Systems and methods for performing network counter measures
First Claim
1. A method that detects fraud in an electronic communication session performed over a network, the session including data transmissions between a purported customer and a bank operating system, the data transmissions from the purported customer including headers from, and generated by, a purported customer user device of the purported customer, the method performed by at least one computer processor of the bank operating system, the method including:
- with a first communication from the purported customer user device during the session, inputting a first header by the computer processor, the first header including first header attributes;
with a second communication from the purported customer user device during the session, inputting a second header by the computer processor, the second header including second header attributes;
comparing the first header attributes with the second header attributes from the different data transmissions with the purported customer user device of the purported customer during the same session, wherein the comparing of header attributes from different data transmissions during the session includes;
comparing the first header that is associated with the data transmission from the user device of the purported customer at login with the second header that is associated with a later data transmission from the user device of the purported customer in the same session;
determining that the first header attributes are different from the second header attributes; and
flagging, based on the determining that the header attributes are different, the session as suspect of fraud; and
outputting a communication indicative of such flagging.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for detecting fraud in an electronic session performed over a network, the session including communications between a purported customer and a bank operating system, the communications from the customer including headers. The method including inputting the headers, including header attributes, from the purported customer during the session; comparing the header attributes from different communications during the session; determining that the comparison of the header attributes are irregular; and flagging, based on the determining that the comparison of the header attributes are irregular, the session as suspect.
-
Citations
18 Claims
-
1. A method that detects fraud in an electronic communication session performed over a network, the session including data transmissions between a purported customer and a bank operating system, the data transmissions from the purported customer including headers from, and generated by, a purported customer user device of the purported customer, the method performed by at least one computer processor of the bank operating system, the method including:
-
with a first communication from the purported customer user device during the session, inputting a first header by the computer processor, the first header including first header attributes; with a second communication from the purported customer user device during the session, inputting a second header by the computer processor, the second header including second header attributes; comparing the first header attributes with the second header attributes from the different data transmissions with the purported customer user device of the purported customer during the same session, wherein the comparing of header attributes from different data transmissions during the session includes;
comparing the first header that is associated with the data transmission from the user device of the purported customer at login with the second header that is associated with a later data transmission from the user device of the purported customer in the same session;determining that the first header attributes are different from the second header attributes; and flagging, based on the determining that the header attributes are different, the session as suspect of fraud; and outputting a communication indicative of such flagging. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer processing system that detects fraud in an electronic session performed over a network, the session including communications between a purported customer and a bank operating system, the communications from the purported customer including headers from, and generated by, a purported customer user device of the purported customer, the system comprising:
-
a header processor, that; with a first communication from the purported customer user device during the session, inputs a first header that includes first header attributes, the first header attributes comprising a first device signature of the purported customer user device; with a second communication from the purported customer user device during the session, inputs a second header that includes second header attributes, the second header attributes comprising a second device signature of the purported customer user device; compares the first device signature with the second device signature from the different communications with the purported customer user device of the purported customer during the session; determines that the comparison of the first device signature with the second device signature is irregular; and flags, based on the determining that the device signatures are irregular, the session as suspect of fraud; and a flagged session processor that performs processing on the flagged session so as to investigate fraud; and wherein the comparison of the device signatures from different communications with the user device of the purported customer during the session includes; comparing the first header that is associated with a communication from the user device of the purported customer at login with the second header that is associated with a later communication from the user device of the purported customer in the same session. - View Dependent Claims (14, 15, 16)
-
-
17. A non-transitory computer readable medium that detects fraud in an electronic session performed over a network, the session including communications between a purported customer and a bank operating system, the communications from the purported customer including headers from a purported customer user device of the purported customer, the computer readable medium comprising:
-
a first computer readable medium portion that when executed causes at least one processor to; with a first communication from the purported customer user device during the session, input a first header that includes first header attributes, the first header attributes comprising a first device signature of the purported customer user device; with a second communication from the purported customer user device during the session, input a second header that includes second header attributes, the second header attributes comprising a second device signature of the purported customer user device; compare the first device signature with the second device signature from the different communications with the purported customer user device of the purported customer during the session; determine that the comparison of the first device signature with the second device signature is irregular; and flag, based on the determining that the device signatures are irregular, the session as suspect of fraud; and a second computer readable medium portion that when executed cause the at least one processor to perform processing on the flagged session so as to investigate fraud; and wherein the comparison of the device signatures from different communications with the user device of the purported customer during the session includes; comparing the first header associated with a communication from the user device of the purported customer at login with the second header associated with a later communication from the user device of the purported customer in the same session.
-
-
18. A method that detects fraud in an electronic session performed over a network, the session including different communications between a purported customer user device of a purported customer and a bank operating system, the different communications from, and generated by, the purported customer user device of the customer each including a header, the method performed by at least one computer processor of the bank operating system, the method including:
-
with a first communication from the purported customer user device during the session, inputting a first header by the computer processor, the first header including first header attributes; with a second communication from the purported customer user device during the session, inputting a second header by the computer processor, the second header including second header attributes; comparing the first header attributes with the second header attributes from the different communications with the purported customer user device during the session; determining that the first header attributes are different from the second header attributes; and flagging, based on the determining that the header attributes are different, the session as suspect of fraud; and the session includes the purported customer using a web site of the bank operating system comprised of a plurality of web pages, the purported customer effecting a login to gain access to the web site; the comparing header attributes from different communications during the session includes; comparing the first header associated with the communication from the purported customer at login to the second header used later in the session; and comparing headers of sequential communications including comparing time attributes of the sequential headers; and wherein time attributes of the sequential headers are compared so as to generate an observed pace of the session, the pace constituted by a time line of the purported customer'"'"'s actions as represented in the data of the header; and comparing the observed pace with known pace information, the known pace information previously secured based on sessions with the purported customer, who was at such time legitimized.
-
Specification