CN105654379B - Abnormal account moving processing method and device - Google Patents

Abnormal account moving processing method and device Download PDF

Info

Publication number
CN105654379B
CN105654379B CN201511032630.8A CN201511032630A CN105654379B CN 105654379 B CN105654379 B CN 105654379B CN 201511032630 A CN201511032630 A CN 201511032630A CN 105654379 B CN105654379 B CN 105654379B
Authority
CN
China
Prior art keywords
account
request
dynamic
moving
verification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201511032630.8A
Other languages
Chinese (zh)
Other versions
CN105654379A (en
Inventor
车新帅
蒋金平
王华磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Agricultural Bank of China
Original Assignee
Agricultural Bank of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Agricultural Bank of China filed Critical Agricultural Bank of China
Priority to CN201511032630.8A priority Critical patent/CN105654379B/en
Publication of CN105654379A publication Critical patent/CN105654379A/en
Application granted granted Critical
Publication of CN105654379B publication Critical patent/CN105654379B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Engineering & Computer Science (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Technology Law (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention provides a method and a device for processing abnormal account movement, which are characterized in that a corresponding safe account model is established for each account in advance, and whether the account movement operation corresponding to the account movement request is the abnormal account movement operation or not can be judged based on the corresponding safe account model after the account movement request is received; and when the judgment result shows that the account moving operation corresponding to the account moving account request is the abnormal account moving operation, canceling the account moving operation corresponding to the account moving account request. In the invention, the safe account model is established based on the account data for indicating the account moving condition, and the account moving condition reflects the operation habit of the corresponding user to the account, so that the invention can determine whether the operation habit of the corresponding user to the account is abnormal account moving operation or not based on the operation habit of the corresponding user to the account, and compared with the prior art, the judgment mode improves the judgment intelligence.

