Systems and methods for fraud detection via interactive link analysis

US 20090044279A1
Filed: 07/18/2008
Published: 02/12/2009
Est. Priority Date: 05/11/2007
Status: Active Grant

First Claim

Patent Images

1. A method of determining fraudulent use of a database, said method comprising:

examining a database of information pertaining to entities, said database containing, for each entity, at least one descriptive attribute, said examination calculated to find linkages between similar attributes used for different entities in said database; and

generating at least one rule pertaining to membership in a cluster of potentially fraudulent entities, said generated rule based upon certain combinations of letters and numbers constituting of at least one of said attributes.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Fraud detection is facilitated by developing account cluster membership rules and converting them to database queries via an examination of clusters of linked accounts abstracted from the customer database. The cluster membership rules are based upon certain observed data patterns associated with potentially fraudulent activity. In one embodiment, account clusters are grouped around behavior patterns exhibited by imposters. The system then identifies those clusters exhibiting a high probability of fraud and builds cluster membership rules for identifying subsequent accounts that match those rules. The rules are designed to define the parameters of the identified clusters. When the rules are deployed in a transaction blocking system, when a rule pertaining to an identified fraudulent cluster is triggered, the transaction blocking system blocks the transaction with respect to new users who enter the website.

345 Citations

34 Claims

1. A method of determining fraudulent use of a database, said method comprising:
- examining a database of information pertaining to entities, said database containing, for each entity, at least one descriptive attribute, said examination calculated to find linkages between similar attributes used for different entities in said database; and
  
  generating at least one rule pertaining to membership in a cluster of potentially fraudulent entities, said generated rule based upon certain combinations of letters and numbers constituting of at least one of said attributes.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 further comprising:
    - running one or more of said generated cluster membership rules against one or more databases of entities to identify which entities in said database have a high probability of membership in the cluster of potentially fraudulent entities and wherein said last-mentioned databases contain, for each entity, at least one attribute.
  - 3. The method of claim 1 further comprising:
    - sending one or more of said cluster membership rules to a database manager so as to allow said database manager to run said rules against one or more databases under control of said manager to identify which entities in said databases have a high probability of belonging to a cluster of potentially fraudulent entities.
  - 4. The method of claim 1 further comprising:
    - using at least one of said cluster membership rules in real-time to detect credit history transactions that have a high probability of being fraudulent.
  - 5. The method of claim 1 wherein said database comprises:
    - information pertaining to a credit history of individuals.
  - 6. The method of claim 1 wherein said database comprises:
    - information pertaining to insurance claims.
  - 7. The method of claim 1 wherein said database comprises:
    - information pertaining to a debit card transactions.
  - 8. The method of claim 1 wherein said at least one description attribute is selected from the list of:
    - credit card identification, home address, phone number, password, e-mail address, answers to security questions, or a portion of a social security number.
  - 9. The method of claim 4 wherein said examining comprises:
    - selecting a starting point based on a known anomaly for a particular entity, said anomaly arising with respect to at least one particular attribute of said entity;
      
      searching said database for linkages to other entities in said database, said search based on said particular attributes;
      
      determining linkages between attributes of said particular entity and attributes of other entities based upon said database search; and
      
      drilling down on said displayed linkages to generate a rule pertaining to membership to a cluster of potentially fraudulent entities.

10. A method of tracking clusters of potentially fraudulent entities, said method comprising:
- establishing rules defining parameters for various match operations;
  
  selecting a starting point based on a known anomaly for a particular entity;
  
  searching a first database of a plurality of entities for linkages to other entities, said database having all of said attributes for said entities, and said search based on a selected one of said attributes;
  
  displaying a linkage between said particular entity and other entities based upon said database search; and
  
  drilling down on said displayed linkage to generate a cluster membership rule pertaining to a cluster of potentially fraudulent entities.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The method of claim 10 further comprising:
    - running one or more of said generated cluster membership rules against one or more databases of information sets pertaining to entities to identify which entities in said database have a high probability of belonging to a cluster of potentially fraudulent entities.
  - 12. The method of claim 10 further comprising:
    - sending one or more of said generated cluster membership rules to a second database remote from said first database so as to allow said generated cluster membership rule to be run with respect to said second database so as to identify information sets in said second database have a high probability of belonging to a cluster of potentially fraudulent entities.
  - 13. The method of claim 10 further comprising:
    - using at least one of said generated cluster membership rules in real-time to detect first database related transactions having a high probability of being fraudulent.
  - 14. The method of claim 10 further comprising:
    - using at least one of said generated cluster membership rules in real-time to detect second database related transactions having a high probability of being fraudulent, said second database being at a location remote from said first database.
  - 15. The method of claim 10 wherein said starting point has at least one attribute selected from the list of:
    - credit card identification, home address, phone number, password, e-mail address, answers to security questions, or a portion of a social security number.

