Detecting possible fraudulent communication usage
First Claim
1. A method of detecting possible fraudulent use of a communications network, which network is arranged to provide call event records having fields containing call event data, at least one of the fields being designated a key field and containing a key relating to an entity as herein defined, the method comprising the steps of:
- reading a first key field of a call event record and obtaining its key;
addressing a database by the combination of the first key field and the obtained key (referred to as the "first combination") to access a first combination-associated profile set comprising(i) at least one profile identifying(a) a respective call event data processing algorithm defining a process to be performed upon call event data to obtain a process result,(b) at least one first combination-associated first store to be incremented by the process result, and at least one respective threshold for the or each said first combination-associated first store,(c) a respective predetermined outcome to be generated when the contents of a said first combination-associated first store reaches a threshold, at least one said predetermined outcome comprising a fraud risk indicator,(ii) a further profile identifying(d) a first combination-associated second store to be incremented by a fraud risk indicator,(e) at least one respective threshold for said first combination-associated second store, and(f) a further respective predetermined outcome to be generated when the contents of said first combination-associated second store reaches a threshold;
processing the call event data of the call event record in accordance with said first combination-associated profile set, therebyobtaining one or more respective process results,incrementing the corresponding identified first combination-associated first store or stores by the respective process result, and, if a threshold is reached,generating the corresponding respective predetermined outcome, and, if a fraud risk indicator is generated,incrementing said first combination-associated second store by that fraud risk indicator, and, if a threshold is reached,generating the corresponding further respective predetermined outcome.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of, and a system for, detecting possible fraudulent use of a telecommunications network. Call event records, both call initiation and call completion records, are examined. A call record has a number of key fields, e.g. called number, calling number, calling card number, and for each field in turn the key is used to access a database containing an associated set of profiles. Each profile contains an algorithm defining a measurement process to be performed on the call data, e.g. determine the call duration. The respective process results are added to a respective set of stores associated with each profile, and an alarm response is generated when a threshold of a store is reached. An additional process for e.g. a call duration of e.g. called number card calling number key fields, convert the process results to penalty points which are added to a penalty points store associated with the calling card number key of the call event record under examination. Each response is recorded in a history file for that key.
-
Citations
21 Claims
-
1. A method of detecting possible fraudulent use of a communications network, which network is arranged to provide call event records having fields containing call event data, at least one of the fields being designated a key field and containing a key relating to an entity as herein defined, the method comprising the steps of:
-
reading a first key field of a call event record and obtaining its key; addressing a database by the combination of the first key field and the obtained key (referred to as the "first combination") to access a first combination-associated profile set comprising (i) at least one profile identifying (a) a respective call event data processing algorithm defining a process to be performed upon call event data to obtain a process result, (b) at least one first combination-associated first store to be incremented by the process result, and at least one respective threshold for the or each said first combination-associated first store, (c) a respective predetermined outcome to be generated when the contents of a said first combination-associated first store reaches a threshold, at least one said predetermined outcome comprising a fraud risk indicator, (ii) a further profile identifying (d) a first combination-associated second store to be incremented by a fraud risk indicator, (e) at least one respective threshold for said first combination-associated second store, and (f) a further respective predetermined outcome to be generated when the contents of said first combination-associated second store reaches a threshold; processing the call event data of the call event record in accordance with said first combination-associated profile set, thereby obtaining one or more respective process results, incrementing the corresponding identified first combination-associated first store or stores by the respective process result, and, if a threshold is reached, generating the corresponding respective predetermined outcome, and, if a fraud risk indicator is generated, incrementing said first combination-associated second store by that fraud risk indicator, and, if a threshold is reached, generating the corresponding further respective predetermined outcome. - View Dependent Claims (2, 5, 6, 7, 8, 9)
-
-
3. A method of detecting possible fraudulent use of a communications network, which network is arranged to provide call event records having fields containing call event data, at least one of the fields being designated a key field and containing a key relating to an entity as herein defined, the method comprising the steps of:
-
reading a first key field of a call event record and obtaining its key; addressing a database by the combination of the first key field and the obtained key (referred to as the "first combination") to access a first combination-associated profile set comprising (i) at least one profile identifying (a) a respective call event data processing algorithm defining a process to be performed upon call event data to obtain a process result, (b) a respective function to be applied to the process result to generate a fraud risk indicator, (c) at least one first combination-associated first store to be incremented by the process result, and at least one respective threshold for the or each said first combination-associated first store, (d) a respective predetermined outcome to be generated when the contents of a said first combination-associated first store reaches a threshold, (ii) a further profile identifying (e) a first combination-associated second store to be incremented by a fraud risk indicator, (f) at least one respective threshold for said first combination-associated second store, and (g) a further respective predetermined outcome to be generated when the contents of said first combination-associated second store reaches a threshold; processing the call event data of the call event record in accordance with said first combination-associated profile set, thereby obtaining at least one respective process result and associated fraud risk indicator, incrementing the corresponding identified first combination-associated first store or stores by the respective process result, and, if a threshold is reached, generating the corresponding respective predetermined outcome, incrementing said first combination-associated second store by the associated fraud risk indicator, and, if a threshold is reached, generating the corresponding further respective predetermined outcome. - View Dependent Claims (4)
-
-
10. A fraud detection system for detecting possible fraudulent use of a communications network, which network is arranged to provide call event records having fields containing call event data, at least a first of the fields being designated a key field and containing a key relating to an entity as herein defined, the system comprising:
-
means for reading a key field of a call event record and obtaining its key and for addressing a database by the combination of said key field and the obtained key (referred to as a "combination"); a database addressable by a said combination and storing a plurality of respective profile sets associated with a first key field and a plurality of keys (referred to as "first combination-associated profile sets"), each first combination-associated profile set comprising (i) at least one profile identifying (a) a respective call event data processing algorithm defining a process to be performed upon call event data of a call event record to obtain a process result, (b) at least one first combination-associated first store to be incremented by the process result, and at least one respective threshold for the or each store, (c) a respective predetermined outcome to be generated when the contents of a said first combination-associated first store reaches a threshold, at least one said predetermined outcome comprising a fraud risk indicator, (ii) a further profile identifying (d) a first combination-associated second store to be incremented by a fraud risk indicator, (e) at least one respective threshold for said first combination-associated second store (f) a further respective predetermined outcome to be generated when the contents of said first combination-associated second store reaches a threshold; means for processing the call event data of the call event record in accordance with said first combination-associated profile set, thereby obtaining one or more respective process results, incrementing the corresponding identified first combination-associated first store or stores by the respective process result, and, if a threshold is reached, generating a said respective predetermined outcome, and, if a fraud risk indicator is generated, incrementing said first combination-associated second store by the fraud risk indicator, and, if a threshold is reached, generating the corresponding further respective predetermined outcome. - View Dependent Claims (11, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
12. A fraud detection system for detecting possible fraudulent use of a communications network, which network is arranged to provide call event records having fields containing call event data, at least a first of the fields being designated a key field and containing a key relating to an entity as herein defined, the system comprising:
-
means for reading a key field of a call event record and obtaining its key and for addressing a database by the combination of said key field and the obtained key (referred to as a "combination"); a database addressable by a said combination and storing a plurality of respective profile sets associated with a first key field and a plurality of keys (referred to as "first combination-associated profile sets"), each first combination-associated profile set comprising (i) at least one profile identifying (a) a respective call event data processing algorithm defining a process to be performed upon call event data of a call event record to obtain a process result, (b) a respective function to be applied to the process result to generate a fraud risk indicator, (c) at least one first combination-associated first store to be incremented by the process result, and at least one respective threshold for the or each store, (d) a respective predetermined outcome to be generated when the contents of a said first combination-associated first store reaches a threshold, (ii) a further profile identifying (e) a first combination-associated second store to be incremented by a fraud risk indicator, (f) at least one respective threshold for said first combination-associated second store (g) a further respective predetermined outcome to be generated when the contents of said first combination-associated second store reaches a threshold; means for processing the call event data of the call event record in accordance with said first combination-associated profile set, thereby obtaining at least one respective process result and associated fraud risk indicator, incrementing the corresponding identified first combination-associated first store or stores by the respective process result, and, if a threshold is reached, generating the corresponding respective predetermined outcome, incrementing said first combination-associated second store by the fraud risk indicator, and, if a threshold is reached, generating the corresponding further respective predetermined outcome. - View Dependent Claims (13)
-
Specification