Description

Abnormal account moving processing method and device
Technical Field
The invention belongs to the technical field of information security, and particularly relates to an abnormal account change processing method and device.
Background
Bank account security has always been an important security issue of great interest. In recent years, many news reports the problem that the masses of people in various regions are leaked secret, so that property is stolen by lawbreakers. At present, the security protection of bank accounts is different, for example, the patent of "network bank alarm system and method" with application number CN200810305350.3, which performs security protection of bank accounts by setting a module and an identification module.
The setting module is used for setting an alarm password and an alarm short message format of a bank account of a corresponding user; the identification module is used for identifying whether the password input by the user is an alarm password, if so, analyzing and changing the alarm password to generate a starting instruction and a corresponding common password for changing the account, and sending the common password to the bank server so that the bank server identifies whether the user logs in the online bank abnormally, records the corresponding condition after identifying the abnormal condition and gives an alarm in time, but the account information cannot be ensured to be safe through the alarm password in the protection mode after being stolen.
Disclosure of Invention
In view of the above, an object of the present invention is to provide a method and an apparatus for processing an abnormal dynamic account, which are used to directly cancel the dynamic account operation corresponding to the account dynamic account request after determining that the dynamic account operation corresponding to the account dynamic account request is the abnormal dynamic account operation based on a secure account model, so as to improve the account security. The technical scheme is as follows:
the invention provides an abnormal account mobilization processing method, which comprises the following steps:
establishing a corresponding secure account model for each account in advance, wherein the secure account model is established based on account data of the corresponding account, and the account data is at least used for indicating account dynamic condition;
after receiving an account moving request, determining the secure account model corresponding to the account moving request;
judging whether the account dynamic account operation corresponding to the account dynamic account request is abnormal dynamic account operation or not based on the corresponding safe account model to obtain a judgment result;
and when the judgment result shows that the account dynamic account operation corresponding to the account dynamic account request is abnormal dynamic account operation, canceling the dynamic account operation corresponding to the account dynamic account request.
Preferably, the determining, based on the corresponding secure account model, whether an account dynamic account operation corresponding to the account dynamic account request is an abnormal dynamic account operation to obtain a determination result includes:
judging whether the account moving operation corresponding to the account moving account request is abnormal operation or not based on the corresponding safe account model;
when the account moving operation corresponding to the account moving account request is judged to be abnormal operation, sending a verification request to equipment corresponding to the account moving account request;
after first verification information corresponding to the verification request is received, matching with second verification information of the account corresponding to the account dynamic account request;
when the first verification information is not matched with the second verification information, obtaining a judgment result that the account dynamic account operation corresponding to the account dynamic account request is an abnormal account dynamic operation;
and when the account dynamic account operation corresponding to the account dynamic account request is normal operation or when the account dynamic account operation corresponding to the account dynamic account request is abnormal operation and the first verification information is matched with the second verification information, obtaining a judgment result that the account dynamic account operation corresponding to the account dynamic account request is normal dynamic account operation.
Preferably, when it is determined that the account moving operation corresponding to the account moving account request is an abnormal operation, sending a verification request to a device corresponding to the account moving account request includes: and when the account moving operation corresponding to the account moving account request is judged to be abnormal operation, sending a short message verification request to equipment corresponding to the account moving account request so as to receive a short message verification code serving as the first verification information.
Preferably, when it is determined that the account moving operation corresponding to the account moving account request is an abnormal operation, sending a verification request to a device corresponding to the account moving account request includes:
when the account moving operation corresponding to the account moving account request is judged to be abnormal operation, sending a verification mode confirmation request to first equipment corresponding to the account moving account request;
when first confirmation information corresponding to the verification mode confirmation request is received, sending a short message verification request to the first equipment so as to receive a short message verification code serving as the first verification information;
and when second confirmation information corresponding to the verification mode confirmation request is received, sending an identity verification request to second equipment corresponding to the account moving account request so as to receive identity information serving as first verification information.
Preferably, the identity information includes: fingerprint information or iris information corresponding to the account reconciliation request.
The invention also provides an abnormal account moving processing device, which comprises:
the establishing unit is used for establishing a corresponding secure account model for each account in advance, wherein the secure account model is established based on account data of the corresponding account, and the account data is at least used for indicating account dynamic situation of the account;
the determining unit is used for determining the secure account model corresponding to the account moving request after receiving the account moving request;
the judging unit is used for judging whether the account dynamic account operation corresponding to the account dynamic account request is abnormal dynamic account operation or not based on the corresponding safe account model to obtain a judgment result;
and the execution unit is used for canceling the account dynamic account operation corresponding to the account dynamic account request when the judgment result shows that the account dynamic account operation corresponding to the account dynamic account request is an abnormal account dynamic operation.
Preferably, the judging unit includes:
the judging subunit is configured to judge whether an account moving operation corresponding to the account moving request is an abnormal operation based on the corresponding secure account model;
the sending subunit is configured to send, when it is determined that an account moving operation corresponding to the account moving request is an abnormal operation, a verification request to a device corresponding to the account moving request;
the matching subunit is used for matching the second verification information of the account corresponding to the account dynamic account request after receiving the first verification information corresponding to the verification request;
the first obtaining subunit is configured to obtain, when the first verification information and the second verification information are not matched, a determination result that the dynamic account operation corresponding to the account dynamic account request is an abnormal dynamic account operation;
and the second obtaining subunit is configured to obtain a determination result that the dynamic account operation corresponding to the account dynamic account request is a normal dynamic account operation when the dynamic account operation corresponding to the account dynamic account request is a normal operation, or when the dynamic account operation corresponding to the account dynamic account request is an abnormal operation and the first verification information and the second verification information are matched.
Preferably, the sending unit is configured to send a short message verification request to a device corresponding to the account dynamic account request to receive a short message verification code serving as the first verification information when it is determined that the dynamic account operation corresponding to the account dynamic account request is an abnormal operation.
Preferably, the sending unit is configured to send a verification mode confirmation request to the first device corresponding to the account dynamic account request when it is determined that the dynamic account operation corresponding to the account dynamic account request is an abnormal operation;
when first confirmation information corresponding to the verification mode confirmation request is received, a short message verification request is sent to the first equipment to receive a short message verification code serving as the first verification information, and when second confirmation information corresponding to the verification mode confirmation request is received, an identity verification request is sent to the second equipment corresponding to the account dynamic account request to receive identity information serving as the first verification information.
Preferably, the identity information includes: fingerprint information or iris information corresponding to the account reconciliation request.
Compared with the prior art, the technical scheme provided by the invention has the following advantages:
according to the technical scheme provided by the invention, a corresponding safe account model is established for each account in advance, and whether account moving operation corresponding to an account moving request is abnormal moving operation can be judged based on the corresponding safe account model after the account moving request is received; and when the judgment result shows that the account moving operation corresponding to the account moving account request is the abnormal account moving operation, canceling the account moving operation corresponding to the account moving account request. In the invention, the safe account model is established based on the account data for indicating the account moving condition, and the account moving condition reflects the operation habit of the corresponding user to the account, so that the invention can determine whether the operation habit of the corresponding user to the account is abnormal account moving operation or not based on the operation habit of the corresponding user to the account, and compared with the prior art, the judgment mode improves the judgment intelligence.
And the judging mode provided by the invention can judge whether the corresponding account moving operation is the abnormal account moving operation before the account completes the account moving operation, the account moving operation is directly cancelled when the corresponding account moving operation is the abnormal account moving operation, the real-time performance is improved, and compared with a short message reminding mode, the method can remind and stop the account moving operation before the account completes the account moving operation, thereby effectively preventing the abnormal account moving operation of the account and improving the account safety.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a flowchart of an abnormal account change processing method according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a user dynamic account model provided by an embodiment of the present invention;
FIG. 3 is a schematic diagram of a secure account model provided by an embodiment of the invention;
fig. 4 is a sub-flowchart of an abnormal account change processing method according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an exception dynamic account processing apparatus according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a determination unit in the abnormal account handling apparatus according to the embodiment of the present invention;
fig. 7 is a schematic diagram of an application framework provided by an embodiment of the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, a flowchart of an abnormal dynamic account handling method according to an embodiment of the present invention is shown, where the method includes the following steps:
101: and establishing a corresponding safe account model for each account in advance, wherein the safe account model is established based on the account data of the corresponding account, and the account data is at least used for indicating the account dynamic account condition. That is, when any account completes a account moving operation, the account data of the account is recorded to indicate whether the account moving operation is successful, and when the account moving operation is successful, various information such as transaction parties, transaction amount and transaction type needs to be recorded in the account data, and the information is recorded in corresponding systems such as fund systems, loan systems and deposit systems of various large banks.
In addition, when recording various information in the account data, these original systems need to maintain the account data of the same account in the same area, for example, in the same data table, because the original systems will record a plurality of accounts in practical applications, and the account data of each account will be different according to the operation habits of the corresponding user, the account data corresponding to each account needs to be maintained in the same area, so as to establish a corresponding secure account model for each account in the following process.
In the embodiment of the present invention, the manner of establishing the corresponding secure account model for each account may be: firstly, a big data platform is constructed, wherein the big data platform is used for storing account data of each account, such as account information and operation records of any account indicated by records of transaction parties, transaction amount, transaction type and the like.
Secondly, a user account model based on a big data platform is built, the user account model records historical operation records of corresponding accounts, namely, the accounts are associated with corresponding account data under the accounts through the user account model, as shown in fig. 2, wherein the customer information comprises: basic information, contact information, major events, going-outside property information, relationship information and the like; the management information includes: attribution information, classification and labeling, marketing information, risk events, rating and evaluation; the financial information includes: the system comprises transaction information, financial statistic information, card information, product service contract, electronic bank contract signing, contract information and the like, wherein each piece of information under the customer information, the management information and the financial information is associated with corresponding account data.
And finally, constructing a safety dynamic account model based on the user account model, wherein the process can be as follows: and extracting account data belonging to normal account moving operation from the user account model, and associating the extracted account data to the corresponding account to obtain the safety account moving model. The safety movable account model at least comprises a financial information sub-model and a customer information sub-model, wherein the financial information sub-model is mainly used for integrating financial information and contract information of an account and can perform safety early warning on movable account operation corresponding to an account movable account request; and the customer information sub-model mainly aims at identity information, authentication information, contact information and the like of a customer corresponding to the account and can process account moving operation corresponding to the account moving request.
102: and after receiving the account moving request, determining a safe account model corresponding to the account moving request. In the embodiment of the invention, each account corresponds to one secure account model, so that after an account dynamic account request is received, the corresponding secure account model needs to be determined at first, and the specific determination mode can be through information carried in the account dynamic account request.
For example, the account-moving request carries unique identification information indicating an account, where the unique identification information indicating the account may be a bank card number corresponding to the account, and thus the corresponding secure account model may be found by the bank card number.
103: and judging whether the account moving operation corresponding to the account moving account request is abnormal based on the corresponding safe account model, and obtaining a judgment result. In the embodiment of the present invention, the determination may be based on only the secure account model, and the rule based on the determination is as follows:
the organization number of the dynamic account request is in the common home area range of the user; daily account is within 1 time; the consumption amount of the account moving request is less than or equal to that specified by the financial information-contract information in the secure account model; the transaction type of the dynamic account request conforms to the specification of the financial information-contract information in the secure account model; the information of the transaction opponent of the dynamic account request exists in the historical transaction record of the financial information-transaction information in the secure account model, so that when the dynamic account operation is judged to be in accordance with the rule based on the secure account model, the judgment result that the dynamic account operation corresponding to the account dynamic account request is normal dynamic account operation is obtained; and if the account moving operation does not accord with any rule, obtaining a judgment result that the account moving operation corresponding to the account moving request is abnormal account moving operation. It should be noted that the above rules are not uniform and may be adjusted according to different services and different client groups.
Or the above determination process may be determined by combining with other information on the basis of the secure account model to adapt to the user corresponding to the account initiating an operation that does not conform to the action habit of the user, as shown in the flowchart in fig. 4, the secure account model and the information verification may be combined to determine whether the action operation is an abnormal action operation, and the determination process is as follows:
401: and judging whether the account moving operation corresponding to the account moving request is abnormal operation or not based on the corresponding safe account model.
402: and when the account moving operation corresponding to the account moving account request is judged to be abnormal operation, sending a verification request to equipment corresponding to the account moving account request. Under the condition that the account moving operation corresponding to the account moving request is judged to be abnormal operation based on the safe account model, whether the abnormal operation is initiated by the user corresponding to the account or not can be further judged in a verification mode, so that the method is suitable for the user to initiate the operation which does not accord with the account moving habit of the user at a certain moment.
In the embodiment of the invention, the verification request can be a short message verification request, the verification request can send a short message verification code to the equipment recorded in the account data, and the equipment recorded in the account data is the equipment used by the user, so that after the equipment used by the user receives the short message verification code, if the abnormal operation is certainly initiated by the user, the user can feed back the short message verification code.
403: and after receiving the first verification information corresponding to the verification request, matching the second verification information of the account corresponding to the account moving account request.
404: and when the first verification information is not matched with the second verification information, obtaining a judgment result that the account dynamic account operation corresponding to the account dynamic account request is an abnormal account dynamic operation. The short message verification code can be used as first verification information, when the short message verification code input by the user is not matched with the short message verification code which is used as second verification information in the verification request, the abnormal operation is not initiated by the user, and a judgment result that the account moving operation corresponding to the account moving account request is the abnormal moving account operation can be obtained.
405: and when the account moving operation corresponding to the account moving account request is normal operation, or when the account moving operation corresponding to the account moving account request is abnormal operation and the first verification information is matched with the second verification information, obtaining a judgment result that the account moving operation corresponding to the account moving account request is normal.
And when the account moving operation corresponding to the account moving account request is normal operation, indicating that the account moving operation is consistent with the user account moving habit, and further obtaining a judgment result that the account moving operation corresponding to the account moving account request is normal account moving operation. Or the short message verification code serving as the first verification information is matched with the short message verification code serving as the second verification information in the verification request, the abnormal operation is certainly initiated by the user, and a judgment result that the account moving operation corresponding to the account moving account request is a normal account moving operation is obtained.
In addition, in the embodiment of the present invention, the verification request may also adopt other manners besides the short message verification request, and further may adopt different verification manners to determine whether the account moving operation is an abnormal account moving operation, so as to improve the security of the account.
And if the account moving operation corresponding to the account moving account request is judged to be abnormal operation, sending a verification mode confirmation request to the first equipment corresponding to the account moving account request. And when first confirmation information corresponding to the verification mode confirmation request is received, sending a short message verification request to the first equipment so as to receive a short message verification code serving as the first verification information. And when second confirmation information corresponding to the verification mode confirmation request is received, sending an identity verification request to second equipment corresponding to the account moving request so as to receive identity information serving as first verification information, wherein the identity information comprises fingerprint information or iris information corresponding to the account moving request.
104: and when the judgment result shows that the account moving operation corresponding to the account moving account request is the abnormal account moving operation, canceling the account moving operation corresponding to the account moving account request. It can be understood that: the abnormal account moving operation is used for indicating that the account moving operation is not consistent with the account moving habit of the user indicated by the secure account model, and further indicating that the current account moving operation is possibly initiated by an illegal user (namely, the user corresponding to a non-account), therefore, when the judgment result indicates that the account moving operation corresponding to the account moving request is the abnormal account moving operation, the account moving operation corresponding to the account moving request needs to be cancelled, the threat of the illegal user to the account is reduced, and the account security is improved.
105: and when the judgment result shows that the account moving operation corresponding to the account moving account request is normal, executing the account moving operation corresponding to the account moving account request. It can be understood that: and the normal account moving operation is used for indicating that the account moving operation conforms to the account moving habit of the user indicated by the security account model, and further indicating that the current account moving operation is initiated by the user corresponding to the account, so that the account moving operation corresponding to the account moving request is executed when the judgment result indicates that the account moving operation corresponding to the account moving request is the normal account moving operation.
As can be seen from the foregoing technical solutions, the abnormal account mobilization processing method provided in the embodiments of the present invention establishes a corresponding secure account model for each account in advance, and after receiving an account mobilization request, can determine whether an account mobilization operation corresponding to the account mobilization request is an abnormal account mobilization operation based on the corresponding secure account model; and when the judgment result shows that the account moving operation corresponding to the account moving account request is the abnormal account moving operation, canceling the account moving operation corresponding to the account moving account request. In the invention, the safe account model is established based on the account data for indicating the account moving condition, and the account moving condition reflects the operation habit of the corresponding user to the account, so that the invention can determine whether the operation habit of the corresponding user to the account is abnormal account moving operation or not based on the operation habit of the corresponding user to the account, and compared with the prior art, the judgment mode improves the judgment intelligence.
And the judging mode provided by the invention can judge whether the corresponding account moving operation is the abnormal account moving operation before the account completes the account moving operation, the account moving operation is directly cancelled when the corresponding account moving operation is the abnormal account moving operation, the real-time performance is improved, and compared with a short message reminding mode, the method can remind and stop the account moving operation before the account completes the account moving operation, thereby effectively preventing the abnormal account moving operation of the account and improving the account safety.
Corresponding to the foregoing method embodiment, an embodiment of the present invention further provides an abnormal dynamic account processing apparatus, a schematic structural diagram of which is shown in fig. 5, and the apparatus may include: a establishing unit 11, a determining unit 12, a judging unit 13 and an executing unit 14.
The establishing unit 11 is configured to establish a corresponding secure account model for each account in advance, where the secure account model is established based on account data of the corresponding account, and the account data is at least used for indicating account dynamic status of the account. That is, when any account completes a account moving operation, the account data of the account is recorded to indicate whether the account moving operation is successful, and when the account moving operation is successful, various information such as transaction parties, transaction amount and transaction type needs to be recorded in the account data, and the information is recorded in corresponding systems such as fund systems, loan systems and deposit systems of various large banks. After obtaining the above-mentioned account data, the establishing unit 11 may establish a secure account model based on the account data, and please refer to the relevant description in the method embodiment for the establishing process, which is not described again in this embodiment of the present invention.
The determining unit 12 is configured to determine, after receiving the account reconciliation request, a secure account model corresponding to the account reconciliation request. In the embodiment of the present invention, each account corresponds to one secure account model, so after receiving the account reconciliation request, the determining unit 12 needs to first determine the corresponding secure account model, and the specific determination manner may be through information carried in the account reconciliation request.
For example, the account-moving request carries unique identification information indicating an account, where the unique identification information indicating the account may be a bank card number corresponding to the account, and thus the corresponding secure account model may be found by the bank card number.
And the judging unit 13 is configured to judge whether the account moving operation corresponding to the account moving account request is an abnormal account moving operation based on the corresponding secure account model, and obtain a judgment result. In the embodiment of the present invention, the determination unit 13 may determine based on only the secure account model, based on the following rules:
the organization number of the dynamic account request is in the common home area range of the user; daily account is within 1 time; the consumption amount of the account moving request is less than or equal to that specified by the financial information-contract information in the secure account model; the transaction type of the dynamic account request conforms to the specification of the financial information-contract information in the secure account model; the information of the transaction opponent of the dynamic account request exists in the historical transaction record of the financial information-transaction information in the secure account model, so that when the dynamic account operation is judged to be in accordance with the rule based on the secure account model, the judgment result that the dynamic account operation corresponding to the account dynamic account request is normal dynamic account operation is obtained; and if the account moving operation does not accord with any rule, obtaining a judgment result that the account moving operation corresponding to the account moving request is abnormal account moving operation. It should be noted that the above rules are not uniform and may be adjusted according to different services and different client groups.
Or the determining unit 13 may determine, based on the secure account model, by combining with other information to adapt to that the user corresponding to the account himself initiates an operation that does not conform to the action habit of the user, and as shown in fig. 6, the determining unit 13 may include: a judging subunit 131, a sending subunit 132, a matching subunit 133, a first obtaining subunit 134, and a second obtaining subunit 135.
And the judging subunit 131 is configured to judge whether the account mobilization operation corresponding to the account mobilization request is an abnormal operation based on the corresponding secure account model.
And the sending subunit 132 is configured to send, when it is determined that the account moving account operation corresponding to the account moving account request is an abnormal operation, a verification request to a device corresponding to the account moving account request. Under the condition that the account moving operation corresponding to the account moving request is judged to be abnormal operation based on the safe account model, whether the abnormal operation is initiated by the user corresponding to the account or not can be further judged in a verification mode, so that the method is suitable for the user to initiate the operation which does not accord with the account moving habit of the user at a certain moment.
In the embodiment of the invention, the verification request can be a short message verification request, the verification request can send a short message verification code to the equipment recorded in the account data, and the equipment recorded in the account data is the equipment used by the user, so that after the equipment used by the user receives the short message verification code, if the abnormal operation is certainly initiated by the user, the user can feed back the short message verification code.
The matching subunit 133 is configured to, after receiving the first verification information corresponding to the verification request, match the second verification information of the account corresponding to the account reconciliation request.
The first obtaining subunit 134 is configured to obtain, when the first verification information and the second verification information are not matched, a determination result that the dynamic account operation corresponding to the account dynamic account request is an abnormal dynamic account operation. The short message verification code can be used as first verification information, when the short message verification code input by the user is not matched with the short message verification code which is used as second verification information in the verification request, the abnormal operation is not initiated by the user, and a judgment result that the account moving operation corresponding to the account moving account request is the abnormal moving account operation can be obtained.
And the second obtaining subunit 135 is configured to obtain a determination result that the dynamic account operation corresponding to the account dynamic account request is a normal dynamic account operation when the dynamic account operation corresponding to the account dynamic account request is a normal operation, or when the dynamic account operation corresponding to the account dynamic account request is an abnormal operation and the first verification information and the second verification information are matched. And when the account moving operation corresponding to the account moving account request is normal operation, indicating that the account moving operation is consistent with the user account moving habit, and further obtaining a judgment result that the account moving operation corresponding to the account moving account request is normal account moving operation. Or the short message verification code serving as the first verification information is matched with the short message verification code serving as the second verification information in the verification request, the abnormal operation is certainly initiated by the user, and a judgment result that the account moving operation corresponding to the account moving account request is a normal account moving operation is obtained.
In addition, in the embodiment of the present invention, the verification request sent by the sending subunit 132 may also adopt other manners besides the short message verification request, and further may adopt different verification manners to determine whether the dynamic account operation is an abnormal dynamic account operation, so as to improve the security of the account.
And if the account moving operation corresponding to the account moving account request is judged to be abnormal operation, sending a verification mode confirmation request to the first equipment corresponding to the account moving account request. And when first confirmation information corresponding to the verification mode confirmation request is received, sending a short message verification request to the first equipment so as to receive a short message verification code serving as the first verification information. And when second confirmation information corresponding to the verification mode confirmation request is received, sending an identity verification request to second equipment corresponding to the account moving request so as to receive identity information serving as first verification information, wherein the identity information comprises fingerprint information or iris information corresponding to the account moving request.
And the execution unit 14 is configured to cancel the account dynamic account operation corresponding to the account dynamic account request when the determination result indicates that the account dynamic account operation corresponding to the account dynamic account request is an abnormal account dynamic operation. It can be understood that: the abnormal account moving operation is used for indicating that the account moving operation is not consistent with the account moving habit of the user indicated by the secure account model, and further indicating that the current account moving operation is possibly initiated by an illegal user (namely, the user corresponding to a non-account), therefore, when the judgment result indicates that the account moving operation corresponding to the account moving request is the abnormal account moving operation, the account moving operation corresponding to the account moving request needs to be cancelled, the threat of the illegal user to the account is reduced, and the account security is improved.
As can be seen from the foregoing technical solutions, the abnormal account mobilization processing device provided in the embodiment of the present invention establishes a corresponding secure account model for each account in advance, and after receiving an account mobilization request, can determine whether an account mobilization operation corresponding to the account mobilization request is an abnormal account mobilization operation based on the corresponding secure account model; and when the judgment result shows that the account moving operation corresponding to the account moving account request is the abnormal account moving operation, canceling the account moving operation corresponding to the account moving account request. In the invention, the safe account model is established based on the account data for indicating the account moving condition, and the account moving condition reflects the operation habit of the corresponding user to the account, so that the invention can determine whether the operation habit of the corresponding user to the account is abnormal account moving operation or not based on the operation habit of the corresponding user to the account, and compared with the prior art, the judgment mode improves the judgment intelligence.
And the judging mode provided by the invention can judge whether the corresponding account moving operation is the abnormal account moving operation before the account completes the account moving operation, the account moving operation is directly cancelled when the corresponding account moving operation is the abnormal account moving operation, the real-time performance is improved, and compared with a short message reminding mode, the method can remind and stop the account moving operation before the account completes the account moving operation, thereby effectively preventing the abnormal account moving operation of the account and improving the account safety.
The method and the device for processing the abnormal account statements provided by the embodiment of the invention can be applied to an application framework shown in fig. 7, wherein the application framework comprises the following components: kafka clusters, processing clusters, which may be Storm clusters or Spark clusters, and Hadoop clusters.
The Kafka cluster is configured to receive an account dynamic-account request sent in a UDP (User Datagram Protocol) message format, where the account dynamic-account request includes: the Kafka cluster sends an account dynamic account request to a processing cluster after receiving the account dynamic account request, and can also store the account dynamic account request in an HDFS of the Hadoop cluster, wherein the HDFS (Hadoop Distributed File System) is equipment for storing mass data in the Hadoop cluster.
Processing the cluster to judge the account moving operation corresponding to the account moving request based on the safe moving account model, sending the judgment result to an OCRM (Operational Customer Relationship Management system), and processing the current account moving operation based on the judgment result by the OCRM, and if the judgment result indicates that the account moving operation corresponding to the account moving account request is an abnormal account moving operation, canceling the account moving operation corresponding to the account moving account request; and when the judgment result shows that the account moving operation corresponding to the account moving account request is normal, executing the account moving operation corresponding to the account moving account request.
And data related to the safety dynamic account model is extracted from the original system and then stored in Impala and HBase of the Hadoop cluster, so that the processing cluster can be directly extracted from the Hadoop cluster without extracting from the original system every time.
The Kafka cluster, the Storm cluster or the Spark cluster and the Hadoop cluster are all existing clusters, for example, the Kafka cluster is a high-throughput distributed message system. The Spark cluster is a data parallel computing framework based on memory computing, data based on the processing process of the Spark cluster is from a Hadoop cluster, and Impala and HBase belong to components of the Hadoop cluster, so that the Kafka cluster, the Storm cluster or Spark cluster and the Hadoop cluster are not elaborated in detail in the embodiment of the invention.
It should be noted that, in the present specification, the embodiments are all described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments may be referred to each other. For the device-like embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.

Claims (10)

1. An abnormal account mobilization processing method is characterized by comprising the following steps:
establishing a corresponding safe account model for each account in advance, wherein the safe account model is established based on account data of the corresponding account, the account data is at least used for indicating account dynamic situation, the account dynamic situation comprises that when any one account completes account dynamic operation, the account data of the account is recorded to indicate whether the account dynamic operation is successful, and in the case that the account dynamic operation is successful, information at least comprising transaction parties, a transaction amount and a transaction type is recorded in the account data, wherein the account data of the same account is maintained in the same area;
after an account dynamic account request is received, determining the safe account model corresponding to the account dynamic account request, wherein the account dynamic account request carries unique identification information indicating an account, and each account corresponds to one safe account model;
judging whether the account dynamic account operation corresponding to the account dynamic account request is abnormal dynamic account operation or not based on the corresponding safe account model to obtain a judgment result;
when the judgment result shows that the account dynamic account operation corresponding to the account dynamic account request is abnormal dynamic account operation, canceling the dynamic account operation corresponding to the account dynamic account request;
the establishment process of the secure account model comprises the following steps:
constructing a big data platform and storing account data of each account;
constructing a user account model based on a big data platform;
and extracting account data belonging to normal account moving operation based on the user account model, and associating the extracted account data to a corresponding account to obtain a safety account moving model corresponding to the account.
2. The method according to claim 1, wherein the determining, based on the corresponding secure account model, whether the account dynamic account operation corresponding to the account dynamic account request is an abnormal dynamic account operation, and obtaining a determination result includes:
judging whether the account moving operation corresponding to the account moving account request is abnormal operation or not based on the corresponding safe account model;
when the account moving operation corresponding to the account moving account request is judged to be abnormal operation, sending a verification request to equipment corresponding to the account moving account request;
after first verification information corresponding to the verification request is received, matching with second verification information of the account corresponding to the account dynamic account request;
when the first verification information is not matched with the second verification information, obtaining a judgment result that the account dynamic account operation corresponding to the account dynamic account request is an abnormal account dynamic operation;
and when the account dynamic account operation corresponding to the account dynamic account request is normal operation or when the account dynamic account operation corresponding to the account dynamic account request is abnormal operation and the first verification information is matched with the second verification information, obtaining a judgment result that the account dynamic account operation corresponding to the account dynamic account request is normal dynamic account operation.
3. The method according to claim 2, wherein when it is determined that the account dynamic account operation corresponding to the account dynamic account request is an abnormal operation, sending a verification request to a device corresponding to the account dynamic account request includes: and when the account moving operation corresponding to the account moving account request is judged to be abnormal operation, sending a short message verification request to equipment corresponding to the account moving account request so as to receive a short message verification code serving as the first verification information.
4. The method according to claim 2, wherein when it is determined that the account dynamic account operation corresponding to the account dynamic account request is an abnormal operation, sending a verification request to a device corresponding to the account dynamic account request includes:
when the account moving operation corresponding to the account moving account request is judged to be abnormal operation, sending a verification mode confirmation request to first equipment corresponding to the account moving account request;
when first confirmation information corresponding to the verification mode confirmation request is received, sending a short message verification request to the first equipment so as to receive a short message verification code serving as the first verification information;
and when second confirmation information corresponding to the verification mode confirmation request is received, sending an identity verification request to second equipment corresponding to the account moving account request so as to receive identity information serving as first verification information.
5. The method of claim 4, wherein the identity information comprises: fingerprint information or iris information corresponding to the account reconciliation request.
6. An exception action account processing apparatus, the apparatus comprising:
the account data of the account are recorded to indicate whether the account moving operation is successful or not when any account completes the account moving operation, and information at least comprising transaction parties, transaction amount and transaction type is recorded in the account data when the account moving operation is successful, wherein the account data of the same account is maintained in the same area; the establishment process of the secure account model comprises the following steps: constructing a big data platform and storing account data of each account; constructing a user account model based on a big data platform; extracting account data belonging to normal dynamic account operation based on the user account model, and associating the extracted account data to a corresponding account to obtain a safe dynamic account model corresponding to the account;
the determining unit is used for determining the secure account model corresponding to the account movement request after receiving the account movement request, wherein the account movement request carries unique identification information indicating an account, and each account corresponds to one secure account model;
the judging unit is used for judging whether the account dynamic account operation corresponding to the account dynamic account request is abnormal dynamic account operation or not based on the corresponding safe account model to obtain a judgment result;
and the execution unit is used for canceling the account dynamic account operation corresponding to the account dynamic account request when the judgment result shows that the account dynamic account operation corresponding to the account dynamic account request is an abnormal account dynamic operation.
7. The apparatus according to claim 6, wherein the determining unit comprises:
the judging subunit is configured to judge whether an account moving operation corresponding to the account moving request is an abnormal operation based on the corresponding secure account model;
the sending subunit is configured to send, when it is determined that an account moving operation corresponding to the account moving request is an abnormal operation, a verification request to a device corresponding to the account moving request;
the matching subunit is used for matching the second verification information of the account corresponding to the account dynamic account request after receiving the first verification information corresponding to the verification request;
the first obtaining subunit is configured to obtain, when the first verification information and the second verification information are not matched, a determination result that the dynamic account operation corresponding to the account dynamic account request is an abnormal dynamic account operation;
and the second obtaining subunit is configured to obtain a determination result that the dynamic account operation corresponding to the account dynamic account request is a normal dynamic account operation when the dynamic account operation corresponding to the account dynamic account request is a normal operation, or when the dynamic account operation corresponding to the account dynamic account request is an abnormal operation and the first verification information and the second verification information are matched.
8. The apparatus according to claim 7, wherein the sending unit is configured to send a short message verification request to a device corresponding to the account dynamic account request to receive a short message verification code as the first verification information when it is determined that the dynamic account operation corresponding to the account dynamic account request is an abnormal operation.
9. The apparatus according to claim 7, wherein the sending unit is configured to send a verification mode confirmation request to a first device corresponding to the account dynamic account request when it is determined that a dynamic account operation corresponding to the account dynamic account request is an abnormal operation;
when first confirmation information corresponding to the verification mode confirmation request is received, a short message verification request is sent to the first equipment to receive a short message verification code serving as the first verification information, and when second confirmation information corresponding to the verification mode confirmation request is received, an identity verification request is sent to the second equipment corresponding to the account dynamic account request to receive identity information serving as the first verification information.
10. The apparatus of claim 9, wherein the identity information comprises: fingerprint information or iris information corresponding to the account reconciliation request.
CN201511032630.8A 2015-12-31 2015-12-31 Abnormal account moving processing method and device Active CN105654379B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201511032630.8A CN105654379B (en) 2015-12-31 2015-12-31 Abnormal account moving processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201511032630.8A CN105654379B (en) 2015-12-31 2015-12-31 Abnormal account moving processing method and device

Publications (2)

Publication Number Publication Date
CN105654379A CN105654379A (en) 2016-06-08
CN105654379B true CN105654379B (en) 2020-07-03

Family

ID=56491098

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201511032630.8A Active CN105654379B (en) 2015-12-31 2015-12-31 Abnormal account moving processing method and device

Country Status (1)

Country Link
CN (1) CN105654379B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108615153A (en) * 2018-04-28 2018-10-02 百度在线网络技术(北京)有限公司 Processing method, device, system, equipment and the storage medium of block chain data

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008203969A (en) * 2007-02-16 2008-09-04 Oki Electric Ind Co Ltd Monitoring system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102034182A (en) * 2010-11-29 2011-04-27 深圳市爱贝信息技术有限公司 Method and device for secure transaction of payment platform account
CN103049851A (en) * 2012-12-27 2013-04-17 中国建设银行股份有限公司 Transaction data-based anti-fraud monitoring method and device

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008203969A (en) * 2007-02-16 2008-09-04 Oki Electric Ind Co Ltd Monitoring system

Also Published As

Publication number Publication date
CN105654379A (en) 2016-06-08

Similar Documents

Publication Publication Date Title
CN108062629B (en) Transaction event processing method, terminal device and medium
US10965668B2 (en) Systems and methods to authenticate users and/or control access made by users based on enhanced digital identity verification
CN110517097B (en) Method, device, equipment and storage medium for identifying abnormal users
US9888007B2 (en) Systems and methods to authenticate users and/or control access made by users on a computer network using identity services
US10250583B2 (en) Systems and methods to authenticate users and/or control access made by users on a computer network using a graph score
KR102179152B1 (en) Client authentication using social relationship data
EP2748781B1 (en) Multi-factor identity fingerprinting with user behavior
US8484700B2 (en) Cross-network reputation for online services
CN107169499B (en) Risk identification method and device
CN109698809B (en) Method and device for identifying abnormal login of account
CN110232565B (en) Resource clearing method, device, computer equipment and storage medium
CN106549902B (en) Method and device for identifying suspicious users
WO2020248658A1 (en) Abnormal account detection method and apparatus
CN109543373B (en) Information identification method and device based on user behaviors
CN103049851A (en) Transaction data-based anti-fraud monitoring method and device
CN107798541B (en) Monitoring method and system for online service
CN109936556B (en) Monitoring method and device for account stealing event
CN108694657A (en) Client's identification device, method and computer readable storage medium
CN104836781A (en) Method distinguishing identities of access users, and device
CN110892675B (en) Method and apparatus for monitoring block chains
CN106470204A (en) User identification method based on request behavior characteristicss, device, equipment and system
CN108961034A (en) System and method, storage medium based on user behavior certification
CN105654379B (en) Abnormal account moving processing method and device
CN112667706A (en) Method and device for identifying stolen account
CN114841698A (en) Transaction information processing method and device and computer readable storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant