Risk determination and management using predictive modeling and transaction profiles for individual transacting entities
DCFirst Claim
Patent Images
1. A computer implemented method of determining a level of risk for a transaction in an account of a transacting entity, the method comprising:
- storing a predictive model of risk-associated transactions generated from high risk and low risk historical transactions of transacting entities and the profiles of the transacting entities;
receiving in real time a current transaction of a transacting entity for a type of account, the current transaction received prior to completion of the transaction by the transacting entity;
generating in real time a signal indicative of the level of risk associated with the current transaction by applying the current transaction and a profile summarizing a pattern of historical transactions of the transacting entity to the predictive model by;
selecting high risk and low risk transactions and transacting entity data associated with the selected transactions;
segregating transactions into time intervals, with each time interval representing at least one transaction of the account during the time interval;
randomly selecting low risk time intervals, and for any sequence of high risk time intervals of an individual account, selecting only initial high risk time intervals; and
generating risk related variables from the selected time intervals and the profiles associated with the selected accounts; and
transmitting in real time the signal indicative of the level of risk to at least one of the transacting entity or a second entity to allow for either completion or termination of the transaction.
2 Assignments
Litigations
0 Petitions
Accused Products
Abstract
An automated system and method detects fraudulent transactions using a predictive model such as a neural network to evaluate individual customer accounts and identify potentially fraudulent transactions based on learned relationships among known variables. The system may also output reason codes indicating relative contributions of various variables to a particular result. The system periodically monitors its performance and redevelops the model when performance drops below a predetermined level.
1058 Citations
79 Claims
-
1. A computer implemented method of determining a level of risk for a transaction in an account of a transacting entity, the method comprising:
-
storing a predictive model of risk-associated transactions generated from high risk and low risk historical transactions of transacting entities and the profiles of the transacting entities;
receiving in real time a current transaction of a transacting entity for a type of account, the current transaction received prior to completion of the transaction by the transacting entity;
generating in real time a signal indicative of the level of risk associated with the current transaction by applying the current transaction and a profile summarizing a pattern of historical transactions of the transacting entity to the predictive model by;
selecting high risk and low risk transactions and transacting entity data associated with the selected transactions;
segregating transactions into time intervals, with each time interval representing at least one transaction of the account during the time interval;
randomly selecting low risk time intervals, and for any sequence of high risk time intervals of an individual account, selecting only initial high risk time intervals; and
generating risk related variables from the selected time intervals and the profiles associated with the selected accounts; and
transmitting in real time the signal indicative of the level of risk to at least one of the transacting entity or a second entity to allow for either completion or termination of the transaction. - View Dependent Claims (2, 3, 4, 5, 51, 52, 53, 54, 55)
generating in real time an authorization response signal for the current transaction as a function of the signal indicative of risk.
-
-
4. The method of claim 3, wherein generating the authorization response signal comprises:
determining in real time whether to approve or decline the current transaction according to the signal indicative of risk associated with the current transaction.
-
5. The method of claim 3, further comprising:
-
receiving the current transaction from a point of sale device associated with the current transaction; and
transmitting the authorization signal to the point of sale device.
-
-
51. The method of any of claims 1, 6, 7, 42, 43, or 44, further comprising:
generating in real time the profile of the account holder in response to the current transaction.
-
52. The method of any of claims 1, 6, 7, 42, 43, or 44, wherein the profile summarizes debit card type transactions of the transacting entity.
-
53. The method of claim 52, wherein the current transaction is a debit card type transaction, and the signal indicative of risk is a continuous fraud score indicating the likelihood that the current transaction is fraudulent.
-
54. The method of any of claims 1, 6, 7, 42, 43, or 44, wherein the profile summarizes telephone calling card type transactions of the transacting entity.
-
55. The method of claim 54, wherein the current transaction is a telephone calling card type transaction, and the signal indicative of risk is a continuous fraud score indicating the likelihood that the current transaction is fradulent.
-
6. A computer implemented method of determining a level of risk for a transaction in an account of a transacting entity, the method comprising:
-
for each of a first plurality of transacting entities, generating a profile of transaction patterns of the transacting entity using historical transactions of the transacting entity;
generating and storing a predictive model of fraudulent transactions from a plurality of fraudulent transactions and the profiles of the transacting entities of the fraudulent transactions, and a plurality of non-fraudulent transactions and the profiles of the transacting entities of the non-fraudulent transactions;
receiving in real time a current transaction of a transacting entity for a type of account, the current transaction received prior to completion of the transaction by the transacting entity;
generating in real time a signal indicative of the level of fraud associated with the current transaction by applying the current transaction and a profile summarizing a pattern of historical transactions of the transacting entity to the predictive model; and
transmitting in real time the signal indicative of the level of fraud to at least one of the transacting entity or a second entity to allow for either completion or termination of the transaction.
-
-
7. A computer implemented method of determining a level of risk for a transaction in an account of a transacting entity, the method comprising:
-
receiving in real time, data pertaining to a pending first transaction of a transacting entity for a type of account, the data received prior to completion of the first transaction by the transacting entity;
generating in real time a signal indicative of the level of risk associated with the first transaction by comparing the data pertaining to the first transaction of the transacting entity with a profile summarizing a pattern of historical transactions of the transacting entity;
determining in real time an authorization response for the first transaction as a function of the signal indicative of risk associated with the transaction;
transmitting in real time the authorization response to either the transacting entity or a second entity to allow either the transacting entity or the second entity to terminate or complete the first transaction; and
determining whether to approve or decline a second transaction as a function of the signal indicative of the level of risk associated with the first transaction. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
determining an authorization response for a second transaction of the transacting entity subsequent to the first transactions as a function of fraud score associated with the first transaction.
-
-
10. The method of claim 8, further comprising:
responsive to the fraud score of the current transaction exceeding a threshold amount, not authorizing the current transaction, and designating the account associated with the transacting entity of the current transaction as a high risk account so as to prevent subsequent transactions of the transacting entity from being authorized.
-
11. The method of claim 8, further comprising:
updating the profile of the transacting entity associated with the current transaction using current transaction data.
-
12. The method of claim 8, further comprising:
determining the fraud score for the current transaction as a function of a number of transactions by the transacting entity per time interval.
-
13. The method of claim 8, further comprising:
determining the fraud score for the current transaction as a function of a number of transactions by the transacting entity in a recent time interval relative to an historical average number of transactions by the transacting entity.
-
14. The method of claim 8, further comprising:
determining the fraud score for the current transaction as a function of a dollar value of transactions by the transacting entity per time interval.
-
15. The method of claim 8, further comprising:
determining the fraud score for the current transaction as a function of a dollar value of transactions by the transacting entity in a recent time interval relative to an historical average dollar value of transactions by the transacting entity.
-
16. The method of claim 8, further comprising:
determining the fraud score for the current transaction as a function of a number of authorizations by the transacting entity per time interval.
-
17. The method of claim 8, further comprising
determining the fraud score for the current transaction as a function of a number of authorizations for the transacting entity in a recent time interval relative to an historical average number of authorizations for the transacting entity. -
18. The method of claim 8, further comprising:
determining the fraud score for the current transaction as a function of the Standard Industrial Classification (SIC) codes of recent merchants visited by the transacting entity.
-
19. The method of claim 8, further comprising:
determining the fraud score for the current transaction as a function of the SIC codes of recent merchants visited by the transacting entity relative to the SIC codes of merchants historically visited by the transacting entity.
-
20. The method of claim 8, further comprising:
determining the fraud score for the current transaction as a function of the amount spent by the transacting entity in each of a number of SIC code merchant groups during a recent time interval.
-
21. The method of claim 8, further comprising:
determining the fraud score for the current transaction as a function of the percentage of the amount spent in a recent time interval by the transacting entity in each of a number of SIC code merchant groups.
-
22. The method of claim 8, further comprising:
determining the fraud score for the current transaction as a function of a number of transactions in a recent time interval by the transacting entity in each of a number of SIC code merchant groups.
-
23. The method of claim 8, further comprising:
determining the fraud score for the current transaction as a function of the percentage of the number of transactions in a recent time interval by the transacting entity in each of a number of SIC code merchant groups.
-
24. The method of claim 8, further comprising:
determining the fraud score for the current transaction as a function of a level of risk associated with the SIC code of merchants for recent transactions of the transacting entity.
-
25. The method of claim 8, further comprising:
determining the fraud score for the current transaction as a function of a level of risk associated with one or more geographic regions for recent transactions of the transacting entity.
-
26. The method of claim 8, further comprising:
determining the fraud score for the current transaction as a function of an average amount of time between transactions of the transacting entity.
-
27. The method of claim 8, further comprising:
determining the fraud score for the current transaction as a function of an average amount of time between transactions of the transacting entity in a recent time interval relative to an historical average amount of time between transactions of the transacting entity.
-
28. The method of claim 8, further comprising:
determining the fraud score for the current transaction as a function of a number of multiple transaction declines for transactions of the transacting entity at a same merchant.
-
29. The method of claim 8, further comprising:
determining the fraud score for the current transaction as a function of a number of out-of-state transactions of the transacting entity.
-
30. The method of claim 8, further comprising:
determining the fraud score for the current transaction as a function of an average number of transaction declines for the transacting entity.
-
31. The method of claim 8, further comprising:
determining the fraud score for the current transaction as a function of a volume of transactions for a merchant processing the current transaction.
-
32. The method of claim 8, further comprising:
determining the fraud score for the current transaction as a function of a cumulative volume of transactions for merchants having a same SIC code as the merchant processing the current transaction.
-
33. The method of claim 8, further comprising:
determining the fraud score for the current transaction as a function of a length of time that a merchant processing the current transaction has been associated with an acquirer.
-
34. The method of claim 8, further comprising:
determining the fraud score for the current transaction as a function of an average number of transactions per batch for a merchant processing the current transaction.
-
35. The method of claim 8, further comprising:
determining the fraud score for the current transaction as a function of an average amount per transaction for an authorization for a merchant processing the current transaction.
-
36. The method of claim 8, further comprising:
determining the fraud score for the current transaction as a function of a rate of transactions for the merchant processing the current transaction.
-
37. The method of claim 8, further comprising:
determining the fraud score for the current transaction as a function of a number of keyed-in transactions relative to swiped transactions for a merchant processing the current transaction.
-
38. The method of claim 8, further comprising:
determining the fraud score for the current transaction as a function of a percent of authorized transactions for a merchant processing the current transaction, relative to all of the transactions of the merchant for which authorization is requested.
-
39. The method of claim 8, further comprising:
determining the fraud score for the current transaction as a function of a cumulative volume of transactions for merchants having a same SIC code as the merchant processing the current transaction.
-
40. The method of claim 8, further comprising:
the high risk transactions and low risk transactions are fraudulent transactions and non-fraudulent transactions respectively.
-
41. The method of claim 8, wherein the current transaction is a first transaction, further comprising:
-
authorizing the first transaction regardless of the fraud score for the current transaction;
receiving a second transaction of the same transacting entity as the first transaction; and
determining in whether to approve or decline the second transaction as a function of the fraud score for the first transaction.
-
-
42. A computer implemented method of determining a fraud score for a transaction in an account of a transacting entity, the method comprising:
-
generating a predictive model of risk-associated transactions from high risk and low risk historical transactions of transacting entities and profiles of the transacting entity, for substantially the same type of account as the transaction by;
selecting high risk and low risk transactions and transacting entity data associated with the selected transactions;
segregating the selected transactions into account-days, with each account-day representing at least one transaction of the accound during a day;
randomly selecting low risk account-days, and for any sequence of high risk account-days of an individual account, selecting only initial high risk account-day; and
generating risk related variables from the randomly selected low risk account days and the selected initial high risk account days and the profiles associated with the selected accounts;
for each of a plurality of transactions in a batch of transactions, generating a fraud score for the transaction by applying the transaction and a profile of the transacting entity of the transaction to the predictive model;
authorizing each of the transactions in the batch regardless of the fraud score associated with the transaction; and
for each transaction in the batch, responsive to the fraud score of the transaction exceeding a threshold amount, designating the account associated with the transacting entity of the transaction as a high risk account.
-
-
43. A computer implemented method of determining a fraud score for a transaction in an account of a transacting entity, the method comprising:
-
storing a predictive model of risk-associated transactions generated from high risk and low risk historical transactions that are for substantially the same type of account as current transactions of transacting entities and profiles of the transacting entity, each profile summarizing a pattern of historical transactions of a transacting entity, for substantially the same type of account as the transaction;
receiving in real time a current transaction of a transacting entity, the current transaction received prior to completion of the transaction by the transacting entity;
authorizing the current transaction prior to generating a fraud score associated with the current transaction;
generating a continuous fraud score indicative of a probability that the current transaction is fraudulent by applying the current transaction of the transacting entity and the profile of the transacting entity to the predictive model; and
responsive to the fraud score of the current transaction exceeding a threshold amount, designating the account associated with the transacting entity of the current transaction as a high risk account so as to prevent subsequent transactions of the transacting entity from being authorized.
-
-
44. A computer implemented method for developing a predictive model for determining a risk score indicative of a level of risk in a transaction associated with a transacting entity, comprising the operations of:
-
receiving for a plurality of transacting entities, historical transaction data for transactions occurring over a period of time;
for each of the transacting entities, creating a profile summarizing patterns of the transactions of the transacting entity; and
creating the predictive model using the transaction data of each transaction for a type of account, the profile of the transacting entity making each transaction wherein the profile is for substantially the same type of account as each transaction, and data categorizing each transaction with respect to a level of risk in the transaction, wherein creating the predictive model includes;
selecting high risk transactions and accounts associated therewith, and a random sample of low risk transactions and accounts associated therewith;
segregating the selected transactions into account-days, each account-daylassociated with one of the selected accounts and at least one transaction of the account occurring during a given day;
selecting account-days by randomly selecting account-days that do not include a high risk transaction, and for any sequence of account-days in an account each of which include at least one high risk transaction, selecting only an earliest account-day; and
generating risk-related variables from the selected account-days and the profiles associated with the selected accounts. - View Dependent Claims (45, 46, 47, 48, 49, 50)
applying the risk-related variables of the selected time intervals, and the profiles associated with the selected account-days to a neural network to create the predictive model.
-
-
47. The method of claim 44, wherein each transaction is categorized as either a fraudulent or a non-fraudulent transaction.
-
48. The method of claim 44, further comprising:
creating a profile for a transacting entity having a plurality of fraud related variables, including a variable describing a historical average number of transactions by the transacting entity over a time interval.
-
49. The method of claim 44, further comprising
creating a profile for a transacting entity having a plurality of fraud related variables, including a variable describing a historical average dollar value of transactions by the transacting entity over a time interval. -
50. The method of claim 44, further comprising
creating a profile for a transacting entity having a plurality of fraud related variables, including a variable describing a historical average number of authorizations for the transacting entity over a time interval.
-
56. A computer program product for controlling a computer system to process transactions in accounts of account holders, comprising:
-
program code communicatively coupled to a database of account information for account holders and account transactions for the account holders that generates a profile of an account holder by summarizing patterns of historical transactions of the account holder for a type of account;
program code that communicatively couples with a communications network and receives in real time a current transaction of an account holder from a point of sale device coupled to the communications network and performing the current transaction, wherein the current transaction is for substantially the same type of account as the historical transactions;
program code that receives in real time data from the current transaction and generates a signal indicative of a level of risk associated with the current transaction by comparing the current transaction of the account holder with the profile of the account holder;
program code that couples with the generating program code to receive the signal indicative of the level of risk and that generates in real time an authorization response signal for the current transaction as a function of the level of risk;
program code that transmits in real time the authorization signal to the point of sale device;
program code that updates the profile of the account holder using the current transaction; and
a computer readable medium that stores the program codes.
-
-
57. A computer program product for controlling a computer system to process transactions in accounts of account holders, comprising:
-
program code communicatively coupled to a database of account information for account holders and account transactions for the account holders that generates a profile of an account holder by summarizing patterns of historical transactions of the account holder for a type of account;
program code that communicatively couples with a communications network and receives in real time a current transaction of an account holder from a point of sale device coupled to the communications network and performing the current transaction, wherein the current transaction is for substantially the same type of account as the historical transactions;
program code that receives in real time data from the current transaction and generates a signal indicative of a level of risk associated with the current transaction by comparing the current transaction of the account holder with the profile of the account holder;
program code that couples with the generating program code to receive the signal indicative of the level of risk and that generates in real time an authorization response signal for the current transaction as a function of the level of risk;
program code that transmits in real time the authorization signal to the point of sale device;
program code that stores a predictive model of risk associated transactions developed from the historical transactions of the account holders and the profiles of the account holders;
program code that compares the current transaction of the account holder to the profile of the account holder by applying the current transaction and the profile of the account holder to the predictive model; and
a computer readable medium that stores the projram codes.
-
-
58. A computer program product for controlling a computer system to determine a level of risk in an account of a transacting entity, the program product comprising:
-
a computer readable medium that stores program code;
a database including, for each of a plurality of transacting entities, a profile of historical transaction patterns of the transacting entity for a type of account;
program code for executing a predictive model of risk associated transactions, the predictive model generated from high risk and low risk transactions and profiles of transacting entities;
program code for receiving in real time a current transaction of a transacting entity, wherein the current transaction is for substantially the same type of account as the historical transactions;
program code for generating in real time a signal indicative of the level of risk associated with the current transaction by applying the current transaction and the profile of the transacting entity to the predictive model;
program code for determining in real time whether to approve or decline the current transaction according to the signal indicative of risk associated with the current transaction; and
program code, responsive to the level of risk of the current transaction exceeding a threshold amount, for not authorizing the current transaction;
program code, responsive to the level of risk of the current transaction exceeding the threshold amount, for designating the account associated with the transacting entity of the current transaction as a high risk account so as to prevent subsequent transactions of the transacting entity from being authorized. - View Dependent Claims (59, 60, 61, 62, 63, 64, 65, 72)
program code for generating a predictive model, comprising program code for;
selecting high risk and low risk transactions and transacting entity data associated with the selected transactions;
segregating transactions into time intervals, with each time interval representing at least one transaction of the account during the time interval;
selecting time intervals by randomly selecting low risk time intervals, and for any sequence of high risk time intervals of an individual account, selecting only initial high risk time intervals; and
generating risk related variables from the selected time intervals and the profiles associated with the selected accounts.
-
-
60. The program product of claim 58, further comprising:
-
program code for generating a profile of transaction patterns of a transacting entity using historical transactions of the transacting entity, and for storing the profiles in the database; and
program code for generating the predictive model of fraudulent transactions from a plurality of fraudulent transactions and the profiles of the transacting entities of the fraudulent transactions, and a plurality of non-fraudulent transactions and the profiles of the transacting entities of the non-fraudulent transactions.
-
-
61. The program product of claim 58, further comprising:
program code for determining whether to approve or decline a subsequent transaction of the same transacting entity as a function the signal indicative of risk associated with the current transaction.
-
62. The program product of claim 58, further comprising:
-
program code for repeating the operations of receiving a current transaction and generating a signal indicative of the level of risk associated with the current transaction for each of a batch of transactions in a period of time;
program code for authorizing each of the transactions in the batch regardless of the level of risk associated with the transaction; and
program code for processing each transaction in the batch and responsive to the level of risk of the transaction exceeding a threshold amount, designating the account associated with the transacting entity of the transaction as a high risk account.
-
-
63. The program product of claim 58, further comprising:
-
program code for repeating the operations of receiving a current transaction and generating a signal indicative of the level of risk associated with the current transaction for a batch of transactions in a period of time, wherein for each transaction in the batch the program code;
responsive to the account associated with the transacting entity of the transaction having been designated a high risk account, does not authorize the transaction;
responsive to the account associated with the transacting entity of the transaction having not been designated a high risk account, authorizes the transaction; and
responsive to the level of risk of the transaction exceeding a threshold amount, designates the account associated with the transacting entity of the transaction as a high risk account.
-
-
64. The program product of claim 58, wherein:
-
the signal indicative of the level of risk associated with the current transaction is a signal indicative of a probability that the current transaction is fraudulent; and
the high risk transactions and low risk transactions are fraudulent transactions and non-fraudulent transactions respectively.
-
-
65. The program product of claim 58, further comprising:
program code for updating the profile of the transacting entity associated with the current transaction using current transaction data.
-
72. The program product of claim 62, further comprising:
program code that creates a profile for a transacting entity having a plurality of fraud related variables, including a variable describing a historical average rate of authorizations for the transacting entity over a time interval.
-
66. A computer program product for controlling a computer system to process accounts associated with transactions, the program product comprising:
-
a computer readable medium that stores program code;
program code that receives a plurality of current transactions for a plurality of transacting entities, each current transaction associated with an account of a transacting entity;
program code that generates a continuous fraud score for each current transaction indicating a likelihood that the current transaction is fraudulent;
program code that ranks the accounts by the fraud scores of their respective current transactions, from a most significant fraud score to a least significant fraud score; and
program code that provides user selectable fraud control actions for application to selected ones of the accounts.
-
-
67. A computer program product for controlling a computer system to develop a predictive model for determining a risk score indicative of a level of risk in a transaction associated with a transacting entity, comprising:
-
a computer readable medium that stores program code;
program code that receives for each of a plurality of transacting entities, historical transaction data for transactions of the transacting entity occurring over a period of time;
program code that creates, for each of the transacting entities, a profile summarizing patterns of the transactions of the transacting entity; and
program code that creates the predictive model using the transaction data of each transaction for a type of account, the profile of the transacting entity making each transaction wherein the profile is for substantially the same type of account as each transaction, and data categorizing each transaction with respect to a level of risk in the transaction, wherein program code that creates the predictive model further comprises program code that;
selects high risk transactions and accounts associated therewith, and a random sample of low risk transactions and accounts associated therewith;
segregates the selected transactions into time intervals, each time interval associated with one of the selected accounts and at least one transaction of the account during the time interval;
randomly selects time intervals that do not include a high risk transaction, and for any sequence of time intervals each including at least one high risk transaction, selects only and at least one of an earliest time interval; and
generates risk-related variables from the selected time intervals and the profiles associated with the selected accounts. - View Dependent Claims (68, 69, 70, 71)
program code that applies the fraud-related variables derived from selected time intervals, and the profiles associated with the selected time intervals to a neural network to create the predictive model.
-
-
70. The program product of claim 67, further comprising:
program code that creates a profile for a transacting entity having a plurality of fraud related variables, including a variable describing a historical average rate of transactions by the transacting entity over a time interval.
-
71. The program product of claim 67, further comprising:
program code that creates a profile for a transacting entity having a plurality of fraud related variables, including a variable describing a historical average dollar value of transactions by the transacting entity over a time interval.
-
73. A user interface of a computer program product that executes on a computer system for detecting fraudulent transactions, the user interface comprising:
-
an account number display field for displaying an account number of an account holder;
an account holder name display field for displaying the name of the account holder;
a fraud score display field for displaying a fraud score indicating the likelihood that a current transaction for the account holder is fraudulent;
a display field for displaying at least one transaction of the account holder having a current transaction with a fraud score indicating that it is likely that the current transaction is fraudulent; and
at least one reason display field for displaying a reason the current transaction is likely to be fraudulent. - View Dependent Claims (74, 75, 76)
a display field for displaying a plurality of account numbers, each account number having a fraud score indicating a likelihood that a current transaction for the account number is fraudulent, the account numbers ordered by their fraud scores.
-
-
75. The user interface of claim 73, further comprising:
-
a user interface including a plurality of predetermined possible fraud control actions to be taken with respect to a current account number; and
program code that applies a user selected one of the fraud control actions to the current account number.
-
-
76. The user interface of claim 73, further comprising:
-
a display field for displaying a fraud score cutoff value defining a threshold fraud score for which transactions having fraud scores exceeding the fraud score cutoff value are selected as being fraudulent transactions; and
a display field for displaying a number of accounts with current transactions having fraud scores greater than or equal to the fraud score cutoff value.
-
-
77. A computer assisted method of processing a credit card transaction, the method comprising:
-
receiving in real time a current credit card transaction of a credit card account holder;
deriving variables related to the current credit card transaction of the credit card account holder and past credit card transactions of the credit card account holder by;
accessing a profile of the credit card account holder, the profile summarizing past credit card transactions of the credit card account holder; and
deriving some of the variables from the profile; and
generating in real time from the derived variables a continuous fraud score indicating a likelihood that the current credit card transaction is fraudulent. - View Dependent Claims (78, 79)
-
Specification