Self-calibrating fraud detection

US 8,027,439 B2
Filed: 09/18/2006
Issued: 09/27/2011
Est. Priority Date: 09/18/2006
Status: Active Grant

First Claim

Patent Images

1. A method for dynamically updating a model comprising:

accessing a model that specifies expected characteristics for a transaction, wherein the model comprises variables associated with fraud;

receiving at least one value for each of the variables while monitoring transactions;

updating a distribution of values for each variable based on the received value, wherein the received value is compared with the updated distribution to determine a deviation from a threshold value associated with a percentile of the updated distribution that is indicative of fraud; and

scaling the determined deviation based on a variance range between the threshold value and a maximum expected value of the updated distribution.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for dynamically updating a model is described. The method includes accessing a model that specifies expected characteristics for a transaction. The model includes variables associated with fraud. The method also includes receiving at least one value for each of the variables while monitoring transactions, and updating a distribution of values for each variable based on the received value. The received value is compared with the updated distribution to determine a deviation from a threshold value associated with a percentile of the updated distribution that is indicative of fraud.

123 Citations

30 Claims

1. A method for dynamically updating a model comprising:
- accessing a model that specifies expected characteristics for a transaction, wherein the model comprises variables associated with fraud;
  
  receiving at least one value for each of the variables while monitoring transactions;
  
  updating a distribution of values for each variable based on the received value, wherein the received value is compared with the updated distribution to determine a deviation from a threshold value associated with a percentile of the updated distribution that is indicative of fraud; and
  
  scaling the determined deviation based on a variance range between the threshold value and a maximum expected value of the updated distribution.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The method of claim 1, wherein the scaled determined deviation is calculated based on an equation comprising:
  - 3. The method of claim 2, further comprising determining a score indicative of a probability of fraud for the transaction based on the scaled determined deviation.
  - 4. The method of claim 3, wherein the score is calculated based on an equation comprising:
    - η
      
      =Σ
      
      q(x_i|θ
      
      )where η
      
      is the score.
  - 5. The method of claim 4, further comprising weighting each scaled determined deviation with a coefficient correlated to an assigned importance of each variable within the model.
  - 6. The method of claim 4, further comprising applying an adaptive score calibration to the score so that scores between model segments are normalized.
  - 7. The method of claim 1, further comprising scaling the determined deviation based on a variance range assigned or selected by a user.
  - 8. The method of claim 1, further comprising scaling the determined deviation based on a variance range between the percentile of the updated distribution that is indicative for fraud and a percentile of the updated distribution that is indicative of a maximum significant value.
  - 9. The method of claim 1, further comprising generating a preliminary distribution of values for each variable based on an aggregation of historical transactions, wherein generating the distribution of values occurs before updating the distribution of values.
  - 10. The method of claim 1, wherein the model includes a global model that specifies expected characteristics for the transaction based on substantially all of the monitored transactions.
  - 11. The method of claim 1, wherein the model comprises segments.
  - 12. The method of claim 11, wherein at least one of the segments is generated based on user input.
  - 13. The method of claim 11, wherein the at least one segment'"'"'s expected characteristics for the transaction differ from expected characteristics of other segments of the global model.
  - 14. The method of claim 13, further comprising identifying the received value as associated with the at least one segment and exclusively updating, relative to the other segments, the distribution of values for each variable of the at least one segment based on the received value.
  - 15. The method of claim 14, further comprising updating the distribution of values for each variable of the global model based on the received value.
  - 16. The method of claim 14, further comprising determining a score indicative of a probability of fraud for the transaction based on the updated at least one segment.
  - 17. The method of claim 15, further comprising determining a score indicative of a probability of fraud for the transaction based on the updated global model if substantially insufficient statistics have been gathered for the at least one segment.
  - 18. The method of claim 1, further comprising determining a score indicative of a probability of fraud for the transaction based on the deviation of the received value from the threshold.
  - 19. The method of claim 1, wherein the percentile of the updated distribution that is indicative of fraud is different from percentiles of the updated distribution for other variables in the model.
  - 20. The method of claim 1, wherein the variables are included in a service profile of the model, the service profile being associated with a party related to the transaction.
  - 21. The method of claim 20, further comprising extracting a profile identifier from the transaction and identifying the service profile based on the profile identifier.
  - 22. The method of claim 1, wherein the distribution of values for each variable are included in a model profile of the model, the model profile specifying the expected characteristics for the transaction.

23. A method for processing a transaction comprising:
- receiving, at a second computing device and from a first computing device that initiates an electronic transaction, a value for a variable associated with the transaction, wherein the variable is indicative of fraud;
  
  updating, by the second computing device, a distribution of values for the variable based on the received value, wherein the updated distribution of values is used to determine a deviation of the received value from a selected value in the updated distribution;
  
  scaling the determined deviation based on a variance range between the selected value and a maximum expected value of the updated distribution; and
  
  determining a score indicative of a probability of fraud for the transaction, wherein the score is based on the deviation of the received value from the selected value and is proportionate to an existence of fraud in the electronic transaction.
- View Dependent Claims (24)
- - 24. The method of claim 23, wherein the selected value is based on a fixed percentage of the distribution values, and wherein the fixed percentage defines a threshold above which values are determined to be substantially atypical for the variable.

25. A system for determining fraud comprising:
- an interface to receive values associated with a transaction, each value corresponding to a property correlated to fraudulent transactions;
  
  a profile updater to modify a distribution of values for each property based on the corresponding received value; and
  
  a score calculator to generate a fraud score for the transaction, wherein generating the fraud score comprises;
  
  comparing the received value with the modified distribution of values to determine a deviation of the received value from a threshold value of the modified distribution of values, wherein the threshold value corresponds to a threshold percentile of the modified distribution of values at which received values begin to be identified as indicative of fraud, andscaling the determined deviation to the difference between the threshold value and a maximum expected value for the modified distribution of values.

26. A method for generating a fraud indicator comprising:
- generating a score indicative of a probability of fraud for a transaction, the generating comprising aggregating self-scaling variables, wherein the self-scaling variables are determined by;
  
  receiving for each self-scaling variable a received value;
  
  updating a distribution of values for each self-scaling variable with the value received for the self-scaling variable;
  
  determining for each self-scaling variable an updated threshold value that is based on the updated distribution of values, wherein the updated threshold value indicates a beginning of a range of values that are unusual relative to the updated distribution, wherein the updated threshold value replaces a previous threshold value that was for the self-scaling variable before the value for the self-scaling variable was received; and
  
  scaling the received value based on the updated threshold value.
- View Dependent Claims (27, 28)
- - 27. The method of claim 26, further comprising receiving values for the self-scaling variables associated with transactions during a monitoring of the transactions, wherein each self-scaling variable is an indicator of a probability of fraud.
  - 28. The method of claim 26, further comprising weighting each of the self-scaling variables to indicate a contribution of the variable in the aggregation.

29. A computer program product tangibly embodied in a machine-readable storage device, the computer program product including instructions that, when executed by a processor, perform operations for determining a fraud indicator, the operations comprising:
- accessing a model that specifies expected characteristics for an electronic transaction initiating from a computerized device, wherein the model comprises variables that are associated with fraud, each variable has a distribution of values, and each variable has a parameter value that corresponds to a threshold percentile at which received values are associated with fraud;
  
  receiving from the transaction a value for each of the variables;
  
  updating the distribution of values for each variable by adding the received value for the variable to the distribution of values;
  
  updating the parameter value that corresponds to the threshold percentile at which received values are associated with fraud based on the distribution of values being updated;
  
  generating a scaled value by scaling the received value between the updated parameter value and a maximum expected value for the distribution of values; and
  
  generating, based on the scaled value, a fraud score that is proportionate to an existence of fraud.

30. A computer program product tangibly embodied in a machine-readable storage device, the computer program product including instructions that, when executed by a processor, perform operations for determining a fraud indicator, the operations comprising:
- accessing a model that specifies expected characteristics for a transaction, wherein the model comprises variables associated with fraud;
  
  receiving at least one value for each of the variables while monitoring transactions;
  
  updating a distribution of values for each variable based on the received value, wherein the received value is compared with the updated distribution to determine a deviation from a threshold value associated with a percentile of the updated distribution that is indicative of fraud; and
  
  scaling the determined deviation based on a variance range between the threshold value and a maximum expected value of the updated distribution.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fair Isaac Corporation
Original Assignee
Fair Isaac Corporation
Inventors
Chen, Fei, Wu, Steven, Zoldi, Scott M.
Primary Examiner(s)
TRAN, QUOC DUC

Application Number

US11/532,859
Publication Number

US 20080077515A1
Time in Patent Office

1,835 Days
Field of Search

379/114.14, 379/133, 379/134, 379/145, 379/188, 379/189, 379/196, 379/197, 455/410, 705/1, 705/38, 705/44
US Class Current

379/114.14
CPC Class Codes

G06Q 40/00 Finance; Insurance; Tax str...

G06Q 40/02 Banking, e.g. interest calc...

Self-calibrating fraud detection

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

123 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Self-calibrating fraud detection

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

123 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links