CN111372242A - Fraud identification method, device, server and storage medium - Google Patents
Fraud identification method, device, server and storage medium Download PDFInfo
- Publication number
- CN111372242A CN111372242A CN202010046504.2A CN202010046504A CN111372242A CN 111372242 A CN111372242 A CN 111372242A CN 202010046504 A CN202010046504 A CN 202010046504A CN 111372242 A CN111372242 A CN 111372242A
- Authority
- CN
- China
- Prior art keywords
- fraud
- address
- character string
- longitude
- latitude
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/63—Location-dependent; Proximity-dependent
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses a fraud identification method, a fraud identification device, a server and a storage medium. The method comprises the following steps: acquiring address information of a user; converting the address information into LBS longitude and latitude; converting LBS longitude and latitude into a GeoHash character string; and judging whether fraud risk exists according to the GeoHash character string and a preset strategy. The final judgment of the method is carried out based on the GeoHash character string related data, so that the operation pressure is reduced, the availability of address information in the fraud recognition is improved, and the accuracy of the fraud recognition is also improved.
Description
Technical Field
The invention belongs to the field of network security, and particularly relates to a fraud identification method, a fraud identification device, a server and a storage medium.
Background
With the development of the internet, a fraud group has more living space, in most identification aiming at the fraud group in the prior art, analysis and diagnosis are mainly carried out aiming at various information used by a user, wherein address information is taken as important information to play an important role in the judgment process, but when fraud identification is carried out based on the address information in the prior art, the identification efficiency is low, and the accuracy is not enough.
Disclosure of Invention
In view of this, the present invention provides a fraud identification method, which can have an accurate fraud identification effect for a plurality of devices performing black production or for a device sharing black production.
In order to solve the technical problems, the invention adopts the following technical scheme:
acquiring address information of a user;
converting the address information into LBS longitude and latitude;
converting the LBS longitude and latitude into a GeoHash character string;
and judging whether fraud risk exists according to the GeoHash character string and a preset strategy.
In a second aspect, the present invention provides a fraud identification apparatus, comprising:
the information acquisition module is used for acquiring address information of a user;
the longitude and latitude conversion module is used for converting the address information into LBS longitude and latitude;
the coding module is used for converting the LBS longitude and latitude into a GeoHash character string;
and the fraud identification module is used for judging whether fraud risks exist according to the GeoHash character string and a preset rule.
In a third aspect, the present invention provides a server comprising a memory and a processor, the memory having stored thereon a computer program operable on the processor, the processor implementing the fraud identification method as described above when executing the computer program.
In a fourth aspect, the present invention provides a computer-readable storage medium storing a computer program comprising program instructions which, when executed, implement the aforementioned fraud identification method.
According to the fraud identification method provided by the invention, the address information is converted into the LBS longitude and latitude, then the LBS longitude and latitude is converted into the GeoHash character string, and whether fraud risk exists is judged based on the GeoHash character string execution preset strategy.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only part of the embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a flow chart of a fraud identification method according to an embodiment of the present invention;
FIG. 2 is a flow chart of a fraud identification method according to a second embodiment of the present invention;
FIG. 3 is a schematic diagram of the type of feature data provided by the second embodiment of the present invention
Fig. 4 is a schematic structural diagram of a fraud detection apparatus according to a third embodiment of the present invention;
fig. 5 is a schematic structural diagram of a server according to a fourth embodiment of the present invention.
Detailed Description
The technical solution in the implementation of the present application is described clearly and completely below with reference to the drawings in the embodiments of the present application. It is to be understood that the specific embodiments described herein are merely illustrative of some, and not restrictive, of the current application. It should be further noted that, based on the embodiments in the present application, all other embodiments obtained by a person of ordinary skill in the art without any creative effort belong to the protection scope of the present application.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
Furthermore, the terms "first," "second," and the like may be used herein to describe various orientations, actions, steps, elements, or the like, but the orientations, actions, steps, or elements are not limited by these terms. These terms are only used to distinguish one direction, action, step or element from another direction, action, step or element. For example, a first black producing device may be referred to as a second black producing device, and similarly, a second black producing device may be referred to as a first black producing device, without departing from the scope of the present invention. The first and second black producing devices are both black producing devices, but are not the same black producing device. The terms "first", "second", etc. are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include a combination of one or more features. In the description of the present invention, "a plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise. It should be noted that when one portion is referred to as being "secured to" another portion, it may be directly on the other portion or there may be an intervening portion. When a portion is said to be "connected" to another portion, it may be directly connected to the other portion or intervening portions may be present. The terms "vertical," "horizontal," "left," "right," and the like as used herein are for illustrative purposes only and do not denote a unique embodiment.
Before discussing exemplary embodiments in more detail, it should be noted that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although a flowchart may describe the steps as a sequential process, many of the steps can be performed in parallel, concurrently or simultaneously. In addition, the order of the steps may be rearranged. A process may be terminated when its operations are completed, but may have additional steps not included in the figure. A process may correspond to a method, a function, a procedure, a subroutine, a subprogram, etc.
Example one
Referring to fig. 1, the present embodiment provides a fraud identification method, specifically, the method includes the following steps:
and S110, acquiring address information of the user.
The address information of the user in this embodiment may be obtained by various ways, such as OCR (Optical character recognition), self-filling by the user, obtaining by accessing other databases, and the like; the specific address information may also include various types, such as a receiving address filled by an online shopping user, a receiving address filled by an e-commerce shipping, a company address provided by a credit user, and the like, which are not specifically limited herein, and for example, the address information includes one or more types of an identification card address, a receiving address, an IP address, a number attribution, a home address, and a location address, which may be set by the user according to the fraud type to be identified.
And S120, converting the address information into LBS longitude and latitude.
By analyzing the fraud list, it is known that address information in the case of e-commerce fraud (e.g. billing) credit fraud (e.g. black birth agency) is a key information for analyzing fraud, such as a large number of orders placed during billing, and the consignee addresses have certain similarity.
Most of traditional fraud analysis adopts an address fuzzy matching technology, and whether a plurality of addresses point to the same place or a nearby place is judged based on the similarity comparison of the swiped addresses to the address contents.
To solve the problem that the similarity of characters is easy to be confused, in this embodiment, the address information is converted into the longitude and latitude of LBS (Location Based Service). After the address information is converted into LBS longitude and latitude, the same address can point to the same longitude and latitude, the matching effect is more obvious, the LBS longitude and latitude can calculate the actual distance between two addresses, the address information cannot do the same, and whether a large number of similar user addresses exist or not, namely the address aggregation phenomenon can be quickly judged through the calculation of the distance.
And S130, converting the LBS longitude and latitude into a GeoHash character string.
After the address information is converted into LBS latitude and longitude in step S120, the address aggregation phenomenon can be identified, so as to avoid that a fraudulent party is not identified by using a similar address, but the address aggregation phenomenon is identified by LBS latitude and longitude, the distance between all addresses needs to be calculated pairwise, and then whether the address aggregation phenomenon exists is judged according to a preset distance threshold, and the calculation pressure of pairwise calculation under a big data scene is very high, the efficiency is very low, which brings great difficulty to data processing.
Considering the locality of addresses, in fact, only addresses with close positions have a calculation requirement, in this embodiment, a Geohash (Geohash is essentially a way of spatial indexing, and the basic principle is to understand the earth as a two-dimensional plane, and recursively decompose the plane into smaller subblocks, each subblock having the same code in a certain latitude and longitude range) character string capable of embodying the locality of addresses is selected as a basis for address aggregation judgment.
LBS latitude and longitude can be converted into GeoHash character strings through coding, each GeoHash character string represents a rectangular area on the geographic position, and the longer the GeoHash character string is, the smaller the geographic position range represented by the GeoHash character string is, namely, the more accurate the GeoHash character string is. Illustratively, the GeoHash strings of five-bit length include WX4ER, WX4G2 and WX4G3, which represent a rectangular region in the ten-square kilometer range. When the length of the GeoHash character string is 8 bits, the precision is about 19 meters, and when the length of the GeoHash character string is 9 bits, the precision is about 2 meters.
