WO2007028048A2 - Systems and methods for detecting fraud - Google Patents

Systems and methods for detecting fraud Download PDF

Info

Publication number
WO2007028048A2
WO2007028048A2 PCT/US2006/034272 US2006034272W WO2007028048A2 WO 2007028048 A2 WO2007028048 A2 WO 2007028048A2 US 2006034272 W US2006034272 W US 2006034272W WO 2007028048 A2 WO2007028048 A2 WO 2007028048A2
Authority
WO
WIPO (PCT)
Prior art keywords
information
financial
account
fraud
financial account
Prior art date
Application number
PCT/US2006/034272
Other languages
French (fr)
Other versions
WO2007028048A3 (en
Inventor
Theodore J. Crooks
Original Assignee
Fair Isaac Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fair Isaac Corporation filed Critical Fair Isaac Corporation
Publication of WO2007028048A2 publication Critical patent/WO2007028048A2/en
Publication of WO2007028048A3 publication Critical patent/WO2007028048A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • G06Q20/023Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP] the neutral party being a clearing house
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/10Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/22Payment schemes or models
    • G06Q20/24Credit schemes, i.e. "pay after"
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4016Transaction verification involving fraud or risk level assessment in transaction processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/03Credit; Loans; Processing thereof

Definitions

  • the system proposed here is designed to reduce the diversification and renewed growth of fraud by expanding the scope of successful behavior-monitoring methods from single accounts to all accounts under single consumers, households, or other organizations. Fraudsters have evaded protections by moving beyond the current field of view, in many situations. By sharing information on account behavior at the national level, across financial institutions and selected consumer services, that field of view can be expanded to once again bring fraud into focus and under control.
  • the account registration process allows a participating institution to identify a particular customer, and an account held by that customer, which the participant wishes to share with other clearinghouse participants.
  • the registration process may be a simple exchange.
  • the participant can send identifying details about the subject customer and the account involved.
  • the server may then use the identifying information to search against records of previously registered customers. If a match is found, the new account can be linked with those previously registered for the customer. In either case, a unique numeric identifier is returned to the registrant to use as a reference to the account and customer in the future.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Technology Law (AREA)
  • Marketing (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A method for detecting likely fraud is described. The method includes obtaining from a first financial organization first information relating to a first financial account indicative of financial performance for the first financial account, obtaining from a second financial organization independent of the first financial organization second information relating to a second financial account indicative of financial performance for the second financial account, and determining if the first financial account and the second financial account relate to a common customer, and if they do, analyzing the first information and the second information to determine a likelihood of fraud in one of the accounts.

Description

Systems and Methods for Detecting Fraud
This application claims the benefit under 35 U. S. C. §119(e)(1) of prior U.S. provisional application 60/714,032, filed
September 2, 2005, which is incorporated herein by reference in its entirety.
TECHNICAL FIELD
This document relates to computerized systems and methods for detecting fraud across multiple organizations, such as by using a central clearinghouse that determines whether applications for credit and the like originate from legitimate applicants or instead originate from fraudsters.
BACKGROUND Over the last dozen years, credit card fraud has become a more difficult business for fraudsters. Once far and away the greatest fraud problem for banks, credit card fraud has been brought under control and further progress is to be expected. Though overall losses have grown modestly in most developed economies, the rate of fraud loss compared to card use has dropped sharply due to improved security measures, especially systems that monitor account activity for out-of-character, suspicious behavior. Further progress is expected from the widespread introduction of electronic cards implementing secure personal identification numbers (PINs).
But, fraudsters have adapted with new forms of fraud, spreading losses across a wider span of accounts and types of transactions.
SUMMARY The system proposed here is designed to reduce the diversification and renewed growth of fraud by expanding the scope of successful behavior-monitoring methods from single accounts to all accounts under single consumers, households, or other organizations. Fraudsters have evaded protections by moving beyond the current field of view, in many situations. By sharing information on account behavior at the national level, across financial institutions and selected consumer services, that field of view can be expanded to once again bring fraud into focus and under control.
Expansion of electronic authorization to nearly all debit and credit card transactions combined with real-time monitoring of those authorizations for suspicious account behavior has delivered a blow to organized fraud. Independent of passwords and PINs, tamper-resistant cards and law enforcement stings, behavior monitoring has been the essential, last line of defense protecting card-based payment systems. Behavior monitoring for fraud relies upon the common sense once applied by bank tellers but now lost to the demanding volume of booming post-war consumer banking. Just as the experienced, small-town teller once knew everyone's business well enough to ignore the mundane but sniff out any funny business, behavior monitoring systems get to know accounts and customers, recognize usual behavior and become wary of out-of- character, risky behavior.
Behavior monitoring is a simple idea, but human-like common sense is nearly impossible to program into today's computers. Instead, behavior monitoring systems are trained with historical data. Programmed to distill patterns from histories of account use, modern fraud management systems learn by vast and detailed experience when to call for human investigation, or even when to block payment transactions during on-line authorizations. Today's best artificial intelligence systems are usually able to catch fraud sequences after one or two transactions, even if those transactions are not outlandish. So, the fraudster gets less per account and has to work harder compromising more accounts to keep up his lifestyle or meet his boss1 expectations.
Faced with a need to compromise more accounts, fraudsters have learned too. Whether by keen wits or an unnatural sort of natural selection, fraudsters have adapted as protective systems have improved. Foremost, they have learned that consumer financial systems run largely independently; that information about consumers is incomplete, slow to move and often not shared after an account has been opened. Exploiting these vulnerabilities, fraudsters have learned to steal information about consumers instead of information about individual accounts. After all, if you steal information about one account, you may get away with one, two, or maybe three transactions on that account. If you steal critical information about an accountholder, you may be able to compromise several existing accounts and open some new ones as well.
In practice, this move up the food chain for fraudsters is seen as identity theft, social engineering, phishing, pharming, and plain-old mail theft. Identity theft is successful when sufficient information is stolen to completely hijack a person's credit- contracting capacity — at least where a face-to-face interview is not required. Common means of identity theft are compromising employee records from a private company, stealing a completed credit application (especially a mortgage application), buying genuine credit reports through a cooperating or coerced merchant
(or employee), posing as a credit-granting merchant and buying credit reports on false pretenses, or impersonating a consumer who requests their own credit report for verification purposes; or, a thousand other variations and still others yet to be conceived. Social engineering is a catchall term for a wide range of confidence-games relying upon gullibility, naivete, or simple civility to extract information from a consumer or a financial service employee. Usually a seemingly innocent piece of information is extracted that, when combined with some other seemingly innocent information, opens a door to a complete personal financial story.
Social engineering requires some skill — at least a gift for gab — and takes time and luck. But productivity-conscious fraudsters have turned to technology. Now, instead of 25 phone calls to compromise one consumer in a half-day's work, technology can deliver 25,000 e-mail messages yielding nearly 100 compromised identities, with PINs and passwords, in the same half day. Called phishing, this is but one of many approaches to automating old-fashioned con games to obtain access to multiple accounts.
A few technically proficient fraudsters engage in pharming; using viruses and other malicious programming to redirect consumers' computers so that those who think they are connecting to World Famous Giant Bank are in fact typing their secrets into identical forms on Nefarious Ned's Kitchen Website.
Overall, there are about as many ways to compromise personal financial information as there are fraudsters trying to do it. And, since fraud is a highly organized business, whenever a trick works well, it spreads rapidly and widely until the consumer finance industry plugs that hole and starts guessing where the next one will be.
Behavior monitoring for fraud is essential in the overall protective scheme because it's largely independent of the many means of fraud, focusing instead on what is done with accounts rather than how it is done. This independence from the details of the fraud method makes behavior monitoring the key to getting ahead of rapidly evolving fraud.
The weakness of behavior monitoring is those one, two, or sometimes three fraudulent transactions that get by before the system and its human operators recognize the threat and respond. If, say, two transactions for each account are fraudulent and an identity theft involves five accounts, the typical loss is ten transactions of larger-than-average (but not astronomical) size — perhaps £7,000.
On the other hand, if two or three transactions per identity are compromised, even if multiple accounts are involved, losses will be in the £1 ,400 range — maybe not even worth giving up honest work. The Fraud Clearinghouse proposed here is designed to stop frauds after one or two transactions per compromised identity rather than after one or two transactions per account compromised, thus keeping incident costs nearer to £1 ,400 than to £7,000. By sharing information between financial institutions, the
Fraud Clearinghouse will allow behavior-monitoring systems to look across the accounts held by an individual consumer and prevent fraudsters from hiding among isolated accounts.
Of course, it is the sharing of financial information in credit bureaus that makes it possible for a fraudster to steal from multiple accounts by compromising a single identity. Sharing information has its security risks as well as it rewards. That's why it's important that sharing information for fraud is done properly. The system proposed here is one way to share account information properly, thus reducing fraud while not opening new fraud opportunities.
In one implementation, a method for detecting likely fraud in a financial system is disclosed. The method includes obtaining from a first financial organization first information relating to a first financial account indicative of financial performance for the first financial account, obtaining from a second financial organization independent of the first financial organization second information relating to a second financial account indicative of financial performance for the second financial account, and determining if the first financial account and the second financial account relate to a common customer, and if they do, analyzing the first information and the second information to determine a likelihood of fraud in one of the accounts. The financial accounts may be credit accounts. Also, the first information and the second information may not be personally identifiable. In some aspects, the method may further include providing to the second financial organization a fraud indicator. The fraud indicator might not contain any personally identifiable information, and the fraud indicator might not provide any indication of the identity of the first financial organization.
In some aspects, the information relating to a second financial account can correspond to account registration information, to behavior sharing information, and to applications sharing information. The first financial account and the second financial account may be associated with a single individual. Also, the first financial account may be associated with a first individual and the second financial account may be associated with a second individual having a predetermined relationship to the first individual. The details of one or more embodiments of the invention are set forth in the accompanying drawings and the description below. Other features, objects, and advantages of the invention will be apparent from the description and drawings, and from the claims.
DETAILED DESCRIPTION Design Features
The clearinghouse system described here may exhibit a number of features. For example, the system may have forward summarization through "profiles," where genuine behavior with payment and credit products is highly varied — so varied that the difference between genuine and fraudulent behavior is less than the normal variation in genuine behavior alone. To compensate, a behavior monitoring system may learn the behavior of each individual account and compare new behavior versus old to provide a context for successful pattern recognition, much like current best-deployed systems. As one example, systems may use, and have in the past used, models of individual account behavior called "profiles" for this purpose. Each profile is a highly summarized series of coefficients for a long equation that describes an account's behavior and evolution. An account's profile can be updated with each new transaction before the riskiness of that transaction is assessed. The result is the same as if a full transaction history were maintained and read into the behavior analysis before each new assessment of risk. But, the profile approach may be more efficient because historical activity is mathematically digested as the activity is experienced, not after the fact and repeatedly every time a new transaction is assessed.
Profiles are a good mechanism for sharing account behavior information between organizations. By their nature, they can be implemented to carry only the behavior information relevant to detection of fraud, and no other information. They can be the shortest possible summarization containing the information needed to detect fraud. And they can be efficient and fast to use as inputs to behavior monitoring neural networks and other models, and also can be unreadable by humans without documentation and additional data.
By summarizing transaction information immediately into profiles, the described clearinghouse avoids keeping information it doesn't need that might be subject to compromise, and it provides an efficient storage medium for fraud detection purposes. However, more detailed data storage may also be used in appropriate situations, depending on the needs of the particular system. The system may also be configured to employ isolated personal information. To protect personal information from improper disclosure, a clearinghouse may be designed to contain no personally identifiable information whatsoever. There may be no names, addresses, account numbers, and/or mothers' maiden names in the clearinghouse proper. All or some personal information may be kept in a separate server called a Registration
Server, but that server may be configured to not transmit personal information. It can be used only to see if the holder of a newly registered account already has other accounts on file in the Clearinghouse and if similar identification has been associated with a fraud.
The system may also be configured to maintain contributor anonymity. To maintain competitive neutrality, the identity of the participating institution contributing information about an account can be kept confidential. Only that institution can be provided with the necessary identifying number to modify information about a registered account and no other institutions receive information about contributor identities. Embargoed profiles may also be employed. A clearinghouse design may allow for accumulating information into embargoed profiles that are not distributed. This mechanism may be used to prevent distribution of inaccurate information if contributions have been erroneous and to hide the identity of contributors when a process of elimination could identify them.
Harmless error recovery may be another provided feature. Profiles can present a problem when they are given bad information: one cannot rollback a profile in a simple way. Instead, the policy of a clearinghouse may be to embargo any profile found to be erroneous or questionable. When necessary, individual, past transactions can be reversed by reconstructing a profile off-line from the transaction logs maintained on clearinghouse activity. Operation The proposed clearinghouse may be configured to be capable of one or more of three main types of transactions: account registration, behavior sharing, and application sharing. Application sharing is a special case of account registration, so we will start by describing account registration and behavior sharing, then return to describe the special aspects of application sharing. Account Registration
The account registration process allows a participating institution to identify a particular customer, and an account held by that customer, which the participant wishes to share with other clearinghouse participants. The registration process may be a simple exchange. The participant can send identifying details about the subject customer and the account involved. The server may then use the identifying information to search against records of previously registered customers. If a match is found, the new account can be linked with those previously registered for the customer. In either case, a unique numeric identifier is returned to the registrant to use as a reference to the account and customer in the future.
Participating institutions may use the account registration process to register new accounts. The process can return a numeric identity handle from a system server for use by the institution when accessing profiles about the subject consumer(s). (A registration server instead of the fraud clearinghouse may be used for this process so that the clearinghouse does not contain any personal information.) Each institution accessing the same consumer's profiles is given a different access handle. In addition to the handle, an encryption key is returned for use in accessing profiles obtained for the subject consumer. Receipt of the handle does not tell the participating institution whether or not other institutions have registered the same consumer. This can be learned only by contributing transactions and accessing profiles in the Clearinghouse.
Steps to enable encryption and system maintenance logs are not described here for simplicity, and will be known to a skilled artisan. The steps by each entity for registration may include:
Participating Institution:
1. Build a registration request composed of a participating institution identifier, a participating institution key, an account type indicator, a participant's account identifier (but not the real account number!), and customer identity information or a previously received account identifier for the same accountholder.
2. Send registration request to Registration Server via a secure channel.
Registration Server: 1. Search for supplied account identifier or identity information to get internal identity identifier of accountholder, or if no match is found, create a new internal identity identifier.
2. Return account identifier and account encryption key. 3. Communicate account identifier, account type indicator, account encryption key and internal identity identifier to the Fraud Clearinghouse.
Participating Institution:
1. Receive and store account identifier and account encryption key.
Behavior Sharing
Once an account has been registered, the participant that registered the account can access shared profiles for the subject customer (which may be, for example, an individual, a group of individuals, or an organization such as a company), but only when the participant updates information about the registered account. To invoke this exchange, the participant sends a message to the clearinghouse that contains the identifier obtained when the account was registered and a record that describes a transaction on that account. The clearinghouse uses the transaction record to update the profile about the subject account and returns that profile along with all others for the same customer.
Details of the behavior sharing transaction are described next. Participating institutions use this process to send transaction records and receive back profiles of account behavior for all accounts registered for the subject consumer. Access to this process requires use of an identity handle provided in the Registration Process described above. Steps to enable encryption and system maintenance logs are not described here for simplicity, as will be understood by a skilled artisan. Certain terms are defined below. The steps by the various participants include the following.
Participating Institution
1. Construct a transaction description record containing participating institution identifier, account identifier, and transaction information.
2. Send the transaction description record to the Fraud Clearinghouse.
Fraud Clearinghouse
1. Enqueue the transaction description record for processing in first-in-first-out order with respect to other transactions involving the same accountholder. 2. Use the account identifier, to retrieve the internal identity identifier and account type indicator.
3. Read and lock the accountholder profile for the accountholder and perform a profile update the accountholder profile using the transaction information received. Then, unlock the accountholder profile.
4. Return the accountholder profile for the subject accountholder to the requesting participating institution.
Participating Institution 1. Receive and use the accountholder profile for better fraud detection.
Application Sharing
The registration server can share information about applications for credit and new account openings as well. The purpose of application information sharing is to examine applications in the name of a customer for consistency and changes. Also, residence addresses and telephone numbers in applications are checked against prior applications and especially applications reported to have been probable frauds.
The application sharing process returns status flags about the outcome of a search. Using a process similar to account registration, the registration server searches for matching records and returns one or several codes about what it has found. The matching process reports on "exact," "equivalent" and "near" matches on the entire identity record supplied. Matches are reported for the same and different names. Also, matches on other active and inactive customers are reported as well as matches on records previously involved in frauds.
From the response of the application sharing process, a participating institution might not be able to determine for certain if an identity is genuine, but it is able to determine if additional investigation and verification of the application is warranted. That determination is normally made by an automated system with yet another model used to assess the importance and implications of registration server responses.
Other Features There are a variety of other interactions between participants and the clearinghouse, including closing an account, unregistering an account created in error, breaking the association of accounts with a specific customer, removing account identifiers in the event of a security breech, reporting an account that either failed to ever make any payments or which is identified as a probable fraud, and a variety of housekeeping and maintenance transactions.
Definitions
Account identifier — A unique identifier returned by the Registration Server to a registering participating institution to identify an account.
Account type indicator — Uniquely identifies the type of an account being registered.
Accountholder — An individual, household, business, or other organization which obtains and uses a financial services or trade account with a participating institution.
Accountholder profile — A dense mathematical representation of the current, recent, and/or past behavior of the accounts held by the subject accountholder. Fraud Clearinghouse — A server accessible throughout its market area providing participating institutions the ability to share information about the behavior of individual account holders for the purpose of protecting against fraud. Internal identity identifier — A unique identifier created by the registration server and used by the fraud clearinghouse to identify an individual accountholder. The internal identity identifier is never distributed outside the registration server and fraud clearinghouse in certain implementations. Identity information — The package of information needed to identify an accountholder in the identity area where the accountholder resides. As accountholders may be different types of entities, identity information usually specifies the type of entity (person, household, business, etc.) and its content may differ for different types of entities.
Participating institution — An organization that provides consumer services requiring protection from fraud and which has contracted with the provider for use of the fraud clearinghouse. Participating institution identifier — A globally unique identifier assigned by the provider that identifies the participating institution.
Participant's account identifier — Identifier of a registered account that is unique to the participating institution and supplied by the participating institution. Profile update — Updates of profiles are performed for transactions which carry information about the behavior of accounts held by a subject accountholder. Most updates involve the calculation of new variable values within the accountholder profile based upon the details of the described transaction. Registration request — A package of information necessary to initiate the registration process. Includes a participating institution identifier, identity information, an account type indicator and an account identifier.
Registration server — A server dedicated to the registration process described here. Uses commercially available data on identities.
Transaction description record — Record describing a transaction made on a specific account. Transaction information — Information about a subject transaction in a transaction description record. The transaction information may take many different forms depending upon the type of account involved, the type of transaction and the content of the associated accountholder profile. A number of embodiments of the invention have been described. Nevertheless, it will be understood that various modifications may be made without departing from the spirit and scope of the invention. Accordingly, other embodiments are within the scope of the following claims.

Claims

WHAT IS CLAIMED IS:
1. A method for detecting likely fraud in a financial system, comprising: obtaining from a first financial organization first information relating to a first financial account indicative of financial performance for the first financial account; obtaining from a second financial organization independent of the first financial organization second information relating to a second financial account indicative of financial performance for the second financial account; and determining if the first financial account and the second financial account relate to a common customer, and if they do, analyzing the first information and the second information to determine a likelihood of fraud in one of the accounts.
2. The method of claim 1 , wherein the financial accounts are credit accounts.
3. The method of claim 1 , wherein the first information and the second information are not personally identifiable.
4. The method of claim 1 , further comprising providing to the second financial organization a fraud indicator.
5. The method of claim 4, wherein the fraud indicator does not contain any personally identifiable information.
6. The method of claim 4, wherein the fraud indicator does not provide any indication of the identity of the first financial organization.
7. The method of claim 1 , wherein the information relating to a second financial account corresponds to account registration information.
8. The method of claim 1 , wherein the information relating to a second financial account corresponds to behavior sharing information.
9. The method of claim 1 , wherein the information relating to a second financial account corresponds to applications sharing information.
10. The method of claim 1 , wherein the first financial account and the second financial account are associated with a single individual.
11. The method of claim 1 , wherein the first financial account is associated with a first individual and the second financial account is associated with a second individual having a predetermined relationship to the first individual.
12. A fraud detection system, comprising: a registration server to receive accountholder identifying information and to generate corresponding anonymous information; a fraud clearinghouse server configured to receive the anonymous information from the registration server, to receive from a plurality of financial institutions transaction information associated with the anonymous information, and to generate fraud profiles from the transaction information for each of a plurality of anonymous participants.
13. The system of claim 12, wherein the registration server is adapted to generate account encryption keys for the transmission of anonymous information.
PCT/US2006/034272 2005-09-02 2006-09-01 Systems and methods for detecting fraud WO2007028048A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US71403205P 2005-09-02 2005-09-02
US60/714,032 2005-09-02

Publications (2)

Publication Number Publication Date
WO2007028048A2 true WO2007028048A2 (en) 2007-03-08
WO2007028048A3 WO2007028048A3 (en) 2007-05-10

Family

ID=37809593

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2006/034272 WO2007028048A2 (en) 2005-09-02 2006-09-01 Systems and methods for detecting fraud

Country Status (2)

Country Link
US (1) US7756783B2 (en)
WO (1) WO2007028048A2 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010095122A1 (en) * 2009-02-20 2010-08-26 Moqom Limited Merchant alert system and method for fraud prevention
US20100268696A1 (en) * 2009-04-16 2010-10-21 Brad Nightengale Advanced Warning
DE102009027557A1 (en) 2009-07-09 2011-01-13 Robert Bosch Gmbh Modular working device for use in garden- or agricultural area, has base unit, which consists of drive and control device and work piece connected with base unit
WO2020046987A1 (en) * 2018-08-27 2020-03-05 Paypal, Inc. Systems and methods for classifying accounts based on shared attributes with known fraudulent accounts
US20230141627A1 (en) * 2021-11-08 2023-05-11 Paypal, Inc. Real-time account takeover detection using behavior sequence clustering

Families Citing this family (38)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9412123B2 (en) 2003-07-01 2016-08-09 The 41St Parameter, Inc. Keystroke analysis
US10999298B2 (en) 2004-03-02 2021-05-04 The 41St Parameter, Inc. Method and system for identifying users and detecting fraud by use of the internet
US8938671B2 (en) 2005-12-16 2015-01-20 The 41St Parameter, Inc. Methods and apparatus for securely displaying digital images
US11301585B2 (en) 2005-12-16 2022-04-12 The 41St Parameter, Inc. Methods and apparatus for securely displaying digital images
US8151327B2 (en) 2006-03-31 2012-04-03 The 41St Parameter, Inc. Systems and methods for detection of session tampering and fraud prevention
US7739169B2 (en) * 2007-06-25 2010-06-15 Visa U.S.A. Inc. Restricting access to compromised account information
US8600872B1 (en) 2007-07-27 2013-12-03 Wells Fargo Bank, N.A. System and method for detecting account compromises
US7546271B1 (en) * 2007-12-20 2009-06-09 Choicepoint Asset Company Mortgage fraud detection systems and methods
US9112850B1 (en) 2009-03-25 2015-08-18 The 41St Parameter, Inc. Systems and methods of sharing information through a tag-based consortium
US9652802B1 (en) 2010-03-24 2017-05-16 Consumerinfo.Com, Inc. Indirect monitoring and reporting of a user's credit data
US8515863B1 (en) 2010-09-01 2013-08-20 Federal Home Loan Mortgage Corporation Systems and methods for measuring data quality over time
EP2676197B1 (en) 2011-02-18 2018-11-28 CSidentity Corporation System and methods for identifying compromised personally identifiable information on the internet
GB201105765D0 (en) 2011-04-05 2011-05-18 Visa Europe Ltd Payment system
US11030562B1 (en) 2011-10-31 2021-06-08 Consumerinfo.Com, Inc. Pre-data breach monitoring
US10754913B2 (en) 2011-11-15 2020-08-25 Tapad, Inc. System and method for analyzing user device information
US9633201B1 (en) 2012-03-01 2017-04-25 The 41St Parameter, Inc. Methods and systems for fraud containment
US9521551B2 (en) 2012-03-22 2016-12-13 The 41St Parameter, Inc. Methods and systems for persistent cross-application mobile device identification
EP2880619A1 (en) 2012-08-02 2015-06-10 The 41st Parameter, Inc. Systems and methods for accessing records via derivative locators
WO2014078569A1 (en) 2012-11-14 2014-05-22 The 41St Parameter, Inc. Systems and methods of global identification
US8812387B1 (en) 2013-03-14 2014-08-19 Csidentity Corporation System and method for identifying related credit inquiries
US10902327B1 (en) 2013-08-30 2021-01-26 The 41St Parameter, Inc. System and method for device identification and uniqueness
US20150081494A1 (en) * 2013-09-17 2015-03-19 Sap Ag Calibration of strategies for fraud detection
CN115082065A (en) 2013-12-19 2022-09-20 维萨国际服务协会 Cloud-based transaction method and system
US9922322B2 (en) * 2013-12-19 2018-03-20 Visa International Service Association Cloud-based transactions with magnetic secure transmission
US10846694B2 (en) 2014-05-21 2020-11-24 Visa International Service Association Offline authentication
US9775029B2 (en) 2014-08-22 2017-09-26 Visa International Service Association Embedding cloud-based functionalities in a communication device
US10091312B1 (en) 2014-10-14 2018-10-02 The 41St Parameter, Inc. Data structures for intelligently resolving deterministic and probabilistic device identifiers to device profiles and/or groups
US10339527B1 (en) 2014-10-31 2019-07-02 Experian Information Solutions, Inc. System and architecture for electronic fraud detection
US11151468B1 (en) 2015-07-02 2021-10-19 Experian Information Solutions, Inc. Behavior analysis using distributed representations of event data
CA3001839C (en) 2015-10-14 2018-10-23 Pindrop Security, Inc. Call detail record analysis to identify fraudulent activity and fraud detection in interactive voice response systems
US20210374764A1 (en) 2016-03-25 2021-12-02 State Farm Mutual Automobile Insurance Company Facilitating fraud dispute resolution using machine learning
US12125039B2 (en) 2016-03-25 2024-10-22 State Farm Mutual Automobile Insurance Company Reducing false positives using customer data and machine learning
US10699028B1 (en) 2017-09-28 2020-06-30 Csidentity Corporation Identity security architecture systems and methods
US10896472B1 (en) 2017-11-14 2021-01-19 Csidentity Corporation Security and identity verification system and architecture
US11593811B2 (en) 2019-02-05 2023-02-28 International Business Machines Corporation Fraud detection based on community change analysis using a machine learning model
US11574360B2 (en) 2019-02-05 2023-02-07 International Business Machines Corporation Fraud detection based on community change analysis
US11470194B2 (en) 2019-08-19 2022-10-11 Pindrop Security, Inc. Caller verification via carrier metadata
CN113781054B (en) * 2021-09-14 2024-10-22 中国银行股份有限公司 Fraud early warning method and device in banking website

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20000059113A (en) * 2000-07-14 2000-10-05 이진 Controller system for opening a banking account by using network and operation method thereof
KR20020089834A (en) * 2001-05-24 2002-11-30 원숙희 User confirmation and loaning method using an internet
KR20030076764A (en) * 2002-03-21 2003-09-29 주식회사 핑거 An entity authentication via the internet and a method for opening on-line share account using this
KR20040012138A (en) * 2002-08-01 2004-02-11 삼성캐피탈 주식회사 Personal authentication method in the internet and loan method and system using the same

Family Cites Families (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5819226A (en) * 1992-09-08 1998-10-06 Hnc Software Inc. Fraud detection using predictive modeling
CN100501754C (en) * 1995-02-13 2009-06-17 英特特拉斯特技术公司 Systems and methods for secure transaction management and electronic rights protection
US5966695A (en) * 1995-10-17 1999-10-12 Citibank, N.A. Sales and marketing support system using a graphical query prospect database
US20020198806A1 (en) * 1998-04-24 2002-12-26 First Data Corporation Systems and methods for accessing and modifying usage parameters associated with a financial transaction account
AU6049999A (en) * 1998-09-17 2000-04-03 Nexchange Corporation Affiliate commerce system and method
US7103579B1 (en) * 2000-03-23 2006-09-05 Electronic Clearinghouse, Inc. Internet based check cashing and clearing method, apparatus and article of manufacture
US6866586B2 (en) * 2000-04-28 2005-03-15 Igt Cashless transaction clearinghouse
US6873977B1 (en) * 2000-05-11 2005-03-29 International Business Machines Corporation Achieving buyer-seller anonymity for unsophisticated users under collusion amongst intermediaries
US6907408B2 (en) * 2002-06-04 2005-06-14 Albert J. Angel Hierarchical authentication process and system for financial transactions
KR200289834Y1 (en) 2002-06-14 2002-09-19 장진만 A packing system of a vynyl for use agriculture
US20040019543A1 (en) * 2002-07-25 2004-01-29 First Data Corporation Systems and methods for non-account based liability reporting
US7177846B2 (en) * 2002-07-29 2007-02-13 Checkfree Corporation Technique for account authentication
CA2436319C (en) * 2002-08-02 2014-05-13 Calin A. Sandru Payment validation network
US20050154665A1 (en) * 2002-11-22 2005-07-14 Florida Bankers Association, Inc. Fraud prevention system
US8269793B2 (en) * 2003-02-18 2012-09-18 Serverside Group Limited Apparatus and method for manipulating images
US7505931B2 (en) * 2003-03-03 2009-03-17 Standard Chartered (Ct) Plc Method and system for monitoring transactions
KR200376764Y1 (en) 2004-12-01 2005-03-08 박복수 Wood panel with aluminum film layer
US20060149674A1 (en) * 2004-12-30 2006-07-06 Mike Cook System and method for identity-based fraud detection for transactions using a plurality of historical identity records
KR200412138Y1 (en) 2005-12-28 2006-03-23 김종희 Rolling Children Center

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20000059113A (en) * 2000-07-14 2000-10-05 이진 Controller system for opening a banking account by using network and operation method thereof
KR20020089834A (en) * 2001-05-24 2002-11-30 원숙희 User confirmation and loaning method using an internet
KR20030076764A (en) * 2002-03-21 2003-09-29 주식회사 핑거 An entity authentication via the internet and a method for opening on-line share account using this
KR20040012138A (en) * 2002-08-01 2004-02-11 삼성캐피탈 주식회사 Personal authentication method in the internet and loan method and system using the same

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010095122A1 (en) * 2009-02-20 2010-08-26 Moqom Limited Merchant alert system and method for fraud prevention
US20100268696A1 (en) * 2009-04-16 2010-10-21 Brad Nightengale Advanced Warning
US8380569B2 (en) * 2009-04-16 2013-02-19 Visa International Service Association, Inc. Method and system for advanced warning alerts using advanced identification system for identifying fraud detection and reporting
US8903735B2 (en) 2009-04-16 2014-12-02 Visa International Service Association System and method for pushing advanced warning alerts
DE102009027557A1 (en) 2009-07-09 2011-01-13 Robert Bosch Gmbh Modular working device for use in garden- or agricultural area, has base unit, which consists of drive and control device and work piece connected with base unit
WO2020046987A1 (en) * 2018-08-27 2020-03-05 Paypal, Inc. Systems and methods for classifying accounts based on shared attributes with known fraudulent accounts
US11182795B2 (en) 2018-08-27 2021-11-23 Paypal, Inc. Systems and methods for classifying accounts based on shared attributes with known fraudulent accounts
US20230141627A1 (en) * 2021-11-08 2023-05-11 Paypal, Inc. Real-time account takeover detection using behavior sequence clustering

Also Published As

Publication number Publication date
WO2007028048A3 (en) 2007-05-10
US7756783B2 (en) 2010-07-13
US20070192240A1 (en) 2007-08-16

Similar Documents

Publication Publication Date Title
US7756783B2 (en) Fraud clearinghouse
Tariq Impact of cyberattacks on financial institutions
LoPucki Human identification theory and the identity theft problem
CA3173848A1 (en) System and method of automated know-your-transaction checking in digital asset transactions
Adeyoju Cybercrime and cybersecurity: FinTech’s greatest challenges
Barker Knowledge management to prevent fraudulant e-banking transactions
KR102163655B1 (en) Method for monitoring blockchain and apparatus for using the method
Anatoliy et al. Technologies of safety in the bank sphere from cyber attacks
Amiri et al. Banking fraud: a customer-side overview of categories and frameworks of detection and prevention
Weaver Modern day money laundering: does the solution exist in an expansive system of monitoring and record keeping regulations
Malphrus Perspectives on retail payments fraud
Greer The growth of cybercrime in the United States
CN113627902A (en) Method and system for preventing block chain intrusion
Aravazhi Understanding cyber crime and cyber laundering: threat and solution
Chandrasekran et al. Adoption of future banking using biometric technology in automated teller machine (ATM)
Rivner Identity crisis: Detecting account opening fraud in the age of identity commoditisation
Abedin et al. Cyber security in banking sector
JP2017174005A (en) Transaction lock system and transaction lock method for financial institution
KR102689322B1 (en) Method and system for certifying balance of digital asset
Bharathababu Biometric Technology in Automated Teller Machines Adoption
Amanze et al. An enhanced model for bank fraud detection in nigerian
Stojkovic et al. Forging payment cards and cybercrime
Agboare A theoretical review of the internal control measures in preventing e-banking frauds in the Nigerian banking sector
Kumar et al. Digital fraud and advancement of fraud mitigation mechanisms in India
Katarina et al. FORGING PAYMENT CARDS AND CYBERCRIME

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06814076

Country of ref document: EP

Kind code of ref document: A2

OSZAR »