16. A system for fraud detection, said system comprising:
- a database containing, for each individual, at least one attribute;
  
  means for examining said database to find linkages between similar attributes used for different entities; and
  
  means for generating at least one cluster membership rule pertaining to a cluster of potentially fraudulent entities, said generated rule based upon certain combinations of letters and numbers constituting of at least one of said attributes.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The system of claim 16 wherein said linkages are based, at least in part, upon certain information pertaining to entities,
  - 18. The system of claim 16 further comprising:
    - means for running one or more of said generated rules against at least one database containing information pertaining to entities to identify which entities in said database have a high probability of belonging to a cluster of potentially fraudulent entities.
  - 19. The system of claim 18 wherein said last-mentioned database contains, for each entity, at least one attribute.
  - 20. The system of claim 16 further comprising:
    - means for sending one or more of said rules to a second database remote from said database so as to identify which entities in said second database have a high probability of belonging to a cluster of potentially fraudulent entities.
  - 21. The system of claim 17 further comprising:
    - means for using at least one of said generated rules in real-time to detect entities that have a high probability of belonging to a cluster of potentially fraudulent entities.
  - 22. The system of claim 17 wherein said examining means comprises:
    - means for selecting a starting point based on a known anomaly for a particular entity, said anomaly arising with respect to at least one particular attribute of said entity;
      
      means for searching said database for linkages to other entities in said database, said search based on said particular attributes;
      
      means for determining linkages between attributes of said particular entity and attributes of other entities based upon said database search; and
      
      means for drilling down on said displayed linkages to generate a cluster membership rule pertaining to a cluster of potentially fraudulent entities.

23. A system for detecting clusters of potentially fraudulent entities, said system comprising:
- a database of information pertaining to entities;
  
  said database accepting both user generated and system generated queries;
  
  a pattern matcher for executing rules for attribute matching operations;
  
  a link generator for creating linkages between similar entities in said database, said similar entities based, at least in part, on results from said pattern matcher;
  
  a cluster editor for allowing a user to modify selected aspects of generated ones of said links; and
  
  a rule editor for establishing at least one cluster membership rule based, at least in part, on information determined from said user drilling down on said links;
  
  said rule editor producing said system generated queries.
- View Dependent Claims (24)
- - 24. The system of claim 23 further comprising:
    - means for communicating generated ones of said cluster membership rules to at least one database containing information of a plurality of entities, said information comprising a plurality of items selected from a list of attributes.

25. A method for identifying a likeness between data sets, said method comprising:
- selecting a plurality of data sets, each of said plurality of data sets comprising a plurality of characters;
  
  creating an expression specifying a pattern of said characters, said creating comprising;
  
  populating a plurality of data fields; and
  
  defining a relationship between said plurality of data fields;
  
  testing said expression to determine whether said expression has been properly defined, andsearching said data sets for said expression.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 26. The method of claim 25 wherein said populating comprises:
    - selecting at least one quality from a predetermined set of available qualities, said available qualities corresponding to a descriptive attribute of an entity
  - 27. The method of claim 25 wherein said populating comprises:
    - selecting at least one quality from a predetermined set of available qualities, said available qualities corresponding to a descriptive attribute of an entity.
  - 28. The method of claim 25 wherein said data sets comprise a descriptive attribute relating to an entity.
  - 29. The method of claim 28 wherein said descriptive attribute is a first name.
  - 30. The method of claim 28 wherein said descriptive attribute is a last name.
  - 31. The method of claim 28 wherein said descriptive attribute is a pass word.
  - 32. The method of claim 25 further comprising:
    - selecting at least a portion of said created expression;
      
      saving said selected portion; and
      
      using said saved selected portion in a subsequent search.
  - 33. The method of claim 25 wherein said testing comprises determining whether the syntax of said expression is correct.
  - 34. The method of claim 25 wherein said testing comprises executing a preliminary search and examining the returned result from said search.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fair Isaac Corporation
Original Assignee
Fair Isaac Corporation
Inventors
Steele, Michael, Erickson, Chris, Miagkikh, Victor, Crawford, Stuart L., Thorsen, Megan, Tolmanov, Sergei

Granted Patent

US 10,769,290 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/26
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

G06F 21/6218   to a system of files or obj...

G06Q 10/10   Office automation; Time man...

G06Q 30/06   Buying, selling or leasing ...

G06Q 30/0601   Electronic shopping [e-shop...

G06Q 30/0643   Graphical representation of...

G06Q 40/02   Banking, e.g. interest calc...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

Systems and methods for fraud detection via interactive link analysis

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

345 Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for fraud detection via interactive link analysis

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

345 Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links