CN109003075A - A kind of Risk Identification Method and device - Google Patents

A kind of Risk Identification Method and device Download PDF

Info

Publication number
CN109003075A
CN109003075A CN201710421490.6A CN201710421490A CN109003075A CN 109003075 A CN109003075 A CN 109003075A CN 201710421490 A CN201710421490 A CN 201710421490A CN 109003075 A CN109003075 A CN 109003075A
Authority
CN
China
Prior art keywords
payment
account
delivery operation
payment data
history
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710421490.6A
Other languages
Chinese (zh)
Inventor
郑霖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Advanced New Technologies Co Ltd
Advantageous New Technologies Co Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201710421490.6A priority Critical patent/CN109003075A/en
Publication of CN109003075A publication Critical patent/CN109003075A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The embodiment of the present application discloses a kind of Risk Identification Method and device, this method comprises: monitoring and obtaining payment data corresponding to current delivery operation, obtains the history payment data of the related account of the current delivery operation;Each payment dimension for determining the payment data and history payment data determines that the difference of the payment data and the history payment data between each payment dimension carries out risk identification to the current delivery operation according to the difference.Pass through this method, in the case where not depending on foundation of the black and white sample as risk identification, the deviation between current delivery operation and original payment habit can be determined according to the difference of the payment data of current delivery operation and the history payment data of related account under different payment dimensions.

Description

A kind of Risk Identification Method and device
Technical field
This application involves field of computer technology more particularly to a kind of Risk Identification Methods and device.
Background technique
Currently, under the support of Internet technology, on-line payment increasing prevalence.But it is used by a user, have payment function Can account have the risk being stolen, once account by unauthorized theft, illegal user can carry out illegal payment.
In the prior art, it is influenced in order to which illegal payment is reduced or avoided to legitimate user's bring, generallys use two kinds of wind Dangerous identification method:
Mode one, in advance by occurred it is normal payment and illegal payment corresponding to payment information, respectively as positive and negative Sample is trained, and obtains corresponding identification model.The identification model that training obtains in advance is further used, for based on account The payment behavior currently occurred carries out risk identification, to monitor possible illegal payment.
Mode two presets corresponding risk identification rule based on experience, if certain payment behavior based on account Meet default rule, then the secondary payment is classified as the payment behavior of high risk, and be monitored.
However, there are still certain defects for above-mentioned risk identification mode, specifically:
For mode one, especially being stolen payment card account used by a user (such as bank card account) In the case of, illegal user carries out illegal payment after the account of new registration may be used to bind with the payment card account stolen.This The history payment data of the account of class new registration is usually less, or even payment was never carried out before this illegal payment.So, Also the variable miss rate that will result in model in identification process is higher, and then causes effectively realize the knowledge to illegal payment Not.
For mode two, since the foundation of monitoring rules often relies on artificial experience and understanding, exist certain Subjectivity, have a degree of influence to the accuracy of identification.
Summary of the invention
The embodiment of the present application provides a kind of Risk Identification Method and device, knows at present to the risk of illegal payment to solve Not there are problems that certain defect.
A kind of Risk Identification Method provided by the embodiments of the present application, comprising:
It monitors and obtains payment data corresponding to current delivery operation;
Obtain the history payment data of the related account of the current delivery operation;
Determine each payment dimension of the payment data and history payment data;
Determine the difference of the payment data and the history payment data between each payment dimension;
According to the difference, risk identification is carried out to the current delivery operation.
A kind of risk identification device provided by the embodiments of the present application, comprising:
Monitoring modular monitors and obtains payment data corresponding to current delivery operation;
Historical data obtains module, obtains the history payment data of the related account of the current delivery operation;
Dimension determining module determines each payment dimension of the payment data and history payment data;
Difference computation module determines the payment data and the history payment data between each payment dimension Difference;
Risk identification module carries out risk identification to the current delivery operation according to the difference.
The embodiment of the present application provides a kind of Risk Identification Method and device, in this way, payment platform monitors currently After delivery operation, the payment data of the current delivery operation can be obtained, and current delivery operation related account history branch Pay data.Based on this, payment platform may further determine that out each payment dimension in payment data and history payment data, root According to each payment dimension, the difference between payment data and history payment data can be determined, difference here also can be Reflect whether current delivery operation meets original payment habit to a certain extent.To which payment platform can be according to above-mentioned difference It is different that risk identification is carried out to current delivery operation.
Compared to the prior art, the Risk Identification Method in the application be not relying on black and white sample as risk identification according to According to especially under the scene for using payment card account to be paid, even if with the network account of payment card account binding There is no any history payment data, can also determine to work as according to payment card account itself or the history payment data of account of receipts Difference between preceding delivery operation and the delivery operation of history, meanwhile, the difference determined be based on the data actually generated, Just without relying on subjective regular identification method.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present application, constitutes part of this application, this Shen Illustrative embodiments and their description please are not constituted an undue limitation on the present application for explaining the application.In the accompanying drawings:
Fig. 1 a is the configuration diagram that risk identification process provided by the embodiments of the present application is based on;
Fig. 1 b is risk identification process provided by the embodiments of the present application;
Fig. 2 is another configuration diagram that risk identification process provided by the embodiments of the present application is based on;
Fig. 3 a is a kind of schematic diagram of the logical architecture of risk identification provided by the embodiments of the present application;
Fig. 3 b is the schematic diagram of the logical architecture of another risk identification provided by the embodiments of the present application;
Fig. 4 is risk identification apparatus structure schematic diagram provided by the embodiments of the present application.
Specific embodiment
To keep the purposes, technical schemes and advantages of the application clearer, below in conjunction with the application specific embodiment and Technical scheme is clearly and completely described in corresponding attached drawing.Obviously, described embodiment is only the application one Section Example, instead of all the embodiments.Based on the embodiment in the application, those of ordinary skill in the art are not doing Every other embodiment obtained under the premise of creative work out, shall fall in the protection scope of this application.
Based on foregoing teachings, a kind of Risk Identification Method is provided in the embodiment of the present application, do not depend on black and white sample into It, can be directly according to the realization pair such as the history payment data of account of payment, history payment data of account of receipts while row training The risk identification of illegal payment.
It should be noted that in the embodiment of the present application, the account of payment, it will be appreciated that itself to be stored with payment money Source, and the account for being produced the payment resource of specified quantity according to delivery operation.Can include: network account and/or Payment Card account Family.
Wherein, network account, can be the account that user registers on payment platform, and payment money can be stored in the account Source.Payment card account may include: bank card account, prepaid card account and/or rechargeable card account etc..
The account of receipts, it will be appreciated that be the account for receiving the payment resource being transferred to.Account of receipts may also comprise: net Network account, bank card account etc..
Here payment resource includes but is not limited to: fund, ideal money, the virtual objects that can be traded, storage resource (such as: cloud storage space), computing resource (such as: computational threads calculate equipment).
Framework as shown in Figure 1a can be used in Risk Identification Method described in the embodiment of the present application.Framework in Fig. 1 a Comprising payment user, gathering user and payment platform, under the support of payment platform, paying can between user and gathering user Carrying out on-line payment, (dotted arrow in Fig. 1 a represents payment user to gathering user and initiates payment, and the payment is flat by payment Platform is realized).Wherein:
The payment user, it is believed that be the user for carrying out on-line payment using account of payment, can be personal user Or enterprise customer.The gathering user, it is believed that be that can provide the user of paid business service to payment user, equally It can be personal user or enterprise customer.For the payment transaction for using payment platform to provide, gathering user and payment user Corresponding network account is registered on payment platform.
The payment platform can be server or the service on the payment transactions provider backstage such as website, bank Device cluster.
Certainly, in actual payment scene, payment user can actively initiate payment by terminal, and (terminal is not shown In framework shown in Fig. 1 a).Here terminal includes but is not limited to: smart phone, tablet computer, smartwatch, mobile POS machine The equal equipment such as mobile terminals or computer, ATM machine.
It should be understood that the payment user in Fig. 1 a, may include legitimate user, it is also possible to including illegal user, payment platform By by the Risk Identification Method in the application, identification decision is carried out to each payment.
As shown in Figure 1 b, the risk identification process in the embodiment of the present application includes the following steps:
Step S101: monitoring and obtains payment data corresponding to current delivery operation.
On the basis of framework as shown in Figure 1a, current delivery operation, it may include: at current time, payment platform is received To payment instruction being issued by payment user, based on account of payment.In addition to this, payment platform receives the payment and refers to The part response made after order, also is understood as being range that the current delivery operation is included.
It should be noted that above-mentioned part responds, it usually may is that payment platform is based on payment instruction and generates accordingly Serial number (such as: transaction odd numbers), payment platform the response such as are withholdd based on payment instruction from the account of payment of payment user.Above-mentioned Part response does not usually include: the account of receipts that the fund of deduction is transferred to gathering user by payment platform.In other words, it is paying The angle of platform, the monitoring to delivery operation, that is, monitoring payment user issue the payment instruction based on account of payment, and Before fund is transferred to gathering user by payment platform, a series of responses for being made for payment instruction.
In actual business scenario, any secondary delivery operation can all generate corresponding payment data, such as: the time of payment, The amount to be paid issues the terminal that delivery operation is based on etc..And payment data will be risk in the embodiment of the present application The judgment basis of identification, therefore will acquire the payment data of current delivery operation.
Step S102: the history payment data of the related account of the current delivery operation is obtained.
In the embodiment of the present application, current delivery operation needs to produce payment resource, also need to just specify corresponding expenditure Account, in addition, also need to specify corresponding account of receipts in current delivery operation, therefore account of payment and account of receipts here, just It is regarded as the related account of current delivery operation.So, the history payment data that related account can be obtained, as risk identification Judgement basis.Specifically, payment platform can determine the account information of the corresponding related account of the current delivery operation, and According to the account information, the history payment data of the related account is obtained.
Certainly, in the embodiment of the present application, the monitoring to current delivery operation and corresponding payment data, history pay number According to acquisition, can be realized by the payment services function of payment platform.Here it and is not especially limited.
Step S103: each payment dimension of the payment data and history payment data is determined.
In the embodiment of the present application, all of all previous delivery operation occurred in history is contained in history payment data The different dimension of such as time of payment, payment amount.It correspondingly, similarly include this in the payment data of current delivery operation A little dimensions.
It is appreciated that certain dimensions may can not be used for risk identification, such as: Transaction Identification Number, order number, then, it can be Determine to can be used in the dimension of some or all of subsequent risk identification in payment data and history payment data.In the application In embodiment, it will be used for the dimension of subsequent risk identification, referred to as payment dimension.
Step S104: the difference of the payment data and the history payment data between each payment dimension is determined It is different.
In view of in practical applications, the illegal payment that illegal user carries out, with the branch of legitimate user in normal state A degree of difference can be had by paying between operation.So, in the embodiment of the present application, it may be determined that go out above-mentioned difference.
Wherein, as one of the embodiment of the present application feasible pattern, in order to intuitively show this species diversity, can quantify The value of difference between the current payment data of delivery operation and the history payment data of all previous history delivery operation, such as: dispersion, Similarity etc..
Step S105: according to the difference, risk identification is carried out to the current delivery operation.
It is to be appreciated that also indicating that current branch if differing greatly between payment data and history payment data Pay the payment habit that operation does not meet account of payment holder, in turn, a possibility that current delivery operation is illegal payment compared with It is high.
In the embodiment of the present application, after carrying out risk identification for current delivery operation, corresponding identification knot can be generated Fruit.The recognition result can both show related personnel (such as: the practical holder of account of payment), can also be directly inputted into phase In the air control system answered, to realize the risk control to current delivery operation.It certainly, specifically can be according to the needs of practical application It is set, should not constitute the restriction to the application here.
Through the above steps, the current delivery operation issued for payment user, payment platform are available to current branch Pay the payment data of operation, and current delivery operation related account history payment data.Based on this, payment platform can be with It further determines that out each payment dimension in payment data and history payment data, according to each payment dimension, can determine to prop up The difference between data and history payment data is paid, difference here can also reflect current payment behaviour to a certain extent Whether original payment habit is met.To which payment platform can carry out risk knowledge to current delivery operation according to above-mentioned difference Not.
Compared to the prior art, the Risk Identification Method in the application be not relying on black and white sample as risk identification according to According to can determine current delivery operation and history according to the history payment data of the related accounts such as account of payment or account of receipts Delivery operation between difference, meanwhile, the difference determined is based on the data actually generated, also just without relying on subjectivity Stronger rule identification method.
What needs to be explained here is that the Risk Identification Method in the embodiment of the present application, can preferably be suitable for Payment Card The risk identification of account will be based on the scene of payment card account (for ease of description, hereinafter referred to as are as follows: Payment Card), to this below Risk Identification Method in application embodiment is described in detail.
Under actual payment scene, Payment Card can be associated with by user with the network account binding of itself, can use branch It pays card and carries out on-line payment.Once Payment Card is by unauthorized theft, then illegal user can be by the Payment Card stolen and illegal user The network account of itself carries out binding association, steal card payment.Just it has been observed that the network account of illegal user's new registration, Its history payment data is usually less, even wholly without history payment data.
It can be obtained after payment platform has monitored the delivery operation based on Payment Card of payment user for above-mentioned scene Take the history payment data of Payment Card and the history gathering data of account of receipts.
It is to be appreciated that for the framework shown in Fig. 1 a, it, can be as shown in Figure 2 as a kind of possible extended mode Framework.Compared to framework shown in Fig. 1 a, corresponding database is increased in the framework in Fig. 2, it is possible to understand that ground, each time Payment data (including the corresponding data of account of payment and the corresponding data of account of receipts) caused by paying, is stored in this In database.The database can be database provided by payment transaction provider, be also possible to banking data base.Here not Make specific limit.
So, based on the framework in Fig. 2, payment platform is based on current delivery operation, can determine current delivery operation Used in Payment Card relevant information (such as: the mark of Payment Card), and then can further inquire the branch in the database The history payment data of card is paid (below for ease of description, by the historical data of Payment Card, referred to as " card history XX ", here simultaneously It should not be used as the restriction to the application).
Similarly, payment platform also can determine that the relevant information for the user that collects money corresponding to current delivery operation (such as: receiving Enter the account name of account), the history gathering data of account of receipts are got in the database.
In the embodiment of the present application, the history gathering data of history payment data and account of receipts based on Payment Card In, it may be determined that go out a variety of different payment dimensions, each payment dimension can be assumed that it is that user pays a kind of body being accustomed to It is existing, it specifically can be as shown in table 1.
Pay dimension Payment Card Account of receipts
Time of payment The distribution of card history time of payment The distribution of less history time of payment
Use equipment The distribution of card historical Device The distribution of less historical Device
Equipment OS Card historical Device OS distribution Less historical Device OS distribution
Payment amount The distribution of card history payment amount The distribution of less history payment amount
wifimac Card history wifimac distribution Less history wifimac distribution
The city IP The distribution of the card city history IP The distribution of the city less IP
Table 1
Wherein, the dimension value of time of payment, specifically can be the period divided in advance, such as: morning, the morning, afternoon Deng.
Using the dimension value of equipment, specifically can include: computer, smart phone, tablet computer etc., using equipment this Dimension can be determined according to the device identification for paying terminal used by a user, here without excessively repeating.
Equipment OS refers to the operating system (Operating System, OS) of payment user institute using terminal, it may include: peace Tall and erect (Android) system, IOS system, Windows system etc..
Payment amount is payment amount corresponding to delivery operation.
When wifimac is regarded as payment user's using terminal sending delivery operation, the MAC of the used wifi of terminal Location.
The city IP refers to the city where the network ip address for the terminal for issuing delivery operation.
Certainly, the listed each dimension enumerated is only a kind of example in table 1, and should not be used as the restriction to the application.
The another account of receipts that should be noted that gathering user, may will receive and enter an item of expenditure in the accounts from different Payment Cards or branch The payment resource that family is paid, it will be understood that the payment resource that other Payment Cards or account of payment are paid can not be used for pair The risk identification of the delivery operation of current Payment Card.The data therefore history of the above-mentioned account of receipts got is collected money are to be based on going through Caused by being paid in history using the Payment Card.In other words, in the embodiment of the present application, when the related account includes to receive When entering account, the process for obtaining the history payment data of the related account can be with are as follows: in all history of the account of receipts In payment data, history payment data relevant to the account of payment is obtained.
In addition, in the embodiment of the present application, dispersion can be used to quantify the payment data of current delivery operation and go through Difference between history payment data, history gathering data characterizes the degree that certain delivery operation deviates whole payment habit.
Specifically, dispersion can be calculated after getting above-mentioned data.It in the embodiment of the present application, can be with Using attribute value frequency (Attribute Value Frequency, AVF) algorithm is based on, calculate corresponding to each payment dimension AVF value, and dispersion is further calculated, calculation formula is as follows:
Wherein, M is payment dimension;
xiIndicate i-th delivery operation;
f(xij) it is xiThe frequency that j-th of payment dimension values occurs;
OutlinexIndicate the dispersion of delivery operation.
Based on above-mentioned formula, it is assumed that the history delivery operation of current delivery operation and Payment Card that payment user issues Each payment dimension value is as shown in table 2 below.
Pay dimension Current payment History payment 1 History payment 2 History payment 3 History payment 4
Time of payment Morning Afternoon Afternoon The morning The morning
Client type App App App App App
Equipment OS Android ios ios ios Android
The city IP Chengdu Hangzhou Hangzhou Hangzhou Hangzhou
Table 2
The dispersion between the payment data of current delivery operation and card history payment data can be further calculated out:
As it can be seen that in all previous payment that above-mentioned Payment Card is occurred, the dispersion outline of current delivery operationCurrent paymentMost Height, it can also be seen that currently payment dispersion is highest the reason is that current delivery operation from the history payment data of acquisition Time and the city IP all first appear in all previous payment of the Payment Card, and operating system " Android " only occurred two Secondary, risk is also relatively high.
By above-mentioned analysis, the mode that above-mentioned dispersion calculates, can embody current delivery operation with it is all previous in history Difference between delivery operation can also identify robber's card payment by dispersion.
It is the dispersion being calculated according to the card history payment data of Payment Card above, is based on same method, it can also root Corresponding dispersion is calculated according to the history gathering data of account of receipts, just no longer excessively repeats here.It should be understood that obtaining The history payment data got is abundanter, also more abundant to the calculating of dispersion, correspondingly, can also embody more accurately Current delivery operation and the in history difference between all previous delivery operation out are more advantageous to the risk identification for stealing card payment.
Certainly, dispersion is calculated based on AVF value and is not limited only to above-mentioned formula, from calculated result above-mentioned it is found that AVF It is negatively correlated between value and dispersion, then, can also be using: the calculations such as inverse obtain and AVF value are negatively correlated Data, as dispersion.In addition, the process of above-mentioned calculating dispersion is only a kind of feasible pattern, and in practical applications, and it is unlimited In calculating dispersion using AVF value, such as statistical method, distribution density scheduling algorithm can also be used, does not do excessively repeat here.
In the case where dispersion is calculated, risk knowledge can be carried out to current delivery operation based on dispersion Not.As one of the embodiment of the present application feasible pattern, as shown in Figure 3a, according to the difference, the current payment is grasped Make carry out risk identification, it may include: the dispersion being calculated is input to the risk identification model pre-established, to institute It states current delivery operation and carries out risk identification.In fig. 3 a as it can be seen that being only risk identification by the above-mentioned dispersion being calculated One of input of model, the risk identification model can also have other inputs, relatively accurately to realize that risk is known Not.Here it does not do and excessively repeats.
And as another feasible pattern in the embodiment of the present application, as shown in Figure 3b, it can be directly based upon and be calculated Dispersion carries out risk identification, that is, carrying out risk identification according to the difference to the current delivery operation, specifically including: According to the dispersion and preset risk threshold value being calculated, risk identification is carried out to the current delivery operation.
Both the above implementation simultaneously should not be used as restriction to the application.
The above are several embodiments of Risk Identification Method provided by the present application, are based on same thinking, and the application also mentions The embodiment of risk identification device is supplied, as shown in Figure 4.Risk identification device in Fig. 4 includes:
Monitoring modular 401 monitors and obtains payment data corresponding to current delivery operation;
Historical data obtains module 402, obtains the history payment data of the related account of the current delivery operation;
Dimension determining module 403 determines each payment dimension of the payment data and history payment data;
Difference computation module 404, determine the payment data and the history payment data each payment dimension it Between difference;
Risk identification module 405 carries out risk identification to the current delivery operation according to the difference.
The historical data obtains module 402, determines the account information of the corresponding related account of the current delivery operation, According to the account information, the history payment data of the related account is obtained;
Wherein, the related account of current delivery operation includes: account of payment corresponding to current delivery operation and/or income Account.
When the related account includes account of receipts, the dimension determining module 403, in all of the account of receipts In history payment data, history payment data relevant to the account of payment is obtained.
The difference computation module 404 determines the payment data and the history payment data for any dimension Attribute value frequency AVF value calculates the dispersion between the payment data and the history payment data according to the AVF value.
The dispersion being calculated is input to the risk identification mould pre-established by the risk identification module 405 Type carries out risk identification to the current delivery operation.
The risk identification module 405, according to the dispersion and preset risk threshold value being calculated, to described Current delivery operation carries out risk identification.
The account of payment includes: network account and/or payment card account;
Wherein, the payment card account includes at least: bank card account, prepaid card account and/or rechargeable card account.
In the 1990s, the improvement of a technology can be distinguished clearly be on hardware improvement (for example, Improvement to circuit structures such as diode, transistor, switches) or software on improvement (improvement for method flow).So And with the development of technology, the improvement of current many method flows can be considered as directly improving for hardware circuit. Designer nearly all obtains corresponding hardware circuit by the way that improved method flow to be programmed into hardware circuit.Cause This, it cannot be said that the improvement of a method flow cannot be realized with hardware entities module.For example, programmable logic device (Programmable Logic Device, PLD) (such as field programmable gate array (Field Programmable Gate Array, FPGA)) it is exactly such a integrated circuit, logic function determines device programming by user.By designer Voluntarily programming comes a digital display circuit " integrated " on a piece of PLD, designs and makes without asking chip maker Dedicated IC chip.Moreover, nowadays, substitution manually makes IC chip, this programming is also used instead mostly " is patrolled Volume compiler (logic compiler) " software realizes that software compiler used is similar when it writes with program development, And the source code before compiling also write by handy specific programming language, this is referred to as hardware description language (Hardware Description Language, HDL), and HDL is also not only a kind of, but there are many kind, such as ABEL (Advanced Boolean Expression Language)、AHDL(Altera Hardware Description Language)、Confluence、CUPL(Cornell University Programming Language)、HDCal、JHDL (Java Hardware Description Language)、Lava、Lola、MyHDL、PALASM、RHDL(Ruby Hardware Description Language) etc., VHDL (Very-High-Speed is most generally used at present Integrated Circuit Hardware Description Language) and Verilog.Those skilled in the art also answer This understands, it is only necessary to method flow slightly programming in logic and is programmed into integrated circuit with above-mentioned several hardware description languages, The hardware circuit for realizing the logical method process can be readily available.
Controller can be implemented in any suitable manner, for example, controller can take such as microprocessor or processing The computer for the computer readable program code (such as software or firmware) that device and storage can be executed by (micro-) processor can Read medium, logic gate, switch, specific integrated circuit (Application Specific Integrated Circuit, ASIC), the form of programmable logic controller (PLC) and insertion microcontroller, the example of controller includes but is not limited to following microcontroller Device: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicone Labs C8051F320 are deposited Memory controller is also implemented as a part of the control logic of memory.It is also known in the art that in addition to Pure computer readable program code mode is realized other than controller, can be made completely by the way that method and step is carried out programming in logic Controller is obtained to come in fact in the form of logic gate, switch, specific integrated circuit, programmable logic controller (PLC) and insertion microcontroller etc. Existing identical function.Therefore this controller is considered a kind of hardware component, and to including for realizing various in it The device of function can also be considered as the structure in hardware component.Or even, it can will be regarded for realizing the device of various functions For either the software module of implementation method can be the structure in hardware component again.
System, device, module or the unit that above-described embodiment illustrates can specifically realize by computer chip or entity, Or it is realized by the product with certain function.It is a kind of typically to realize that equipment is computer.Specifically, computer for example may be used Think personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media play It is any in device, navigation equipment, electronic mail equipment, game console, tablet computer, wearable device or these equipment The combination of equipment.
For convenience of description, it is divided into various units when description apparatus above with function to describe respectively.Certainly, implementing this The function of each unit can be realized in the same or multiple software and or hardware when application.
It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the present invention, which can be used in one or more, The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces The form of product.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates, Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one The step of function of being specified in a box or multiple boxes.
In a typical configuration, calculating equipment includes one or more processors (CPU), input/output interface, net Network interface and memory.
Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/or The forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable medium Example.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method Or technology come realize information store.Information can be computer readable instructions, data structure, the module of program or other data. The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), moves State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable Programmable read only memory (EEPROM), flash memory or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM), Digital versatile disc (DVD) or other optical storage, magnetic cassettes, tape magnetic disk storage or other magnetic storage devices Or any other non-transmission medium, can be used for storage can be accessed by a computing device information.As defined in this article, it calculates Machine readable medium does not include temporary computer readable media (transitory media), such as the data-signal and carrier wave of modulation.
It should also be noted that, the terms "include", "comprise" or its any other variant are intended to nonexcludability It include so that the process, method, commodity or the equipment that include a series of elements not only include those elements, but also to wrap Include other elements that are not explicitly listed, or further include for this process, method, commodity or equipment intrinsic want Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including described want There is also other identical elements in the process, method of element, commodity or equipment.
It will be understood by those skilled in the art that embodiments herein can provide as method, system or computer program product. Therefore, complete hardware embodiment, complete software embodiment or embodiment combining software and hardware aspects can be used in the application Form.It is deposited moreover, the application can be used to can be used in the computer that one or more wherein includes computer usable program code The shape for the computer program product implemented on storage media (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) Formula.
The application can describe in the general context of computer-executable instructions executed by a computer, such as program Module.Generally, program module includes routine, programs, objects, the group for executing particular transaction or realizing particular abstract data type Part, data structure etc..The application can also be practiced in a distributed computing environment, in these distributed computing environments, by Affairs are executed by the connected remote processing devices of communication network.In a distributed computing environment, program module can be with In the local and remote computer storage media including storage equipment.
All the embodiments in this specification are described in a progressive manner, same and similar portion between each embodiment Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for system reality For applying example, since it is substantially similar to the method embodiment, so being described relatively simple, related place is referring to embodiment of the method Part explanation.
The above description is only an example of the present application, is not intended to limit this application.For those skilled in the art For, various changes and changes are possible in this application.All any modifications made within the spirit and principles of the present application are equal Replacement, improvement etc., should be included within the scope of the claims of this application.

Claims (14)

1. a kind of Risk Identification Method, comprising:
It monitors and obtains payment data corresponding to current delivery operation;
Obtain the history payment data of the related account of the current delivery operation;
Determine each payment dimension of the payment data and history payment data;
Determine the difference of the payment data and the history payment data between each payment dimension;
According to the difference, risk identification is carried out to the current delivery operation.
2. the method as described in claim 1 obtains the history payment data of the related account of the current delivery operation, specifically Include:
Determine the account information of the corresponding related account of the current delivery operation;
According to the account information, the history payment data of the related account is obtained;
Wherein, the related account of current delivery operation includes: account of payment corresponding to current delivery operation and/or revenue account Family.
3. method according to claim 2 obtains going through for the related account when the related account includes account of receipts History payment data, specifically includes:
In all history payment datas of the account of receipts, history payment data relevant to the account of payment is obtained.
4. method as claimed in claim 3 determines that the payment data and the history payment data are tieed up in each payment Difference between degree, specifically includes:
For any dimension, the attribute value frequency AVF value of the payment data Yu the history payment data is determined;
According to the AVF value, the dispersion between the payment data and the history payment data is calculated.
5. method as claimed in claim 4 carries out risk identification to the current delivery operation, specifically according to the difference Include:
The dispersion being calculated is input to the risk identification model pre-established, the current delivery operation is carried out Risk identification.
6. method as claimed in claim 4 carries out risk identification to the current delivery operation, specifically according to the difference Include:
According to the dispersion and preset risk threshold value being calculated, risk knowledge is carried out to the current delivery operation Not.
7. the method as described in any in claim 1~6, the account of payment includes: network account and/or Payment Card account Family;
Wherein, the payment card account includes at least: bank card account, prepaid card account and/or rechargeable card account.
8. a kind of risk identification device, comprising:
Monitoring modular monitors and obtains payment data corresponding to current delivery operation;
Historical data obtains module, obtains the history payment data of the related account of the current delivery operation;
Dimension determining module determines each payment dimension of the payment data and history payment data;
Difference computation module determines the difference of the payment data and the history payment data between each payment dimension It is different;
Risk identification module carries out risk identification to the current delivery operation according to the difference.
9. device as claimed in claim 8, the historical data obtains module, determines the corresponding phase of the current delivery operation The account information for closing account obtains the history payment data of the related account according to the account information;
Wherein, the related account of current delivery operation includes: account of payment corresponding to current delivery operation and/or revenue account Family.
10. device as claimed in claim 9, when the related account includes account of receipts, the historical data obtains mould Block obtains history payment data relevant to the account of payment in all history payment datas of the account of receipts.
11. device as claimed in claim 10, the difference computation module determines the payment data for any dimension The payment data and the history are calculated according to the AVF value with the attribute value frequency AVF value of the history payment data Dispersion between payment data.
12. the dispersion being calculated is input to pre- by device as claimed in claim 11, the risk identification module The risk identification model first established carries out risk identification to the current delivery operation.
13. device as claimed in claim 11, the risk identification module, according to the dispersion being calculated and in advance If risk threshold value, risk identification is carried out to the current delivery operation.
14. the device as described in any in claim 8~13, the account of payment includes: network account and/or Payment Card account Family;
Wherein, the payment card account includes at least: bank card account, prepaid card account and/or rechargeable card account.
CN201710421490.6A 2017-06-07 2017-06-07 A kind of Risk Identification Method and device Pending CN109003075A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710421490.6A CN109003075A (en) 2017-06-07 2017-06-07 A kind of Risk Identification Method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710421490.6A CN109003075A (en) 2017-06-07 2017-06-07 A kind of Risk Identification Method and device

Publications (1)

Publication Number Publication Date
CN109003075A true CN109003075A (en) 2018-12-14

Family

ID=64573918

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710421490.6A Pending CN109003075A (en) 2017-06-07 2017-06-07 A kind of Risk Identification Method and device

Country Status (1)

Country Link
CN (1) CN109003075A (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110033278A (en) * 2019-03-27 2019-07-19 阿里巴巴集团控股有限公司 Risk Identification Method and device
CN110097451A (en) * 2019-04-01 2019-08-06 中国银联股份有限公司 A kind of monitoring method and device of banking
CN110264210A (en) * 2019-05-06 2019-09-20 阿里巴巴集团控股有限公司 The detection method and device of account correctness
CN110852754A (en) * 2019-10-31 2020-02-28 支付宝(杭州)信息技术有限公司 Risk identification method, device and equipment
CN110874743A (en) * 2019-10-11 2020-03-10 支付宝(杭州)信息技术有限公司 Method and device for determining account transaction risk
CN111027981A (en) * 2019-12-13 2020-04-17 支付宝(杭州)信息技术有限公司 Method and device for multi-party joint training of risk assessment model for IoT (Internet of things) machine
CN111161050A (en) * 2019-12-31 2020-05-15 王菲 Artificial intelligence big data processing method applied to bank wind control department
CN111311076A (en) * 2020-01-20 2020-06-19 支付宝(杭州)信息技术有限公司 Account risk management method, device, equipment and medium
CN111553700A (en) * 2020-05-07 2020-08-18 支付宝(杭州)信息技术有限公司 Payment risk identification method and device
CN111753328A (en) * 2020-06-03 2020-10-09 支付宝(杭州)信息技术有限公司 Private data leakage risk detection method and system
CN113506045A (en) * 2021-08-09 2021-10-15 平安银行股份有限公司 Risk user identification method, device, equipment and medium based on mobile equipment
CN113516480A (en) * 2021-08-19 2021-10-19 支付宝(杭州)信息技术有限公司 Payment risk identification method, device and equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105408927A (en) * 2013-07-03 2016-03-16 万事达卡国际股份有限公司 Systems and methods for risk based decision service incorporating payment card transactions and application events
CN105550876A (en) * 2015-10-30 2016-05-04 东莞酷派软件技术有限公司 Mobile payment monitoring method and system and intelligent terminal
CN106327196A (en) * 2015-06-19 2017-01-11 阿里巴巴集团控股有限公司 Payment threshold acquisition method and device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105408927A (en) * 2013-07-03 2016-03-16 万事达卡国际股份有限公司 Systems and methods for risk based decision service incorporating payment card transactions and application events
CN106327196A (en) * 2015-06-19 2017-01-11 阿里巴巴集团控股有限公司 Payment threshold acquisition method and device
CN105550876A (en) * 2015-10-30 2016-05-04 东莞酷派软件技术有限公司 Mobile payment monitoring method and system and intelligent terminal

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
A. KOUFAKOU 等: "A Scalable and Efficient Outlier Detection Strategy for Categorical Data", 《19TH IEEE INTERNATIONAL CONFERENCE ON TOOLS WITH ARTIFICIAL INTELLIGENCE(ICTAI 2007)》 *

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110033278A (en) * 2019-03-27 2019-07-19 阿里巴巴集团控股有限公司 Risk Identification Method and device
CN110097451A (en) * 2019-04-01 2019-08-06 中国银联股份有限公司 A kind of monitoring method and device of banking
CN110097451B (en) * 2019-04-01 2023-10-03 中国银联股份有限公司 Bank business monitoring method and device
CN110264210A (en) * 2019-05-06 2019-09-20 阿里巴巴集团控股有限公司 The detection method and device of account correctness
CN110264210B (en) * 2019-05-06 2023-08-08 创新先进技术有限公司 Account correctness detection method and device
CN110874743A (en) * 2019-10-11 2020-03-10 支付宝(杭州)信息技术有限公司 Method and device for determining account transaction risk
CN110852754A (en) * 2019-10-31 2020-02-28 支付宝(杭州)信息技术有限公司 Risk identification method, device and equipment
CN111027981A (en) * 2019-12-13 2020-04-17 支付宝(杭州)信息技术有限公司 Method and device for multi-party joint training of risk assessment model for IoT (Internet of things) machine
CN111027981B (en) * 2019-12-13 2021-04-27 支付宝(杭州)信息技术有限公司 Method and device for multi-party joint training of risk assessment model for IoT (Internet of things) machine
CN111161050A (en) * 2019-12-31 2020-05-15 王菲 Artificial intelligence big data processing method applied to bank wind control department
CN111161050B (en) * 2019-12-31 2021-06-08 北京创客时信息咨询有限公司 Artificial intelligence big data processing method applied to bank wind control department
CN111311076A (en) * 2020-01-20 2020-06-19 支付宝(杭州)信息技术有限公司 Account risk management method, device, equipment and medium
CN111311076B (en) * 2020-01-20 2022-07-29 支付宝(杭州)信息技术有限公司 Account risk management method, device, equipment and medium
CN111553700A (en) * 2020-05-07 2020-08-18 支付宝(杭州)信息技术有限公司 Payment risk identification method and device
CN111553700B (en) * 2020-05-07 2023-03-21 支付宝(杭州)信息技术有限公司 Payment risk identification method and device
CN111753328A (en) * 2020-06-03 2020-10-09 支付宝(杭州)信息技术有限公司 Private data leakage risk detection method and system
CN113506045A (en) * 2021-08-09 2021-10-15 平安银行股份有限公司 Risk user identification method, device, equipment and medium based on mobile equipment
CN113516480A (en) * 2021-08-19 2021-10-19 支付宝(杭州)信息技术有限公司 Payment risk identification method, device and equipment
CN113516480B (en) * 2021-08-19 2024-04-26 支付宝(杭州)信息技术有限公司 Payment risk identification method, device and equipment

Similar Documents

Publication Publication Date Title
CN109003075A (en) A kind of Risk Identification Method and device
CN108460523A (en) A kind of air control rule generating method and device
CN108122163A (en) Risk monitoring and control method, apparatus and equipment based on internet credit
CN107679700A (en) Business flow processing method, apparatus and server
CN107424069A (en) A kind of generation method of air control feature, risk monitoring and control method and apparatus
CN109359793A (en) A kind of prediction model training method and device for new scene
CN107578238A (en) A kind of risk control method and equipment
CN109002949A (en) A kind of method and device of air control strategy configuration and business air control
CN108399477A (en) A kind of method and device that risk threshold value determines
JP2020501232A (en) Risk control event automatic processing method and apparatus
CN108108866A (en) A kind of method and device of risk control
CN106815754A (en) The charging method and air control system server of a kind of risk control system
CN110443618A (en) The generation method and device of air control strategy
CN107369020A (en) A kind of method of payment, apparatus and system
CN108734469A (en) The method and apparatus for determining consumer's risk label undetermined
CN108876102A (en) A kind of risk trade method for digging, device and equipment
CN106202088A (en) A kind of method and system mating business scenario
CN110390182A (en) A kind of method, system and the equipment of determining small routine classification
CN110428139A (en) The information forecasting method and device propagated based on label
CN110032857A (en) The registration of account, the recognition methods of credible equipment and device
CN110428304A (en) A kind of order settlement system, method and device
CN110503435A (en) Transaction method for early warning, device and equipment based on block chain
CN109003071A (en) Method of payment, device and equipment
CN108460490A (en) A kind of prediction technique, device and the equipment of business occurrence quantity
CN110008991A (en) The identification of risk case, risk identification model generation method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20200925

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Applicant after: Innovative advanced technology Co.,Ltd.

Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Applicant before: Advanced innovation technology Co.,Ltd.

Effective date of registration: 20200925

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Applicant after: Advanced innovation technology Co.,Ltd.

Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands

Applicant before: Alibaba Group Holding Ltd.

TA01 Transfer of patent application right
RJ01 Rejection of invention patent application after publication

Application publication date: 20181214

RJ01 Rejection of invention patent application after publication