CN113313580A - Suspicious transaction screening method and device, electronic equipment and storage medium - Google Patents

Suspicious transaction screening method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN113313580A
CN113313580A CN202110701158.1A CN202110701158A CN113313580A CN 113313580 A CN113313580 A CN 113313580A CN 202110701158 A CN202110701158 A CN 202110701158A CN 113313580 A CN113313580 A CN 113313580A
Authority
CN
China
Prior art keywords
suspicious
transaction
customer
target customer
transactions
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110701158.1A
Other languages
Chinese (zh)
Inventor
何文哲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Agricultural Bank of China
Original Assignee
Agricultural Bank of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Agricultural Bank of China filed Critical Agricultural Bank of China
Priority to CN202110701158.1A priority Critical patent/CN113313580A/en
Publication of CN113313580A publication Critical patent/CN113313580A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/03Credit; Loans; Processing thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0631Resource planning, allocation, distributing or scheduling for enterprises or organisations
    • G06Q10/06311Scheduling, planning or task assignment for a person or group
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/103Workflow collaboration or project management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Human Resources & Organizations (AREA)
  • Strategic Management (AREA)
  • Economics (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Marketing (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Development Economics (AREA)
  • Finance (AREA)
  • Tourism & Hospitality (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Technology Law (AREA)
  • Educational Administration (AREA)
  • Game Theory and Decision Science (AREA)
  • Data Mining & Analysis (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The application provides a suspicious transaction screening method, a suspicious transaction screening device, electronic equipment and a storage medium. The suspicious transaction screening method comprises the following steps: determining all transaction data of a target customer within a preset time length; screening out suspicious transactions from all transaction data of a target customer according to customer information of the target customer, account information of an account of the target customer, all transaction data of the target customer and at least one preset risk evaluation rule, wherein the suspicious transactions meet at least one risk evaluation rule; adding state labels to the suspicious transactions, wherein the state labels comprise normal state labels and abnormal state labels; and sending risk prompt information based on the suspicious transaction with the abnormal state label in the suspicious transaction so that the user can check and process the suspicious transaction with the abnormal state label.

Description

Suspicious transaction screening method and device, electronic equipment and storage medium
Technical Field
The present application relates to data processing technologies, and in particular, to a method and an apparatus for screening suspicious transactions, an electronic device, and a storage medium.
Background
Money Laundering (Money laudering) is an act of legalizing illegal gains, mainly by masking and hiding the source and nature of illegal gains and their resulting revenues by various means, so that they are legalized formally. Criminals and their partners typically use financial systems to pay or transfer funds from one account to another to mask the true source of the funds and the interest ownership; or deposit money using a money custody service provided by a financial system. Therefore, the financial institution is also the master of the anti-money laundering work.
In the field of bank monitoring systems, a money laundering system is generally used to find out suspicious transactions meeting certain behavior characteristics (for example, transactions transferred from multiple customers to the same customer within one month, or transactions with similar amounts of money paid by a customer) by monitoring transaction data, customer data and account data generated by a transaction system, a customer management system, an account management system and the like and performing characteristic analysis on the data.
However, not all of the suspicious transactions are transactions that are at risk for money laundering. The user is still required to screen out the suspicious transactions for transactions that are at risk of money laundering for further investigation or reporting to regulatory authorities. If the transaction amount of the organization is large, the number of suspicious transactions needing to be processed by business personnel is huge, so that huge manpower is consumed undoubtedly, and meanwhile, the processing efficiency is limited.
Disclosure of Invention
The application provides a suspicious transaction screening method, a suspicious transaction screening device, electronic equipment and a storage medium. And the suspicious transactions are automatically screened, so that the labor consumption is reduced, and the processing efficiency is improved.
In a first aspect, the present application provides a method for screening suspicious transactions, including:
determining all transaction data of a target customer within a preset time length;
screening out suspicious transactions from all transaction data of a target customer according to customer information of the target customer, account information of an account of the target customer, all transaction data of the target customer and at least one preset risk evaluation rule, wherein the suspicious transactions meet at least one risk evaluation rule;
adding state labels to the suspicious transactions, wherein the state labels comprise normal state labels and abnormal state labels;
and sending risk prompt information based on the suspicious transaction with the abnormal state label in the suspicious transaction so that the user can check and process the suspicious transaction with the abnormal state label.
