Systems and methods for fraud detection via interactive link analysis
First Claim
1. A method of determining fraudulent use of a database, said method comprising:
- examining a database of information pertaining to entities, said database containing, for each entity, at least one descriptive attribute, said examination calculated to find linkages between similar attributes used for different entities in said database; and
generating at least one rule pertaining to membership in a cluster of potentially fraudulent entities, said generated rule based upon certain combinations of letters and numbers constituting of at least one of said attributes.
1 Assignment
0 Petitions
Accused Products
Abstract
Fraud detection is facilitated by developing account cluster membership rules and converting them to database queries via an examination of clusters of linked accounts abstracted from the customer database. The cluster membership rules are based upon certain observed data patterns associated with potentially fraudulent activity. In one embodiment, account clusters are grouped around behavior patterns exhibited by imposters. The system then identifies those clusters exhibiting a high probability of fraud and builds cluster membership rules for identifying subsequent accounts that match those rules. The rules are designed to define the parameters of the identified clusters. When the rules are deployed in a transaction blocking system, when a rule pertaining to an identified fraudulent cluster is triggered, the transaction blocking system blocks the transaction with respect to new users who enter the website.
345 Citations
34 Claims
-
1. A method of determining fraudulent use of a database, said method comprising:
-
examining a database of information pertaining to entities, said database containing, for each entity, at least one descriptive attribute, said examination calculated to find linkages between similar attributes used for different entities in said database; and generating at least one rule pertaining to membership in a cluster of potentially fraudulent entities, said generated rule based upon certain combinations of letters and numbers constituting of at least one of said attributes. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of tracking clusters of potentially fraudulent entities, said method comprising:
-
establishing rules defining parameters for various match operations; selecting a starting point based on a known anomaly for a particular entity; searching a first database of a plurality of entities for linkages to other entities, said database having all of said attributes for said entities, and said search based on a selected one of said attributes; displaying a linkage between said particular entity and other entities based upon said database search; and drilling down on said displayed linkage to generate a cluster membership rule pertaining to a cluster of potentially fraudulent entities. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A system for fraud detection, said system comprising:
-
a database containing, for each individual, at least one attribute; means for examining said database to find linkages between similar attributes used for different entities; and means for generating at least one cluster membership rule pertaining to a cluster of potentially fraudulent entities, said generated rule based upon certain combinations of letters and numbers constituting of at least one of said attributes. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
-
23. A system for detecting clusters of potentially fraudulent entities, said system comprising:
-
a database of information pertaining to entities;
said database accepting both user generated and system generated queries;a pattern matcher for executing rules for attribute matching operations; a link generator for creating linkages between similar entities in said database, said similar entities based, at least in part, on results from said pattern matcher; a cluster editor for allowing a user to modify selected aspects of generated ones of said links; and a rule editor for establishing at least one cluster membership rule based, at least in part, on information determined from said user drilling down on said links;
said rule editor producing said system generated queries. - View Dependent Claims (24)
-
-
25. A method for identifying a likeness between data sets, said method comprising:
-
selecting a plurality of data sets, each of said plurality of data sets comprising a plurality of characters; creating an expression specifying a pattern of said characters, said creating comprising; populating a plurality of data fields; and defining a relationship between said plurality of data fields; testing said expression to determine whether said expression has been properly defined, and searching said data sets for said expression. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34)
-
Specification