The more the same prefix bits (only the same number of bits are calculated and are not calculated later when the two identical prefix bits are different), the more the two GeoHash strings are, the closer the rectangular areas represented by the two GeoHash strings are geographically distant, for example, WX4ER and WX4EP have four identical prefixes, and WX4G0 and WX4P0 have three-dimensionally identical prefixes.
When other addresses are queried according to one address, only prefix matching needs to be performed according to a GeoHash character string corresponding to the address, the more the same bits are, the closer the bits are, and specifically, a Hash table (a Hash table, also called a Hash table) can be established by using a prefix of a preset number of bits in the GeoHash character string as a key (key value).
And S140, judging whether fraud risk exists according to the GeoHash character string and a preset strategy.
After the address information is finally converted into the GeoHash character string through LBS latitude and longitude, further analysis is required to determine whether a fraud risk exists based on the GeoHash character string, and specifically, in the embodiment, address aggregation analysis is performed during fraud analysis.
Optionally, in some embodiments, the address aggregation-based fraud analysis specific process includes (not shown):
and S141, determining the clustering centers and the GeoHash character strings under each clustering center according to the GeoHash character strings.
In a Hash table established by taking the first five bits of a GeoHash character string as a key, establishing a clustering center according to the distance by using the address in the same key (calculated by the GeoHash character string), after acquiring a new address, positioning the first five bits of the GeoHash character string corresponding to the new address to the key, then calculating the distance with all clustering centers in the key (if no corresponding clustering center exists, a clustering center is established by itself), adding a nearest clustering center meeting the requirement of a threshold (the threshold can be preset), adjusting the position of the center, and if the requirement of the threshold is not met, establishing a clustering center by itself, so that each GeoHash character string is added below one clustering center.
And S142, determining the information of the aggregated portrait according to the clustering centers and the GeoHash character strings under each clustering center.
The GeoHash character string division clustering center is only used for analyzing the address aggregation phenomenon, but in the actual fraud risk analysis, the address aggregation phenomenon is not enough for comprehensive judgment, and in the embodiment, the GeoHash character string does not exist independently, and a lot of other data are recorded along with the GeoHash character string, and the data are used for analyzing and describing the specific situation of a user based on the clustering center, which is called to determine the aggregated portrait information.
And S143, judging whether fraud risk exists according to the aggregated portrait information and a preset strategy.
After the aggregated portrait information is determined, whether fraud risks exist can be judged according to the specific conditions of the user and the preset strategies are related to the fraud types to be identified, the conditions of the different fraud types to be identified are different according to the customer conditions, the embodiment does not specifically limit the fraud types, and the user can set the preset strategies according to the actual conditions.
Optionally, in some embodiments, before determining whether a fraud risk exists according to a preset policy according to the GeoHash character string in step S140, the method further includes (not shown):
s100, setting a preset strategy according to the fraud type to be identified.
The preset strategy is corresponding to the fraud type, and when the fraud types to be identified are different, the preset strategy needs to be adjusted specifically according to the specific characteristics of the fraud types to ensure the efficiency and accuracy of identification.
The embodiment provides a fraud identification method, which includes converting address information into LBS longitude and latitude, converting the LBS longitude and latitude into a GeoHash character string, and executing a preset strategy based on the GeoHash character string to judge whether a fraud risk exists.
Example two
The second embodiment provides a fraud identification method, which is different from the first embodiment in that a process of determining whether a fraud risk exists according to the aggregated image information and a preset policy is explained in further detail, specifically as shown in fig. 2, the fraud identification method provided in this embodiment includes:
s210, address information of the user is obtained.
And S220, converting the address information into LBS longitude and latitude.
And S230, converting the LBS longitude and latitude into a GeoHash character string.
S240, determining the clustering centers and the GeoHash character strings under each clustering center according to the GeoHash character strings.
And S250, determining the information of the aggregated portrait according to the clustering centers and the GeoHash character strings under each clustering center.
Specifically, in this embodiment, the aggregated representation information includes address change frequency of the same user, number of associated users, time associated with the user, and specific user ratio among the associated users. It should be understood that the aggregate representation information is provided as an example, and not a limitation, and the aggregate representation information may be recorded in the form of data as shown in fig. 3 (the data in fig. 3 corresponds to a preset policy for credit fraud), wherein a plurality of data may individually describe the aggregate representation information or may be combined to describe the aggregate representation information.
And S260, judging whether fraud risk exists according to the aggregated portrait information and a preset strategy.
In this embodiment, the step S260 is specifically subdivided into steps S261-264, and a preset policy execution process for e-commerce fraud and credit fraud identification is specifically provided, where the steps S261-262 are the preset policy execution process for credit fraud, and the steps S263-264 are the preset policy execution process for e-commerce fraud.
And S261, judging the change speed of the number of the related users in the first area within the preset time according to the time related to the users.
When the number of users in an area is increased suddenly in a short time, it is indicated that the area may have an abnormality, because statistics can find that the increase speed of the number of users (the change speed of the associated number of users) should have a normal value interval, and when the abnormality occurs, it is indicated that there may be a group attack behavior, and a fraud risk needs to be identified.
And S262, determining default user occupation ratio in the first area according to specific user occupation ratio of the associated users, and if the default occupation ratio is exceeded and the change speed of the number of the associated users exceeds the preset speed, determining credit fraud risk in the first area.
In this embodiment, the specific user is an overdue or blacklist user, when the ratio of overdue or blacklist users in an area is high, there is a large possibility that there is an intermediary blacklist base point, the first area in steps S261 and S262 is not specific but refers to any area, a preset speed needs to be set to determine whether the number of users in an area is increased rapidly, when the change speed of the number of users exceeds the preset speed, the increase is indicated, similarly, a preset ratio is also set to determine whether the ratio of overdue or blacklist users is too high, it should be understood that the actual preset policy for the credit fraud is not limited to the two means of the increase of the number of users and the increase of the ratio of overdue or blacklist users, and in some alternative embodiments, a specific preset policy may be selected by itself.
And S263, judging whether the change speed of the number of the associated users in the second area is abnormal within the preset time according to the number of the associated users.
The second area is a representation mode for distinguishing from the first area, the second area can be any area, whether the number of users in one area is increased or not needs to be judged in a preset strategy for e-commerce fraud, and the second area can be used for judging whether the receiving addresses of a plurality of newly-built accounts are in the same area or not.
And S264, judging whether the active area changes and whether the address change frequency is abnormal or not according to the address change frequency of the same user, if the change speed of the number of the associated users is abnormal, the active area changes, and the address change frequency is abnormal, the E-commerce fraud risk exists in the second area.
For some black-product characteristics of e-commerce fraud, addresses used by normal users do not change frequently and have fixed active areas, so that the addresses can be used as identification means of e-commerce fraud. When the number of users in a certain area is increased sharply, a list swiping phenomenon is likely to occur, and if the active area of a certain user changes and the address change frequency is too high (specifically, a frequency threshold value can be set for comparison and judgment), it is indicated that the user is likely to be controlled by a black product center.
Of course, the fraud identification is not limited to the fraud type, and actually, a preset policy may be set according to the characteristics of the specific fraud type to determine a corresponding fraud risk, such as fraud in insurance services (e.g., car insurance).
The fraud identification method provided by the embodiment further provides a more detailed process for identifying e-commerce fraud and credit fraud according to the aggregated portrait information, the aggregated portrait information used for executing a preset strategy is obtained based on the address information recorded by the GeoHash character string, and then a corresponding fraud risk judgment result is obtained.
EXAMPLE III
Fig. 4 is a schematic structural diagram of a fraud recognition apparatus 300 according to a third embodiment of the present invention, including:
an information obtaining module 310, configured to obtain address information of a user.
Optionally, the address information includes one or more of an identification card address, a delivery address, an IP address, a number attribution, a home address, and a location address.
And a latitude and longitude conversion module 320 for converting the address information into LBS latitude and longitude.
And the encoding module 330 is configured to convert the LBS longitude and latitude into a GeoHash code.
And the fraud identification module 340 is configured to determine whether a fraud risk exists according to the GeoHash code and a preset rule.
Optionally, in some embodiments, the fraud identification module 340 includes:
and the cluster analysis unit is used for determining cluster centers and the GeoHash character strings under each cluster center according to the GeoHash character strings.
And the aggregate portrait information determining unit is used for determining the aggregate portrait information according to the cluster centers and the GeoHash character strings under each cluster center.
Optionally, in some embodiments, the aggregated representation information includes address change frequency of the same user, number of associated users, time associated with the user, and a specific user proportion among the associated users.
And the fraud risk judging unit is used for judging whether fraud risk exists according to the aggregated portrait information and a preset strategy.
Optionally, in some embodiments, the fraud risk determining unit includes:
and the first sub-unit for analyzing the user change in the area is used for judging the change speed of the number of the associated users in the first area in the preset time according to the time associated with the users.
And the specific user proportion analysis subunit is used for determining the default user proportion in the first area according to the specific user proportion in the associated users, and if the default proportion is exceeded and the change speed of the number of the associated users exceeds the preset speed, the credit fraud risk exists in the first area.
Optionally, in some embodiments, the fraud risk determining unit includes:
and the second subunit of user change analysis in the area is used for judging whether the change speed of the number of the associated users in the second area in the preset time is abnormal or not according to the number of the associated users.
And the address change analysis subunit is used for judging whether the active area changes and whether the address change frequency is abnormal according to the address change frequency of the same user, and if the change speed of the number of the associated users is abnormal, the active area changes and the address change frequency is abnormal, the E-commerce fraud risk exists in the second area.
Optionally, in some embodiments, the fraud identification apparatus 300 further includes:
and the preset strategy setting module is used for setting a preset strategy according to the fraud type to be identified.
The embodiment provides a fraud identification device, which converts address information into LBS longitude and latitude, converts the LBS longitude and latitude into a GeoHash character string, and judges whether a fraud risk exists based on a preset strategy executed by the GeoHash character string.
Example four
Fig. 5 is a schematic structural diagram of a server 400 according to a sixth embodiment of the present invention, as shown in fig. 5, the server includes a memory 410 and a processor 420, where the number of the processors 420 in the server may be one or more, and one processor 420 is taken as an example in fig. 5; the memory 410 and the processor 420 in the server may be connected by a bus or other means, and fig. 5 illustrates the connection by the bus as an example.
The memory 410, which is a computer-readable storage medium, may be used for storing software programs, computer-executable programs, and modules, such as program instructions/modules corresponding to the fraud identification method in the embodiment of the present invention (for example, the information acquisition module 310, the latitude and longitude conversion module 320, the encoding module 330, and the fraud identification module 340 in the fraud identification apparatus). The processor 420 executes various functional applications of the server and data processing by executing software programs, instructions, and modules stored in the memory 410, that is, implements the fraud identification method described above.
Wherein the processor 420 is configured to run the computer executable program stored in the memory 410 to implement the following steps: step S110, obtaining address information of a user; step S120, converting the address information into LBS longitude and latitude; step S130, converting the LBS longitude and latitude into a GeoHash character string; and step S140, judging whether fraud risks exist according to the GeoHash character strings and a preset strategy.
Of course, the server provided in the embodiment of the present invention is not limited to the above-described method operations, and may also perform related operations in the fraud identification method provided in any embodiment of the present invention.
The memory 410 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the terminal, and the like. Further, the memory 410 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples, memory 410 may further include memory located remotely from processor 420, which may be connected to a server over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The embodiment provides an identification server, which converts address information into LBS longitude and latitude, converts the LBS longitude and latitude into a GeoHash character string, and executes a preset strategy based on the GeoHash character string to judge whether a fraud risk exists.
EXAMPLE five
An embodiment of the present invention further provides a storage medium containing computer-executable instructions, which when executed by a computer processor, perform a fraud identification method, the fraud identification method including:
acquiring address information of a user;
converting the address information into LBS longitude and latitude;
converting the LBS longitude and latitude into a GeoHash character string;
and judging whether fraud risk exists according to the GeoHash character string and a preset strategy.
Of course, the storage medium provided by the embodiment of the present invention contains computer-executable instructions, and the computer-executable instructions are not limited to the operations of the method described above, and may also perform related operations in the fraud identification method provided by any embodiment of the present invention.
From the above description of the embodiments, it is clear to those skilled in the art that the present invention can be implemented by software and necessary general hardware, and certainly can be implemented by hardware, but the former is a better embodiment in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which may be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, and includes several instructions for enabling a computer device (which may be a personal computer, a device, or a network device) to execute the methods according to the embodiments of the present invention.
It should be noted that, in the embodiment of the authorization apparatus, the included units and modules are merely divided according to functional logic, but are not limited to the above division as long as the corresponding functions can be implemented; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.
Claims (10)
1. A fraud identification method, comprising:
acquiring address information of a user;
converting the address information into LBS longitude and latitude;
converting the LBS longitude and latitude into a GeoHash character string;
and judging whether fraud risk exists according to the GeoHash character string and a preset strategy.
2. The method of claim 1, wherein the address information comprises one or more of an identification card address, a shipping address, an IP address, a number home, a home address, and a location address.
3. The method according to claim 1, wherein the determining whether a fraud risk exists according to the GeoHash string and a preset policy comprises:
determining clustering centers and GeoHash character strings under each clustering center according to the GeoHash character strings;
determining aggregated portrait information according to the clustering centers and the GeoHash character strings under each clustering center;
and judging whether fraud risk exists according to the information of the aggregation portrait and a preset strategy.
4. The method of claim 3, wherein the aggregated representation information includes a frequency of address changes for the same user, a number of associated users, a time associated with a user, and a percentage of particular users of the associated users.
5. The method of claim 4, wherein determining whether a fraud risk exists according to the aggregated representation information and a predetermined policy comprises:
judging the change speed of the number of the associated users in the first area within preset time according to the time associated with the users;
and determining default user occupation ratio in the first area according to the specific user occupation ratio of the associated users, and if the default occupation ratio is exceeded and the change speed of the number of the associated users exceeds the preset speed, determining that credit fraud risk exists in the first area.
6. The method of claim 4, wherein determining whether a fraud risk exists according to the aggregated representation information and a predetermined policy comprises:
judging whether the change speed of the number of the associated users in a second area is abnormal or not within preset time according to the number of the associated users;
and judging whether the active area changes and whether the address change frequency is abnormal or not according to the address change frequency of the same user, if the change speed of the number of the associated users is abnormal, the active area changes, and the address change frequency is abnormal, the E-commerce fraud risk exists in the second area.
7. The method according to claim 1, wherein before determining whether a fraud risk exists according to the GeoHash character string according to a preset policy, the method further comprises:
and setting a preset strategy according to the fraud type to be identified.
8. An apparatus for fraud identification, comprising:
the information acquisition module is used for acquiring address information of a user;
the longitude and latitude conversion module is used for converting the address information into LBS longitude and latitude;
the coding module is used for converting the LBS longitude and latitude into a GeoHash character string;
and the fraud identification module is used for judging whether fraud risks exist according to the GeoHash character string and a preset rule.
9. A server, comprising a memory and a processor, the memory having stored thereon a computer program operable on the processor, when executing the computer program, implementing the fraud identification method of any of claims 1-7.
10. A computer-readable storage medium, characterized in that the storage medium stores a computer program comprising program instructions that, when executed, implement the fraud identification method according to any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010046504.2A CN111372242B (en) | 2020-01-16 | 2020-01-16 | Fraud identification method, fraud identification device, server and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010046504.2A CN111372242B (en) | 2020-01-16 | 2020-01-16 | Fraud identification method, fraud identification device, server and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111372242A true CN111372242A (en) | 2020-07-03 |
| CN111372242B CN111372242B (en) | 2023-10-03 |
Family
ID=71212175
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010046504.2A Active CN111372242B (en) | 2020-01-16 | 2020-01-16 | Fraud identification method, fraud identification device, server and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111372242B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112131328A (en) * | 2020-08-14 | 2020-12-25 | 深圳市麦谷科技有限公司 | Vehicle management method and device, terminal equipment and storage medium |
| CN112731491A (en) * | 2020-12-01 | 2021-04-30 | 中国水产科学研究院东海水产研究所 | Ship position coding terminal system based on Beidou |
| CN113746826A (en) * | 2021-08-31 | 2021-12-03 | 上海明略人工智能(集团)有限公司 | Method, system, storage medium and electronic device for identifying cheating flow |
| CN116843432A (en) * | 2023-05-10 | 2023-10-03 | 北京微聚智汇科技有限公司 | Anti-fraud method and device based on address text information |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060059073A1 (en) * | 2004-09-15 | 2006-03-16 | Walzak Rebecca B | System and method for analyzing financial risk |
| US20060149580A1 (en) * | 2004-09-17 | 2006-07-06 | David Helsper | Fraud risk advisor |
| CN107292424A (en) * | 2017-06-01 | 2017-10-24 | 四川新网银行股份有限公司 | A kind of anti-fraud and credit risk forecast method based on complicated social networks |
| CN108011987A (en) * | 2017-10-11 | 2018-05-08 | 北京三快在线科技有限公司 | IP address localization method and device, electronic equipment and storage medium |
| CN108764917A (en) * | 2018-05-04 | 2018-11-06 | 阿里巴巴集团控股有限公司 | It is a kind of fraud clique recognition methods and device |
| CN109919781A (en) * | 2019-01-24 | 2019-06-21 | 平安科技(深圳)有限公司 | Case recognition methods, electronic device and computer readable storage medium are cheated by clique |
| CN110009490A (en) * | 2019-01-14 | 2019-07-12 | 阿里巴巴集团控股有限公司 | Abnormal financial transaction Stock discrimination method and device |
| CN110147923A (en) * | 2019-04-04 | 2019-08-20 | 阿里巴巴集团控股有限公司 | The method and device of risk subscribers for identification |
| CN110413707A (en) * | 2019-07-22 | 2019-11-05 | 百融云创科技股份有限公司 | The excavation of clique's relationship is cheated in internet and checks method and its system |
-
2020
- 2020-01-16 CN CN202010046504.2A patent/CN111372242B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060059073A1 (en) * | 2004-09-15 | 2006-03-16 | Walzak Rebecca B | System and method for analyzing financial risk |
| US20060149580A1 (en) * | 2004-09-17 | 2006-07-06 | David Helsper | Fraud risk advisor |
| CN107292424A (en) * | 2017-06-01 | 2017-10-24 | 四川新网银行股份有限公司 | A kind of anti-fraud and credit risk forecast method based on complicated social networks |
| CN108011987A (en) * | 2017-10-11 | 2018-05-08 | 北京三快在线科技有限公司 | IP address localization method and device, electronic equipment and storage medium |
| CN108764917A (en) * | 2018-05-04 | 2018-11-06 | 阿里巴巴集团控股有限公司 | It is a kind of fraud clique recognition methods and device |
| CN110009490A (en) * | 2019-01-14 | 2019-07-12 | 阿里巴巴集团控股有限公司 | Abnormal financial transaction Stock discrimination method and device |
| CN109919781A (en) * | 2019-01-24 | 2019-06-21 | 平安科技(深圳)有限公司 | Case recognition methods, electronic device and computer readable storage medium are cheated by clique |
| CN110147923A (en) * | 2019-04-04 | 2019-08-20 | 阿里巴巴集团控股有限公司 | The method and device of risk subscribers for identification |
