CN110827036A - Method, device, equipment and storage medium for detecting fraudulent transactions - Google Patents
Method, device, equipment and storage medium for detecting fraudulent transactions Download PDFInfo
- Publication number
- CN110827036A CN110827036A CN201911082119.7A CN201911082119A CN110827036A CN 110827036 A CN110827036 A CN 110827036A CN 201911082119 A CN201911082119 A CN 201911082119A CN 110827036 A CN110827036 A CN 110827036A
- Authority
- CN
- China
- Prior art keywords
- transaction information
- detection rule
- fraudulent
- transaction
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4016—Transaction verification involving fraud or risk level assessment in transaction processing
Abstract
The embodiment of the invention discloses a method, a device, equipment and a storage medium for detecting fraudulent transactions. The method comprises the following steps: acquiring target fraud transaction information which accords with preset spatial information conditions from fraud transaction information in a transaction information base; determining a time rule of the fraudulent transaction according to the target fraudulent transaction information; determining transaction information which accords with preset spatial information conditions and the time rules from a transaction information base to be used as a training sample; wherein, whether the transaction information is fraud transaction information is taken as a label of the training sample; inputting the training sample into a decision tree model to obtain a detection rule of fraudulent transaction information; and detecting whether the current transaction is a fraudulent transaction or not according to the detection rule. By operating the technical scheme provided by the application, the purposes of enhancing the timeliness of detecting the fraud transaction and reducing fraud loss can be achieved.
Description
Technical Field
The embodiment of the invention relates to transaction security technology, in particular to a method, a device, equipment and a storage medium for detecting fraudulent transactions.
Background
With the rapid growth of the internet, the number of online transactions has increased dramatically. It follows that some lawless persons use fraudulent means to obtain an illicit benefit from a transaction. After fraud has occurred, the lawbreaker may divert the place or target person and again commit fraud.
In order to avoid the same type of fraudulent transactions from occurring again, a manual means is often adopted to analyze the occurring fraudulent transactions, and relevant case rules are formulated, and newly generated transactions are detected through the case rules.
However, manual case rule making is time-consuming, so that timeliness of detecting fraudulent transactions is reduced, and more fraud losses are caused.
Disclosure of Invention
The embodiment of the invention provides a method, a device, equipment and a storage medium for detecting fraudulent transactions, so as to enhance the timeliness of detecting the fraudulent transactions and reduce the effect of fraudulent loss.
In a first aspect, an embodiment of the present invention provides a method for detecting a fraudulent transaction, where the method includes:
acquiring target fraud transaction information which accords with preset spatial information conditions from fraud transaction information in a transaction information base;
determining a time rule of the fraudulent transaction according to the target fraudulent transaction information;
determining transaction information which accords with preset spatial information conditions and the time rules from a transaction information base to be used as a training sample; wherein, whether the transaction information is fraud transaction information is taken as a label of the training sample;
inputting the training sample into a decision tree model to obtain a detection rule of fraudulent transaction information;
and detecting whether the current transaction is a fraudulent transaction or not according to the detection rule.
In a second aspect, an embodiment of the present invention further provides an apparatus for detecting a fraudulent transaction, the apparatus including:
the target fraud transaction information acquisition module is used for acquiring target fraud transaction information which accords with the preset spatial information condition from the fraud transaction information in the transaction information base;
the time rule determining module is used for determining the time rule of the fraudulent transaction according to the target fraudulent transaction information;
the training sample determining module is used for determining the transaction information which accords with the preset spatial information condition and the time rule from the transaction information base to be used as a training sample; wherein, whether the transaction information is fraud transaction information is taken as a label of the training sample;
the detection rule obtaining module is used for inputting the training sample into a decision tree model to obtain a detection rule of fraudulent transaction information;
and the transaction detection module is used for detecting whether the current transaction is a fraud transaction according to the detection rule.
In a third aspect, an embodiment of the present invention further provides an apparatus, where the apparatus includes:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of detecting fraudulent transactions as described above.
In a fourth aspect, embodiments of the present invention also provide a computer-readable storage medium, on which a computer program is stored, which when executed by a processor, implements the method for detecting fraudulent transactions as described above.
The embodiment of the invention obtains target fraud transaction information which accords with the preset spatial information condition from the fraud transaction information in the transaction information base; determining a time rule of the fraudulent transaction according to the target fraudulent transaction information; determining transaction information which accords with preset spatial information conditions and the time rules from a transaction information base to be used as a training sample; wherein, whether the transaction information is fraud transaction information is taken as a label of the training sample; inputting the training sample into a decision tree model to obtain a detection rule of fraudulent transaction information; and detecting whether the current transaction is a fraudulent transaction or not according to the detection rule. The problem that manual case rule making is long in time consumption, timeliness of detecting fraud transactions is reduced, and more fraud losses are caused is solved, and effects of enhancing timeliness of detecting fraud transactions and reducing fraud losses are achieved.
Drawings
Fig. 1 is a flowchart of a method for detecting fraudulent transactions according to an embodiment of the present invention;
fig. 2 is a flowchart of a method for detecting fraudulent transactions according to a second embodiment of the present invention;
fig. 3 is a schematic structural diagram of a fraud detection apparatus according to a third embodiment of the present invention;
fig. 4 is a schematic structural diagram of an apparatus according to a fourth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Example one
Fig. 1 is a flowchart of a method for detecting a fraudulent transaction according to an embodiment of the present invention, where the embodiment is applicable to a case of detecting whether a current transaction is a fraudulent transaction, and the method can be executed by a device for detecting a fraudulent transaction according to an embodiment of the present invention, and the device can be implemented by software and/or hardware. Referring to fig. 1, the method for detecting a fraudulent transaction provided by this embodiment includes:
and S110, acquiring target fraud transaction information meeting the preset spatial information condition from the fraud transaction information in the transaction information base.
The transaction information base is used for storing all information related to the transaction, such as transaction objects, transaction amounts, transaction types, transaction time and the like, aiming at each transaction. The fraudulent transaction information is the transaction information which has occurred and is judged as fraudulent transaction, for example, credit card loan is performed by falsely using the identity information of other people.
The preset spatial information condition is a condition related to a space, such as a geographical position where a transaction occurs, account information of a transaction user, and the like. And taking the fraud transaction information meeting the preset spatial information condition as target fraud transaction information. And screening the fraud transaction information according to the preset spatial information condition so as to obtain target fraud transaction information.
And S120, determining the time rule of the fraudulent transaction according to the target fraudulent transaction information.
The time rule may be a time period initiated in a transaction set, for example, if there are many fraudulent transactions occurring in 2019.10.05-2019.10.07 in a set, the three days of the transaction occurring time being 2019.10.05-2019.10.07 are time rules of the fraudulent transactions. The time period may also be a fixed time period, such as the first three days of a week or a month, and the like, and this embodiment does not limit this.
S130, determining transaction information which accords with preset spatial information conditions and the time rules from a transaction information base to serve as training samples; and taking whether the transaction information is fraudulent transaction information as a label of the training sample.
And acquiring all transaction information which simultaneously meets the preset spatial information condition and the time rule in a transaction information base. The transaction information in which these two conditions are simultaneously satisfied is classified into fraudulent transactions and normal transactions. The two are automatically distinguished and labeled to be used as a supervised training sample.
S140, inputting the training sample into a decision tree model to obtain a detection rule of fraudulent transaction information.
And inputting the two types of training samples into a decision tree model, analyzing the samples by the decision tree model, and outputting a detection rule for the type of fraudulent transaction information. In the embodiment of the invention, each internal node represents the judgment of the attribute in one transaction message, each branch represents the output of a judgment result, and finally each leaf node represents a classification result of one transaction. Inputting the training sample and the transaction information thereof into a decision tree model, determining the transaction information with the highest discrimination as a root node after training, selecting the characteristics with the highest discrimination in the rest transaction information as child nodes, and repeating the steps until the transaction information is used up, thereby obtaining the detection rule of the transaction information. For example, the detection rule may be to first determine whether the account information is XX, then determine whether the user type is a student, and finally determine whether the order type is a mobile phone purchase, and when the above conditions are all satisfied, determine that the transaction is a fraudulent transaction, and when not, determine that the transaction is not a fraudulent transaction.
S150, detecting whether the current transaction is a fraud transaction according to the detection rule.
And detecting all current transactions according to the detection rules, and if the current transactions accord with a certain detection rule, judging the current transactions as fraudulent transactions.
According to the technical scheme of the embodiment, target fraud transaction information meeting the preset spatial information condition is obtained from the fraud transaction information in the transaction information base; determining a time rule of the fraudulent transaction according to the target fraudulent transaction information; determining transaction information which accords with preset spatial information conditions and the time rules from a transaction information base to be used as a training sample; wherein, whether the transaction information is fraud transaction information is taken as a label of the training sample; inputting the training sample into a decision tree model to obtain a detection rule of fraudulent transaction information; according to the detection rule, whether the current transaction is a fraud transaction is detected, the problems that manual case rule formulation is long in time consumption, timeliness of detecting the fraud transaction is reduced, and more fraud losses are caused are solved, and the effects of enhancing timeliness of detecting the fraud transaction and reducing the fraud losses are achieved.
On the basis of the above technical solution, optionally, the process of acquiring the preset spatial information condition includes:
acquiring a case-involved user from the fraudulent transaction information in the transaction information base;
and determining a preset spatial information condition according to the spatial information of the fraudulent transaction of the involved user.
The involved user is a user involved in fraudulent transactions, such as a user being impersonated with an identification card. The users involved in the case can be limited, so that the fraud information can be screened. For example, when the case-involved user is more than or equal to three, the target fraud transaction information meeting the preset spatial information condition is obtained, and when the case-involved user is less than three, the relevant target fraud transaction information is not obtained, so that excessive detection rules are avoided, and the detection efficiency of fraud transactions is improved.
And determining a preset spatial information condition according to the spatial information of the case-involved users, for example, if the case-involved users are students, the statistical spatial information can be school zone information of the case-involved users, and if a certain school zone contains more than two case-involved users, the school zone is used as the preset spatial information condition for acquiring target fraud transaction information related to the case-involved personnel in the school zone. The preset spatial information condition is determined according to the spatial information of the involved user, so that the target fraud transaction information of the preset spatial information condition is obtained, the screening of fraud transactions is more targeted, and the accuracy of fraud transaction detection is improved.
On the basis of the above technical solution, optionally, inputting the training sample into a decision tree model to obtain a detection rule of fraudulent transaction information, including:
obtaining at least one detection rule output by the decision tree model;
checking whether the detection rule meets a preset requirement or not; and if so, taking the detection rule as a detection rule of fraudulent transaction information.
The transaction information may have the same degree of distinction, so that there may be more than one detection rule output by the decision tree, and all the detection rules output by the decision tree model are obtained at this time. The preset requirement is a condition to be met when the result of the fraudulent transaction detection is obtained using the check rule. The verification is to determine whether all the detection rules meet the preset requirements, but not limited to determining whether the accuracy of the obtained result meets the preset standard by detecting the transaction according to the detection rules. And checking whether the detection rule meets the preset requirement, and if not, rejecting the rule. By checking the detection rules, the accuracy of fraudulent transaction detection is improved.
Example two
Fig. 2 is a flowchart of a method for detecting a fraudulent transaction according to a second embodiment of the present invention. The technical scheme explains the process of obtaining the detection rule of the fraudulent transaction information. Compared with the scheme, the scheme checks whether the detection rule meets the preset requirement or not, and comprises the following steps:
determining a check sample of the detection rule; wherein, the check sample is composed of fraudulent transaction information;
obtaining a checking result by the checking sample according to the detection rule;
and if the consistency rate of the verification result of the verification sample and the fraudulent transaction information of the verification sample exceeds a preset threshold value, determining that the detection rule is the detection rule of the fraudulent transaction information. Specifically, the flow of the method for detecting fraudulent transactions is shown in fig. 2:
s210, obtaining target fraud transaction information which accords with the preset spatial information condition from the fraud transaction information in the transaction information base.
And S220, determining the time rule of the fraudulent transaction according to the target fraudulent transaction information.
S230, determining the transaction information which accords with the preset spatial information condition and the time rule from a transaction information base to be used as a training sample; and taking whether the transaction information is fraudulent transaction information as a label of the training sample.
S240, inputting the training sample into a decision tree model to obtain a detection rule of fraudulent transaction information.
And S250, obtaining at least one detection rule output by the decision tree model.
S260, determining a check sample of the detection rule; wherein the verification sample is composed of fraudulent transaction information.
The check sample is used for checking whether the detection rule meets the preset requirement. The verification sample may consist of transaction information that has been determined to be a fraudulent transaction within a predetermined time. Such as fraudulent transaction information during the current week.
And S270, obtaining a verification result by using the verification sample according to the detection rule.
The verification result is obtained after the verification sample passes the detection rule, and may be to detect whether the verification sample is a fraudulent transaction, and a type of the corresponding fraudulent transaction, which is not limited in this embodiment.
And S280, if the consistency rate of the verification result of the verification sample and the fraudulent transaction information of the verification sample exceeds a preset threshold value, determining that the detection rule is the detection rule of the fraudulent transaction information.
The consistency rate of the fraud transaction information of the verification result and the verification sample may be an identification rate of the fraud transaction or an accuracy rate of identification of the type of the fraud transaction, and the embodiment does not limit this. The preset threshold is a requirement for a consistency rate, for example, the identification rate of the fraudulent transaction is not less than eighty percent or the accuracy rate of the fraudulent transaction type identification is not less than ten percent.
And S290, detecting whether the current transaction is a fraud transaction according to the detection rule.
In this embodiment, on the basis of the above embodiment, the verification sample is set, the verification result is obtained from the verification sample according to the detection rule, the verification result is compared with the fraudulent transaction information of the verification sample, and when the coincidence rate exceeds the preset threshold value, it is determined that the detection rule is the detection rule of the fraudulent transaction information, so that the accuracy of detecting the fraudulent transaction is improved.
On the basis of the foregoing technical solution, optionally, after determining that the detection rule is a detection rule of fraudulent transaction information, the method further includes:
adding a constraint condition to the detection rule; wherein the constraint condition comprises an amount condition and/or a duration condition;
and taking the detection rule after adding the constraint condition as a final detection rule for detecting the fraudulent transaction.
And the constraint condition is used for constraining the result obtained by detection according to the detection rule.
For example, when the number of the fraudulent transaction information items to which the check rule is required to be met does not exceed a preset number, for example, the preset number is 50, if the number of the fraudulent transaction information items to be met exceeds 50, a constraint condition is added to the detection rule, and the detection rule is used as a final detection rule for detecting the fraudulent transaction information.
The money condition can be the size of the involved money, for example, the type of the case is a loan buying mobile phone, and the money condition is that the money of the mobile phone exceeds 3000 yuan. The time duration condition may be the length of the credit granting time, for example, when the time duration condition requires a fraudulent transaction to occur, the credit card granting time is within three days, which is not limited in this embodiment.
On the basis of the above embodiment, the present embodiment further narrows the range of the detected fraudulent transaction by adding the constraint condition to the detection rule, thereby improving the accuracy of detecting the fraudulent transaction.
EXAMPLE III
Fig. 3 is a schematic structural diagram of a fraud detection apparatus according to a third embodiment of the present invention. The device can be realized by hardware and/or software, can execute the fraud transaction detection method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method. As shown in fig. 3, the apparatus includes:
the target fraud transaction information obtaining module 310 is configured to obtain target fraud transaction information meeting a preset spatial information condition from fraud transaction information in the transaction information base;
a time rule determining module 320, configured to determine a time rule of the fraudulent transaction according to the target fraudulent transaction information;
a training sample determining module 330, configured to determine, from a transaction information base, transaction information that meets a preset spatial information condition and the time rule as a training sample; wherein, whether the transaction information is fraud transaction information is taken as a label of the training sample;
a detection rule obtaining module 340, configured to input the training sample into a decision tree model, and obtain a detection rule of fraudulent transaction information;
the transaction detection module 350 is configured to detect whether the current transaction is a fraudulent transaction according to the detection rule.
According to the technical scheme of the embodiment, target fraud transaction information meeting the preset spatial information condition is obtained from the fraud transaction information in the transaction information base; determining a time rule of the fraudulent transaction according to the target fraudulent transaction information; determining transaction information which accords with preset spatial information conditions and the time rules from a transaction information base to be used as a training sample; wherein, whether the transaction information is fraud transaction information is taken as a label of the training sample; inputting the training sample into a decision tree model to obtain a detection rule of fraudulent transaction information; according to the detection rule, whether the current transaction is a fraud transaction is detected, the problems that manual case rule formulation is long in time consumption, timeliness of detecting the fraud transaction is reduced, and more fraud losses are caused are solved, and the effects of enhancing timeliness of detecting the fraud transaction and reducing the fraud losses are achieved.
On the basis of the above technical solutions, optionally, the preset spatial information condition obtaining module includes:
the case-involved user acquisition unit is used for acquiring the case-involved users from the fraudulent transaction information in the transaction information base;
and the preset spatial information condition acquisition unit is used for determining a preset spatial information condition according to the spatial information of the fraud transaction of the involved user.
On the basis of the above technical solutions, optionally, the detection rule obtaining module includes:
the detection rule obtaining unit is used for obtaining at least one detection rule output by the decision tree model;
the detection rule checking unit is used for checking whether the detection rule meets the preset requirement or not; and if so, taking the detection rule as a detection rule of fraudulent transaction information.
On the basis of the above technical solutions, optionally, the detection rule checking unit includes:
the verification sample determining subunit is used for determining a verification sample of the detection rule; wherein, the check sample is composed of fraudulent transaction information;
the verification result obtaining subunit is used for obtaining a verification result according to the detection rule by the verification sample;
and the detection rule determining subunit is used for determining that the detection rule is the detection rule of the fraudulent transaction information if the consistency rate of the verification result of the verification sample and the fraudulent transaction information of the verification sample exceeds a preset threshold value.
On the basis of the above technical solutions, optionally, the apparatus further includes:
a constraint condition adding subunit, configured to add a constraint condition to the detection rule after the detection rule determining subunit determines the constraint condition; wherein the constraint condition comprises an amount condition and/or a duration condition;
and the final detection rule determining subunit is used for taking the detection rule after the constraint condition is added as a final detection rule for detecting the fraudulent transaction after the detection rule determining subunit.
Example four
Fig. 4 is a schematic structural diagram of an apparatus according to a fourth embodiment of the present invention, as shown in fig. 4, the apparatus includes a processor 40, a memory 41, an input device 42, and an output device 43; the number of processors 40 in the device may be one or more, and one processor 40 is taken as an example in fig. 4; the processor 40, the memory 41, the input means 42 and the output means 43 in the device may be connected by a bus or other means, as exemplified by the bus connection in fig. 4.
The memory 41 serves as a computer-readable storage medium for storing software programs, computer-executable programs, and modules, such as program instructions/modules corresponding to the method for detecting fraudulent transactions in the embodiment of the present invention. The processor 40 executes various functional applications of the device and data processing by executing software programs, instructions and modules stored in the memory 41, i.e. implements the above-mentioned fraud transaction detection method.
The memory 41 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the terminal, and the like. Further, the memory 41 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples, memory 41 may further include memory located remotely from processor 40, which may be connected to the device over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
EXAMPLE five
An embodiment of the present invention further provides a storage medium containing computer-executable instructions, which when executed by a computer processor, perform a method for detecting fraudulent transactions, the method including:
acquiring target fraud transaction information which accords with preset spatial information conditions from fraud transaction information in a transaction information base;
determining a time rule of the fraudulent transaction according to the target fraudulent transaction information;
determining transaction information which accords with preset spatial information conditions and the time rules from a transaction information base to be used as a training sample; wherein, whether the transaction information is fraud transaction information is taken as a label of the training sample;
inputting the training sample into a decision tree model to obtain a detection rule of fraudulent transaction information;
and detecting whether the current transaction is a fraudulent transaction or not according to the detection rule.
Of course, the embodiments of the present invention provide a storage medium containing computer-executable instructions, and the computer-executable instructions are not limited to the operations of the method described above, and may also perform related operations in the method for detecting fraudulent transactions provided by any embodiments of the present invention.
From the above description of the embodiments, it is obvious for those skilled in the art that the present invention can be implemented by software and necessary general hardware, and certainly, can also be implemented by hardware, but the former is a better embodiment in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which may be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device) to execute the methods according to the embodiments of the present invention.
It should be noted that, in the embodiment of the above search apparatus, each included unit and module are merely divided according to functional logic, but are not limited to the above division as long as the corresponding functions can be implemented; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.
Claims (10)
1. A method of detecting fraudulent transactions, comprising:
acquiring target fraud transaction information which accords with preset spatial information conditions from fraud transaction information in a transaction information base;
determining a time rule of the fraudulent transaction according to the target fraudulent transaction information;
determining transaction information which accords with preset spatial information conditions and the time rules from a transaction information base to be used as a training sample; wherein, whether the transaction information is fraud transaction information is taken as a label of the training sample;
inputting the training sample into a decision tree model to obtain a detection rule of fraudulent transaction information;
and detecting whether the current transaction is a fraudulent transaction or not according to the detection rule.
2. The method according to claim 1, wherein the obtaining of the preset spatial information condition comprises:
acquiring a case-involved user from the fraudulent transaction information in the transaction information base;
and determining a preset spatial information condition according to the spatial information of the fraudulent transaction of the involved user.
3. The method of claim 1, wherein inputting the training samples into a decision tree model to obtain a detection rule of fraudulent transaction information comprises:
obtaining at least one detection rule output by the decision tree model;
checking whether the detection rule meets a preset requirement or not; and if so, taking the detection rule as a detection rule of fraudulent transaction information.
4. The method of claim 3, wherein verifying whether the detection rule meets a predetermined requirement comprises:
determining a check sample of the detection rule; wherein, the check sample is composed of fraudulent transaction information;
obtaining a checking result by the checking sample according to the detection rule;
and if the consistency rate of the verification result of the verification sample and the fraudulent transaction information of the verification sample exceeds a preset threshold value, determining that the detection rule is the detection rule of the fraudulent transaction information.
5. The method of claim 4, wherein after determining that the detection rule is a detection rule for fraudulent transaction information, the method further comprises:
adding a constraint condition to the detection rule; wherein the constraint condition comprises an amount condition and/or a duration condition;
and taking the detection rule after adding the constraint condition as a final detection rule for detecting the fraudulent transaction.
6. A device for detecting fraudulent transactions, comprising:
the target fraud transaction information acquisition module is used for acquiring target fraud transaction information which accords with the preset spatial information condition from the fraud transaction information in the transaction information base;
the time rule determining module is used for determining the time rule of the fraudulent transaction according to the target fraudulent transaction information;
the training sample determining module is used for determining the transaction information which accords with the preset spatial information condition and the time rule from the transaction information base to be used as a training sample; wherein, whether the transaction information is fraud transaction information is taken as a label of the training sample;
the detection rule obtaining module is used for inputting the training sample into a decision tree model to obtain a detection rule of fraudulent transaction information;
and the transaction detection module is used for detecting whether the current transaction is a fraud transaction according to the detection rule.
7. The apparatus of claim 6, wherein the preset spatial information condition obtaining module comprises:
the case-involved user acquisition unit is used for acquiring the case-involved users from the fraudulent transaction information in the transaction information base;
and the preset spatial information condition acquisition unit is used for determining a preset spatial information condition according to the spatial information of the fraud transaction of the involved user.
8. The apparatus of claim 6, wherein the detection rule obtaining module comprises:
the detection rule obtaining unit is used for obtaining at least one detection rule output by the decision tree model;
the detection rule checking unit is used for checking whether the detection rule meets the preset requirement or not; and if so, taking the detection rule as a detection rule of fraudulent transaction information.
9. An apparatus, characterized in that the apparatus comprises:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement a method of detecting fraudulent transactions according to any one of claims 1 to 5.
10. A computer-readable storage medium, on which a computer program is stored, which program, when being executed by a processor, is adapted to carry out a method of detecting a fraudulent transaction according to any one of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911082119.7A CN110827036A (en) | 2019-11-07 | 2019-11-07 | Method, device, equipment and storage medium for detecting fraudulent transactions |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911082119.7A CN110827036A (en) | 2019-11-07 | 2019-11-07 | Method, device, equipment and storage medium for detecting fraudulent transactions |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110827036A true CN110827036A (en) | 2020-02-21 |
Family
ID=69553170
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911082119.7A Pending CN110827036A (en) | 2019-11-07 | 2019-11-07 | Method, device, equipment and storage medium for detecting fraudulent transactions |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110827036A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111861699B (en) * | 2020-07-02 | 2021-06-22 | 北京睿知图远科技有限公司 | Anti-fraud index generation method based on operator data |
| CN113469695A (en) * | 2020-03-30 | 2021-10-01 | 同济大学 | Electronic fraud transaction identification method, system and device based on kernel supervision Hash model |
| CN116992450A (en) * | 2023-09-27 | 2023-11-03 | 北京安天网络安全技术有限公司 | File detection rule determining method and device, electronic equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110016052A1 (en) * | 2009-07-16 | 2011-01-20 | Scragg Ernest M | Event Tracking and Velocity Fraud Rules for Financial Transactions |
| CN104679777A (en) * | 2013-12-02 | 2015-06-03 | 中国银联股份有限公司 | Method and system for detecting fraudulent trading |
| CN106372938A (en) * | 2015-07-21 | 2017-02-01 | 华为技术有限公司 | Abnormal account identification method and system |
| CN108805580A (en) * | 2018-06-21 | 2018-11-13 | 上海银赛计算机科技有限公司 | Account number analysis method, device and storage medium |
| US20190318358A1 (en) * | 2018-04-11 | 2019-10-17 | Wells Fargo Bank, N.A. | System and methods for assessing risk of fraud in an electronic transaction |
-
2019
- 2019-11-07 CN CN201911082119.7A patent/CN110827036A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110016052A1 (en) * | 2009-07-16 | 2011-01-20 | Scragg Ernest M | Event Tracking and Velocity Fraud Rules for Financial Transactions |
| CN104679777A (en) * | 2013-12-02 | 2015-06-03 | 中国银联股份有限公司 | Method and system for detecting fraudulent trading |
| CN106372938A (en) * | 2015-07-21 | 2017-02-01 | 华为技术有限公司 | Abnormal account identification method and system |
| US20190318358A1 (en) * | 2018-04-11 | 2019-10-17 | Wells Fargo Bank, N.A. | System and methods for assessing risk of fraud in an electronic transaction |
| CN108805580A (en) * | 2018-06-21 | 2018-11-13 | 上海银赛计算机科技有限公司 | Account number analysis method, device and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 易会满,牛刚,戴志华著: "《商业银行事后监督理论实务与战略转型》", 31 July 2013 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113469695A (en) * | 2020-03-30 | 2021-10-01 | 同济大学 | Electronic fraud transaction identification method, system and device based on kernel supervision Hash model |
| CN113469695B (en) * | 2020-03-30 | 2023-06-30 | 同济大学 | Electronic fraud transaction identification method, system and device based on kernel supervision hash model |
| CN111861699B (en) * | 2020-07-02 | 2021-06-22 | 北京睿知图远科技有限公司 | Anti-fraud index generation method based on operator data |
| CN116992450A (en) * | 2023-09-27 | 2023-11-03 | 北京安天网络安全技术有限公司 | File detection rule determining method and device, electronic equipment and storage medium |
| CN116992450B (en) * | 2023-09-27 | 2024-01-23 | 北京安天网络安全技术有限公司 | File detection rule determining method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105590055B (en) | Method and device for identifying user credible behaviors in network interaction system | |
| CN107563757B (en) | Data risk identification method and device | |
| CN107122369B (en) | Service data processing method, device and system | |
| CN107341220B (en) | Multi-source data fusion method and device | |
| CN106296195A (en) | A kind of Risk Identification Method and device | |
| CN110827036A (en) | Method, device, equipment and storage medium for detecting fraudulent transactions | |
| CN110851872B (en) | Risk assessment method and device for private data leakage | |
| CN112435137B (en) | Cheating information detection method and system based on community mining | |
| CN108961019B (en) | User account detection method and device | |
| CN105740667A (en) | User behavior based information identification method and apparatus | |
| CN109949154A (en) | Customer information classification method, device, computer equipment and storage medium | |
| CN113052577A (en) | Method and system for estimating category of virtual address of block chain digital currency | |
| WO2020082890A1 (en) | Text restoration method and apparatus, and electronic device | |
| CN110197426A (en) | A kind of method for building up of credit scoring model, device and readable storage medium storing program for executing | |
| CN112163096A (en) | Malicious group determination method and device, electronic equipment and storage medium | |
| CN112750038B (en) | Transaction risk determination method, device and server | |
| CN115204889A (en) | Text processing method and device, computer equipment and storage medium | |
| CN111861733B (en) | Fraud prevention and control system and method based on address fuzzy matching | |
| CN112801784A (en) | Bit currency address mining method and device for digital currency exchange | |
| CN112016317A (en) | Sensitive word recognition method and device based on artificial intelligence and computer equipment | |
| CN114611850A (en) | Service analysis method and device and electronic equipment | |
| CN105183867B (en) | Data processing method and device | |
| CN110598115A (en) | Sensitive webpage identification method and system based on artificial intelligence multi-engine | |
| CN107665443B (en) | Obtain the method and device of target user | |
| CN114900356A (en) | Malicious user behavior detection method and device and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200221 |