WO2011025689A1 - Integrated fraud platform - Google Patents

Integrated fraud platform Download PDF

Info

Publication number
WO2011025689A1
WO2011025689A1 PCT/US2010/045707 US2010045707W WO2011025689A1 WO 2011025689 A1 WO2011025689 A1 WO 2011025689A1 US 2010045707 W US2010045707 W US 2010045707W WO 2011025689 A1 WO2011025689 A1 WO 2011025689A1
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
fraud platform
integrated
integrated fraud
platform
Prior art date
Application number
PCT/US2010/045707
Other languages
French (fr)
Inventor
E. Sue Ross
Charles F. Pigg
Original Assignee
Bank Of America Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bank Of America Corporation filed Critical Bank Of America Corporation
Publication of WO2011025689A1 publication Critical patent/WO2011025689A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance

Definitions

  • the systems and methods may include receiving a first transaction of a first transaction type at an integrated fraud platform of a financial institution and analyzing the first transaction at the integrated fraud platform to determine whether the first transaction is fraudulent.
  • the systems and methods may further include receiving a second transaction of a second transaction type at the integrated fraud platform, the second transaction type being different from the first transaction type and analyzing the second transaction at the integrated fraud platform to determine whether the second transaction is fraudulent.
  • the systems and methods may include storing the results of the analysis of the first transaction and the second transaction at the integrated fraud platform.
  • aspects of this disclosure may further relate to systems and methods of evaluating transactions at a financial institution, comprising creating an alert at an integrated fraud platform.
  • the systems and methods may further include receiving a first transaction of a first transaction type at the integrated fraud platform and analyzing the first transaction at the integrated fraud platform, wherein analyzing the first transaction includes evaluating the first transaction based on the created alert.
  • the systems and methods may further include receiving a second transaction of a second transaction type at the integrated fraud platform, the second transaction type being different from the first transaction type and analyzing the second transaction at the integrated fraud platform, wherein analyzing the second transaction includes evaluating the second transaction based on the created alert.
  • aspects of this disclosure may also relate to one or more computer-readable media and/or an apparatus having one or more processors and one or more memories storing computer readable instructions that, when executed, cause one or more processors to perform the methods described herein.
  • FIG. 1 illustrates an example of a suitable operating environment in which various aspects of the disclosure may be used.
  • FIG. 2 illustrates one example conventional fraud detection system and method.
  • FIG. 3 illustrates one example fraud detection system and method implementing an integrated fraud platform in accordance with aspects described herein.
  • FIG. 4 illustrates a simplified diagram of a system of fraud detection implementing an integrated fraud platform in accordance with aspects described herein.
  • FIG. 5 is an example method of evaluating transactions for potential fraud and creating alerts in the integrated fraud platform in accordance with aspects described herein.
  • FIG. 6 illustrates one example user interface for creating alerts via the integrated fraud platform in accordance with aspects described herein.
  • the integrated fraud platform may permit evaluation of various types of transactions in a single system and may permit results of fraud analysis to be compiled, stored, sorted, etc.
  • the integrated fraud platform may permit creation of alerts via importing the alert from an existing fraud detection system, creating the alert in the integrated fraud platform or manually creating the alert.
  • Figure 1 illustrates a block diagram of a generic computing device 101 (e.g., a computer server) in computing environment 100 that may be used according to an illustrative embodiment of the disclosure.
  • the computer server 101 may have a processor 103 for controlling overall operation of the server and its associated components, including RAM 105, ROM 107, input/output module 109, and memory 115.
  • I/O 109 may include a microphone, mouse, keypad, touch screen, scanner, optical reader, and/or stylus (or other input device(s)) through which a user of server 101 may provide input, and may also include one or more of a speaker for providing audio output and a video display device for providing textual, audiovisual and/or graphical output.
  • Software may be stored within memory 115 and/or other storage to provide instructions to processor 103 for enabling server 101 to perform various functions.
  • memory 115 may store software used by the server 101, such as an operating system 117, application programs 119, and an associated database 121.
  • some or all of server 101 computer executable instructions may be embodied in hardware or firmware (not shown).
  • the server 101 may operate in a networked environment supporting connections to one or more remote computers, such as terminals 141 and 151.
  • the terminals 141 and 151 may be personal computers or servers that include many or all of the elements described above relative to the server 101.
  • the network connections depicted in Figure 1 include a local area network (LAN) 125 and a wide area network (WAN) 129, but may also include other networks.
  • LAN local area network
  • WAN wide area network
  • the computer 101 is connected to the LAN 125 through a network interface or adapter 123.
  • the server 101 may include a modem 127 or other network interface for establishing communications over the WAN 129, such as the Internet 131.
  • Computing device 101 and/or terminals 141 or 151 may also be mobile terminals (e.g., mobile phones, PDAs, notebooks, etc.) including various other components, such as a battery, speaker, and antennas (not shown).
  • mobile terminals e.g., mobile phones, PDAs, notebooks, etc.
  • various other components such as a battery, speaker, and antennas (not shown).
  • the disclosure is operational with numerous other general purpose or special purpose computing system environments or configurations.
  • Examples of well known computing systems, environments, and/or configurations that may be suitable for use with the disclosure include, but are not limited to, personal computers, server computers, handheld or laptop devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.
  • the disclosure may be described in the general context of computer-executable instructions, such as program modules, being executed by one or more computers and/or one or more processors associated with the computers.
  • program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types.
  • aspects of the disclosure may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network.
  • program modules may be located in both local and remote computer storage media including memory storage devices.
  • FIG. 2 illustrates one example conventional fraud detection system and method 200.
  • System 200 includes a plurality of transactions 200a-200e.
  • the transactions may include items such as a customer deposit at an automated teller machine (ATM) 200a, a customer deposit at a bank or other financial institution 200b, a credit card transaction 200c, opening a new account 20Od and/or a non-monetary transaction 20Oe.
  • Non- monetary transactions may include transactions such as change of address, adding an additional person to an account, and the like.
  • Various other transactions, such as a check cashing transaction may also be evaluated for potential fraud and nothing in the disclosure should be viewed as limiting the potentially fraudulent transactions to only those listed above.
  • the system and method 200 further includes an analysis of the potential fraud for each transaction 200a-200e.
  • each transaction 200a-200e is analyzed separately from the other transactions and, in some arrangements, by a different analyst 202a- 202e.
  • An analyst may be a computer system configured to identify fraudulent transactions, an individual analyzing transactions for instances of fraud, and the like.
  • a fraud result is output.
  • the fraud result may identify a fraudulent transaction, may identify a need for additional information, etc.
  • each fraud result output 204a- 204e is separate from the other fraud result outputs 204a-204e. This conventional system may be inefficient due to a lack of communication between analysts 202a-202e, failure to compile fraud result outputs 204a-204e into a single system or database to develop a history of potential fraud, etc.
  • FIG. 3 illustrates one example fraud detection system and method 300 implementing the integrated fraud platform as described herein.
  • the system and method 300 includes various transactions that are similar to those transactions shown in FIG. 2. However, each transaction is analyzed for potentially fraudulent activity at the integrated fraud platform 302.
  • the integrated fraud platform 302 may monitor or interrogate each of the transactions for fraud and may output the result for each transaction analyzed to a single fraud result output 304. This arrangement may improve efficiency by analyzing all transactions in a single platform.
  • output of all results to a central system may allow for storage of results in order to build a history of instances. For instance, in some arrangements, a transaction may be given a fraud score in order to rate the potential that the transaction is fraudulent.
  • the fraud score is based solely on the analysis of the current transaction and is isolated from any history associated with that account, user, etc.
  • the system and method 300 may permit histories of previous transactions, analysis, etc. to be stored and that information may also be considered when generating the fraud score of current or future transactions. For example, if an account has had several previous instances of fraudulent transactions, such instances may raise the fraud score for the transaction currently being analyzed because that account has a history of fraudulent occurrences which may make the current transaction more likely to be fraudulent. Further, analysis for various transactions may be stored and/or sorted to provide information regarding instances of fraud for an individual, account, credit card, etc.
  • FIG. 4 illustrates one example computing environment in which the integrated fraud platform 400 may be used.
  • the components and modules described in the Figure may include firmware, hardware, software and/or combinations thereof.
  • the integrated fraud platform 400 may include a rules processing module 406.
  • the rules processing module may store rules used to evaluate or interrogate transactions to determine whether the transaction is or may be fraudulent.
  • the rules processing module 406 may receive transactions, analyze the transaction for fraudulent activity and may output a result. This analysis may include, in some examples, dollar amount associated with the transaction, channel type (e.g., banking center, ATM, etc.), velocity of transactions, transaction type, etc.
  • Transaction analysis may further include, but is not limited to, in pattern and out of pattern recognition, customer patterns and amount recognition.
  • a hold may be placed on one or more accounts, the transaction may be automatically sent to a dialer, etc.
  • the rules processing module may provide a fraud score to rate the potential that a transaction may be fraudulent.
  • the rules processing module 406 may evaluate transaction in real time (i.e., as the transaction is taking place) or may evaluate the transaction after the transaction has been completed.
  • the integrated fraud platform may include a rule creation module 408.
  • the rule creation module 408 may create or establish the rules or alerts used to evaluate transactions and determine whether the transaction is fraudulent.
  • an alert may be a transaction or activity occurring on an account that has potential to be fraudulent.
  • the rule creation module 408 may permit a user to create a rule in multiple ways.
  • a rule may be created by importing the rule from another fraud analysis system.
  • the rule may be created automatically by the integrated fraud platform from raw data received and based on various factors, such as analysis of transactions, history of fraudulent transactions, etc.
  • a rule may be created manually by a user. For instance, a user may create a rule via user interface 402 which may connect to the integrated fraud platform 400 via one or more networks 404 (e.g., the Internet).
  • the integrated fraud platform 400 may further include a case management module 410.
  • the case management module may, in some arrangements, store the results of the analysis performed in the rule processing module 406 and may permit a user to sort the results, generate reports based on the results, aid in identifying future instances of fraud based on the stored results, and the like.
  • FIG. 5 illustrates one example method of evaluating transactions for potential fraud and creating alerts in the integrated fraud platform.
  • a transaction is received at the integrated fraud platform.
  • an alert is created.
  • the alert may be imported from another existing fraud evaluation system. If the alert is not imported in step 504, an alert may be created in the integrated fraud platform in step 506. If the alert is not created in step 506, the alert may be created manually in step 508. If no alert is created in steps 504-508, the system may return to step 504 to create an alert using one of the available methods.
  • the transaction is interrogated in step 510 to determine whether the transaction is fraudulent or potentially fraudulent in step 512.
  • an interface may be transmitted to a teller, ATM, etc. indicating that the transaction is or may be fraudulent.
  • a record of the transaction may be transmitted to a recovery team to mitigate damage associated with any fraud, etc.
  • Other actions taken upon determining that a transaction is fraudulent may include, but are not limited to, account closure, returning checks, and/or customer notification.
  • the results may be reported and/or stored in the integrated fraud platform, as discussed above.
  • FIG. 6 illustrates one example user interface 600 that may be used to create alerts in the integrated fraud platform.
  • a user may select to create an alert.
  • Field 602 may include a drop down menu including options for creating the alert. Additionally or alternatively, selection of a create alert option 602 may prompt a second user interface which may provide options similar to those shown in the drop down menu for creating an alert. Selection of an option may be performed by clicking or double-clicking the desired selection, selecting a radio button associated with the desired selection, and the like.
  • User interface 600 may also include a field 604 for inputting a manual alert. Additionally or alternatively, field 604 or an additional field (not shown) may be provided to select an alert to import or create the alert from the integrated fraud platform. Once a user has made any desired selections, the alert may be created by selecting the create button 606. A user may also clear any selections by selecting a clear button 608.
  • a teller at a financial institution may receive a transaction including a deposit with a request for cash back.
  • the transaction is evaluated or interrogated in real time via the integrated fraud platform to determine if the transaction may be fraudulent.
  • the interrogation may, in some arrangements, include a determination of whether the account to which the deposit is being made or the cash back is being withdrawn is closed, if any other fraudulent activity has taken place on one or more of the accounts, if any non-monetary activity has occurred on the account (e.g., change of address, change of name, etc.).
  • the integrated fraud platform identifies the transaction as potentially fraudulent, the teller may receive an alert on his or her work station, computer, etc. In response, the teller may ask for additional identification, may require that a different account be used, may deny the transaction, and the like.
  • the evaluation of the transaction may occur after the transaction has been completed, rather than occurring in real time.
  • aspects described herein may be embodied as a method, a data processing system, or as one or more computer-readable media storing computer-executable instructions. Accordingly, those aspects may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects.
  • signals representing data or events as described herein may be transferred between a source and a destination in the form of light and/or electromagnetic waves traveling through signal-conducting media such as metal wires, optical fibers, and/or wireless transmission media (e.g., air and/or space).

Abstract

Fraud detection systems and methods implementing an integrated fraud platform are presented. The integrated fraud platform may receive a plurality of transactions of various types and may evaluate the transactions to determine whether the transactions are fraudulent. In some arrangements, results of the analysis may be stored at the integrated fraud platform and may be used in evaluation of future transactions. Additionally or alternatively, the integrated fraud platform may permit creation of rules or alerts by importing the rule or alert from another fraud detection system. In some arrangements, the rule or alert may be created automatically at the integrated fraud platform or manually by a user.

Description

INTEGRATED FRAUD PLATFORM
BACKGROUND
[01] Fraudulent bank, credit card, etc. transactions are becoming more common everyday.
In order to keep up with this increase in fraudulent or potentially fraudulent transactions, banks and other financial institutions are analyzing each transaction to determine whether it is an occurrence of fraud, what actions, if any, should be taken, etc. However, many financial institutions have various fraud filters to identify fraudulent or potentially fraudulent transactions within a transaction type. For instance, one filter may identify fraudulent or potentially fraudulent credit card transactions while another filter may identify fraudulent or potentially fraudulent deposit transactions. These filters generally are not integrated and there is no communication between the filters. Thus, a more efficient method of identifying fraudulent transactions would be advantageous.
SUMMARY
[02] The following presents a simplified summary in order to provide a basic understanding of some aspects of the disclosure. The summary is not an extensive overview of the invention. It is neither intended to identify key or critical elements of the invention nor to delineate the scope of the invention. The following summary merely presents some concepts of the invention in a simplified form as a prelude to the description below.
[03] Aspects of this disclosure relate to fraud detection systems and methods implementing an integrated fraud platform. The systems and methods may include receiving a first transaction of a first transaction type at an integrated fraud platform of a financial institution and analyzing the first transaction at the integrated fraud platform to determine whether the first transaction is fraudulent. The systems and methods may further include receiving a second transaction of a second transaction type at the integrated fraud platform, the second transaction type being different from the first transaction type and analyzing the second transaction at the integrated fraud platform to determine whether the second transaction is fraudulent. Further, the systems and methods may include storing the results of the analysis of the first transaction and the second transaction at the integrated fraud platform.
[04] Aspects of this disclosure may further relate to systems and methods of evaluating transactions at a financial institution, comprising creating an alert at an integrated fraud platform. The systems and methods may further include receiving a first transaction of a first transaction type at the integrated fraud platform and analyzing the first transaction at the integrated fraud platform, wherein analyzing the first transaction includes evaluating the first transaction based on the created alert. The systems and methods may further include receiving a second transaction of a second transaction type at the integrated fraud platform, the second transaction type being different from the first transaction type and analyzing the second transaction at the integrated fraud platform, wherein analyzing the second transaction includes evaluating the second transaction based on the created alert.
[05] Aspects of this disclosure may also relate to one or more computer-readable media and/or an apparatus having one or more processors and one or more memories storing computer readable instructions that, when executed, cause one or more processors to perform the methods described herein.
BRIEF DESCRIPTION OF THE DRAWINGS
[06] The present disclosure is illustrated by way of example and not limited in the accompanying figures in which like reference numerals indicate similar elements.
[07] FIG. 1 illustrates an example of a suitable operating environment in which various aspects of the disclosure may be used.
[08] FIG. 2 illustrates one example conventional fraud detection system and method.
[09] FIG. 3 illustrates one example fraud detection system and method implementing an integrated fraud platform in accordance with aspects described herein.
[10] FIG. 4 illustrates a simplified diagram of a system of fraud detection implementing an integrated fraud platform in accordance with aspects described herein. [11] FIG. 5 is an example method of evaluating transactions for potential fraud and creating alerts in the integrated fraud platform in accordance with aspects described herein.
[12] FIG. 6 illustrates one example user interface for creating alerts via the integrated fraud platform in accordance with aspects described herein.
[13] The reader is advised that the attached drawings are not necessarily drawn to scale. DETAILED DESCRIPTION
[14] Aspects of the present disclosure relate to fraud detection systems and methods implementing an integrated fraud platform. The integrated fraud platform may permit evaluation of various types of transactions in a single system and may permit results of fraud analysis to be compiled, stored, sorted, etc. In addition, the integrated fraud platform may permit creation of alerts via importing the alert from an existing fraud detection system, creating the alert in the integrated fraud platform or manually creating the alert.
[15] Figure 1 illustrates a block diagram of a generic computing device 101 (e.g., a computer server) in computing environment 100 that may be used according to an illustrative embodiment of the disclosure. The computer server 101 may have a processor 103 for controlling overall operation of the server and its associated components, including RAM 105, ROM 107, input/output module 109, and memory 115.
[16] I/O 109 may include a microphone, mouse, keypad, touch screen, scanner, optical reader, and/or stylus (or other input device(s)) through which a user of server 101 may provide input, and may also include one or more of a speaker for providing audio output and a video display device for providing textual, audiovisual and/or graphical output. Software may be stored within memory 115 and/or other storage to provide instructions to processor 103 for enabling server 101 to perform various functions. For example, memory 115 may store software used by the server 101, such as an operating system 117, application programs 119, and an associated database 121. Alternatively, some or all of server 101 computer executable instructions may be embodied in hardware or firmware (not shown). [17] The server 101 may operate in a networked environment supporting connections to one or more remote computers, such as terminals 141 and 151. The terminals 141 and 151 may be personal computers or servers that include many or all of the elements described above relative to the server 101. The network connections depicted in Figure 1 include a local area network (LAN) 125 and a wide area network (WAN) 129, but may also include other networks. When used in a LAN networking environment, the computer 101 is connected to the LAN 125 through a network interface or adapter 123. When used in a WAN networking environment, the server 101 may include a modem 127 or other network interface for establishing communications over the WAN 129, such as the Internet 131. It will be appreciated that the network connections shown are illustrative and other means of establishing a communications link between the computers may be used. The existence of any of various well-known protocols such as TCP/IP, Ethernet, FTP, HTTP, HTTPS, and the like is presumed.
[18] Computing device 101 and/or terminals 141 or 151 may also be mobile terminals (e.g., mobile phones, PDAs, notebooks, etc.) including various other components, such as a battery, speaker, and antennas (not shown).
[19] The disclosure is operational with numerous other general purpose or special purpose computing system environments or configurations. Examples of well known computing systems, environments, and/or configurations that may be suitable for use with the disclosure include, but are not limited to, personal computers, server computers, handheld or laptop devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.
[20] The disclosure may be described in the general context of computer-executable instructions, such as program modules, being executed by one or more computers and/or one or more processors associated with the computers. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. Aspects of the disclosure may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
[21] FIG. 2 illustrates one example conventional fraud detection system and method 200.
System 200 includes a plurality of transactions 200a-200e. The transactions may include items such as a customer deposit at an automated teller machine (ATM) 200a, a customer deposit at a bank or other financial institution 200b, a credit card transaction 200c, opening a new account 20Od and/or a non-monetary transaction 20Oe. Non- monetary transactions may include transactions such as change of address, adding an additional person to an account, and the like. Various other transactions, such as a check cashing transaction, may also be evaluated for potential fraud and nothing in the disclosure should be viewed as limiting the potentially fraudulent transactions to only those listed above.
[22] The system and method 200 further includes an analysis of the potential fraud for each transaction 200a-200e. As shown, each transaction 200a-200e is analyzed separately from the other transactions and, in some arrangements, by a different analyst 202a- 202e. An analyst may be a computer system configured to identify fraudulent transactions, an individual analyzing transactions for instances of fraud, and the like. Once each transaction 200a-200e is analyzed by the various analysts 202a-202e, a fraud result is output. The fraud result may identify a fraudulent transaction, may identify a need for additional information, etc. As shown in FIG. 2, each fraud result output 204a- 204e is separate from the other fraud result outputs 204a-204e. This conventional system may be inefficient due to a lack of communication between analysts 202a-202e, failure to compile fraud result outputs 204a-204e into a single system or database to develop a history of potential fraud, etc.
[23] FIG. 3 illustrates one example fraud detection system and method 300 implementing the integrated fraud platform as described herein. The system and method 300 includes various transactions that are similar to those transactions shown in FIG. 2. However, each transaction is analyzed for potentially fraudulent activity at the integrated fraud platform 302. The integrated fraud platform 302 may monitor or interrogate each of the transactions for fraud and may output the result for each transaction analyzed to a single fraud result output 304. This arrangement may improve efficiency by analyzing all transactions in a single platform. In addition, output of all results to a central system may allow for storage of results in order to build a history of instances. For instance, in some arrangements, a transaction may be given a fraud score in order to rate the potential that the transaction is fraudulent. In conventional systems, the fraud score is based solely on the analysis of the current transaction and is isolated from any history associated with that account, user, etc. The system and method 300 may permit histories of previous transactions, analysis, etc. to be stored and that information may also be considered when generating the fraud score of current or future transactions. For example, if an account has had several previous instances of fraudulent transactions, such instances may raise the fraud score for the transaction currently being analyzed because that account has a history of fraudulent occurrences which may make the current transaction more likely to be fraudulent. Further, analysis for various transactions may be stored and/or sorted to provide information regarding instances of fraud for an individual, account, credit card, etc.
[24] FIG. 4 illustrates one example computing environment in which the integrated fraud platform 400 may be used. The components and modules described in the Figure may include firmware, hardware, software and/or combinations thereof. The integrated fraud platform 400 may include a rules processing module 406. The rules processing module may store rules used to evaluate or interrogate transactions to determine whether the transaction is or may be fraudulent. The rules processing module 406 may receive transactions, analyze the transaction for fraudulent activity and may output a result. This analysis may include, in some examples, dollar amount associated with the transaction, channel type (e.g., banking center, ATM, etc.), velocity of transactions, transaction type, etc. Transaction analysis may further include, but is not limited to, in pattern and out of pattern recognition, customer patterns and amount recognition. In response to determining that a transaction may be fraudulent, a hold may be placed on one or more accounts, the transaction may be automatically sent to a dialer, etc.
[25] In some arrangements, the rules processing module may provide a fraud score to rate the potential that a transaction may be fraudulent. In some arrangements, the rules processing module 406 may evaluate transaction in real time (i.e., as the transaction is taking place) or may evaluate the transaction after the transaction has been completed. In addition, the integrated fraud platform may include a rule creation module 408. The rule creation module 408 may create or establish the rules or alerts used to evaluate transactions and determine whether the transaction is fraudulent. In some arrangements, an alert may be a transaction or activity occurring on an account that has potential to be fraudulent. The rule creation module 408 may permit a user to create a rule in multiple ways. In some arrangements, a rule may be created by importing the rule from another fraud analysis system. In another arrangement, the rule may be created automatically by the integrated fraud platform from raw data received and based on various factors, such as analysis of transactions, history of fraudulent transactions, etc. In still other arrangements, a rule may be created manually by a user. For instance, a user may create a rule via user interface 402 which may connect to the integrated fraud platform 400 via one or more networks 404 (e.g., the Internet).
[26] The integrated fraud platform 400 may further include a case management module 410.
The case management module may, in some arrangements, store the results of the analysis performed in the rule processing module 406 and may permit a user to sort the results, generate reports based on the results, aid in identifying future instances of fraud based on the stored results, and the like.
[27] FIG. 5 illustrates one example method of evaluating transactions for potential fraud and creating alerts in the integrated fraud platform. In step 500 a transaction is received at the integrated fraud platform. In step 502 an alert is created. In step 504, the alert may be imported from another existing fraud evaluation system. If the alert is not imported in step 504, an alert may be created in the integrated fraud platform in step 506. If the alert is not created in step 506, the alert may be created manually in step 508. If no alert is created in steps 504-508, the system may return to step 504 to create an alert using one of the available methods. Once the alert is created, the transaction is interrogated in step 510 to determine whether the transaction is fraudulent or potentially fraudulent in step 512. If the transaction is determined to be fraudulent, in some arrangements an interface may be transmitted to a teller, ATM, etc. indicating that the transaction is or may be fraudulent. In some examples, a record of the transaction may be transmitted to a recovery team to mitigate damage associated with any fraud, etc. Other actions taken upon determining that a transaction is fraudulent may include, but are not limited to, account closure, returning checks, and/or customer notification. In step 514, the results may be reported and/or stored in the integrated fraud platform, as discussed above.
[28] FIG. 6 illustrates one example user interface 600 that may be used to create alerts in the integrated fraud platform. In field 602 a user may select to create an alert. Field 602 may include a drop down menu including options for creating the alert. Additionally or alternatively, selection of a create alert option 602 may prompt a second user interface which may provide options similar to those shown in the drop down menu for creating an alert. Selection of an option may be performed by clicking or double-clicking the desired selection, selecting a radio button associated with the desired selection, and the like. User interface 600 may also include a field 604 for inputting a manual alert. Additionally or alternatively, field 604 or an additional field (not shown) may be provided to select an alert to import or create the alert from the integrated fraud platform. Once a user has made any desired selections, the alert may be created by selecting the create button 606. A user may also clear any selections by selecting a clear button 608.
[29] A system and method of implementing an integrated fraud platform are discussed above. The below example provides one possible scenario in which the integrated fraud platform may be utilized. The example is merely illustrative of one possible circumstance and should nothing in the specification or figures should be construed as limiting the integrated fraud platform to this example.
[30] A teller at a financial institution may receive a transaction including a deposit with a request for cash back. In one example, the transaction is evaluated or interrogated in real time via the integrated fraud platform to determine if the transaction may be fraudulent. The interrogation may, in some arrangements, include a determination of whether the account to which the deposit is being made or the cash back is being withdrawn is closed, if any other fraudulent activity has taken place on one or more of the accounts, if any non-monetary activity has occurred on the account (e.g., change of address, change of name, etc.). If the integrated fraud platform identifies the transaction as potentially fraudulent, the teller may receive an alert on his or her work station, computer, etc. In response, the teller may ask for additional identification, may require that a different account be used, may deny the transaction, and the like. In some arrangements, the evaluation of the transaction may occur after the transaction has been completed, rather than occurring in real time.
[31] Although not required, one of ordinary skill in the art will appreciate that various aspects described herein may be embodied as a method, a data processing system, or as one or more computer-readable media storing computer-executable instructions. Accordingly, those aspects may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. In addition, various signals representing data or events as described herein may be transferred between a source and a destination in the form of light and/or electromagnetic waves traveling through signal-conducting media such as metal wires, optical fibers, and/or wireless transmission media (e.g., air and/or space).
[32] Aspects of the invention have been described in terms of illustrative embodiments thereof. Numerous other embodiments, modifications and variations within the scope and spirit of the appended claims will occur to persons of ordinary skill in the art from a review of this disclosure. For example, one of ordinary skill in the art will appreciate that the steps illustrated in the illustrative figures may be performed in other than the recited order, and that one or more steps illustrated may be optional in accordance with aspects of the disclosure.

Claims

Claims: What is claimed is:
1. A method comprising :
receiving a first transaction of a first transaction type at an integrated fraud platform of a financial institution;
analyzing the first transaction at the integrated fraud platform to determine whether the first transaction is fraudulent or potentially fraudulent;
receiving a second transaction of a second transaction type at the integrated fraud platform, the second transaction type being different from the first transaction type;
analyzing the second transaction at the integrated fraud platform to determine whether the second transaction is fraudulent or potentially fraudulent; and
storing the results of the analysis of the first transaction and the second transaction at the integrated fraud platform.
2. The method of claim 1 , wherein the first transaction type is at least one of: a deposit at an ATM, a deposit at a financial institution, a credit card transaction, a debit card transaction, a check cashing transaction, and a non-monetary transaction.
3. The method of claim 2, wherein the second transaction type is at least another of: a deposit at an ATM, a deposit at a bank, a credit card transaction, a debit card transaction, a check cashing transaction, and a non-monetary transaction.
4. The method of claim 1, further including sorting the results of the analysis based on an account number associated with the transactions.
5. The method of claim 1 , further including
receiving a third transaction at the integrated fraud platform;
analyzing the third transaction at the integrated fraud platform to determine whether the third transaction is fraudulent, wherein analyzing the third transaction includes evaluating stored results of the analysis of the first and second transaction to determine whether the third transaction is fraudulent; and storing the results of the analysis of the third transaction at the integrated fraud platform.
6. The method of claim 1, further including reporting the results of the analysis of the first transaction and the second transaction.
7. A method comprising:
creating an alert at an integrated fraud platform;
receiving a first transaction of a first transaction type at the integrated fraud platform; analyzing the first transaction at the integrated fraud platform, wherein analyzing the first transaction includes evaluating the first transaction based on the created alert;
receiving a second transaction of a second transaction type at the integrated fraud platform, the second transaction type being different from the first transaction type; and
analyzing the second transaction at the integrated fraud platform, wherein analyzing the second transaction includes evaluating the second transaction based on the created alert.
8. The method of claim 7, wherein creating an alert is performed by at least one of:
importing the alert from another fraud detection system, automatically creating the alert at the integrated fraud platform, and manually creating the alert at the integrated fraud platform.
9. The method of claim 7, further including storing the results of the analysis of the first transaction and the second transaction at the integrated fraud platform.
10. The method of claim 7, wherein the first transaction type is at least one of: a deposit at an ATM, a deposit at a bank, a credit card transaction, a debit card transaction, a check cashing transaction, and a non-monetary transaction.
11. The method of claim 10, wherein the second transaction type is at least another of: a deposit at an ATM, a deposit at a bank, a credit card transaction, a debit card transaction, a check cashing transaction, and a non-monetary transaction.
12. One or more computer-readable media storing computer readable instructions that, when executed, cause one or more processors to perform a method, comprising:
receiving a first transaction of a first transaction type at an integrated fraud platform of a financial institution;
analyzing the first transaction at the integrated fraud platform to determine whether the first transaction is fraudulent;
receiving a second transaction of a second transaction type at the integrated fraud platform, the second transaction type being different from the first transaction type;
analyzing the second transaction at the integrated fraud platform to determine whether the second transaction is fraudulent; and
storing the results of the analysis of the first transaction and the second transaction at the integrated fraud platform.
13. The one or more computer-readable media of claim 12, wherein the first transaction type is at least one of a deposit at an ATM, deposit at a bank, credit card transaction, debit card transaction, a check cashing transaction, and non-monetary transaction.
14. The one or more computer-readable media of claim 13, wherein the second transaction type is at least another of a deposit at an ATM, deposit at a bank, credit card transaction, debit card transaction, a check cashing transaction, and non-monetary transaction.
15. The one or more computer-readable media of claim 12, further including sorting the results of the analysis based on an account number associated with the transactions.
16. The one or more computer-readable media of claim 12, further including
receiving a third transaction at the integrated fraud platform;
analyzing the third transaction at the integrated fraud platform to determine whether the third transaction is fraudulent, wherein analyzing the third transaction includes evaluating stored results of the analysis of the first and second transaction to determine whether the third transaction is fraudulent; and storing the results of the analysis of the third transaction at the integrated fraud platform.
17. The one or more computer-readable media of claim 12, further including reporting the results of the analysis of the first transaction and the second transaction.
18. An apparatus comprising:
at least one processor; and
at least one memory storing computer readable instructions that, when executed, cause the at least one processor to:
receive a first transaction of a first transaction type at an integrated fraud platform of a financial institution;
analyze the first transaction at the integrated fraud platform to determine whether the first transaction is fraudulent;
receive a second transaction of a second transaction type at the integrated fraud platform, the second transaction type being different from the first transaction type;
analyze the second transaction at the integrated fraud platform to determine whether the second transaction is fraudulent; and
store the results of the analysis of the first transaction and the second transaction at the integrated fraud platform.
19. The apparatus of claim 18, wherein the first transaction type is at least one of a deposit at an ATM, deposit at a bank, credit card transaction, debit card transaction, a check cashing transaction, and non-monetary transaction.
20. The apparatus of claim 19, wherein the second transaction type is at least another of a deposit at an ATM, deposit at a bank, credit card transaction, debit card transaction, a check cashing transaction, and non-monetary transaction.
21. The apparatus of claim 18, wherein the computer readable instructions, when executed, further cause the apparatus to: receive a third transaction at the integrated fraud platform;
analyzing the third transaction at the integrated fraud platform to determine whether the third transaction is fraudulent, wherein analyzing the third transaction includes evaluating stored results of the analysis of the first and second transaction to determine whether the third transaction is fraudulent; and
storing the results of the analysis of the third transaction at the integrated fraud platform.
22. The apparatus of claim 18, wherein the computer readable instructions, when executed, further cause the apparatus to report the results of the analysis of the first transaction and the second transaction.
PCT/US2010/045707 2009-08-25 2010-08-17 Integrated fraud platform WO2011025689A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US54704109A 2009-08-25 2009-08-25
US12/547,041 2009-08-25

Publications (1)

Publication Number Publication Date
WO2011025689A1 true WO2011025689A1 (en) 2011-03-03

Family

ID=43628328

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2010/045707 WO2011025689A1 (en) 2009-08-25 2010-08-17 Integrated fraud platform

Country Status (1)

Country Link
WO (1) WO2011025689A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10896424B2 (en) * 2017-10-26 2021-01-19 Mastercard International Incorporated Systems and methods for detecting out-of-pattern transactions
US10937030B2 (en) 2018-12-28 2021-03-02 Mastercard International Incorporated Systems and methods for early detection of network fraud events
US11151569B2 (en) 2018-12-28 2021-10-19 Mastercard International Incorporated Systems and methods for improved detection of network fraud events
US11157913B2 (en) 2018-12-28 2021-10-26 Mastercard International Incorporated Systems and methods for improved detection of network fraud events
US11521211B2 (en) 2018-12-28 2022-12-06 Mastercard International Incorporated Systems and methods for incorporating breach velocities into fraud scoring models

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030220878A1 (en) * 2002-03-04 2003-11-27 First Data Corporation Systems and methods for graduated suspicious activity detection
US20060106717A1 (en) * 2000-05-25 2006-05-18 Randle William M End to end check processing from capture to settlement with security and quality assurance
US20070028113A1 (en) * 1999-12-07 2007-02-01 Moskowitz Scott A Systems, methods and devices for trusted transactions
US7197560B2 (en) * 2001-03-20 2007-03-27 Mci, Llc Communications system with fraud monitoring
US20070174214A1 (en) * 2005-04-13 2007-07-26 Robert Welsh Integrated fraud management systems and methods
US20080195540A1 (en) * 2007-02-14 2008-08-14 First Data Corporation Automated teller machine with fraud detection system
US20080201264A1 (en) * 2007-02-17 2008-08-21 Brown Kerry D Payment card financial transaction authenticator

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070028113A1 (en) * 1999-12-07 2007-02-01 Moskowitz Scott A Systems, methods and devices for trusted transactions
US20060106717A1 (en) * 2000-05-25 2006-05-18 Randle William M End to end check processing from capture to settlement with security and quality assurance
US7197560B2 (en) * 2001-03-20 2007-03-27 Mci, Llc Communications system with fraud monitoring
US20030220878A1 (en) * 2002-03-04 2003-11-27 First Data Corporation Systems and methods for graduated suspicious activity detection
US20070174214A1 (en) * 2005-04-13 2007-07-26 Robert Welsh Integrated fraud management systems and methods
US20080195540A1 (en) * 2007-02-14 2008-08-14 First Data Corporation Automated teller machine with fraud detection system
US20080201264A1 (en) * 2007-02-17 2008-08-21 Brown Kerry D Payment card financial transaction authenticator

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10896424B2 (en) * 2017-10-26 2021-01-19 Mastercard International Incorporated Systems and methods for detecting out-of-pattern transactions
US11727407B2 (en) 2017-10-26 2023-08-15 Mastercard International Incorporated Systems and methods for detecting out-of-pattern transactions
US10937030B2 (en) 2018-12-28 2021-03-02 Mastercard International Incorporated Systems and methods for early detection of network fraud events
US11151569B2 (en) 2018-12-28 2021-10-19 Mastercard International Incorporated Systems and methods for improved detection of network fraud events
US11157913B2 (en) 2018-12-28 2021-10-26 Mastercard International Incorporated Systems and methods for improved detection of network fraud events
US11521211B2 (en) 2018-12-28 2022-12-06 Mastercard International Incorporated Systems and methods for incorporating breach velocities into fraud scoring models
US11741474B2 (en) 2018-12-28 2023-08-29 Mastercard International Incorporated Systems and methods for early detection of network fraud events
US11830007B2 (en) 2018-12-28 2023-11-28 Mastercard International Incorporated Systems and methods for incorporating breach velocities into fraud scoring models

Similar Documents

Publication Publication Date Title
US20200380590A1 (en) Client Centric Viewer
US11587101B2 (en) Platform for detecting abnormal entities and activities using machine learning algorithms
US10565592B2 (en) Risk analysis of money transfer transactions
KR101364763B1 (en) Financial fraud warning system using banking transaction pattern analysis and a method thereof
US10127554B2 (en) Fraud early warning system and method
US20070174214A1 (en) Integrated fraud management systems and methods
CN109509093B (en) Transaction security control method and system based on main body portrait
CN101976419A (en) Processing method and system for risk monitoring and controlling of transaction data
US20120150786A1 (en) Multidimensional risk-based detection
CN110866820A (en) Real-time monitoring system, method, equipment and storage medium for banking business
US20120259753A1 (en) System and method for managing collaborative financial fraud detection logic
US20140089193A1 (en) Replay Engine and Passive Profile/Multiple Model Parallel Scoring
US20110202459A1 (en) Processing transactions involving external funds
WO2011025689A1 (en) Integrated fraud platform
Lande et al. Smart banking using IoT
US20220309573A1 (en) Event prediction using classifier as coarse filter
JP5876842B2 (en) Wire fraud prevention system and wire fraud prevention method
CN113256121A (en) Artificial intelligent money laundering method and system
CN115879548B (en) Knowledge graph construction method and system for customer identity recognition
Lopes et al. Applying user signatures on fraud detection in telecommunications networks
CN114357523A (en) Method, device, equipment, storage medium and program product for identifying risk object
Jimoh et al. Enhanced automated teller machine using shortmessage service authentication verification
KR20090063805A (en) Method and system for managing illegal finance deal information and unitedly carrying out verification and report preparation and registration for suspicion deal
Ravi Introduction to banking technology and management
EP4060539A1 (en) Real-time malicious activity detection using non-transaction data

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10812497

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10812497

Country of ref document: EP

Kind code of ref document: A1