System and method for evaluating risk in fraud prevention

US 8,676,684 B2
Filed: 04/12/2011
Issued: 03/18/2014
Est. Priority Date: 04/12/2010
Status: Active Grant

First Claim

Patent Images

1. A method for providing a risk score to at least one of a plurality of merchants to be used thereby to determine whether to proceed with a not yet completed transaction, the method comprising:

storing, by one or more computing devices, transaction data related to a plurality of past transactions between a plurality of network devices and the plurality of merchants;

identifying, by the one or more computing devices, as being fraudulent devices those of the plurality of network devices associated in the transaction data with fraudulent or abusive transactions;

identifying, by the one or more computing devices, characteristics common to those of the plurality of network devices that have been identified as being fraudulent devices;

constructing, by the one or more computing devices, a plurality of profiles based on the identified characteristics, wherein each of the profiles comprises one or more of the identified characteristics;

receiving, by the one or more computing devices, new transaction data associated with the not yet completed transaction, wherein the new transaction data includes a value for each of the one or more identified characteristics of each of the plurality of profiles;

identifying, by the one or more computing devices, those of the plurality of network devices that belong to each of the plurality of profiles, wherein, for each of the plurality of profiles, each of the plurality of network devices that belongs to the profile is associated with the value included in the new transaction data for each of the one or more identified characteristics of the profile;

determining, by the one or more computing devices, a portion of those of the plurality of network devices that belong to each of the plurality of profiles that have been identified as being fraudulent devices;

constructing, by the one or more computing devices, the risk score based at least in part on the portion of those of the plurality of network devices that belong to each of the profiles that have been identified as being fraudulent devices; and

providing, by the one or more computing devices, the risk score to at least one of the plurality of merchants.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of determining a risk score indicating a risk that an electronic transaction will involve fraud and/or abuse. The method includes receiving transaction data associated with a not yet completed transaction from a merchant. The transaction data includes one or more characteristics related to the transaction. A profile is selected that identifies network devices each associated with the characteristics and having a device reputation. Next, a profile-based risk factor is determined as a function of a percentage of the network devices having a negative reputation. The risk score is determined as a function of the profile-based risk factor. In some embodiments, a transaction-based risk factor may also be determined. In such embodiments, the risk score is determined as a function of the profile-based and transaction-based risk factors. The risk score is provided to the merchant to be used thereby to determine whether to proceed with the transaction.

Citations

24 Claims

1. A method for providing a risk score to at least one of a plurality of merchants to be used thereby to determine whether to proceed with a not yet completed transaction, the method comprising:
- storing, by one or more computing devices, transaction data related to a plurality of past transactions between a plurality of network devices and the plurality of merchants;
  
  identifying, by the one or more computing devices, as being fraudulent devices those of the plurality of network devices associated in the transaction data with fraudulent or abusive transactions;
  
  identifying, by the one or more computing devices, characteristics common to those of the plurality of network devices that have been identified as being fraudulent devices;
  
  constructing, by the one or more computing devices, a plurality of profiles based on the identified characteristics, wherein each of the profiles comprises one or more of the identified characteristics;
  
  receiving, by the one or more computing devices, new transaction data associated with the not yet completed transaction, wherein the new transaction data includes a value for each of the one or more identified characteristics of each of the plurality of profiles;
  
  identifying, by the one or more computing devices, those of the plurality of network devices that belong to each of the plurality of profiles, wherein, for each of the plurality of profiles, each of the plurality of network devices that belongs to the profile is associated with the value included in the new transaction data for each of the one or more identified characteristics of the profile;
  
  determining, by the one or more computing devices, a portion of those of the plurality of network devices that belong to each of the plurality of profiles that have been identified as being fraudulent devices;
  
  constructing, by the one or more computing devices, the risk score based at least in part on the portion of those of the plurality of network devices that belong to each of the profiles that have been identified as being fraudulent devices; and
  
  providing, by the one or more computing devices, the risk score to at least one of the plurality of merchants.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the new transaction data associated with the not yet completed transaction is received from a merchant computing device operated by a particular one of the plurality of merchants, and providing the risk score to the at least one of the plurality of merchants further comprises:
    - transmitting, by the one or more computing devices, the risk score to the merchant computing device.
  - 3. The method of claim 1, wherein the identified characteristics comprise at least one of:
    - an Internet Protocol address, a device property, a geographic location, an account identifier, a country, and a language.
  - 4. The method of claim 1, further comprising:
    - receiving a request from a merchant computing device operated by a particular one of the plurality of merchants for a portion of the transaction data; and
      
      providing the portion of the transaction data to the merchant computing device in response to the request.
  - 5. The method of claim 1, wherein a weighting factor is associated with each of the plurality of profiles, andthe risk score is further based at least in part on the weighting factor associated with each of the plurality of profiles.
  - 6. The method of claim 5, wherein the new transaction data associated with the not yet completed transaction is received from a merchant computing device operated by a particular one of the plurality of merchants, wherein the weighting factor associated with each of the plurality of profiles is provided by the particular merchant, and wherein providing the risk score to the at least one of the plurality of merchants further comprises transmitting, by the one or more computing devices, the risk score to the merchant computing device.
  - 7. The method of claim 5, further comprising:
    - obtaining a plurality of weighted profile-based risk factors by determining, by the one or more computing devices, a weighted profile-based risk factor for each of the plurality of profiles, wherein the weighted profile-based risk factor is determined for each of the plurality of profiles as a function of a weighting factor and the portion of those of the plurality of network devices that belong to the profile that have been identified as being fraudulent devices; and
      
      obtaining a result value by totaling the plurality of weighted profile-based risk factors, wherein the risk score is constructed as a function of a product of a scaling factor and a square of a logarithm of the result value.
  - 8. The method of claim 1, wherein the risk score is a profile-based risk score, wherein the new transaction data associated with the not yet completed transaction is received from a merchant computing device operated by a particular one of the plurality of merchants,wherein providing the risk score to the at least one of the plurality of merchants further comprises transmitting, by the one or more computing devices, the risk score to the merchant computing device, andwherein the method further comprises:
    - determining, by the one or more computing devices, a transaction-based risk score;
      
      determining, by the one or more computing devices, a composite risk score as a function of the profile-based risk score, and the transaction-based risk score; and
      
      transmitting, by the one or more computing devices, the composite risk score to the merchant computing device.
  - 9. The method of claim 1, further comprising:
    - associating, by the one or more computing devices, a reputation with each of the plurality of network devices, the reputation associated with each network device in a negative portion of the plurality of network devices being negative, wherein those of the plurality of network devices identified as being fraudulent devices comprise the negative portion of the plurality of network devices.
  - 10. The method of claim 1, wherein the transaction data stored by the one or more computing devices includes a device identifier uniquely identifying each of the plurality of network devices.
  - 11. The method of claim 1, wherein the transaction data related to the plurality of past transactions was received by the one or more computing devices from the plurality of merchants fewer than a predetermined number of day ago.
  - 12. The method of claim 1, wherein the new transaction data associated with the not yet completed transaction is received from a merchant computing device operated by a particular one of the plurality of merchants,each of the plurality of network devices is an identified network device,the not yet completed transaction is between an unidentified network device, and the particular merchant computing device, andproviding the risk score to the at least one of the plurality of merchants further comprises transmitting, by the one or more computing devices, the risk score to the merchant computing device.

13. A system for providing a risk score to at least one of a plurality of merchants to be used thereby to determine whether to proceed with a not yet completed transaction, the system comprising:
- one or more data storage devices storing transaction data related to a plurality of past transactions between a plurality of network devices and the plurality of merchants; and
  
  one or more computing devices connected to the one or more data storage devices, the one or more computing devices storing computer executable instructions, the one or more computing devices comprising one or more processors configured to execute the computer executable instructions, wherein when the one or more processors execute the computer executable instructions, the computer executable instructions cause the one or more computing devices to;
  
  identify as being fraudulent devices those of the plurality of network devices associated in the transaction data with fraudulent or abusive transactions;
  
  identify characteristics common to the identified fraudulent devices;
  
  construct a plurality of profiles based on the identified characteristics, wherein each of the profiles comprises one or more of the identified characteristics;
  
  receive new transaction data associated with the not yet completed transaction, wherein the new transaction data includes a value for each of the one or more identified characteristics of each of the plurality of profiles;
  
  identify those of the plurality of network devices that belong to each of the plurality of profiles, wherein, for each of the plurality of profiles, each of the plurality of network devices that belongs to the profile is associated with the value included in the new transaction data for each of the one or more identified characteristics of the profile;
  
  determine a portion of those of the plurality of network devices that belong to each of the plurality of profiles that have been identified as being fraudulent devices;
  
  construct the risk score based at least in part on the portion of those of the plurality of network devices that belong to each of the profiles that have been identified as being fraudulent devices; and
  
  provide the risk score to at least one of the plurality of merchants.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The system of claim 13, wherein the new transaction data associated with the not yet completed transaction is received from a merchant computing device operated by a particular one of the plurality of merchants, andthe risk score is provided to the at least one of the plurality of merchants by transmitting the risk score to the merchant computing device.
  - 15. The system of claim 13, wherein the identified characteristics comprise at least one of:
    - an Internet Protocol address, a device property, a geographic location, an account identifier, a country, and a language.
  - 16. The system of claim 13, wherein when the one or more processors execute the computer executable instructions, the computer executable instructions cause the one or more computing devices to:
    - receive a request from a merchant computing device operated by a particular one of the plurality of merchants for a portion of the transaction data; and
      
      provide the portion of the transaction data to the merchant computing device in response to the request.
  - 17. The system of claim 13, wherein a weighting factor is associated with each of the plurality of profiles, and the risk score is further based at least in part on the weighting factor associated with each of the plurality of profiles.
  - 18. The system of claim 17, wherein the new transaction data associated with the not yet completed transaction is received from a merchant computing device operated by a particular one of the plurality of merchants,wherein the weighting factor associated with each of the plurality of profiles is provided by the particular merchant, andwherein the risk score is provided to the at least one of the plurality of merchants by transmitting the risk score to the merchant computing device.
  - 19. The system of claim 17, wherein when the one or more processors execute the computer executable instructions, the computer executable instructions further cause the one or more computing devices to:
    - obtain a plurality of weighted profile-based risk factors by determining a weighted profile-based risk factor for each of the plurality of profiles, wherein the weighted profile-based risk factor is determined for each of the plurality of profiles as a function of a weighting factor and the portion of those of the plurality of network devices that belong to the profile that have been identified as being fraudulent devices; and
      
      obtain a result value by totaling the plurality of weighted profile-based risk factors, wherein the risk score is constructed as a function of a product of a scaling factor and a square of a logarithm of the result value.
  - 20. The system of claim 13, wherein the risk score is a profile-based risk score,wherein the new transaction data associated with the not yet completed transaction is received from a merchant computing device operated by a particular one of the plurality of merchants,wherein the risk score is provided to the at least one of the plurality of merchants by transmitting the risk score to the merchant computing device, andwherein when the one or more processors execute the computer executable instructions, the computer executable instructions cause the one or more computing devices to:
    - determine a transaction-based risk score;
      
      determine a composite risk score as a function of the profile-based risk score, and the transaction-based risk score; and
      
      transmit the composite risk score to the merchant computing device.
  - 21. The system of claim 13, wherein when the one or more processors execute the computer executable instructions, the computer executable instructions cause the one or more computing devices to:
    - associate a reputation with each of the plurality of network devices, the reputation associated with each network device in a negative portion of the plurality of network devices being negative, wherein those of the plurality of network devices identified as being fraudulent devices comprise the negative portion of the plurality of network devices.
  - 22. The system of claim 13, wherein the transaction data stored by the one or more data storage devices includes a device identifier uniquely identifying each of the plurality of network devices.
  - 23. The system of claim 13, wherein the transaction data related to the plurality of past transactions was received by the one or more computing devices from the plurality of merchants fewer than a predetermined number of day ago, and stored by the one or more computing devices in the one or more data storage devices.
  - 24. The system of claim 13, wherein the new transaction data associated with the not yet completed transaction is received from a merchant computing device operated by a particular one of the plurality of merchants,each of the plurality of network devices is an identified network device,the not yet completed transaction is between an unidentified network device, and the particular merchant computing device, andthe risk score is provided to the at least one of the plurality of merchants by transmitting the risk score to the merchant computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
iovation Incorporated
Original Assignee
iovation Incorporated
Inventors
Newman, Jim, Lonchar, Bart, Waddell, Scott
Primary Examiner(s)
KANERVO, VIRPI H

Application Number

US13/085,418
Publication Number

US 20120030083A1
Time in Patent Office

1,071 Days
Field of Search

None
US Class Current

705/35
CPC Class Codes

G06Q 40/00 Finance; Insurance; Tax str...

G06Q 40/02 Banking, e.g. interest calc...

System and method for evaluating risk in fraud prevention

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for evaluating risk in fraud prevention

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links