| CN110413707A (en) * | 2019-07-22 | 2019-11-05 | 百融云创科技股份有限公司 | The excavation of clique's relationship is cheated in internet and checks method and its system |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112131328A (en) * | 2020-08-14 | 2020-12-25 | 深圳市麦谷科技有限公司 | Vehicle management method and device, terminal equipment and storage medium |
| CN112731491A (en) * | 2020-12-01 | 2021-04-30 | 中国水产科学研究院东海水产研究所 | Ship position coding terminal system based on Beidou |
| CN112731491B (en) * | 2020-12-01 | 2021-09-10 | 中国水产科学研究院东海水产研究所 | Ship position coding terminal system based on Beidou |
| CN113746826A (en) * | 2021-08-31 | 2021-12-03 | 上海明略人工智能(集团)有限公司 | Method, system, storage medium and electronic device for identifying cheating flow |
| CN113746826B (en) * | 2021-08-31 | 2023-11-14 | 上海明略人工智能(集团)有限公司 | Method, system, storage medium and electronic device for identifying cheating flow |
| CN116843432A (en) * | 2023-05-10 | 2023-10-03 | 北京微聚智汇科技有限公司 | Anti-fraud method and device based on address text information |
| CN116843432B (en) * | 2023-05-10 | 2024-03-22 | 北京微聚智汇科技有限公司 | Anti-fraud method and device based on address text information |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111372242B (en) | 2023-10-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111372242B (en) | Fraud identification method, fraud identification device, server and storage medium | |
| CN110505196B (en) | Internet of things network card abnormality detection method and device | |
| US20180072539A1 (en) | System and method for automated analysis comparing a wireless device location with another geographic location | |
| CN107563757B (en) | Data risk identification method and device | |
| EP3258397A1 (en) | Text address processing method and apparatus | |
| CN108875757B (en) | Information auditing method, server and system | |
| CN106295349A (en) | Risk Identification Method, identification device and the anti-Ore-controlling Role that account is stolen | |
| IL200949A (en) | System and method for automated analysis by comparing a wireless device location with another geographic location | |
| CN106899936B (en) | Geohash-based gridding position privacy protection method and device | |
| CN110570652A (en) | vehicle fake plate detection reminding method and related product | |
| CN105978717A (en) | Network account recognition method and device | |
| CN107451461B (en) | Equipment fingerprint processing method and device of mobile equipment, server and storage medium | |
| CN110660466A (en) | Personal health data chaining method and system of Internet of things by combining block chains | |
| WO2017101703A1 (en) | Method and apparatus for recognizing service request to change mobile phone number | |
| CN109741227A (en) | One kind is based on nearest neighbor algorithm prediction people room consistency processing method and system | |
| CN110599278B (en) | Method, apparatus, and computer storage medium for aggregating device identifiers | |
| CN107332806B (en) | Method and device for setting mobile equipment identifier | |
| CN110633326A (en) | Method and system for uplink of weather data of Internet of things on block chain | |
| CN114862560A (en) | Automobile anti-fraud risk identification method and related equipment thereof | |
| CN111768196B (en) | Transaction information confirmation method and device | |
| CN114297735A (en) | Data processing method and related device | |
| CN113254672A (en) | Abnormal account identification method, system, equipment and readable storage medium | |
| CN102651859B (en) | Method, equipment and network for identifying of operator ownership of number portability users | |
| CN110647769A (en) | Indoor air detection data chaining method and equipment of Internet of things by combining block chains | |
| CN117040935B (en) | Cloud computing-based node data security transmission method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20200922 Address after: 518000 room 602, building B, Kingdee Software Park, Keji South 12th Road, high tech Zone, Yuehai street, Nanshan District, Shenzhen City, Guangdong Province Applicant after: Shenzhen kaniu Technology Co.,Ltd. Address before: Room 5363, 5 / F, building 2, Yongxin Times Square, Dongbin Road, Nanshan street, Nanshan District, Shenzhen City, Guangdong Province Applicant before: Shenzhen Suishou commercial factoring Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |