account;
request, from a data source, additional information associated with the user;
determine a risk score indicating a likelihood of the high-risk transaction being performed by an unauthorized user,wherein the risk score is determined using a data model that has been trained on historical account data associated with a group of user accounts, andwherein the one or more instructions, that cause the one or more processors to determine the risk score, cause the one or more processors to;
provide, as input to the data model, information associated with the real-time notification and information associated with the request associated with the high-risk transaction to cause the data model to output the risk score,
wherein the information associated with the real-time notification has a first time stamp,
wherein the information associated with the request associated with the high-risk transaction has a second time stamp, and
wherein a time period between the first time stamp and the second time stamp is a factor that the data model considers in determining the risk score;
increase or decrease the risk score based on the additional information associated with the user;
selectively identify an authentication procedure, of a group of authentication procedures, after increasing or decreasing the risk score,wherein the group of authentication procedures are associated with ranges of risk scores, andwherein the authentication procedure is identified based on the risk score falling within a particular range of risk scores of the ranges of risk scores; and
provide authentication instructions for the authentication procedure to the user device to allow the user device to perform the authentication procedure.
1 Assignment
0 Petitions
Accused Products
Abstract
A device may receive, from a server device, a real-time notification indicating that a field of a user account is being modified. The field may include personal information of a user associated with the user account and/or information identifying authorized users of the user account. The device may receive, from a user device, a request associated with a high-risk transaction involving the user account. The device may determine a risk score indicating a likelihood of the high-risk transaction being performed by an unauthorized user. The device may selectively identify an authentication procedure, of a group of authentication procedures, based on the risk score. The device may provide authentication instructions for the authentication procedure to the user device to allow the user device to perform the authentication procedure.
41 Citations
22 Claims
-
1. A non-transitory computer-readable medium storing instructions, the instructions comprising:
one or more instructions that, when executed by one or more processors, cause the one or more processors to; receive, from a server device, a real-time notification indicating that one or more fields of a user account are being modified, wherein the one or more fields that are being modified include; data describing personal information of a user associated with the user account, or data identifying one or more authorized users of the user account; receive, from a user device, a request associated with a high-risk transaction involving the user account; request, from a data source, additional information associated with the user; determine a risk score indicating a likelihood of the high-risk transaction being performed by an unauthorized user, wherein the risk score is determined using a data model that has been trained on historical account data associated with a group of user accounts, and wherein the one or more instructions, that cause the one or more processors to determine the risk score, cause the one or more processors to; provide, as input to the data model, information associated with the real-time notification and information associated with the request associated with the high-risk transaction to cause the data model to output the risk score,
wherein the information associated with the real-time notification has a first time stamp,
wherein the information associated with the request associated with the high-risk transaction has a second time stamp, and
wherein a time period between the first time stamp and the second time stamp is a factor that the data model considers in determining the risk score;increase or decrease the risk score based on the additional information associated with the user; selectively identify an authentication procedure, of a group of authentication procedures, after increasing or decreasing the risk score, wherein the group of authentication procedures are associated with ranges of risk scores, and wherein the authentication procedure is identified based on the risk score falling within a particular range of risk scores of the ranges of risk scores; and provide authentication instructions for the authentication procedure to the user device to allow the user device to perform the authentication procedure. - View Dependent Claims (3, 4, 5, 6, 22)
-
2. (canceled)
-
7. A device, comprising:
-
one or more memories; and one or more processors, communicatively coupled to the one or more memories, to; receive a data model that has been trained on historical account data associated with a group of user accounts, wherein the historical account data includes data associated with fraudulent transactions and data associated with legitimate transactions; receive, from a server device, a real-time notification indicating that one or more fields of a user account are being modified, wherein the one or more fields that are being modified include at least one of; data describing personal information of a user associated with the user account, or data identifying one or more authorized users of the user account; receive a request associated with a high-risk transaction involving the user account; determine, using the data model, a risk score associated with modifications to the one or more fields, wherein the risk score indicates a likelihood of the one or more fields being modified as part of an unauthorized use of the user account, and wherein the one or more processors, when determining the risk score, are to; provide, as input to the data model, information associated with the real-time notification to cause the data model to output the risk score,
wherein the information associated with the real-time notification has a first time stamp,
wherein the information associated with the request associated with a high-risk transaction has a second time stamp, and
wherein a time period between the first time stamp and the second time stamp is a factor that the data model considers in determining the risk score;request, from a data source, additional information associated with the user; increase or decrease the risk score based on the additional information associated with the user; selectively identify, after increasing or decreasing the risk score, one or more actions to perform based on the risk score, wherein the one or more actions include at least one of; a first group of one or more actions to determine whether the modifications of the one or more fields is an unauthorized action, or a second group of one or more actions to prevent subsequent unauthorized access to the user account; and perform the one or more actions that have been selectively identified. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A method, comprising:
-
receiving, by a device and from a server device, a real-time notification indicating that one or more fields of a user account are being modified, wherein the one or more fields that are being modified include; data describing personal information of a user associated with the user account, or data identifying one or more authorized users of the user account; receiving, by the device and from a user device, a request associated with a high-risk transaction involving the user account; determining, by the device, a set of risk scores associated with a modification of the one or more fields of the user account, wherein the set of risk scores are determined using a data model that has been trained on historical account data associated with a group of user accounts, wherein the set of risk scores indicate a likelihood of the one or more fields being modified as part of an unauthorized use of the user account, and wherein determining the set of risk scores comprises; providing, as input to the data model, information associated with the real-time notification to cause the data model to output the set of risk scores, wherein the information associated with the real-time notification has a first time stamp, wherein the information associated with the request associated with the high-risk transaction has a second time stamp, and wherein a time period between the first time stamp and the second time stamp is a factor that the data model considers in determining the set of risk scores; request, from a data source, additional information associated with the user; increase or decrease a risk score, of the set of risk scores, based on the additional information associated with the user; selectively identifying, by the device, an authentication procedure, of a group of authentication procedures, after receiving the request associated with the high-risk transaction, wherein the authentication procedure is identified based on the risk score; and providing, by the device, authentication instructions for the authentication procedure to the user device to allow the authentication procedure to be completed. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
15. (canceled)
Specification