Optionally, the screening out suspicious transactions from all transaction data of the target customer according to the customer information of the target customer, the account information of the account of the target customer, all transaction data of the target customer, and at least one preset risk assessment rule includes:
for each target customer, screening out a group of suspicious transactions from all transaction data of the target customer according to customer information of the target customer, account information of an account of the target customer and all transaction data of the target customer on the basis of each risk assessment rule;
aiming at each target customer, merging at least one group of suspicious transactions screened out based on at least one risk assessment rule, and deleting repeated suspicious transactions among the groups to obtain the suspicious transactions of the target customer.
Optionally, the adding a status tag to the suspicious transaction includes:
and adding a state label for the suspicious transaction according to a preset customer exemption list.
Optionally, adding a status label to the suspicious transaction according to a preset customer exemption list, including:
for each target customer, if the target customer belongs to the customer exemption list, adding a normal state label to the suspicious transaction of the target customer;
and aiming at each target customer, if the target customer does not belong to the customer exemption list, adding an abnormal state label to the suspicious transaction of the target customer.
Optionally, the method further includes:
and correcting the state label of the suspicious transaction according to the historical suspicious transaction and the state label of the historical suspicious transaction.
Optionally, the modifying the status label of the suspicious transaction according to the historical suspicious transaction and the status label of the historical suspicious transaction includes:
and for each group of suspicious transactions with abnormal state labels, if a group of historical suspicious transactions with normal state labels exist in the historical suspicious transactions of the target client to which the suspicious transactions belong and comprise the group of suspicious transactions with abnormal state labels, correcting the state labels of the group of suspicious transactions with abnormal state labels into normal state labels.
Optionally, the method further includes:
for each customer, evaluating a risk coefficient of the customer according to historical transaction data of the customer and a status label of the historical transaction data;
and if the risk coefficient of the client is lower than a preset value, adding the client into a preset client exemption list.
In a second aspect, the present application provides a suspicious transaction screening apparatus, including:
the transaction data determining module is used for determining all transaction data of the target client within a preset time length;
the suspicious transaction screening module is used for screening suspicious transactions from all transaction data of the target customer according to the customer information of the target customer, the account information of the account of the target customer, all transaction data of the target customer and at least one preset risk evaluation rule, wherein the suspicious transactions meet at least one risk evaluation rule;
the status label marking module is used for adding status labels to the suspicious transactions, wherein the status labels comprise normal status labels and abnormal status labels;
and the prompt information sending module is used for sending risk prompt information based on the suspicious transaction with the abnormal state label in the suspicious transaction so as to enable the user to carry out auditing treatment on the suspicious transaction with the abnormal state label.
Optionally, the suspicious transaction screening module is specifically configured to, when screening suspicious transactions from all transaction data of the target customer according to the customer information of the target customer, the account information of the account of the target customer, all transaction data of the target customer, and at least one preset risk assessment rule:
for each target customer, screening out a group of suspicious transactions from all transaction data of the target customer according to customer information of the target customer, account information of an account of the target customer and all transaction data of the target customer on the basis of each risk assessment rule;
aiming at each target customer, merging at least one group of suspicious transactions screened out based on at least one risk assessment rule, and deleting repeated suspicious transactions among the groups to obtain the suspicious transactions of the target customer.
Optionally, when the status label labeling module adds a status label to the suspicious transaction, the status label labeling module is specifically configured to:
and adding a state label for the suspicious transaction according to a preset customer exemption list.
Optionally, the status label labeling module is specifically configured to, when adding the status label to the suspicious transaction according to a preset customer exemption list:
for each target customer, if the target customer belongs to the customer exemption list, adding a normal state label to the suspicious transaction of the target customer;
and aiming at each target customer, if the target customer does not belong to the customer exemption list, adding an abnormal state label to the suspicious transaction of the target customer.
Optionally, the apparatus further comprises:
and the state label correction module is used for correcting the state label of the suspicious transaction according to the historical suspicious transaction and the state label of the historical suspicious transaction.
Optionally, when the status label of the suspicious transaction is corrected according to the historical suspicious transaction and the status label of the historical suspicious transaction, the status label correction module is specifically configured to:
and for each group of suspicious transactions with abnormal state labels, if a group of historical suspicious transactions with normal state labels exist in the historical suspicious transactions of the target client to which the suspicious transactions belong and comprise the group of suspicious transactions with abnormal state labels, correcting the state labels of the group of suspicious transactions with abnormal state labels into normal state labels.
Optionally, the apparatus further comprises:
the risk coefficient evaluation module is used for evaluating the risk coefficient of each client according to the historical transaction data of the client and the state label of the historical transaction data;
and the exemption list modification module is used for adding the client into a preset client exemption list when the risk coefficient of the client is lower than a preset value.
In a third aspect, the present application provides an electronic device, comprising: a memory for storing program instructions; a processor for calling and executing the program instructions in the memory to perform the method of the first aspect.
In a fourth aspect, the present application provides a computer-readable storage medium storing a computer program which, when executed by a processor, implements the method of the first aspect.
In a fifth aspect, the present application provides a computer program product comprising a computer program which, when executed by a processor, implements the method of the first aspect.
The application provides a suspicious transaction screening method, a suspicious transaction screening device, electronic equipment and a storage medium. The suspicious transaction screening method comprises the following steps: determining all transaction data of a target customer within a preset time length; screening out suspicious transactions from all transaction data of a target customer according to customer information of the target customer, account information of an account of the target customer, all transaction data of the target customer and at least one preset risk evaluation rule, wherein the suspicious transactions meet at least one risk evaluation rule; adding state labels to the suspicious transactions, wherein the state labels comprise normal state labels and abnormal state labels; and sending risk prompt information based on the suspicious transaction with the abnormal state label in the suspicious transaction so that the user can check and process the suspicious transaction with the abnormal state label. By the method, the suspicious transaction meeting the risk assessment rule can be screened out based on the basic information and transaction data of the target customer, the state label is added to the suspicious transaction, and risk prompt is carried out on the suspicious transaction with the abnormal state label. Therefore, the automatic screening of suspicious transactions can be realized, the labor consumption is reduced, and the processing efficiency is improved.
Drawings
In order to more clearly illustrate the technical solutions in the present application or the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a schematic diagram of an application scenario provided in the present application;
fig. 2 is a flowchart of a suspicious transaction screening method according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of a suspicious transaction screening apparatus according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
To make the purpose, technical solutions and advantages of the present application clearer, the technical solutions in the present application will be clearly and completely described below with reference to the drawings in the present application, and it is obvious that the described embodiments are some, but not all embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Some concepts in this application are as follows:
anti-money laundering system: a system for finding transactions that are at risk of money laundering and processing them accordingly.
Risk assessment rules: the rules with certain operation logic limit the conditions of customer information, account information and transaction information meeting suspicious transactions.
Suspicious transaction: transactions that are characterized by certain anomalous transactions.
The anti-money laundering system can monitor transaction data, customer data and account data generated by a transaction system, a customer management system, an account management system and the like, and perform characteristic analysis on the data to find suspicious transactions meeting certain behavior characteristics. But are unable to screen suspicious transactions for transactions that are at risk of money laundering. If the screening process is performed by the user, huge manpower is consumed, and the processing efficiency is limited.
Therefore, the application provides a suspicious transaction screening method, a suspicious transaction screening device, an electronic device and a storage medium. The method and the device aim to automatically realize the screening of suspicious transactions, reduce the labor consumption and improve the processing efficiency.
Fig. 1 is a schematic diagram of an application scenario provided in the present application. As shown in fig. 1, a customer may perform a fund transaction after opening an account in a financial institution, and transaction data may be generated during the transaction process, and the transaction data may generally represent transaction time, fund flow (from the customer to a transaction opponent or from the transaction opponent to the customer), transaction amount, and the like. The server can screen the transaction data by loading at least one preset risk evaluation rule, determine suspicious transactions in abnormal states, and send air risk prompt information. After the user checks the risk prompt message, the user can further check the suspicious transaction in the abnormal state to determine whether the suspicious transaction has money laundering risk.
Fig. 2 is a flowchart of a suspicious transaction screening method according to an embodiment of the present application, and as shown in fig. 2, the method of this embodiment may include:
s201, determining all transaction data of the target customer within a preset time.
The screening of suspicious data in the transaction data of the target customer may need to be based on the characteristics of the transaction data. The characteristics of the transaction data may need to be analyzed over a large amount of data over a preset period of time.
The preset time length can be the time length set by the user according to experience, and can also be the time length set according to the transaction amount of the target customer. For example, 100 continuous transaction data need to be analyzed to obtain more accurate data characteristics, and if the daily transaction amount of a certain target customer is about 3, the preset time duration may be set to be one month. Of course, other time periods, half a year, one year, etc. may be set according to the requirement, and are not limited herein.
Alternatively, the target customers may be all customers of the organization using the method, or may be some designated customers. May be a single customer or may be multiple customers. All can be selected according to the actual application scene.
Given that the target customer may generate new transactions daily, the frequency of performing the method may be daily if the screening of suspicious transactions is more demanding. Of course, other frequencies can be set as required for days, weeks, months, etc., without limitation.
S202, screening out suspicious transactions from all transaction data of the target customer according to the customer information of the target customer, the account information of the account of the target customer, all transaction data of the target customer and at least one preset risk evaluation rule, wherein the suspicious transactions meet the at least one risk evaluation rule.
And matching and comparing each transaction data of each target client with each preset risk evaluation rule, and if a certain transaction meets the condition of any one risk evaluation rule, determining the transaction as a suspicious transaction. Therefore, suspicious transactions can be screened out from all transaction data of the target customers.
Wherein the risk assessment rules may include: the region where the trading opponents of the target customers are located belongs to the risk region; the target customer transacts with at least a target number of different opponents simultaneously within a target time period; the target client repays within the target duration after the loan. Specifically, the conditions such as the risk area, the target time interval, the target number, the target duration and the like can be set by the user according to actual requirements.
Specifically, a group of suspicious transactions can be screened out from all transaction data of the target customer based on each risk assessment rule and according to the customer information of the target customer, the account information of the account of the target customer and all transaction data of the target customer; and aiming at each target customer, merging at least one group of suspicious transactions screened out based on at least one risk evaluation rule, and deleting repeated suspicious transactions among the groups to obtain the suspicious transactions of the target customer.
That is, all transaction data of each target client are screened respectively based on each risk assessment rule, and multiple sets of suspicious transactions may be screened out. Multiple risk assessment rules may be satisfied simultaneously for a particular suspicious transaction, and thus there may be repeated suspicious transactions between groups of suspicious transactions. And combining the multiple groups of suspicious transactions, and deleting repeated suspicious transactions to obtain the suspicious transactions of each target client.
By means of the method for screening, the transactions with risks can be screened out as comprehensively as possible, and screening efficiency is improved.
S203, adding state labels for the suspicious transactions, wherein the state labels comprise normal state labels and abnormal state labels.
In the screened suspicious transactions, there may be some suspicious transactions that do have a money laundering risk, and there may be some transactions that do not have a money laundering risk. To distinguish and correspondingly subsequently process two suspicious transactions, a status label may be added thereto, respectively. And adding abnormal state labels to the partial suspicious transactions with money laundering risks, and adding normal state labels to the partial suspicious transactions without money laundering risks.
In some specific implementations, status tags may be added to suspicious transactions according to a preset customer-exempt list.
Specifically, a customer-exempted list may be preset, and customers determined according to historical transaction data that do not have money laundering risks may be added to the customer-exempted list. Then, aiming at each target customer, if the target customer belongs to a customer exemption list, adding a normal state label for the suspicious transaction of the target customer; and if the target client does not belong to the client exemption list, adding an abnormal state label to the suspicious transaction of the target client.
By comparing the target customer with the customers in the customer exempt list, corresponding status labels can be quickly added to the suspicious transactions, and the transactions with money laundering risks can be determined.
It should be noted that the transaction of the target customer not belonging to the exemption list does not necessarily have the risk of money laundering, but the risk in the transaction cannot be completely eliminated according to the current transaction data. Thus, transactions that have been tagged with an exception status tag may be further processed.
In one aspect, the status label of the suspicious transaction may be modified based on the historical suspicious transaction and the status label of the historical suspicious transaction.
Specifically, for each set of suspicious transactions with abnormal status tags, historical suspicious transactions of the target customers to which the suspicious transactions belong can be queried. And if a group of historical suspicious transactions with normal state labels exist in the historical suspicious transactions of the target client and comprise the group of suspicious transactions with abnormal state labels, correcting the state labels of the group of suspicious transactions with abnormal state labels into normal state labels.
Referring to the description of S201, the period of suspicious transaction screening for the target user may be shorter than the span (preset duration) of the transaction data each time suspicious transaction screening is performed, that is, the operations of screening and tagging the same set of data may be performed in consecutive times of suspicious data screening processes. Therefore, there may be a case where a certain group of transactions are determined to be suspicious transactions in a previous screening process, and are labeled with normal status labels through subsequent processing, and are determined to be suspicious transactions again in the current screening process, and are labeled with abnormal status labels. In this case, the abnormal state label marked at this time can be corrected to be the normal state label.
By correcting the state label, the misjudgment of suspicious transactions can be reduced, the auditing and checking processes of the transactions which are wrongly labeled with abnormal state labels are reduced, and the screening efficiency is further improved.
On the other hand, the result of the current annotation can be added into historical transaction data for each client, and the risk coefficient of the client is evaluated according to the historical transaction data of the client and the state label of the historical transaction data; and if the risk coefficient of the client is lower than the preset value, adding the client into a preset client exemption list.
Wherein the evaluation of the risk factor may refer to the transaction amount determined to be suspicious transactions and/or the transaction amount labeled as an abnormal status label in the historical transactions. For example, the smaller the proportion of the transaction amount determined to be suspicious to the transaction amount of historical transactions, the lower the risk factor; the smaller the proportion of the transaction amount labeled as an abnormal status label to the transaction amount of the historical transactions, the lower the risk factor.
Through the evaluation of the risk coefficient, the client with lower money laundering risk can be accurately determined, the client exemption list is added, and then the transaction in a normal state is quickly eliminated in the screening process of the suspicious transaction.
And S204, sending risk prompt information based on the suspicious transaction with the abnormal state label in the suspicious transaction so that the user can check and process the suspicious transaction with the abnormal state label.
Risk prompt information can be generated according to information such as the transaction number of the suspicious transaction with the abnormal state label, and the risk prompt information is displayed or sent to a terminal of a user for displaying. After the user views the suspicious transactions with the abnormal state labels, the user can perform manual review processing by combining with other more detailed data, or directly perform investigation on the affiliated target customers to confirm the money laundering behaviors or eliminate the money laundering behaviors.
After the subsequent processing, a more definite result can be obtained for the normality or non-normality of the suspicious transactions with the abnormal state labels, and accordingly, label correction can be performed on the transactions with wrong labels.
The suspicious transaction screening method provided by the embodiment comprises the following steps: determining all transaction data of a target customer within a preset time length; screening out suspicious transactions from all transaction data of the target customer according to the customer information of the target customer, the account information of the account of the target customer, all transaction data of the target customer and at least one preset risk evaluation rule, wherein the suspicious transactions meet the at least one risk evaluation rule; adding status labels for suspicious transactions, wherein the status labels comprise normal status labels and abnormal status labels; and sending risk prompt information based on the suspicious transaction with the abnormal state label in the suspicious transaction so that the user can audit the suspicious transaction with the abnormal state label. By the method, the suspicious transaction meeting the risk assessment rule can be screened out based on the basic information and transaction data of the target customer, the state label is added to the suspicious transaction, and risk prompt is carried out on the suspicious transaction with the abnormal state label. Therefore, the automatic screening of suspicious transactions can be realized, the labor consumption is reduced, and the processing efficiency is improved.
In a specific embodiment, the method is implemented as follows:
and setting an exemption list. According to the risk condition of the client, the user brings the client with sufficient reason that no money laundering risk is considered into the exemption list, and the exemption list can be marked as a set EL and defined as follows:
EL={el1,el2,...,elm}
wherein el ismAnd m represents the mth el in the set, wherein m is a positive integer, el is the client exemption information in the exemption list, and the definition is as follows:
el=(cn,er)
where cn is the customer number and er is the exemption reason for the customer.
A suspicious transaction is generated. With respect to the customer information, the transaction information, and the account information, the suspicious transaction is generated by combining the risk assessment rule and parameters in the rule set by the user (for example, "risk area", "target time period", "target quantity", "target duration", and the like explained in S202).
Wherein the customer information set CD is defined as follows:
CD={cd1,cd2,...,cdm}
wherein cdmAnd m represents the mth cd in the set, wherein m is a positive integer, and cd is customer information and is defined as:
cd=(cn,ca1,ca2,...,can)
wherein cn is the customer number, canThe nth other information indicating the client, such as the name, location, social security number, company number, etc. n is a positive integer.
The transaction information set TD for each customer is defined as follows:
TD={td1,td2,...,tdm}
wherein tdmAnd m represents the mth td in the set, wherein m is a positive integer, td is transaction information and is defined as:
td=(tn,ta1,ta2,...,tan)
where tn is the transaction number, tanNth other information indicative of the transaction, such as transaction amount, currency, transaction direction, transaction category, etc. n is a positive integer.
The set of account information AD for each customer is defined as follows:
AD={ad1,ad2,...,adm}
therein, admRepresenting the mth ad in the set, wherein m is a positive integer, and ad is account information and defined as:
ad=(an,aa1,aa2,...,aan)
where an is the account number aanThe nth other information indicating the account, for example, the use of the account (foreign exchange sales, etc.), the denomination of the account, and the like.
The risk assessment rule set RL is defined as:
RL={R1,R2,...,Rm}
wherein R ismRepresents the m-th R, R in the setIs a rule function defined as:
R=r(CD,TD,AD,a)
where a is a parameter in the rule input by the user.
When a group of specific customer information CD, transaction information TD, account information AD, risk assessment rules RL and parameters in each rule are given, the transactions of m customers can be screened based on m rules, and finally a group of suspicious transaction sets AS is defined AS:
AS={AL1,AL2,...,ALm}
wherein, ALmIs based on a rule RmScreening the transactions of m customers to obtain a set of suspicious transactions, AL1Is defined as:
AL1={al11,al12,...,al1m}
wherein al1mIs based on a rule R1Number cn to client1mThe transactions of the customer are screened, and the set of suspicious transactions, al, is obtained11Is defined as:
(cn11,tn111,...,tn11n)
wherein, tn11nIs based on a rule R1The screened customer number is cn11The transaction number of the nth suspicious transaction.
Thus, AS can be fully defined AS:
Figure BDA0003129814510000111
and calculating the exemption transaction according to the exemption list, and labeling the exemption transaction with a normal state label. The exempt transaction ASe may be represented as:
Figure BDA0003129814510000112
and calculating repeated transactions according to the historical information, and labeling the repeated transactions with normal state labels. The repeat transaction ASr may be expressed as:
Figure BDA0003129814510000113
where ASh any set of suspicious transactions in the historical transactions have a normal status label.
And merging and generating a final early warning. And respectively aggregating suspicious transactions except exemption transactions and repeated transactions of the screening result according to the dimension of the client. The aggregated set may be represented as ASo:
ASo=AS-(ASe∪ASr)
an algorithm can also be designed to merge repeated transactions in the ASo according to the customer number and the transaction number. The algorithm is described as follows:
ASf={}
Figure BDA0003129814510000121
after algorithm calculation, ASf is the set of suspicious transactions that are finally determined to need to send risk hint information.
Fig. 3 is a schematic structural diagram of a suspicious transaction screening apparatus according to an embodiment of the present disclosure, and as shown in fig. 3, the suspicious transaction screening apparatus 300 of the present embodiment may include: the system comprises a transaction data determination module 301, a suspicious transaction screening module 302, a state label marking module 303 and a prompt message sending module 304.
The transaction data determining module 301 is configured to determine all transaction data of the target customer within a preset time duration;
the suspicious transaction screening module 302 is configured to screen suspicious transactions from all transaction data of the target customer according to the customer information of the target customer, the account information of the account of the target customer, all transaction data of the target customer, and at least one preset risk assessment rule, where the suspicious transactions satisfy the at least one risk assessment rule;
a status label labeling module 303, configured to add a status label to the suspicious transaction, where the status label includes a normal status label and an abnormal status label;
and the prompt information sending module 304 is configured to send risk prompt information based on the suspicious transaction with the abnormal state tag in the suspicious transaction, so that the user performs audit processing on the suspicious transaction with the abnormal state tag.
Optionally, the suspicious transaction screening module 302 is specifically configured to, when screening out suspicious transactions from all transaction data of the target customer according to the customer information of the target customer, the account information of the account of the target customer, all transaction data of the target customer, and at least one preset risk assessment rule:
aiming at each target customer, based on each risk assessment rule, screening out a group of suspicious transactions from all transaction data of the target customer according to the customer information of the target customer, the account information of the account of the target customer and all transaction data of the target customer;
and aiming at each target customer, merging at least one group of suspicious transactions screened out based on at least one risk evaluation rule, and deleting repeated suspicious transactions among the groups to obtain the suspicious transactions of the target customer.
Optionally, when the status label labeling module 303 adds a status label to the suspicious transaction, it is specifically configured to:
and adding a state label for the suspicious transaction according to a preset client exemption list.
Optionally, the status label labeling module 303 is specifically configured to, when adding the status label for the suspicious transaction according to a preset customer exemption list:
for each target customer, if the target customer belongs to a customer exemption list, adding a normal state label for suspicious transactions of the target customer;
and aiming at each target customer, if the target customer does not belong to the customer exemption list, adding an abnormal state label to the suspicious transaction of the target customer.
Optionally, the apparatus further comprises:
and a status label correction module 305, configured to correct the status label of the suspicious transaction according to the historical suspicious transaction and the status label of the historical suspicious transaction.
Optionally, when the status label of the suspicious transaction is corrected according to the historical suspicious transaction and the status label of the historical suspicious transaction, the status label correction module 305 is specifically configured to:
and for each group of suspicious transactions with abnormal state labels, if a group of historical suspicious transactions with normal state labels exist in the historical suspicious transactions of the target client to which the suspicious transactions belong and comprise the group of suspicious transactions with abnormal state labels, correcting the state labels of the group of suspicious transactions with abnormal state labels into normal state labels.
Optionally, the apparatus 300 further comprises:
a risk coefficient evaluation module 306, configured to evaluate, for each customer, a risk coefficient of the customer according to the historical transaction data of the customer and the status label of the historical transaction data;
and an exempt list modification module 307, configured to add the client to a preset client exempt list when the risk coefficient of the client is lower than a preset value.
The apparatus of this embodiment may be configured to perform the method of any of the above embodiments, and the implementation principle and the technical effect are similar, which are not described herein again.
Fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present application, and as shown in fig. 4, the electronic device 400 according to this embodiment may include:
a memory 401 for storing program instructions.
The processor 402 is configured to call and execute the program instructions in the memory 401 to execute the method according to any of the embodiments described above, which achieves similar principles and technical effects, and is not described herein again.
The present application also provides a computer-readable storage medium, which stores a computer program, which, when executed by a processor, implements the method of any of the above embodiments.
The present application also provides a computer program product comprising a computer program which, when executed by a processor, implements the method of any of the above embodiments.
Those of ordinary skill in the art will understand that: all or a portion of the steps of implementing the above-described method embodiments may be performed by hardware associated with program instructions. The program may be stored in a computer-readable storage medium. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present application.

Claims (11)

1. A method for screening suspicious transactions, comprising:
determining all transaction data of a target customer within a preset time length;
screening out suspicious transactions from all transaction data of a target customer according to customer information of the target customer, account information of an account of the target customer, all transaction data of the target customer and at least one preset risk evaluation rule, wherein the suspicious transactions meet at least one risk evaluation rule;
adding state labels to the suspicious transactions, wherein the state labels comprise normal state labels and abnormal state labels;
and sending risk prompt information based on the suspicious transaction with the abnormal state label in the suspicious transaction so that the user can check and process the suspicious transaction with the abnormal state label.
2. The method of claim 1, wherein the screening of suspicious transactions from the total transaction data of the target customer according to the customer information of the target customer, the account information of the account of the target customer, the total transaction data of the target customer, and at least one preset risk assessment rule comprises:
for each target customer, screening out a group of suspicious transactions from all transaction data of the target customer according to customer information of the target customer, account information of an account of the target customer and all transaction data of the target customer on the basis of each risk assessment rule;
aiming at each target customer, merging at least one group of suspicious transactions screened out based on at least one risk assessment rule, and deleting repeated suspicious transactions among the groups to obtain the suspicious transactions of the target customer.
3. The method of claim 1 or 2, wherein adding a status tag to the suspicious transaction comprises:
and adding a state label for the suspicious transaction according to a preset customer exemption list.
4. The method of claim 3, wherein adding a status label to the suspicious transaction according to a predetermined customer-exempt list comprises:
for each target customer, if the target customer belongs to the customer exemption list, adding a normal state label to the suspicious transaction of the target customer;
and aiming at each target customer, if the target customer does not belong to the customer exemption list, adding an abnormal state label to the suspicious transaction of the target customer.
5. The method of claim 1 or 2, further comprising:
and correcting the state label of the suspicious transaction according to the historical suspicious transaction and the state label of the historical suspicious transaction.
6. The method of claim 5, wherein modifying the status label of the suspicious transaction based on the historical suspicious transaction and the status label of the historical suspicious transaction comprises:
and for each group of suspicious transactions with abnormal state labels, if a group of historical suspicious transactions with normal state labels exist in the historical suspicious transactions of the target client to which the suspicious transactions belong and comprise the group of suspicious transactions with abnormal state labels, correcting the state labels of the group of suspicious transactions with abnormal state labels into normal state labels.
7. The method of claim 3, further comprising:
for each customer, evaluating a risk coefficient of the customer according to historical transaction data of the customer and a status label of the historical transaction data;
and if the risk coefficient of the client is lower than a preset value, adding the client into a preset client exemption list.
8. A suspicious transaction screening apparatus, comprising:
the transaction data determining module is used for determining all transaction data of the target client within a preset time length;
the suspicious transaction screening module is used for screening suspicious transactions from all transaction data of the target customer according to the customer information of the target customer, the account information of the account of the target customer, all transaction data of the target customer and at least one preset risk evaluation rule, wherein the suspicious transactions meet at least one risk evaluation rule;
the status label marking module is used for adding status labels to the suspicious transactions, wherein the status labels comprise normal status labels and abnormal status labels;
and the prompt information sending module is used for sending risk prompt information based on the suspicious transaction with the abnormal state label in the suspicious transaction so as to enable the user to carry out auditing treatment on the suspicious transaction with the abnormal state label.
9. An electronic device, comprising:
a memory for storing program instructions;
a processor for calling and executing program instructions in said memory, performing the method of any of claims 1-7.
10. A computer-readable storage medium, characterized in that the storage medium stores a computer program which, when executed by a processor, implements the method according to any one of claims 1-7.
11. A computer program product comprising a computer program, characterized in that the computer program realizes the method of any of claims 1-7 when executed by a processor.
CN202110701158.1A 2021-06-23 2021-06-23 Suspicious transaction screening method and device, electronic equipment and storage medium Pending CN113313580A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110701158.1A CN113313580A (en) 2021-06-23 2021-06-23 Suspicious transaction screening method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110701158.1A CN113313580A (en) 2021-06-23 2021-06-23 Suspicious transaction screening method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN113313580A true CN113313580A (en) 2021-08-27

Family

ID=77379976

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110701158.1A Pending CN113313580A (en) 2021-06-23 2021-06-23 Suspicious transaction screening method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN113313580A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116756215A (en) * 2023-06-27 2023-09-15 上海蚂蚁创将信息技术有限公司 Transaction in-transit state query method and system
CN117114677A (en) * 2023-07-12 2023-11-24 北京中盛九橙企业管理咨询有限公司 Digital wallet management system and method

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116756215A (en) * 2023-06-27 2023-09-15 上海蚂蚁创将信息技术有限公司 Transaction in-transit state query method and system
CN116756215B (en) * 2023-06-27 2024-04-16 上海蚂蚁创将信息技术有限公司 Transaction in-transit state query method and system
CN117114677A (en) * 2023-07-12 2023-11-24 北京中盛九橙企业管理咨询有限公司 Digital wallet management system and method

Similar Documents

Publication Publication Date Title
US11023963B2 (en) Detection of compromise of merchants, ATMs, and networks
EP2555153A1 (en) Financial activity monitoring system
US20070061259A1 (en) Mass compromise/point of compromise analytic detection and compromised card portfolio management system
Rahmawati et al. Fraud detection on event log of bank financial credit business process using Hidden Markov Model algorithm
GB2473112A (en) Processing financial events for identifying potential crimes
CN113313580A (en) Suspicious transaction screening method and device, electronic equipment and storage medium
CN107911231A (en) The appraisal procedure and device of a kind of threat data
US20140324703A1 (en) Money services system
CN115564449A (en) Risk control method and device for transaction account and electronic equipment
CN111709844A (en) Insurance money laundering personnel detection method and device and computer readable storage medium
García et al. Stablecoin assessment framework
US10699335B2 (en) Apparatus and method for total loss prediction
CN114119195A (en) Cross-border e-commerce data asset management method and device, computer equipment and medium
CN115619529A (en) Abnormal asset card processing method and device
CN115983995A (en) Transaction service supervision method, device, equipment and storage medium
Qasem et al. A descriptive analysis of financial restatements in Malaysia
US20210081961A1 (en) Computer-implemented methods of evaluating task networks
Yue et al. Logistic regression for detecting fraudulent financial statement of listed companies in China
JP2002197268A (en) Loan managing system, its method, and computer software program product which makes computer system manage loan
CN114240610B (en) Automatic fund collection method, device, computer equipment and storage medium
TWI775020B (en) Money laundering prevention law and suspected case aid judgment system
Rahmanizadeh et al. Investigation of market efficiency: An event study of insider trading in the stock exchange of India
CN114549209A (en) Intelligent risk assessment method, device, equipment and medium
TERZİ DETECTION OF FRAUDULENT FINANCIAL STATEMENTS THROUGH THE USE OF PUBLICLY AVAILABLE DATA: A RESEARCH ON MANUFACTURING COMPANIES.
CN117853218A (en) Service processing method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination