Mass compromise/point of compromise analytic detection and compromised card portfolio management system
DCFirst Claim
Patent Images
1. A computer program product comprising:
- a storage medium readable by at least one processor and storing instructions for execution by the at least one processor for;
defining a compromise cluster from a detected compromise of a plurality of financial transaction devices;
forming a device holder profile and a merchant profile for each of the plurality of financial transaction devices that define the compromise cluster, the device holder profile including device-level predictive variables indicative of fraud, and the merchant profile including merchant fraud detection variables indicative of fraud and device testing associated with a merchant used by at least one of the plurality of transaction devices;
forming a compromise device global profile based on the compromise cluster and keyed from the device holder profile, the compromise device global profile including transaction arrays based on a transaction history for each of the plurality of financial transaction devices indicative of fraud patterns across and between each of the plurality of financial transaction devices associated with the compromise cluster;
forming a compromise merchant global profile based on the compromise cluster and keyed from the merchant profile, the compromise merchant global profile including a number of time-indexed arrays comprising a number of financial transaction devices, and fraud cases thereof, that have transacted with the merchant;
forming a compromised portfolio profile indexed with the compromise cluster based on two-way linked lists across device holder profiles, the compromised portfolio profile including compromise-level predictive variable indicative of a severity of the detected compromise; and
generating a fraud score based on the compromise-level predictive variables and device-level predictive variables, the fraud score representing a likelihood that any one financial transaction device of the compromise cluster will be used fraudulently based on real-time transaction data related to the one financial transaction device and to the plurality of financial transaction devices of the compromise cluster.
1 Assignment
Litigations
0 Petitions
Accused Products
Abstract
A system and method for managing mass compromise of financial transaction devices is disclosed. A method includes maintaining a summary of a transaction history for a financial transaction device, and forming a device history profile based on the transaction history, the device history profile including predictive variables indicative of fraud associated with the financial transaction device. A method further includes generating a fraud score based on the predictive variables, the fraud score representing a likelihood that the financial transaction device is compromised will be used fraudulently.
102 Citations
17 Claims
-
1. A computer program product comprising:
-
a storage medium readable by at least one processor and storing instructions for execution by the at least one processor for; defining a compromise cluster from a detected compromise of a plurality of financial transaction devices; forming a device holder profile and a merchant profile for each of the plurality of financial transaction devices that define the compromise cluster, the device holder profile including device-level predictive variables indicative of fraud, and the merchant profile including merchant fraud detection variables indicative of fraud and device testing associated with a merchant used by at least one of the plurality of transaction devices; forming a compromise device global profile based on the compromise cluster and keyed from the device holder profile, the compromise device global profile including transaction arrays based on a transaction history for each of the plurality of financial transaction devices indicative of fraud patterns across and between each of the plurality of financial transaction devices associated with the compromise cluster; forming a compromise merchant global profile based on the compromise cluster and keyed from the merchant profile, the compromise merchant global profile including a number of time-indexed arrays comprising a number of financial transaction devices, and fraud cases thereof, that have transacted with the merchant; forming a compromised portfolio profile indexed with the compromise cluster based on two-way linked lists across device holder profiles, the compromised portfolio profile including compromise-level predictive variable indicative of a severity of the detected compromise; and generating a fraud score based on the compromise-level predictive variables and device-level predictive variables, the fraud score representing a likelihood that any one financial transaction device of the compromise cluster will be used fraudulently based on real-time transaction data related to the one financial transaction device and to the plurality of financial transaction devices of the compromise cluster. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer program product comprising:
-
a storage medium readable by at least one processor and storing instructions for execution by the at least one processor for; forming a device profile associated with a financial transaction device and based on a transaction history of the financial transaction device, the device profile including device-level predictive variables that are indicative of a fraud, and further including a link to a compromise device global profile that includes transaction arrays that maintain a history of date/times and merchants where the financial transaction device transacted; generating a device fraud score based on the predictive variables, the device fraud score including compromise cluster variables that are indicative of a mass compromise of a plurality of financial transaction devices, and representing a likelihood that the financial transaction device is compromised; defining a compromise cluster associated with the mass compromise; forming a merchant profile for each of the merchants where the financial transaction device transacted, the merchant profile including a link to a compromise merchant global profile based including fraud data associated with the compromise cluster and the merchants where the financial transaction device transacted; forming a compromised portfolio profile indexed with the compromise cluster based on two-way linked lists between the device profile of each financial transaction device associated with the compromise cluster, the compromised portfolio profile including compromise-level predictive variable indicative of a severity of the detected compromise; determining, based on the predictive variables of the device profile combined with the compromise cluster variables, whether the transaction device is associated with the mass compromise; and based on the predictive variables, determining whether the financial transaction device will be used fraudulently in the near future. - View Dependent Claims (9, 10)
-
-
11. A system for managing compromise of financial transaction devices, each financial transaction device having a transaction history, the system comprising:
-
a computing system maintaining a two-way communication link with a plurality of merchants that use the financial transaction devices, the computing system being configured to execute a plurality of computer programs stored on a storage device, the plurality of computer programs comprising; a first computer program module that detects a compromise of a plurality of financial transaction devices used with the plurality of merchants to define a compromise cluster; a second computer program module that generates a compromise device global profile associated with the transaction history, the device global profile including compromise-level predictive variables indicative of fraud patterns across and between each of the plurality of financial transaction devices associated with the compromise cluster, the compromise-level predictive variables comprising compromise cluster variables relating to unique behavior of each of the plurality of financial transaction devices of the compromise cluster, and indicators that at least one of the plurality of financial transaction devices of the compromise cluster are being used fraudulently; a third computer program module that generates a device profile based on a transaction history for each of the plurality of financial transaction devices, the device profile including device-level predictive variables indicative of fraud and device-testing behaviors associated with each financial transaction device, and further generates a compromise device global profile linked with the device profile that includes transaction arrays that maintain a history of date/times and merchants where the financial transaction device transacted; and a fourth computer program module that generates a fraud score based on the compromise-level predictive variables and device-level predictive variables, the fraud score representing a likelihood that any one financial transaction device of the compromise cluster will be used fraudulently based on real-time transaction data related to the one financial transaction device and to the plurality of financial transaction devices of the compromise cluster. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A fraud detection system for a portfolio of financial transaction devices transacting with at least one merchant, the system comprising:
-
a computer processor; and a storage medium comprising a shared memory storing; for each one of the financial transaction devices;
a device holder profile including device-level predictive variables indicative of fraud, and a compromise device global profile keyed from the device holder profile and including transaction arrays based on a transaction history of each one of the financial transaction devices, the transaction arrays representing fraud patterns across and between each of the financial transaction devices;for the at least one merchant;
a merchant profile including merchant fraud detection variables indicative of fraud and device testing associated with a merchant used by at least one of the financial transaction devices, and a compromise merchant global profile keyed from the merchant profile and including a number of time-indexed arrays comprising a number of financial transaction devices, and fraud cases thereof, that have transacted with the at least one merchant;a compromised portfolio profile based on two-way linked lists across device holder profiles, the compromised portfolio profile including compromise-level predictive variable indicative of a compromise cluster among the portfolio; and instructions for the computer processor to execute steps including; receiving an authorization request for a transaction by a transacting device of the financial transaction devices with the at least one merchant; determining whether the transacting device is a member of the compromise cluster; and based on the device-level predictive variables, transaction arrays, merchant fraud detection variables and time-indexed arrays, determining a likelihood that the transacting device is being used fraudulently in the transaction.
-
Specification