Self-calibrating fraud detection
First Claim
Patent Images
1. A method for dynamically updating a model comprising:
- accessing a model that specifies expected characteristics for a transaction, wherein the model comprises variables associated with fraud;
receiving at least one value for each of the variables while monitoring transactions;
updating a distribution of values for each variable based on the received value, wherein the received value is compared with the updated distribution to determine a deviation from a threshold value associated with a percentile of the updated distribution that is indicative of fraud; and
scaling the determined deviation based on a variance range between the threshold value and a maximum expected value of the updated distribution.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for dynamically updating a model is described. The method includes accessing a model that specifies expected characteristics for a transaction. The model includes variables associated with fraud. The method also includes receiving at least one value for each of the variables while monitoring transactions, and updating a distribution of values for each variable based on the received value. The received value is compared with the updated distribution to determine a deviation from a threshold value associated with a percentile of the updated distribution that is indicative of fraud.
-
Citations
30 Claims
-
1. A method for dynamically updating a model comprising:
-
accessing a model that specifies expected characteristics for a transaction, wherein the model comprises variables associated with fraud; receiving at least one value for each of the variables while monitoring transactions; updating a distribution of values for each variable based on the received value, wherein the received value is compared with the updated distribution to determine a deviation from a threshold value associated with a percentile of the updated distribution that is indicative of fraud; and scaling the determined deviation based on a variance range between the threshold value and a maximum expected value of the updated distribution. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A method for processing a transaction comprising:
-
receiving, at a second computing device and from a first computing device that initiates an electronic transaction, a value for a variable associated with the transaction, wherein the variable is indicative of fraud; updating, by the second computing device, a distribution of values for the variable based on the received value, wherein the updated distribution of values is used to determine a deviation of the received value from a selected value in the updated distribution; scaling the determined deviation based on a variance range between the selected value and a maximum expected value of the updated distribution; and determining a score indicative of a probability of fraud for the transaction, wherein the score is based on the deviation of the received value from the selected value and is proportionate to an existence of fraud in the electronic transaction. - View Dependent Claims (24)
-
-
25. A system for determining fraud comprising:
-
an interface to receive values associated with a transaction, each value corresponding to a property correlated to fraudulent transactions; a profile updater to modify a distribution of values for each property based on the corresponding received value; and a score calculator to generate a fraud score for the transaction, wherein generating the fraud score comprises; comparing the received value with the modified distribution of values to determine a deviation of the received value from a threshold value of the modified distribution of values, wherein the threshold value corresponds to a threshold percentile of the modified distribution of values at which received values begin to be identified as indicative of fraud, and scaling the determined deviation to the difference between the threshold value and a maximum expected value for the modified distribution of values.
-
-
26. A method for generating a fraud indicator comprising:
generating a score indicative of a probability of fraud for a transaction, the generating comprising aggregating self-scaling variables, wherein the self-scaling variables are determined by; receiving for each self-scaling variable a received value; updating a distribution of values for each self-scaling variable with the value received for the self-scaling variable; determining for each self-scaling variable an updated threshold value that is based on the updated distribution of values, wherein the updated threshold value indicates a beginning of a range of values that are unusual relative to the updated distribution, wherein the updated threshold value replaces a previous threshold value that was for the self-scaling variable before the value for the self-scaling variable was received; and scaling the received value based on the updated threshold value. - View Dependent Claims (27, 28)
-
29. A computer program product tangibly embodied in a machine-readable storage device, the computer program product including instructions that, when executed by a processor, perform operations for determining a fraud indicator, the operations comprising:
-
accessing a model that specifies expected characteristics for an electronic transaction initiating from a computerized device, wherein the model comprises variables that are associated with fraud, each variable has a distribution of values, and each variable has a parameter value that corresponds to a threshold percentile at which received values are associated with fraud; receiving from the transaction a value for each of the variables; updating the distribution of values for each variable by adding the received value for the variable to the distribution of values; updating the parameter value that corresponds to the threshold percentile at which received values are associated with fraud based on the distribution of values being updated; generating a scaled value by scaling the received value between the updated parameter value and a maximum expected value for the distribution of values; and generating, based on the scaled value, a fraud score that is proportionate to an existence of fraud.
-
-
30. A computer program product tangibly embodied in a machine-readable storage device, the computer program product including instructions that, when executed by a processor, perform operations for determining a fraud indicator, the operations comprising:
-
accessing a model that specifies expected characteristics for a transaction, wherein the model comprises variables associated with fraud; receiving at least one value for each of the variables while monitoring transactions; updating a distribution of values for each variable based on the received value, wherein the received value is compared with the updated distribution to determine a deviation from a threshold value associated with a percentile of the updated distribution that is indicative of fraud; and scaling the determined deviation based on a variance range between the threshold value and a maximum expected value of the updated distribution.
-
Specification