Fraud protection using business process-based customer intent analysis
First Claim
1. A method comprising:
- storing a set of one or more business signatures, wherein each business signature specifies a pattern that indicates a business activity involving a user and one or more network-enabled applications;
monitoring information that is generated by at least a particular user'"'"'s interactions in a particular session with said one or more network-enabled applications;
detecting, based on said information, that a particular business activity, in the particular session, involving the particular user of at least one of said one or more network-enabled applications matches a particular signature of said set of one or more business signatures;
in response to said detecting that the particular business activity matches the particular signature, performing;
identifying a fraud rule associated with the particular signature;
evaluating said fraud rule, wherein the evaluating of the fraud rule is based on historical information that represents a prior pattern of behavior of said particular user prior to said particular session; and
based on said evaluating, determining to respond to said particular business activity in a first manner responsive to the fraud rule being satisfied and in a second manner responsive to the fraud rule not being satisfied, wherein the first manner is different than the second manner;
wherein at least the steps of monitoring, detecting, and evaluating are performed by one or more computing devices.
7 Assignments
0 Petitions
Accused Products
Abstract
Online fraud is reduced by identifying suspicious activities in real time and providing alerting so that interdiction may be performed. Historical customer behavior is used to identify and flag deviations in activity patterns. An HTTP data stream is parsed, intelligently filtered, and key data is extracted in real time. The key data is periodically extracted from network traffic and used to update corresponding summaries stored in a fraud data mart. The data mart is constantly incrementally updated so that the most current historical information is available to a rules engine for real time comparison with new customer data and patterns occurring on the network. Fraud-related business signatures are applied to this data stream and/or a data mart to identify suspicious online transactions. By understanding the customer session, the customer'"'"'s intended use of the online application is derived and possible fraudulent activities identified.
122 Citations
22 Claims
-
1. A method comprising:
-
storing a set of one or more business signatures, wherein each business signature specifies a pattern that indicates a business activity involving a user and one or more network-enabled applications; monitoring information that is generated by at least a particular user'"'"'s interactions in a particular session with said one or more network-enabled applications; detecting, based on said information, that a particular business activity, in the particular session, involving the particular user of at least one of said one or more network-enabled applications matches a particular signature of said set of one or more business signatures; in response to said detecting that the particular business activity matches the particular signature, performing; identifying a fraud rule associated with the particular signature; evaluating said fraud rule, wherein the evaluating of the fraud rule is based on historical information that represents a prior pattern of behavior of said particular user prior to said particular session; and based on said evaluating, determining to respond to said particular business activity in a first manner responsive to the fraud rule being satisfied and in a second manner responsive to the fraud rule not being satisfied, wherein the first manner is different than the second manner; wherein at least the steps of monitoring, detecting, and evaluating are performed by one or more computing devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. One or more non-transitory computer-readable storage media storing instructions that, when executed by one or more computing devices, cause performance of:
-
storing a set of one or more business signatures, wherein each business signature specifies a pattern that indicates a business activity involving a user and one or more network-enabled applications; monitoring information that is generated by at least a particular user'"'"'s interactions in a particular session with said one or more network-enabled applications; detecting, based on said information, that a particular business activity, in the particular session, involving the particular user of at least one of said one or more network-enabled applications matches a particular signature of said set of one or more business signatures; in response to said detecting that the particular business activity matches the particular signature, performing; identifying a fraud rule associated with the particular signature; evaluating said fraud rule, wherein the evaluating of the fraud rule is based on historical information that represents a pattern of behavior of said particular user prior to said particular session; and based on said evaluating, determining to respond to said particular business activity in a first manner responsive to the fraud rule being satisfied and in a second manner responsive to the fraud rule not being satisfied, wherein the first manner is different than the second manner. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification