CN113393236A - Offline receipt business transaction behavior abnormity detection method - Google Patents
Offline receipt business transaction behavior abnormity detection method Download PDFInfo
- Publication number
- CN113393236A CN113393236A CN202110575989.9A CN202110575989A CN113393236A CN 113393236 A CN113393236 A CN 113393236A CN 202110575989 A CN202110575989 A CN 202110575989A CN 113393236 A CN113393236 A CN 113393236A
- Authority
- CN
- China
- Prior art keywords
- transaction
- merchant
- abnormal
- preset
- amount
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
Abstract
The invention relates to an offline receipt service transaction behavior abnormity detection method. S1, acquiring user transaction conditions including user transaction identification codes and merchant information in real time; s2, verifying the legality of the transaction, and judging whether an abnormal transaction exists; s3, if abnormal transactions exist in the step S2, the risk transactions exist in the merchant, if the abnormal transactions continue and reach abnormal limits, the transaction initiation is forbidden, and transaction observation is carried out; s4, verifying the transaction behavior of the merchant, and observing the transaction if no abnormal transaction exists; and if the abnormal transaction exists, forbidding transaction initiation and informing the merchant. The invention can realize the abnormal detection of the transaction behavior of the offline order-receiving service, so that the order-receiving mechanism can effectively distinguish the situations of cash register, gambling and different-place transaction.
Description
Technical Field
The invention relates to an offline receipt service transaction behavior abnormity detection method.
Background
The offline bill receiving service is a service scene of performing offline payment by taking payment platforms such as WeChat, Paibao, cloud flash payment and the like as means, and is further standardized along with service expansion and national policy and regulation; the offline order receiving service specification puts forward further requirements; the user is required to monitor the online payment behavior of the user and the merchant immediately after the payment is finished. And the online payment behavior analysis of the user merchant is obtained in a short time, so that the normal development of financial pneumatic control business is facilitated, and illegal transactions such as cash register, gambling, different places and the like are effectively avoided. There is no further specification of the current acquirer for transaction wind control due to the following points: a. in the early stage of transaction wind control, the legality is verified mainly by means of wind control of a bank, and the wind control of a lower receipt scene is not effectively controlled. b. The development time of the offline order receiving service in China is short, and the development speed is high; effective scale analysis cannot be formed when large-scale application is not available, so that the wind control model cannot accurately judge the transaction property. c. With the rise of the internet, transaction complexity diversification urgently needs an effective wind control model to monitor transaction behaviors of users and merchants.
Disclosure of Invention
The invention aims to provide a method for detecting abnormal transaction behaviors of an offline order receiving service, which realizes the abnormal detection of the transaction behaviors of the offline order receiving service and enables an order receiving mechanism to effectively distinguish the situations of cash register, gambling and different-place transactions.
In order to achieve the purpose, the technical scheme of the invention is as follows: an offline receipt service transaction behavior abnormity detection method comprises the following steps:
s1, acquiring user transaction conditions including user transaction identification codes and merchant information in real time;
s2, transaction validity verification:
a. the amount of money is abnormal: if the number of successful transactions with the absolute value of the difference between the multiple continuous transaction amounts within the preset range is greater than or equal to the preset percentage within the preset time of the same trader, the transaction with the abnormal amount can be determined;
b. transaction time period exception: in the non-operation period, the merchant determines that the transaction is abnormal time transaction if the transaction is in the non-operation period and the transaction is greater than the preset percentage;
c. transaction location exception: when the same merchant receives more than a preset number of remote IP address payments within the past preset time; namely, the transaction can be determined as an abnormal place transaction;
d. cash register transaction: when the number of merchants successfully transacting a single transaction in a preset time period is larger than a preset number, the merchant can be determined as a credit card transaction malicious cash register transaction;
s3, if the abnormal transactions of a-d in the step S2 exist, alarming the merchant that the risk transaction exists, if the abnormal transactions continue and reach the abnormal limit, forbidding the transaction initiation, and performing transaction observation;
s4, verifying the transaction behavior of the merchant, and observing the transaction if no abnormal transaction exists; and if the abnormal transaction exists, forbidding transaction initiation and informing the merchant.
In an embodiment of the invention, the cash-out transaction further comprises: if the payment to the same merchant is more than the preset number in the preset time of the same card, the cash register transaction is determined to exist; if the transaction amount of the non-large-amount transaction merchant type with the same card is larger than the preset amount, the cash register transaction can be determined to exist; or the same card accumulates settlement greater than the preset amount in the same merchant within the preset time, the cash register transaction is determined to exist.
In an embodiment of the present invention, the user transaction identification code includes openid, IP of the transactor, transaction amount, and transaction address.
In an embodiment of the present invention, the merchant information includes a merchant unique identification code and a merchant geographic location.
Compared with the prior art, the invention has the following beneficial effects: the invention mainly comes from model analysis after internet big data statistics, and the following benefits can be realized through the invention: 1) the wind control standard of the order receiving business industry is met, and the national requirements on the order receiving business under the line are met. 2) The invention is applied to real-time transaction monitoring, and can achieve the purposes of preventing, prompting and processing suspected risk transactions in time. 3) The online transaction is monitored in real time, and the situations of gambling, cash register, high-volume transaction and allopatric transaction are effectively avoided.
Drawings
Fig. 1 is a flow chart of the off-line receipt service transaction behavior anomaly detection method of the present invention.
Detailed Description
The technical scheme of the invention is specifically explained below with reference to the accompanying drawings.
As shown in fig. 1, the method for detecting abnormal transaction behavior of offline order-receiving service of the present invention includes:
s1, acquiring user transaction conditions in real time, wherein the user transaction conditions comprise user transaction identification codes (openid, trader IP, transaction amount, transaction address and the like) and merchant information (merchant unique identification codes, merchant geographic positions and the like);
s2, transaction validity verification:
a. the amount of money is abnormal: if the number of successful transactions with the absolute value of the difference between the multiple continuous transaction amounts within the preset range is greater than or equal to the preset percentage within the preset time of the same trader, the transaction with the abnormal amount can be determined;
b. transaction time period exception: in the non-operation period, the merchant determines that the transaction is abnormal time transaction if the transaction is in the non-operation period and the transaction is greater than the preset percentage;
c. transaction location exception: when the same merchant receives more than a preset number of remote IP address payments within the past preset time; namely, the transaction can be determined as an abnormal place transaction;
d. cash register transaction: when the number of merchants successfully transacting a single transaction in a preset time period is larger than a preset number, the merchant can be determined as a credit card transaction malicious cash register transaction; the cash-out transaction further comprises: if the payment to the same merchant is more than the preset number in the preset time of the same card, the cash register transaction is determined to exist; if the transaction amount of the non-large-amount transaction merchant type with the same card is larger than the preset amount, the cash register transaction can be determined to exist; or if the accumulated settlement of the same merchant is more than the preset amount within the preset time, the cash register transaction can be determined to exist;
s3, if the abnormal transactions of a-d in the step S2 exist, alarming the merchant that the risk transaction exists, if the abnormal transactions continue and reach the abnormal limit, forbidding the transaction initiation, and performing transaction observation;
s4, verifying the transaction behavior of the merchant, and observing the transaction if no abnormal transaction exists; and if the abnormal transaction exists, forbidding transaction initiation and informing the merchant.
The following is a specific example of the present invention.
The invention relates to a method for detecting transaction behavior abnormity of an offline order receiving service, which comprises the following steps:
1. acquiring the transaction condition of a user in real time; including user transaction identification (openid, trader IP, transaction amount), merchant information (merchant unique identification, merchant geographic location, etc.).
2. And judging whether the merchant is illegal according to the transaction behavior. The method is mainly calculated in the following aspects:
a. the amount of money is abnormal: and monitoring the transaction of the merchant for 24 hours according to the relevant parameters of the wind control model, and identifying the risk of the merchant and the transaction if abnormal transaction amount occurs, so that early warning and troubleshooting of wind control personnel are facilitated. The abnormal amount determination is described in detail as follows:
the trader can generate the unique identification code of the trader when trading, the absolute value of the difference between the amounts of a plurality of continuous trades is more than or equal to 0 and less than 70 percent of the number of successful trades with 10 yuan in the past 1 hour of the same trader; an anomalous amount transaction may be identified.
b. Transaction time period exception: and monitoring the transaction of the merchant for 24 hours according to the relevant parameters of the wind control model, and identifying the risk of the merchant and the transaction if abnormal transaction time occurs, so that early warning and troubleshooting of wind control personnel are facilitated. The detailed description is as follows:
for non-nighttime business type merchants, greater than 40% of transactions occur during non-business peak hours, such as 9 to 11 am, 19 pm to 5 am the following day. The illegal transaction condition of the merchant can be determined.
c. Transaction location exception: and monitoring the transaction of the merchant for 24 hours according to the relevant parameters of the wind control model, and identifying the risk of the merchant and the transaction if an abnormal transaction place occurs, so that early warning and troubleshooting of wind control personnel are facilitated. The detailed description is as follows:
the system can automatically acquire the IP address of the transaction party, and when the same merchant receives more than 100 different IP addresses for payment in the past 1 hour; the merchant can be determined to have the transaction condition in different places.
d. And judging whether cash register transaction is carried out or not according to the credit card transaction condition. The decision rule is as follows: the number of merchants with a single successful transaction of more than 1000 yuan within the past 1 hour of the same card is more than 10 and is considered as the malicious cash-out transaction of credit card transaction.
3. The specific abnormality judgment manner is shown in the following tables 1 to 9 (in the table: time: S amount: Y number: G number: B ratio: Z):
TABLE 1
TABLE 2
TABLE 3
TABLE 4
TABLE 5
TABLE 6
TABLE 7
TABLE 8
TABLE 9
Watch 10
According to tables 1-9, if abnormal transaction conditions occur, risk identification is carried out on the merchant and the transaction, when the mass identification is abnormal in different places, a transaction wind control flow is entered, and the transaction is stopped when the mass identification is serious. The specific process is shown in figure 1.
The above are preferred embodiments of the present invention, and all changes made according to the technical scheme of the present invention that produce functional effects do not exceed the scope of the technical scheme of the present invention belong to the protection scope of the present invention.
Claims (4)
1. An offline receipt service transaction behavior anomaly detection method is characterized by comprising the following steps:
s1, acquiring user transaction conditions including user transaction identification codes and merchant information in real time;
s2, transaction validity verification:
a. the amount of money is abnormal: if the number of successful transactions with the absolute value of the difference between the multiple continuous transaction amounts within the preset range is greater than or equal to the preset percentage within the preset time of the same trader, the transaction with the abnormal amount can be determined;
b. transaction time period exception: in the non-operation period, the merchant determines that the transaction is abnormal time transaction if the transaction is in the non-operation period and the transaction is greater than the preset percentage;
c. transaction location exception: when the same merchant receives more than a preset number of remote IP address payments within the past preset time; namely, the transaction can be determined as an abnormal place transaction;
d. cash register transaction: when the number of merchants successfully transacting a single transaction in a preset time period is larger than a preset number, the merchant can be determined as a credit card transaction malicious cash register transaction;
s3, if the abnormal transactions of a-d in the step S2 exist, alarming the merchant that the risk transaction exists, if the abnormal transactions continue and reach the abnormal limit, forbidding the transaction initiation, and performing transaction observation;
s4, verifying the transaction behavior of the merchant, and observing the transaction if no abnormal transaction exists; and if the abnormal transaction exists, forbidding transaction initiation and informing the merchant.
2. The offline invoice transaction behavior anomaly detection method according to claim 1, wherein the cash-out transaction further comprises: if the payment to the same merchant is more than the preset number in the preset time of the same card, the cash register transaction is determined to exist; if the transaction amount of the non-large-amount transaction merchant type with the same card is larger than the preset amount, the cash register transaction can be determined to exist; or the same card accumulates settlement greater than the preset amount in the same merchant within the preset time, the cash register transaction is determined to exist.
3. The method as claimed in claim 1, wherein the user transaction identification code includes openid, IP of transactor, transaction amount, and transaction address.
4. The method for detecting transaction behavior anomaly of the offline billing service according to claim 1, wherein the merchant information includes a merchant unique identification code and a merchant geographic location.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110575989.9A CN113393236A (en) | 2021-05-26 | 2021-05-26 | Offline receipt business transaction behavior abnormity detection method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110575989.9A CN113393236A (en) | 2021-05-26 | 2021-05-26 | Offline receipt business transaction behavior abnormity detection method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113393236A true CN113393236A (en) | 2021-09-14 |
Family
ID=77619174
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110575989.9A Pending CN113393236A (en) | 2021-05-26 | 2021-05-26 | Offline receipt business transaction behavior abnormity detection method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113393236A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2016015000A (en) * | 2014-07-02 | 2016-01-28 | シャーク株式会社 | Illegal transaction detection system |
| CN108122114A (en) * | 2017-12-25 | 2018-06-05 | 同济大学 | For abnormal repeat business fraud detection method, system, medium and equipment |
| CN110163618A (en) * | 2019-05-31 | 2019-08-23 | 深圳前海微众银行股份有限公司 | Extremely detection method, device, equipment and the computer readable storage medium traded |
| CN110942312A (en) * | 2019-11-29 | 2020-03-31 | 智器云南京信息科技有限公司 | POS machine cash register identification method, system, equipment and storage medium |
-
2021
- 2021-05-26 CN CN202110575989.9A patent/CN113393236A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2016015000A (en) * | 2014-07-02 | 2016-01-28 | シャーク株式会社 | Illegal transaction detection system |
| CN108122114A (en) * | 2017-12-25 | 2018-06-05 | 同济大学 | For abnormal repeat business fraud detection method, system, medium and equipment |
| CN110163618A (en) * | 2019-05-31 | 2019-08-23 | 深圳前海微众银行股份有限公司 | Extremely detection method, device, equipment and the computer readable storage medium traded |
| CN110942312A (en) * | 2019-11-29 | 2020-03-31 | 智器云南京信息科技有限公司 | POS machine cash register identification method, system, equipment and storage medium |
Non-Patent Citations (2)
| Title |
|---|
| 叶湧青: "在线异常交易洗钱特征分析", 《HTTPS://BAIJIAHAO.BAIDU.COM/S?ID=1677320274629290034&WFR=SPIDER&FOR=PC&SEARCHWORD=%E7%BA%BF%E4%B8%8B%20%E4%BA%A4%E6%98%93%20%E5%BC%82%E5%B8%B8%20%E8%AF%86%E5%88%AB》 * |
| 詹欣: "条码支付业务模式比较及风险管理研究", 《科技促进发展》 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8666861B2 (en) | Software and methods for risk and fraud mitigation | |
| US8600872B1 (en) | System and method for detecting account compromises | |
| US8055584B2 (en) | Systems and methods for fraud management in relation to stored value cards | |
| US8170953B1 (en) | Systems and method for screening payment transactions | |
| CN108053318B (en) | Method and device for identifying abnormal transactions | |
| US8386381B1 (en) | Method and system for detecting, monitoring and addressing data compromises | |
| US11403645B2 (en) | Systems and methods for cross-border ATM fraud detection | |
| US20130018789A1 (en) | Systems and methods for estimating the risk that a real-time promissory payment will default | |
| WO2003023678A1 (en) | System and method for detecting fraudulent calls | |
| CN110363659A (en) | A kind of risk-assessment method based on block chain technology | |
| CN110276682A (en) | A kind of information calculates processing method and system | |
| CN115564449A (en) | Risk control method and device for transaction account and electronic equipment | |
| CN110619583A (en) | Account early warning information generation method and device | |
| CN114971876A (en) | Automobile financial wind-control operation management system based on big data | |
| CN116862661B (en) | Digital credit approval and risk monitoring system based on consumption financial scene | |
| CN112101691A (en) | Method and device for dynamically adjusting risk level and server | |
| CN113393236A (en) | Offline receipt business transaction behavior abnormity detection method | |
| US20230137734A1 (en) | Systems and methods for improved detection of network attacks | |
| CN113362156B (en) | Financial fraud detection and identification system based on Internet of Things | |
| CN115719281A (en) | Capital income and expenditure management system | |
| CN115018645B (en) | Security assessment method and module for deposit book applied to transaction system | |
| CN111930764A (en) | Risk transaction control method and device based on real-time data processing | |
| CN104951976A (en) | System and method for obtaining exchange gains/losses during bill verification | |
| KR101421371B1 (en) | Method for Detecting Service Fault of a Large Scale Transaction | |
| CN114201536A (en) | Product coverage rate calculation method, device, equipment and computer storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210914 |
|
| RJ01 | Rejection of invention patent application after publication |