Method and apparatus to detect fraudulent activities within a network-based auction facility

US 8,630,938 B2
Filed: 07/12/2001
Issued: 01/14/2014
Est. Priority Date: 11/15/2000
Status: Active Grant

First Claim

Patent Images

1. A method of detecting a fraudulent activity at a network-based transaction facility, the method comprising:

generating a first identifier associated with a first user identity, the first identifier to be stored in a shill cookie on a client machine of the first user, the first identifier being generated responsive to at least a first of a plurality of triggering events with respect to the network-based transaction facility, the network-based transaction facility being coupled to the client machine via a network;

generating a second identifier associated with a second user identity, the second user identity to be stored in the shill cookie on the client machine, the second identifier being generated responsive to at least a second of the plurality of triggering events with respect to the network-based transaction facility;

receiving information stored on the shill cookie at the network-based transaction facility; and

detecting a potentially fraudulent activity by detecting a lack of correspondence between the first identifier and the second identifier.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatuses for detecting fraudulent activities made over a network-based transaction facility using a machine. In responsive to a first event with respect to the network-based transaction facility and initiated under a first user identity from the machine which is coupled to the network-based transaction facility via a network, the method causes a first identifier associated with the first user identity to be stored on the machine. In responsive to a second event with respect to the network-based transaction facility and initiated under a second user identity from the machine, the method causes a detecting of a potentially fraudulent activity by detecting a lack of correspondence between the first identifier stored on the machine and a second identifier associated with the second user identity.

197 Citations

26 Claims

1. A method of detecting a fraudulent activity at a network-based transaction facility, the method comprising:
- generating a first identifier associated with a first user identity, the first identifier to be stored in a shill cookie on a client machine of the first user, the first identifier being generated responsive to at least a first of a plurality of triggering events with respect to the network-based transaction facility, the network-based transaction facility being coupled to the client machine via a network;
  
  generating a second identifier associated with a second user identity, the second user identity to be stored in the shill cookie on the client machine, the second identifier being generated responsive to at least a second of the plurality of triggering events with respect to the network-based transaction facility;
  
  receiving information stored on the shill cookie at the network-based transaction facility; and
  
  detecting a potentially fraudulent activity by detecting a lack of correspondence between the first identifier and the second identifier.
- View Dependent Claims (2, 5, 6, 7, 8, 9, 10, 11, 12, 16, 17, 18, 19)
- - 2. The method of claim 1, further comprising recording the potentially fraudulent activity at the network-based transaction facility responsive to a detection of the lack of correspondence between the first identifier and the second identifier.
  - 5. The method of claim 1, further comprising:
    - causing a cookie identifier to be stored with the shill cookie;
      
      causing the shill cookie to be coupled to a cookie bundle that records a plurality of transaction preferences for the first user identity and the second user identity on the client machine;
      
      causing the shill cookie bundle to be sent from the client machine to the network-based transaction facility when the second user identify makes the the at least the second of the plurality of triggering events with the network-based transaction facility using the client machine;
      
      causing the cookie bundle to be inspected for the potentially fraudulent activity; and
      
      causing the potentially fraudulent activity to be recorded into a database.
  - 6. The method of claim 5, wherein an inspection of the shill cookie comprises a source fbr the detection of the lack of correspondence between the first identifier and the second identifier.
  - 7. The method of claim 1, further comprising causing the shill cookie to be a non-session cookie residing on the client machine for a predetermined amount of time.
  - 8. The method of claim 1, further comprising causing the shill cookie to be appended every time a new user identifier is used to establish a third of the plurality of triggering events with the network-based transaction facility using the client machine wherein there is a lack of correspondence between the new user identifier and the first user identifier.
  - 9. The method of claim 1, wherein the network-based transaction facility comprises an Internet-based auction facility.
  - 10. The method of claim 1, further comprising causing the shill cookie to record and to store a predetermined number of user identifiers.
  - 11. The method of claim 1, further comprising causing the shill cookie to be encoded.
  - 12. The method of claim 1, further comprising causing the shill cookie to be encrypted.
  - 16. The method of claim 1, further comprising providing a priority ranking system having a low priority for a low potential fraudulent activity frequency, a medium priority for a medium potential fraudulent activity frequency, and a high priority for a high potential fraudulent activity frequency.
  - 17. The method of claim 1, wherein the potentially fraudulent activity includes at least one of shill biddings and shill feedbacks.
  - 18. The method of claim 1, further comprising causing the detection of the potentially fraudulent activity responsive to a matching of a plurality of user transaction preferences from a plurality of different user identifies.
  - 19. The method of claim 18, wherein the plurality of user transaction preferences include credit card numbers, bidding histories, payment methods, and shipping addresses.

3. The method of claim I, wherein the at least one of the plurality of triggering events is a sales transaction event, the method further comprising prohibiting a completion of the sales transaction event responsive to the detection of the lack of correspondence between the first identifier and the second identifier.

4. The method of claim I, wherein the at least one of the plurality of triggering events is a sates transaction event, the sales transaction event including at least one of registering with the network-based transaction facility, communicating an offer to sell an offering via the network-based transaction facility, communicating and offering to purchase the offering via the network-based transaction facility, communicating a feedback regarding a transaction, or updating a profile maintained by the network-based transaction facility.

13. The method of claim I. further comprising:
- generating a potential fraudulent activities table having a fraudulent activity field, a cookie identifier field, a user identifier field, and a frequency field;
  
  recording each of a plurality of potentially fraudulent activities and corresponding information into the potential fraudulent activities table;
  
  updating the potential fraudulent activities table at least on a periodic basis; and
  
  providing an updated report of the potential fraudulent activities table to an investigation team.
- View Dependent Claims (14, 15)
- - 14. The method of claim 13, further comprising configuring the potential fraudulent activities table to include a transaction product category field, a transaction country field, a transaction price range field, and a transaction activity field.
  - 15. The method of claim 13, further comprising providing the network-based transaction facility with a capability of overriding the updated report to the investigation team.

20. A non-transitory computer readable storage medium comprising instructions, which when executed on a processor, cause the processor to perform a method of detecting suspicious transactions made over a network-based transaction facility using a client machine, the method comprising:
- generating a first identifier associated with a first user identity, the first identifier to be stored in a shill cookie on a client machine of the first user, the first identifier being generated responsive to at least a first of a plurality of triggering events with respect to the network-based transaction facility, the network-based transaction facility being coupled to the client machine via a network;
  
  generating a second identifier associated with a second user identity, the second user identity to be stored in the shill cookie on the client machine, the second identifier being generated responsive to at least a second of the plurality of triggering events with respect to the network-based transaction facility;
  
  transmitting information stored on the shill cookie to the network-based transaction facility; and
  
  detecting a potentially fraudulent activity by detecting a lack of correspondence between the first identifier and the second identifier.

21. A system to detect a fraudulent activity at a e network-based transaction facility, the system comprising:
- an identifier processor to generate and forward a shill cookie over a network to be stored on a client machine responsive to at least a first of a plurality of triggering events being produced at the client machine after the client machine accesses the network-based transaction facility via the network , the shill cookie to contain information related to a first identifier associated with a first user identity, the identifier processor further to generate a second identifier associated with a second user identity, the second user identity to be stored in the shill cookie on the client machine, the second identifier being generated responsive to at least a second of the plurality of triggering events with respect to the network-based transaction facility; and
  
  a detection processor to detect a potentially fraudulent activity by detecting a lack of correspondence between the first identifier and the second identifier.
- View Dependent Claims (22, 23, 24, 25, 26)
- - 22. The system of claim 21, wherein the detection processor is to receive from the client machine both the first identifier and the second identifier at the network-based transaction facility.
  - 23. The system of claim 21, further comprising a recording processor to record the potentially fraudulent activity at the network-based transaction facility responsive to the detection of the lack of correspondence between the first identifier and the second identifier.
  - 24. The system of claim 21, further comprising a cookie recording processor to record the first identifier and the second identifier to be recorded within the shill cookie.
  - 25. The system of claim 21, further comprising:
    - a bundling processor to cause the shill cookie to be coupled to a cookie bundle that records a plurality of transaction preferences for the first user identity and the second user identity on the client machine;
      
      a sending processor to cause the shill cookie bundle to be sent from the client machine to the network-based transaction facility when the second user identify makes the at least the second of the plurality of triggering events with the network-based transaction facility using the client machine;
      
      an appending processor to cause the shill cookie to he appended with the second identifier responsive to the detection of the lack of correspondence between the first identifier and the second identifier at one of the client machine and the network-based transaction facility;
      
      an inspection processor to cause the cookie bundle to be inspected for the potentially fraudulent activity; and
      
      a recording processor to cause the potentially fraudulent activity to be recorded into a database.
  - 26. The system of claim 21, further comprising:
    - a tabulating processor to generate a potential fraudulent activities table having a fraudulent activity field, a cookie identifier field, a user identifier field, and a frequency field;
      
      a recording processor to record each of a plurality of potentially fraudulent activities and corresponding information into the potential fraudulent activities table; and
      
      an updating processor to update the potential fraudulent activities table at least on a periodic basis and to provide an updated report of the potential fraudulent activities table to an investigation team.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Original Assignee
eBay Inc.
Inventors
Cheng, Christine, Won, Brenda, Mohnia, Dheeraj, Nguyen, Ha, Maltzman, Reed, Strack, Isaac, Morin, Noel
Primary Examiner(s)
Oyebisi, Ojo O

Application Number

US09/905,046
Publication Number

US 20020059130A1
Time in Patent Office

4,569 Days
Field of Search

395/186, 395/185.01, 395/575, 395/24, 371/67.1, 705/26, 705/40, 705/27, 705/28, 705/29, 705/11, 705/37
US Class Current

705/37
CPC Class Codes

G06Q 20/382   insuring higher security of...

G06Q 30/08   Auctions

G06Q 40/04   Trading; Exchange, e.g. sto...

Method and apparatus to detect fraudulent activities within a network-based auction facility

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

197 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus to detect fraudulent activities within a network-based auction facility

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

197 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links