CN111160916A - Risk transaction identification method and device - Google Patents
Risk transaction identification method and device Download PDFInfo
- Publication number
- CN111160916A CN111160916A CN201911224800.0A CN201911224800A CN111160916A CN 111160916 A CN111160916 A CN 111160916A CN 201911224800 A CN201911224800 A CN 201911224800A CN 111160916 A CN111160916 A CN 111160916A
- Authority
- CN
- China
- Prior art keywords
- transaction
- historical transaction
- historical
- group
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4016—Transaction verification involving fraud or risk level assessment in transaction processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2458—Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
- G06F16/2465—Query processing support for facilitating data mining operations in structured databases
Abstract
The embodiment of the specification discloses a risk transaction identification method and a risk transaction identification device, wherein the risk transaction identification method judges the risk of a single case by mining the group attribute of a perpetrator and analyzing the group image, and is beneficial to reducing the inquiry or complaint initiated by a user to a payment platform, further beneficial to reducing the resource consumption of an inquiry or complaint processing system and improving the processing efficiency of the system for carrying out risk analysis on transactions.
Description
Technical Field
The embodiment of the specification relates to the technical field of internet, in particular to a risk transaction identification method and device.
Background
The method is characterized in that a plurality of perpetrators are internationally and frequently found, a stolen bank card and a payment password thereof are purchased in a large amount in black city, the stolen bank card is bound to a registered account number of an e-commerce website, and the money in the stolen bank card is consumed by consuming in the e-commerce website. After finding that the bank card of the bank card user is stolen, the bank card user complains to banks and electronic merchants, and the electronic merchants generally pay for the stolen bank card. In recent years, the incident that a perpetrator steals a bank card to shop at an e-commerce website is increasing, and great loss is brought to the e-commerce.
Disclosure of Invention
The embodiment of the specification provides a risk transaction identification method and device.
In a first aspect, an embodiment of the present specification provides a risk transaction identification method, including:
receiving target data, wherein the target data comprises at least one of a transaction main body of a transaction to be identified and a preset transaction medium of the transaction to be identified;
searching a target group corresponding to the target data from a historical transaction group according to the target data, wherein the historical transaction group is a group obtained by group division of a plurality of historical transaction main bodies and historical transaction media of historical transactions, the historical transaction media correspond to the historical transaction main bodies, and the historical transaction media comprise the preset transaction media;
displaying the target group and features of the target group;
and determining whether the transaction to be identified is a risk transaction according to the target group and the characteristics of the target group.
In a second aspect, an embodiment of the present specification provides a risk transaction identification device, including:
the system comprises a first receiving module, a second receiving module and a third receiving module, wherein the first receiving module is used for receiving target data, and the target data comprises at least one of a transaction main body of a transaction to be identified and a preset transaction medium of the transaction to be identified;
the searching module is used for searching a target group corresponding to the target data from a historical transaction group according to the target data, wherein the historical transaction group is a group obtained by group division of a historical transaction main body and a historical transaction medium of a plurality of historical transactions, the historical transaction medium corresponds to the historical transaction main body, and the historical transaction medium comprises the preset transaction medium;
a display module for displaying the target group and characteristics of the target group;
and the determining module is used for determining whether the transaction to be identified is a risk transaction according to the target group and the characteristics of the target group.
In a third aspect, the present specification provides a computer device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the risk transaction identification method when executing the computer program.
In a fourth aspect, the present specification provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the risk transaction identification method described above.
The embodiment of the specification has the following beneficial effects:
in the embodiment of the description, a historical transaction group is obtained by grouping historical transaction subjects and historical transaction media of a plurality of historical transactions, a target group corresponding to a transaction subject to be identified and/or a preset transaction medium of the transaction to be identified is found out, whether the transaction to be identified is a risk transaction is determined according to the characteristics of the target group and the target group, namely, the risk of a single case is judged by mining the group attribute of a perpetrator and analyzing the group image, so that the accuracy of risk transaction identification is improved, the inquiry or complaint initiated by a user to a payment platform is favorably reduced, and the resource consumption of an inquiry or complaint processing system is favorably reduced. And by displaying the target group and the characteristics of the target group, the visual operation requirement of risk transaction identification is met, the risk transaction identification is packaged into an analysis product, and the processing efficiency of the system for performing risk analysis on the transaction is improved.
Drawings
FIG. 1 is a flow chart of a risk transaction identification method of an embodiment of the present description;
FIG. 2 is a flow diagram for determining historical transaction groups in an embodiment of the present description;
FIG. 3 is a relationship network diagram after an association relationship between a transaction body and at least one transaction medium for historical transactions is established, according to an embodiment of the present disclosure;
FIG. 4 is a schematic diagram of clustering performed by the Louvain algorithm in an embodiment of the present disclosure;
FIG. 5 is a diagram illustrating a group to which target data belongs according to an embodiment of the present disclosure;
FIG. 6 is a diagram illustrating a group to which target data belongs according to another embodiment of the present disclosure;
FIG. 7 is a diagram illustrating a timing sequence of interactions between transaction agents according to one embodiment of the present disclosure;
FIG. 8 is a schematic diagram illustrating information that a transaction medium is used according to one embodiment of the present disclosure;
FIG. 9 is a schematic diagram illustrating a timing sequence in which a transaction body is used according to one embodiment of the present disclosure;
fig. 10 is a schematic structural diagram of a computer device according to an embodiment of the present disclosure.
Detailed Description
With the development of internet technology, online transactions such as transfer or online shopping through a network are becoming more and more common. However, online transactions provide convenience to users and also provide property security problems to users, and many lawbreakers have begun to steal the user's property by various means, such as by purchasing a stolen bank card and its payment code in black. In order to ensure the security of financial transactions, the payment platform usually sets some security policies for risk control. Aiming at the characteristic that lawbreakers who steal the property of a user usually have the behavior of wholesale embezzlement and organized implementation of batch embezzlement, the embodiment of the specification provides a risk transaction identification method and a risk transaction identification device.
In order to better understand the technical solutions, the technical solutions of the embodiments of the present specification are described in detail below with reference to the drawings and specific embodiments, and it should be understood that the specific features of the embodiments and embodiments of the present specification are detailed descriptions of the technical solutions of the embodiments of the present specification, and are not limitations of the technical solutions of the present specification, and the technical features of the embodiments and embodiments of the present specification can be combined with each other without conflict.
In a first aspect, embodiments of the present specification provide a risk transaction identification method. Fig. 1 is a flowchart of the risk transaction identification method, which includes steps S102 to S108.
S102, target data is received, wherein the target data comprises at least one of a transaction main body of a transaction to be identified and a preset transaction medium of the transaction to be identified.
Specifically, the transaction to be identified may be an online transaction such as a transfer or an online purchase performed through a network. The online transaction event is composed of a plurality of event elements, the event elements playing a key role in the online transaction event can be used as a transaction main body, and the event elements playing a medium role in the online transaction event can be used as a transaction medium. In the risk control system, the event types of the online transaction events are various, and the online transaction events of different event types contain different event elements. In this embodiment of the present specification, taking the transaction to be identified as a transfer or an online purchase as an example, the transaction subject may be a user account identifying an online transaction event, and the preset transaction medium may be one of an IP address, an email address, an equipment identifier, a receiving address, a telephone number, a payment bank card account, and a collection bank card account. It can be understood by those skilled in the art that the specific contents of the transaction main body and the preset transaction medium described above are only specific examples given for a pneumatic control system for online transactions such as money transfer or online shopping, and in practical applications, the transaction main body and the preset transaction medium may also be other types of event elements, which is not limited in this specification.
The transaction to be identified occurs in a business system, which is a system that provides online transactions. In an optional implementation manner, the business system may automatically extract, from the transaction data of the transaction to be identified, the transaction main body of the transaction to be identified and/or a preset transaction medium of the transaction to be identified as the target data, so that the target data may be directly received from the business system. Further, the business system may use each occurred online transaction as the transaction to be identified, and may also use an occurred online transaction with some risk characteristics (for example, a transaction amount is greater than a preset amount) as the transaction to be identified, which is not limited in the embodiment of the present specification. In another optional implementation manner, an operator of the risk control system may determine, according to an operation condition of the business system, an online transaction that is to be analyzed from online transactions that occur in the business system as the transaction to be identified, and extract, from transaction data of the transaction to be identified, a transaction subject of the transaction to be identified and/or a preset transaction medium of the transaction to be identified as the target data, so that the target data input by the operator through a computer input device may be received. Of course, the target data may also be received from other systems or channels, which are not illustrated here.
And S104, searching a target group corresponding to the target data from a historical transaction group according to the target data, wherein the historical transaction group is a group obtained by group division of a plurality of historical transaction main bodies and historical transaction media of historical transactions, the historical transaction media correspond to the historical transaction main bodies, and the historical transaction media comprise the preset transaction media.
In particular, the groups may reflect the locality characteristics of individual behaviors in the network and their associations to each other. For example, user accounts having a relationship and a close relationship may use the same telephone number, email address, and receiving address to perform online transactions. That is, there is an association between these transaction mediums and the user account. Therefore, the transaction medium and the user account number having an association relationship can be regarded as one group. By mining the target group and analyzing the group image of the target group, the risk of the transaction to be identified can be judged. When the target group is searched from the historical transaction group, the target data is matched with each node in the historical transaction group, and when the target data is matched with a certain node in a certain historical transaction group, the historical transaction group is determined to be the target group.
In an alternative implementation, the plurality of historical transactions may be transactions that occur within a fixed historical time period, and the group of historical transactions determined based on the plurality of historical transactions is fixed. In another alternative implementation, the plurality of historical transactions may be updated in real time, and the group of historical transactions determined based on the plurality of historical transactions is also updated in real time. The embodiment of the present specification provides a specific method for determining the historical transaction group, and fig. 2 is a flowchart for determining the historical transaction group, where determining the historical transaction group includes steps S202 to S208.
S202, historical transaction data in a preset time interval are obtained.
The preset time interval may be divided as follows: since the time attribute is a continuous value, the time can be discretized, i.e., the time is segmented. For example, the preset time interval may be several minutes or several tens of minutes, in terms of division; the segmentation is performed in seconds, and the preset time interval may be several seconds or several tens of seconds. The length of the preset time interval can be set according to the occurrence frequency of the online transaction events, and the higher the occurrence frequency of the online transaction events is, the shorter the preset time interval can be set. In one application scenario, the historical transaction data is obtained at 5 minute intervals, if the risk control system is operating from 9:00, transaction data for online transactions occurring between 9:00-9:05 is obtained at 9:05, transaction data for online transactions occurring between 9:05-9:10 is obtained at 9:10, transaction data for online transactions occurring between 9:10-9:15 is obtained at 9:15, and so on. For each online transaction, the business system generates corresponding transaction data, so that the historical transaction data can be obtained from the business system, wherein the historical transaction data comprises the historical transaction main body and the historical transaction medium.
S204, extracting the historical transaction main body and the historical transaction medium from the historical transaction data.
In this embodiment of the present specification, taking the transaction to be identified as an account transfer or an online purchase as an example, the transaction subject may be a user account identifying an online transaction event, and the transaction medium may be at least one of an IP address, an email address, a device identifier, a receiving address, a telephone number, a payment bank card account, and a collection bank card account. For example, a user account number of the historical transaction, an IP address of the historical transaction, a mailbox address of the historical transaction, a device identification of the historical transaction, a shipping address of the historical transaction, a telephone number of the historical transaction, and a payment bank card account number of the historical transaction may be extracted from the historical transaction data. Further, the historical transaction main body and the historical transaction medium can be obtained by means of field extraction.
In an alternative implementation, each historical transaction may be analyzed, and the historical transaction subject and the historical transaction medium may be extracted for each piece of historical transaction data. In another alternative implementation, only historical transactions with potential risks may be analyzed, and thus before the extracting the historical transaction main body and the historical transaction medium from the historical transaction data, the method further includes: judging whether the historical transaction data meet preset conditions or not, wherein the preset conditions are used for representing that the historical transaction has potential risks; when the historical transaction data meets the preset condition, the step of extracting the historical transaction main body and the historical transaction medium from the historical transaction data is executed. The preset condition may be that the transaction amount of the historical transaction is greater than a preset amount, the city to which the IP address of the historical transaction belongs is a preset city, and the like, and may be specifically set according to an actual requirement, which is not limited in the embodiment of the present specification.
S206, storing the historical transaction main body and the historical transaction medium into a cache space, and establishing an association relation between the historical transaction main body and the historical transaction medium.
Specifically, the historical transaction main body and the historical transaction medium are used as nodes, and the association relationship between the historical transaction main body and the historical transaction medium is established. Taking the historical transaction subject as the user account of the historical transaction, and the historical transaction medium as the phone number of the historical transaction and the mailbox address of the historical transaction as examples, if 3 historical transactions occur within the preset time interval, where the user account number of the historical transaction 1 is a1, the mailbox address is B1, the phone number is C1, the user account number of the historical transaction 2 is a2, the mailbox address is B2, and the phone number is C1, the user account number of the historical transaction 3 is A3, the mailbox address is B1, and the phone number is C2, then node a1, node B1, and node C1 are associated, node a2, node B2, and node C1 are associated, node A3, node B1, and node C2 are associated, and a relationship network obtained after the association relationship is established is shown in fig. 3. The historical transaction main body and the historical transaction medium are stored in the cache space, and the cache space is stored in a first-in first-out mode.
By establishing the association relationship between the historical transaction main body and the historical transaction medium, a connection graph can be formed. When hot spot data exists in the communication graph, an ultra-large group is easily formed through the communication scheme, and the accuracy of the group is directly influenced. If a hot spot data, such as a public telephone number, appears in the medium, although many user accounts use the telephone number, the hot spot data does not actually represent that the people are a party. Therefore, in an optional implementation manner, before the storing the historical transaction main body and the historical transaction medium into the buffer space, the method further includes: judging whether hot spot data exist in the historical transaction medium or not; and when the hot spot data exist in the historical transaction medium, the hot spot data are removed. By eliminating the hot spot data, the nodes which are connected more closely can be gathered together by utilizing a community discovery algorithm, and the nodes which are connected less closely can be separated, so that the generation of a super-large group can be avoided.
And S208, clustering the data in the cache space every set time length to obtain the historical transaction group.
The set time period may be divided as follows: since the time attribute is a continuous value, the time can be discretized, i.e., the time is segmented. For example, the segmentation is performed according to days, and the set time length can be one day or several days; the division is performed in terms of hours, and the set time period may be one hour or several hours. The shorter the set duration is set, the faster the historical transaction group is updated, but correspondingly, the more computing resources of the system are consumed, and the length of the set duration can be set according to actual requirements. In an application scenario, clustering is performed on data in the cache space every 3 hours, if the risk control system starts to operate from 9:00, clustering is performed on the data in the cache space for the first time at 12:00, clustering is performed on the data in the cache space for the second time at 15:00, clustering is performed on the data in the cache space for the third time at 18:00, and so on.
In this embodiment of the present specification, a Louvain algorithm is used to cluster data in the cache space, and the basic steps of the Louvain algorithm are as follows:
firstly, initializing, namely dividing each node into different communities;
secondly, selecting each node one by one, calculating the modulority gain obtained by dividing each node into the neighbor communities, if the maximum gain is greater than 0, dividing each node into the corresponding neighbor communities, and if not, keeping the nodes belonging to the original communities;
thirdly, repeating the second step until the community of the nodes is not changed any more;
and fourthly, constructing a new graph, wherein nodes in the new graph represent different communities generated in the last stage, the weight of an edge is the sum of the weights of the edges of all node pairs in the two communities, and the second step is repeated until the maximum modulation value is obtained.
Fig. 4 is a schematic diagram of clustering by using the Louvain algorithm, and the above steps are divided into two stages: the first stage comprises a first step to a third step, which are used for setting the attribution community of each node until no change occurs; the second phase is a fourth step for building a new graph and re-executing the operations of the first phase until the modulation value no longer increases. Through the above algorithm, the historical transaction group can be obtained. It can be understood by those skilled in the art that the clustering of the data in the cache space by using the Louvain algorithm described above is merely an example, and in practical applications, other community discovery algorithms, such as a label propagation clustering algorithm, may also be used, which is not limited in this specification.
In the above-described method for determining the historical transaction group, the transaction occurring within the preset time interval is used as the historical transaction, the historical transaction main body and the historical transaction medium are stored in the cache space, the historical transaction group is obtained by clustering data in the cache space at set time intervals, the obtained historical transaction group is updated in real time, that is, the risk of the transaction to be identified is judged according to the latest generated transaction, and the accuracy of identifying the risk of the transaction to be identified is further improved.
S106, displaying the target group and the characteristics of the target group.
Specifically, the target group and the characteristics of the target group are shown through visualization. When the target group is displayed, the target group can be displayed by adopting an attractive force and repulsive force layout, as shown in fig. 5; a hierarchical layout presentation may also be employed, as shown in fig. 6. Further, the characteristics of the target group include at least one of the number of nodes, a timing of interaction between the transaction bodies, information that the transaction medium is used, and a timing at which the transaction body is used. The number of the nodes comprises the number of IP addresses, the number of mailbox addresses, the number of equipment identifiers, the number of receiving addresses, the number of telephone numbers, the number of account numbers of payment bank cards, the number of account numbers of collection bank cards and the like, and when the number of the nodes is displayed, the number of the nodes and the group to which the target data belongs can be displayed together. The interaction time sequence between the transaction bodies is used for representing the transaction records of more than two user accounts in a certain time period, and fig. 7 is a schematic diagram showing the interaction time sequence between the transaction bodies; the information that the transaction medium is used to characterize the use of each transaction medium, for example, the number of times a certain IP address was used in the last three months, the time of the first use, and the time of the last use, etc., fig. 8 is a diagram showing the information that the transaction medium is used; the time sequence of the transaction main body being used is used for representing the operation records of the user account at different times, and fig. 9 is a schematic diagram showing the time sequence of the transaction main body being used.
Those skilled in the art will understand that the features of the target group described above are only examples, the target group and the features of the target group shown in fig. 5 to 9 are only examples, in practical applications, other feature types may also be set according to actual requirements, the features of the target group and the target group may also be shown in other graphic styles, and this is not limited in this specification.
In order to improve the coverage rate of the target group, in an alternative implementation, before displaying the features of the target group, the method further includes: receiving a group expansion request, the group expansion request including a group expansion condition; and expanding the target group according to the group expansion condition. In particular, suspicious user accounts or suspicious transaction media may be extracted from the target group by an operator of the risk control system. For a suspicious user account or a suspicious transaction medium, expanding the target group according to the group expansion condition by receiving the group expansion request input by an operator, wherein the group expansion condition can be '2 degrees expansion from an XX node', '3 degrees expansion from an XX node', and the like, and the 'XX node' is the suspicious user account or the suspicious transaction medium. And after the target group is expanded, displaying the characteristics of the target group after the group is expanded.
S108, determining whether the transaction to be identified is a risk transaction according to the target group and the characteristics of the target group.
Specifically, the connection relationship between the groups can be analyzed through the target group; the risk condition of the group can be analyzed through the information that the transaction medium is used; through the interaction time sequence between the transaction main bodies and the time sequence of the transaction main bodies being used, whether fund interaction is problematic or not can be analyzed, and when the fund interaction is problematic, the time period of fund link restoration and risk quick positioning can be shortened.
The risk transaction identification method provided by the embodiment of the specification judges the risk of a single case by mining the ganged attribute of a perpetrator and analyzing the ganged image, improves the accuracy of risk transaction identification, is favorable for reducing the inquiry or complaint initiated by a user to a payment platform, and is further favorable for reducing the resource consumption of an inquiry or complaint processing system. Moreover, by displaying the target group and the characteristics of the target group, the visual operation requirement of risk transaction identification is met, the risk transaction identification is packaged into an analysis product, and the processing efficiency of the system for performing risk analysis on the transaction is improved.
In a second aspect, based on the same inventive concept, embodiments of the present specification provide a risk transaction identification apparatus, including:
the system comprises a first receiving module, a second receiving module and a third receiving module, wherein the first receiving module is used for receiving target data, and the target data comprises at least one of a transaction main body of a transaction to be identified and a preset transaction medium of the transaction to be identified;
the searching module is used for searching a target group corresponding to the target data from a historical transaction group according to the target data, wherein the historical transaction group is a group obtained by group division of a historical transaction main body and a historical transaction medium of a plurality of historical transactions, the historical transaction medium corresponds to the historical transaction main body, and the historical transaction medium comprises the preset transaction medium;
a display module for displaying the target group and characteristics of the target group;
and the determining module is used for determining whether the transaction to be identified is a risk transaction according to the target group and the characteristics of the target group.
In an alternative implementation, the risk transaction identification device further includes:
the data acquisition module is used for acquiring historical transaction data within a preset time interval;
the extraction module is used for extracting the historical transaction main body and the historical transaction medium from the historical transaction data;
the storage module is used for storing the historical transaction main body and the historical transaction medium into a cache space;
the relation establishing module is used for establishing an incidence relation between the historical transaction main body and the historical transaction medium;
and the clustering module is used for clustering the data in the cache space every set time length to obtain the historical transaction group.
In an optional implementation manner, the risk transaction identification apparatus further includes a first judgment module;
the first judging module is used for judging whether the historical transaction data meet preset conditions, and the preset conditions are used for representing that the historical transaction has potential risks;
the extraction module is used for extracting the historical transaction main body and the historical transaction medium from the historical transaction data when the historical transaction data meet the preset conditions.
In an alternative implementation, the risk transaction identification device further includes:
the second judgment module is used for judging whether the hotspot data exist in the historical transaction medium or not;
and the data removing module is used for removing the hot spot data when the hot spot data exist in the historical transaction medium.
In an optional implementation manner, the clustering module is configured to cluster the data in the cache space by using a Louvain algorithm every other set time length.
In an alternative implementation, the risk transaction apparatus further includes:
a second receiving module, configured to receive a group expansion request, where the group expansion request includes a group expansion condition;
and the expansion module is used for expanding the target group according to the group expansion condition.
In an alternative implementation, the characteristics of the target group include at least one of the number of nodes, timing of interaction between the transaction bodies, information that the transaction medium is used, and timing of when the transaction body is used.
In an optional implementation manner, the transaction subject is a user account, and the transaction medium is at least one of an IP address, a mailbox address, an equipment identifier, a receiving address, a telephone number, a payment bank card account, and a collection bank card account.
In a third aspect, based on the same inventive concept as the risk transaction identification method in the foregoing embodiments, the present specification further provides a computer device, as shown in fig. 10, including a memory 1004, a processor 1002, and a computer program stored in the memory 1004 and executable on the processor 1002, where the processor 1002 executes the computer program to implement the steps of the risk transaction identification method in the foregoing.
Where in fig. 10 a bus architecture (represented by bus 1000) is shown, bus 1000 may include any number of interconnected buses and bridges, and bus 1000 links together various circuits including one or more processors, represented by processor 1002, and memory, represented by memory 1004. The bus 1000 may also link together various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. Bus interface 1006 provides an interface between bus 1000 and receiver 1001 and transmitter 1003. The receiver 1001 and the transmitter 1003 may be the same element, i.e., a transceiver, providing a means for communicating with various other apparatus over a transmission medium. The processor 1002 is responsible for managing the bus 1000 and general processing, and the memory 1004 may be used for storing data used by the processor 1002 in performing operations.
In a fourth aspect, based on the same inventive concept as the risk transaction identification method in the foregoing embodiments, the present specification further provides a computer readable storage medium, on which a computer program is stored, which when executed by a processor implements the steps of the risk transaction identification method described above.
The description has been presented with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the description. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present specification have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all changes and modifications that fall within the scope of the specification.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present specification without departing from the spirit and scope of the specification. Thus, if such modifications and variations of the present specification fall within the scope of the claims of the present specification and their equivalents, the specification is intended to include such modifications and variations.
Claims (18)
1. A risk transaction identification method, comprising:
receiving target data, wherein the target data comprises at least one of a transaction main body of a transaction to be identified and a preset transaction medium of the transaction to be identified;
searching a target group corresponding to the target data from a historical transaction group according to the target data, wherein the historical transaction group is a group obtained by group division of a plurality of historical transaction main bodies and historical transaction media of historical transactions, the historical transaction media correspond to the historical transaction main bodies, and the historical transaction media comprise the preset transaction media;
displaying the target group and features of the target group;
and determining whether the transaction to be identified is a risk transaction according to the target group and the characteristics of the target group.
2. The method of claim 1, the historical group of transactions obtained by:
acquiring historical transaction data within a preset time interval;
extracting the historical transaction subject and the historical transaction medium from the historical transaction data;
storing the historical transaction main body and the historical transaction medium into a cache space, and establishing an association relation between the historical transaction main body and the historical transaction medium;
and clustering the data in the cache space every set time length to obtain the historical transaction group.
3. The method of claim 2, further comprising, prior to said extracting said historical transaction subject and said historical transaction medium from said historical transaction data:
judging whether the historical transaction data meet preset conditions or not, wherein the preset conditions are used for representing that the historical transaction has potential risks;
when the historical transaction data meets the preset condition, the step of extracting the historical transaction main body and the historical transaction medium from the historical transaction data is executed.
4. The method of claim 2, further comprising, prior to said depositing said historical transaction body and said historical transaction medium into a buffer space:
judging whether hot spot data exist in the historical transaction medium or not;
and when the hot spot data exist in the historical transaction medium, the hot spot data are removed.
5. The method of claim 2, wherein clustering data in the cache space at set time intervals comprises:
and clustering the data in the cache space by adopting a Louvain algorithm every other set duration.
6. The method of claim 1, prior to displaying the features of the target group, further comprising:
receiving a group expansion request, the group expansion request including a group expansion condition;
and expanding the target group according to the group expansion condition.
7. The method of claim 1, the characteristics of the target group comprising at least one of a number of nodes, a timing of interactions between the transaction bodies, information that the transaction medium is used, and a timing of when the transaction bodies are used.
8. The method of claim 1, wherein the transaction subject is a user account and the transaction medium is at least one of an IP address, a mailbox address, a device identifier, a shipping address, a telephone number, a payment bank card account, and a collection bank card account.
9. A risk transaction identification device comprising:
the system comprises a first receiving module, a second receiving module and a third receiving module, wherein the first receiving module is used for receiving target data, and the target data comprises at least one of a transaction main body of a transaction to be identified and a preset transaction medium of the transaction to be identified;
the searching module is used for searching a target group corresponding to the target data from a historical transaction group according to the target data, wherein the historical transaction group is a group obtained by group division of a historical transaction main body and a historical transaction medium of a plurality of historical transactions, the historical transaction medium corresponds to the historical transaction main body, and the historical transaction medium comprises the preset transaction medium;
a display module for displaying the target group and characteristics of the target group;
and the determining module is used for determining whether the transaction to be identified is a risk transaction according to the target group and the characteristics of the target group.
10. The apparatus of claim 9, further comprising:
the data acquisition module is used for acquiring historical transaction data within a preset time interval;
the extraction module is used for extracting the historical transaction main body and the historical transaction medium from the historical transaction data;
the storage module is used for storing the historical transaction main body and the historical transaction medium into a cache space;
the relation establishing module is used for establishing an incidence relation between the historical transaction main body and the historical transaction medium;
and the clustering module is used for clustering the data in the cache space every set time length to obtain the historical transaction group.
11. The apparatus of claim 10, further comprising a first determining module;
the first judging module is used for judging whether the historical transaction data meet preset conditions, and the preset conditions are used for representing that the historical transaction has potential risks;
the extraction module is used for extracting the historical transaction main body and the historical transaction medium from the historical transaction data when the historical transaction data meet the preset conditions.
12. The apparatus of claim 10, further comprising:
the second judgment module is used for judging whether the hotspot data exist in the historical transaction medium or not;
and the data removing module is used for removing the hot spot data when the hot spot data exist in the historical transaction medium.
13. The apparatus according to claim 10, wherein the clustering module is configured to cluster the data in the cache space by using a Louvain algorithm every other set time.
14. The apparatus of claim 9, further comprising:
a second receiving module, configured to receive a group expansion request, where the group expansion request includes a group expansion condition;
and the expansion module is used for expanding the target group according to the group expansion condition.
15. The apparatus of claim 9, the characteristics of the target group comprising at least one of a number of nodes, timing of interactions between the transaction bodies, information that the transaction medium is used, and timing of when the transaction bodies are used.
16. The apparatus of claim 9, wherein the transaction subject is a user account and the transaction medium is at least one of an IP address, a mailbox address, a device identifier, a shipping address, a telephone number, a payment bank card account, and a collection bank card account.
17. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the method of any one of claims 1 to 8 when executing the computer program.
18. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911224800.0A CN111160916A (en) | 2019-12-04 | 2019-12-04 | Risk transaction identification method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911224800.0A CN111160916A (en) | 2019-12-04 | 2019-12-04 | Risk transaction identification method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111160916A true CN111160916A (en) | 2020-05-15 |
Family
ID=70556414
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911224800.0A Pending CN111160916A (en) | 2019-12-04 | 2019-12-04 | Risk transaction identification method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111160916A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109034583A (en) * | 2018-07-17 | 2018-12-18 | 阿里巴巴集团控股有限公司 | Abnormal transaction identification method, apparatus and electronic equipment |
| CN109063966A (en) * | 2018-07-03 | 2018-12-21 | 阿里巴巴集团控股有限公司 | The recognition methods of adventure account and device |
| CN109509093A (en) * | 2018-10-18 | 2019-03-22 | 中信网络科技股份有限公司 | A kind of transaction security control method and system based on main body portrait |
| CN109615167A (en) * | 2018-11-06 | 2019-04-12 | 阿里巴巴集团控股有限公司 | Determine the method, apparatus and electronic equipment of doubtful batch risk trade event |
| US20190306159A1 (en) * | 2018-03-27 | 2019-10-03 | Ca, Inc. | Time-based one-time password for device identification across different applications |
-
2019
- 2019-12-04 CN CN201911224800.0A patent/CN111160916A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20190306159A1 (en) * | 2018-03-27 | 2019-10-03 | Ca, Inc. | Time-based one-time password for device identification across different applications |
| CN109063966A (en) * | 2018-07-03 | 2018-12-21 | 阿里巴巴集团控股有限公司 | The recognition methods of adventure account and device |
| CN109034583A (en) * | 2018-07-17 | 2018-12-18 | 阿里巴巴集团控股有限公司 | Abnormal transaction identification method, apparatus and electronic equipment |
| CN109509093A (en) * | 2018-10-18 | 2019-03-22 | 中信网络科技股份有限公司 | A kind of transaction security control method and system based on main body portrait |
| CN109615167A (en) * | 2018-11-06 | 2019-04-12 | 阿里巴巴集团控股有限公司 | Determine the method, apparatus and electronic equipment of doubtful batch risk trade event |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9760735B2 (en) | Anonymous information exchange | |
| CN108628866B (en) | Data fusion method and device | |
| CN107291779B (en) | Cache data management method and device | |
| CN110009365B (en) | User group detection method, device and equipment for abnormally transferring electronic assets | |
| CN108153824A (en) | The determining method and device of targeted user population | |
| US20180081955A1 (en) | System and method for test data management | |
| CN106096926B (en) | Event processing method, device, electronic device and storage medium | |
| CN113205402A (en) | Account checking method and device, electronic equipment and computer readable medium | |
| CN109919608B (en) | Identification method, device and server for high-risk transaction main body | |
| CN112200660A (en) | Method, device and equipment for supervising bank counter business | |
| US11165561B2 (en) | Determining a change to product information or user information via hashing | |
| CN112347147A (en) | Information pushing method and device based on user association relationship and electronic equipment | |
| US7533095B2 (en) | Data mining within a message handling system | |
| CN111754259A (en) | Satisfaction evaluation task obtaining method, device, system, equipment and storage medium | |
| CN109711984B (en) | Pre-loan risk monitoring method and device based on collection urging | |
| CN117094764A (en) | Bank integral processing method and device | |
| CN110782310A (en) | Method, device and system for asynchronously acquiring user attribute information from third-party platform | |
| CN112541765A (en) | Method and apparatus for detecting suspicious transactions | |
| CN106685708A (en) | Determining method, device and system of service relationship | |
| CN111160916A (en) | Risk transaction identification method and device | |
| CN114153860A (en) | Business data management method and device, electronic equipment and storage medium | |
| CN113344642A (en) | Method, device, electronic equipment and readable storage medium for predicting return on investment of advertisement | |
| CN113822691A (en) | User account identification method, device, system and medium | |
| CN110309312B (en) | Associated event acquisition method and device | |
| CN112613986A (en) | Capital backflow identification method, device and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200515 |