CN114119137A - Risk control method and device - Google Patents

Risk control method and device Download PDF

Info

Publication number
CN114119137A
CN114119137A CN202111288707.3A CN202111288707A CN114119137A CN 114119137 A CN114119137 A CN 114119137A CN 202111288707 A CN202111288707 A CN 202111288707A CN 114119137 A CN114119137 A CN 114119137A
Authority
CN
China
Prior art keywords
address
order
historical order
addresses
vector
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111288707.3A
Other languages
Chinese (zh)
Other versions
CN114119137B (en
Inventor
丁安安
赵华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Advanced New Technologies Co Ltd
Original Assignee
Advanced New Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Advanced New Technologies Co Ltd filed Critical Advanced New Technologies Co Ltd
Priority to CN202111288707.3A priority Critical patent/CN114119137B/en
Priority claimed from CN202111288707.3A external-priority patent/CN114119137B/en
Publication of CN114119137A publication Critical patent/CN114119137A/en
Application granted granted Critical
Publication of CN114119137B publication Critical patent/CN114119137B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • G06Q30/0601Electronic shopping [e-shopping]
    • G06Q30/0609Buyer or seller confidence or verification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/22Matching criteria, e.g. proximity measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/23Clustering techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • G06Q30/0601Electronic shopping [e-shopping]
    • G06Q30/0633Lists, e.g. purchase orders, compilation or processing
    • G06Q30/0635Processing of requisition or of purchase orders

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • Finance (AREA)
  • Accounting & Taxation (AREA)
  • General Physics & Mathematics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • General Engineering & Computer Science (AREA)
  • Evolutionary Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Artificial Intelligence (AREA)
  • Evolutionary Computation (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the specification provides a risk control method and device, which are used for obtaining address clusters according to historical order address clustering, and then screening target address clusters according to risk characteristics of historical order addresses, so that an address blacklist is established, and risk control is performed on a current order. Due to the fact that the cost for changing the receiving address by a lawbreaker is high, orders with risks can be well identified through the method, the effectiveness of risk control is improved, and the cost of risk control is reduced.

Description

Risk control method and device
The application is a divisional application of Chinese patent application with application number 201810712672.3 and invented name of 'risk control method and device' filed by China patent office on 29/06/29 in 2018.
Technical Field
The present disclosure relates to the field of data processing technologies, and in particular, to a risk control method and apparatus.
Background
With the development of e-commerce, more and more users and merchants are beginning to join in the columns of online shopping. However, some lawbreakers may illicitly make a profit by stealing the user's account to pay the order, causing the user to suffer losses. Particularly, for cross-border e-commerce, the problems of long time for returning payment refusal, information loss and the like exist due to the fact that a user uses an external card for transaction. Based on this, it is necessary to risk control the order.
Disclosure of Invention
Based on this, this specification provides risk control methods and apparatus.
According to a first aspect of embodiments herein, there is provided a risk control method, the method comprising: screening out a target address class cluster from the address class clusters according to the risk characteristics of the historical order address; the address class cluster is obtained by clustering historical order addresses in a period of time; and establishing an address blacklist according to the target address class cluster, and performing risk control on the current order according to the address blacklist.
Optionally, the step of establishing an address blacklist according to the target address class cluster includes: and adding the centroid address of the target address class cluster into an address blacklist.
Optionally, the step of performing risk control on the current order according to the address blacklist includes: respectively calculating the similarity between the current order address and each black address in the address black list; and if the similarity is larger than a preset first similarity threshold value, performing risk control on the current order.
Optionally, the step of calculating the similarity between the current order address and each black address in the address black list respectively includes: performing word segmentation on the current order address to obtain a first word segmentation result, and calculating a first vector according to the first word segmentation result; respectively calculating the similarity of the first vector and a second vector corresponding to each black address; wherein the second vector is obtained according to a second word segmentation result of the black address.
Optionally, the step of calculating a first vector according to the first word segmentation result includes: and inputting the first word segmentation result into a neural network to obtain the first vector.
Optionally, the step of calculating a first vector according to the first word segmentation result includes: acquiring a union of the first word segmentation result and the second word segmentation result, and calculating the first vector according to the union; if the word segmentation result in the merging set exists in the current order address, setting the value of the element corresponding to the word segmentation result in the merging set in the first vector as 1, otherwise, setting the value of the element corresponding to the word segmentation result in the merging set in the first vector as 0.
Optionally, the method further comprises: taking one non-clustered historical order address as a starting address, and acquiring a historical order address with the similarity degree with the starting address greater than a preset second similarity threshold value; if the number of the obtained historical order addresses is larger than a preset number threshold, taking each obtained historical order address as a starting address, and returning to the step of obtaining the historical order address with the similarity degree with the starting address larger than a preset second similarity threshold; and dividing the starting address and the acquired historical order addresses into the same address class cluster.
Optionally, the clustering is offline clustering.
Optionally, the risk characteristics include at least any one of the following characteristics of the historical order address in the address class cluster: a time distribution characteristic, a quantity characteristic of variant addresses, an earliest use time characteristic, a history credit characteristic, and a proportion characteristic of new users among users using the history order addresses.
Optionally, the address blacklist further includes: the payment rejection rate is greater than the historical order address of the preset value; wherein the rejection rate is calculated by: η ═ (X1+ X2)/(Y1+ Y2); where η is the rejection rate, X1 is the number of rejected orders in the orders corresponding to the historical order address, X2 is the number of rejected orders in the orders corresponding to the variant address of the historical order address, Y1 is the number of orders corresponding to the historical order address, and Y2 is the number of orders corresponding to the variant address of the historical order address.
Optionally, the method further comprises: performing the following operations on the historical order address: case normalization; and/or punctuation symbol cleaning.
Optionally, the mutated address comprises an address generated according to: inserting a plurality of characters into the historical order address; and/or converting a plurality of characters in the historical order address into other languages; and/or changing the sequence of characters in the historical order address.
Optionally, the method further comprises: and updating the address class cluster according to a preset time interval.
According to a second aspect of embodiments herein, there is provided a risk control device, the device comprising: the screening module is used for screening a target address class cluster from the address class clusters according to the risk characteristics of the historical order address; wherein the address class cluster is obtained by clustering historical order addresses within a period of time; and the risk control module is used for establishing an address blacklist according to the target address class cluster and carrying out risk control on the current order according to the address blacklist.
Optionally, the risk control module comprises: and the adding unit is used for adding the centroid address of the target address class cluster into an address blacklist.
Optionally, the risk control module comprises: the first calculation unit is used for calculating the similarity between the current order address and each black address in the address black list; and the risk control unit is used for carrying out risk control on the current order if the similarity is greater than a preset first similarity threshold value.
Optionally, the first calculation unit comprises: the vector calculation subunit is used for performing word segmentation on the current order address to obtain a first word segmentation result, and calculating a first vector according to the first word segmentation result; the similarity degree operator unit is used for respectively calculating the similarity degree of the first vector and the second vector corresponding to each black address; wherein the second vector is obtained according to a second word segmentation result of the black address.
Optionally, the vector calculation subunit is configured to: and inputting the first word segmentation result into a neural network to obtain the first vector.
Optionally, the vector calculation subunit is configured to: acquiring a union of the first word segmentation result and the second word segmentation result, and calculating the first vector according to the union; if the word segmentation result in the union exists in the current order address, setting the value of the element corresponding to the word segmentation result in the union in the first vector as 1, otherwise, setting the value of the element corresponding to the word segmentation result in the union in the first vector as 0.
Optionally, the apparatus further comprises: the first acquisition module is used for acquiring a history order address with the similarity degree with the starting address being greater than a preset second similarity threshold value by taking one unclustered history order address as the starting address; the second acquisition module is used for respectively taking the acquired historical order addresses as starting addresses and returning to execute the function of the first acquisition module if the number of the acquired historical order addresses is larger than a preset number threshold; and the dividing module is used for dividing the starting address and the acquired historical order addresses into the same address class cluster.
Optionally, the clustering is offline clustering.
Optionally, the risk characteristics include at least any one of the following characteristics of the historical order address in the address class cluster: a time distribution characteristic, a quantity characteristic of variant addresses, an earliest use time characteristic, a history credit characteristic, and a proportion characteristic of new users among users using the history order addresses.
Optionally, the address blacklist further includes: the payment rejection rate is greater than the historical order address of the preset value; wherein the rejection rate is calculated by: η ═ (X1+ X2)/(Y1+ Y2); where η is the rejection rate, X1 is the number of rejected orders in the orders corresponding to the historical order address, X2 is the number of rejected orders in the orders corresponding to the variant address of the historical order address, Y1 is the number of orders corresponding to the historical order address, and Y2 is the number of orders corresponding to the variant address of the historical order address.
Optionally, the apparatus further comprises: a preprocessing module, configured to perform the following operations on the historical order address: case normalization; and/or punctuation symbol cleaning.
Optionally, the mutated address comprises an address generated according to: inserting a plurality of characters into the historical order address; and/or converting a plurality of characters in the historical order address into other languages; and/or changing the sequence of characters in the historical order address.
Optionally, the apparatus further comprises: and the updating module is used for updating the address cluster according to a preset time interval.
According to a third aspect of embodiments herein, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the method of any of the embodiments.
According to a fourth aspect of embodiments herein, there is provided a computer apparatus comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method of any of the embodiments when executing the program.
By applying the scheme of the embodiment of the specification, the address cluster is obtained according to the historical order address clustering, and the target address cluster is screened out according to the risk characteristics of the historical order address, so that the address blacklist is established, and the risk control is performed on the current order. Due to the fact that the cost for changing the receiving address by a lawbreaker is high, orders with risks can be well identified through the method, the effectiveness of risk control is improved, and the cost of risk control is reduced.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the specification.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present specification and together with the description, serve to explain the principles of the specification.
FIG. 1 is a schematic illustration of the E-commerce funds flow process in one embodiment of the present description.
FIG. 2 is a flow chart of a risk control method in one embodiment of the present description.
FIG. 3 is a schematic diagram of obtaining a first vector in one embodiment of the present description.
Fig. 4 is a schematic diagram of obtaining a first vector in another embodiment of the present description.
FIG. 5 is a diagram of address clustering in one embodiment of the present description.
FIG. 6 is a schematic diagram of the overall principle of the risk control method in one embodiment of the present disclosure.
FIG. 7 is a block diagram of a risk control device in one embodiment of the present description.
FIG. 8 is a block diagram of a computer device in one embodiment of the present description to implement the methods of the embodiments of the present description.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present specification. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the specification, as detailed in the appended claims.
The terminology used in the description herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the description. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, the first information may also be referred to as second information, and similarly, the second information may also be referred to as first information, without departing from the scope of the present specification. The word "if" as used herein may be interpreted as "at … …" or "at … …" or "in response to a determination", depending on the context.
Fig. 1 is a schematic diagram of the electronic commerce fund flow process in one embodiment of the present disclosure. In this embodiment, the buyer may place an order with the seller and make payment using an account (e.g., a credit card account). Taking a bank account as an example, when an account owner finds that the account is stolen, stolen information can be reported to the bank, the bank requests for payment refusal, and the bank forwards the payment refusal information to a transaction platform through a certain channel. However, a long time is usually required from the time when the account is found to be stolen to the time when the transaction platform receives the payment refusal information, so that the problem that a lawbreaker steals the account of another person to perform order transaction cannot be timely found and solved.
Based on this, the present specification provides a risk control method, as shown in fig. 2, the method may include:
step 202: screening out a target address class cluster from the address class clusters according to the risk characteristics of the historical order address; the address class cluster is obtained by clustering historical order addresses in a period of time;
step 204: and establishing an address blacklist according to the target address class cluster, and performing risk control on the current order according to the address blacklist.
The historical order address in this embodiment refers to a logistics shipping address. Risk features refer to features that may risk an order. The risk as referred to herein includes the risk that the payment account used by the order is a compromised account, and the like. The risk profile may be a time distribution profile of historical order addresses, a quantity profile of variant addresses of historical order addresses, an earliest (i.e., first time) usage time profile of historical order addresses, a historical credit profile of historical order addresses, and/or a proportion of new ones of the users using the historical order addresses.
With regard to the time distribution characteristic of the order addresses, since the individual accounts are less likely to place a large number of orders in a short time under normal conditions, if a large number of orders (exceeding a certain order quantity threshold) are burst at a certain order address in a short time (for example, one day), the order corresponding to the historical order address is likely to be an order with risk. The order amount threshold herein may be set in advance according to actual conditions, for example, according to an average value of the order amounts of a plurality of historical order addresses in a unit time period (for example, one day) in a historical time period.
A quantitative characteristic for the mutated address, wherein the mutated address may be generated by at least any one of: inserting one or more characters (such as blank space, letters, messy codes and the like) into the order address, converting one or more characters in the order address into other languages or traditional characters, or changing the sequence of a plurality of characters in the order address. For example, if the original order address is "big street big way 23", the mutation address may be in the form of "big iii street big way 23", "big street big way twenty-three", "big way 23, big street" or the like. Since the buyer will not change the receiving address under normal conditions, there is a great possibility that a lawbreaker who is going to avoid the risk of wind control identification may place an order by changing the address to another address. Thus, the risk order can be identified to some extent by this feature. Variant addresses of historical order addresses may be obtained offline.
For the earliest time-of-use feature, the order address used by the buyer is typically an already existing address for most users, since the shipping address is generally fixed. When the system identifies that no historical order record exists for an order address, or that an order record exists for the order address only a recent period of time (e.g., 1 day ago), then the order placed at the order address is likely to be a risk order. By employing this risk feature, it is also convenient to distinguish business orders from risk orders. The enterprise order is an order issued by an enterprise user, and as the purchase demand of the enterprise user on goods is obviously greater than that of an individual user, in order to avoid misjudging the enterprise order as a risk order with a large amount of orders burst at a certain order address in a short time, the risk characteristic of the using time of the order address can be further judged. If the history of the order address being used is long and there is no bad record, the risk of the order address can be eliminated.
For the historical credit characteristic, that is, whether an order address has a risk transaction history, wherein the transaction risk may be a history that the order corresponding to the order address has a refusal payment, is reported, and the like. Because the cost of the lawbreaker for changing the receiving address is usually lower than the cost of changing the committing device, the IP and the account, when the order address has the risk transaction history, the probability that the order corresponding to the order address is a risk order is usually higher than the probability that the order does not have the risk transaction history. Thus, many risky orders can also be identified by this feature.
For the proportion characteristics of new users among the users using the historical order addresses, lawless persons often bypass wind control identification by changing login accounts, so that if a certain historical order address is used by a large number of newly registered accounts, an order corresponding to the order address may have risks.
According to the method and the device, the risks corresponding to the order addresses are comprehensively judged through various risk characteristics, the misjudgment probability is reduced, and the judgment result is more accurate.
An address class cluster is a set of addresses that includes an order address and its variant addresses. In step 202, a plurality of address class clusters may be pre-established, and a target address class cluster may be screened out therefrom. The target address class cluster can be an address class cluster corresponding to an order address with high risk, and the number of the target address class clusters can be one or more. Historical orders over a period of time (e.g., a week, or a day) may be obtained and clustered to obtain various clusters of address classes. Further, the address class cluster can be updated according to a certain time, so that the risk control is more timely.
In step 204, an address blacklist is established according to the target address class cluster, and one or more order addresses may be selected from the target address class cluster and added to the address blacklist. Preferably, the order address added to the address blacklist may be a centroid address of the target address class cluster. The centroid address is the order address of which the similarity with other order addresses in the target address class cluster is greater than a preset similarity threshold. After the target address class cluster is updated along with the update of the address class cluster, the address blacklist can be continuously expanded according to the updated target address class cluster.
The current order refers to an order received in real time. Performing risk control on the current order may perform transaction limitation on the order corresponding to the order address, that is, the buyer is not allowed to place the order with the order address as the receiving address. Meanwhile, some risk reminding operations can be executed, for example, if a contact way such as a telephone number is recorded in the personal information bound to the transaction account of the order, a verification request and/or a risk reminding is sent to the contact way.
The embodiment of the specification obtains an address class cluster according to historical order address clustering, and then screens out a target address class cluster according to risk characteristics of historical order addresses, so that an address blacklist is established, and risk control is performed on a current order. Due to the fact that the cost for changing the receiving address by a lawbreaker is high, orders with risks can be well identified through the method, the effectiveness of risk control is improved, and the cost of risk control is reduced. In addition, when the real-time order is received, if the original address and the variant address are the new batch addresses, the risk control can be directly performed on the real-time order according to the target address cluster, the new risk order can be found in time, and the real-time performance of the risk control is improved. Especially for cross-border e-commerce with the characteristic of long payment refusal return time, the risk management and control can be effectively carried out on the order.
In one embodiment, the step of risk controlling the current order according to the address blacklist comprises: respectively calculating the similarity between the current order address and each black address in the address black list; and if the similarity is greater than a preset first similarity threshold, performing risk control on the current order. And if the similarity between the order address and one of the black addresses is greater than a first similarity threshold value, performing risk control on the current order.
Risks are identified through a fuzzy matching method, no matter how the receiving address text is rewritten, the risks can be identified by a system as long as certain similarity is met, the difficulty of lawless persons in bypassing wind control identification is improved, and the accuracy of wind control is improved. The receiving of goods is also very difficult for rewriting too large addresses, and the crime cost can also be greatly increased.
When the similarity is calculated, performing word segmentation on the current order address to obtain a first word segmentation result, and calculating a first vector according to the first word segmentation result; respectively calculating the similarity of the first vector and a second vector corresponding to each black address; wherein the second vector is obtained according to a second word segmentation result of the black address. The similarity may be cosine similarity. For example, assume that the first vector is
Figure RE-GDA0003431378040000091
Second vector is
Figure RE-GDA0003431378040000092
Then the similarity S can be recorded as:
Figure RE-GDA0003431378040000093
where | g | represents the modulus of the vector.
The first vector is obtained according to the first segmentation result in two ways, as shown in fig. 3 and fig. 4. One way is to input the first word segmentation result into a neural network to obtain the first vector. In FIG. 3, x1k,x2k,L,xnkRepresenting the respective first-word segmentation result, is also an input to the neural network. h isiOutput result, y, for the hidden layer of the neural networkjIs the output result of the output layer of the neural network. w and w' are the weights of the hidden layer and the output layer, respectively. The weights of the hidden layer or the output layer may be taken as a first vector.
Another way is to obtain a union of the first word segmentation result and the second word segmentation result, and calculate the first vector according to the union; if the word segmentation result in the union exists in the current order address, setting the value of the element corresponding to the word segmentation result in the union in the first vector as 1, otherwise, setting the value of the element corresponding to the word segmentation result in the union in the first vector as 0. In fig. 4, the first segmentation result includes 3 words: A. b and C, the second word segmentation result comprises 3 words: A. b and D, the union of the two is A, B, C, D. A, B and C appear in the first segmentation result, so the values of these three words in the first vector are 1, and similarly, D appears not in the first segmentation result, so the value of D in the first vector is 0.
In one embodiment, the historical order addresses may be clustered according to the following: taking one non-clustered historical order address as a starting address, and acquiring a historical order address with the similarity degree with the starting address greater than a preset second similarity threshold value; if the number of the obtained historical order addresses is larger than a preset number threshold, respectively taking each obtained historical order address as a starting address, and returning to the step of obtaining the historical order address with the similarity degree with the starting address larger than a preset second similarity threshold; and dividing the starting address and the acquired historical order addresses into the same address class cluster.
As shown in fig. 5, in step 502, a starting address is first selected. Assuming n order addresses A1-An, one order address can be randomly selected as the starting address, assuming A1.
In step 504, the similarity between the remaining addresses and the starting address is calculated, i.e., the similarities between the addresses A2-An and A1 are calculated, respectively.
In step 506, it is determined whether the number of addresses having a similarity greater than a preset threshold (e.g., 90%) with the starting address exceeds a preset number (e.g., 5). If so, go to step 508; if not, return to step 502. For example, assuming that addresses having a similarity of more than 90% to the address a1 are only the addresses a2 and A3 and the number is less than 5, one address is reselected as the start address (assume to be a 2). If there are 6 addresses in A3-An (assume A3-A8) that all have a similarity of greater than 90% to A2, then step 508 is performed.
Step 508: and taking the address with the similarity exceeding the preset threshold as the starting address, and returning to the step 504. In this step, the A3-A8 are used as the starting addresses to calculate the similarity between A9-An and A3 respectively; respectively calculating the similarity between A9-An and A4 by taking A4 as a starting address; and analogy is carried out, and finally the similarity between A9-An and A8 is calculated by taking A8 as a starting address.
If there are not enough other addresses with similarity greater than the preset threshold when the addresses A3-A8 are the starting addresses, the last address cluster includes the addresses A2-A8, and the process ends. If the similarity between a certain starting point address and a sufficient number of other addresses is larger than the preset threshold, the process is repeated until the similarity between the starting point address and the insufficient number of other addresses is larger than the preset threshold.
After one address class cluster is divided, each non-divided address can be divided until all the addresses are divided into the address class cluster.
In the above embodiment, clustering the historical order addresses may be offline clustering. The unsupervised clustering has high memory consumption and long time consumption, so that the order address is matched with the black address in real time through offline clustering to judge which group the order address belongs to, and the wind control identification can be realized in real time.
In one embodiment, the address blacklist further includes: the payment rejection rate is greater than the historical order address of the preset value; wherein the rejection rate is calculated by:
η=(X1+X2)/(Y1+Y2);
where η is the rejection rate, X1 is the number of rejected orders in the orders corresponding to the historical order address, X2 is the number of rejected orders in the orders corresponding to the variation address of the historical order address, Y1 is the number of orders corresponding to the historical order address, and Y2 is the number of orders corresponding to the variation address of the historical order address.
Because the rejected orders are orders issued by lawless persons embezzled user accounts in many cases, black addresses in the address blacklist can be supplemented in this way, and the recognition rate of risk orders is further improved.
In some embodiments, the following operations may also be performed on the historical order address: normalizing the case and the case; and/or punctuation symbol cleaning. Case normalization converts all letters in an address into upper case letters or all letters into lower case letters. Punctuation mark cleaning is to remove punctuation marks in the address. By performing these operations, the accuracy of address identification can be improved.
Fig. 6 is a schematic diagram illustrating the overall principle of the risk control method in one embodiment of the present disclosure. In this embodiment, the order address in the latest order is extracted first, the order address in the latest day or the latest week may be extracted, and then the extracted order addresses are clustered to generate a plurality of address clusters. Then, the risk characteristics in each address class cluster are counted, and the high-risk address class clusters with risks are screened out. The centroid address of the high-risk address cluster can then be added to the address blacklist. Meanwhile, the order address of the order in which the case has occurred in history (for example, the order in which the rejection history exists) may be added to the address blacklist. And when a real-time order is received, calling an order address of the real-time order, carrying out fuzzy matching on the order address of the real-time order and an address in an address blacklist, and carrying out real-time management and control on the real-time order if the order address of the real-time order is matched with the address in the address blacklist.
The various technical features in the above embodiments can be arbitrarily combined, so long as there is no conflict or contradiction between the combinations of the features, but the combination is not limited to the space and is not described one by one, and therefore, any combination of the various technical features in the above embodiments also falls within the scope disclosed in the present specification.
Referring to fig. 7, which is a block diagram of a risk control device in one embodiment of the present disclosure, a real-time device may include:
a screening module 702, configured to screen a target address class cluster from the address class clusters according to the risk characteristics of the historical order address; the address class cluster is obtained by clustering historical order addresses in a period of time;
and the risk control module 704 is configured to establish an address blacklist according to the target address class cluster, and perform risk control on the current order according to the address blacklist.
The specific details of the implementation process of the functions and actions of each module in the device are referred to the implementation process of the corresponding step in the method, and are not described herein again.
The embodiment of the apparatus for creating the project in the specification can be applied to computer equipment, such as a server or terminal equipment. The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. The software implementation is taken as an example, and is formed by reading corresponding computer program instructions in the nonvolatile memory into the memory for running through the processor in which the file processing is located as a logical device. From a hardware aspect, as shown in fig. 8, a hardware structure diagram of a computer device in which an apparatus is created in this specification is shown, except for the processor 802, the memory 804, the network interface 806, and the nonvolatile memory 808 shown in fig. 8, a server or an electronic device in which the apparatus is located in an embodiment may also include other hardware according to an actual function of the computer device, which is not described again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, wherein the modules described as separate parts may or may not be physically separate, and the parts displayed as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the modules can be selected according to actual needs to achieve the purpose of the solution in the specification. One of ordinary skill in the art can understand and implement it without inventive effort.
Accordingly, the embodiments of the present specification also provide a computer storage medium, in which a program is stored, and the program, when executed by a processor, implements the method in any of the above embodiments.
Accordingly, embodiments of the present specification also provide a computer device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, and the processor executes the program to implement the method in any of the above embodiments.
This application may take the form of a computer program product embodied on one or more storage media including, but not limited to, disk storage, CD-ROM, optical storage, and the like, in which program code is embodied. Computer-usable storage media include permanent and non-permanent, removable and non-removable media, and information storage may be implemented by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of the storage medium of the computer include, but are not limited to: phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape disk storage or other magnetic storage devices, or any other non-transmission medium, may be used to store information that may be accessed by a computing device.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This disclosure is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It will be understood that the present disclosure is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.
The above description is only exemplary of the present disclosure and should not be taken as limiting the present disclosure, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present disclosure should be included in the scope of the present disclosure.

Claims (16)

1. A method of risk control, the method comprising:
screening a target address class cluster from the address class clusters according to the risk characteristics of the historical order address; the address cluster is obtained by clustering historical order addresses;
and establishing an address blacklist according to the target address class cluster, and performing risk control on the current order according to the address blacklist, wherein the address blacklist comprises historical order addresses with a payment rejection rate greater than a preset value, and the payment rejection rate is determined by the historical order addresses and the payment conditions of the orders corresponding to the relevant addresses.
2. The method of claim 1, the step of building an address blacklist from the target address class cluster comprising:
and adding the centroid address of the target address class cluster into an address blacklist.
3. The method of claim 1, the step of risk controlling the current order according to the address blacklist comprising:
respectively calculating the similarity between the current order address and each black address in the address black list;
and if the similarity is greater than a preset first similarity threshold, performing risk control on the current order.
4. The method of claim 3, wherein the step of calculating the similarity between the current order address and each of the black addresses in the address blacklist comprises:
performing word segmentation on the current order address to obtain a first word segmentation result, and calculating a first vector according to the first word segmentation result;
respectively calculating the similarity of the first vector and a second vector corresponding to each black address;
wherein the second vector is obtained according to a second word segmentation result of the black address.
5. The method of claim 4, the step of computing a first vector from the first segmentation result comprising:
and inputting the first word segmentation result into a neural network to obtain the first vector.
6. The method of claim 4, the step of computing a first vector from the first segmentation result comprising:
acquiring a union of the first word segmentation result and the second word segmentation result, and calculating the first vector according to the union;
if the word segmentation result in the union exists in the current order address, setting the value of the element corresponding to the word segmentation result in the union in the first vector as 1, otherwise, setting the value of the element corresponding to the word segmentation result in the union in the first vector as 0.
7. The method of claim 1, further comprising:
taking one non-clustered historical order address as a starting address, and acquiring a historical order address with the similarity degree with the starting address greater than a preset second similarity threshold value;
if the number of the obtained historical order addresses is larger than a preset number threshold, respectively taking the obtained historical order addresses as starting addresses, and returning to the step of obtaining the historical order addresses with the similarity degree with the starting addresses larger than a preset second similarity threshold;
and dividing the starting address and the acquired historical order addresses into the same address class cluster.
8. The method of any one of claims 1 to 7, the clustering being offline clustering.
9. The method of any of claims 1 to 7, the risk characteristics comprising at least any of the following characteristics of the historical order addresses in the address class cluster: a time distribution characteristic, a quantity characteristic of variant addresses, an earliest use time characteristic, a historical credit characteristic, and a proportion characteristic of new users among users using the historical order addresses.
10. The method of any of claims 1 to 7, the rejection rate being calculated by:
η=(X1+X2)/(Y1+Y2);
where η is the rejection rate, X1 is the number of rejected orders in the orders corresponding to the historical order address, X2 is the number of rejected orders in the orders corresponding to the variation address of the historical order address, Y1 is the number of orders corresponding to the historical order address, and Y2 is the number of orders corresponding to the variation address of the historical order address.
11. The method of any of claims 1 to 7, further comprising:
performing the following operations on the historical order address: case normalization; and/or punctuation symbol cleaning.
12. The method of any of claims 1 to 7, the mutated address comprising an address generated according to:
inserting a plurality of characters into the historical order address; and/or
Converting a plurality of characters in the historical order address into other languages; and/or
And changing the sequence of the characters in the historical order address.
13. The method of any of claims 1 to 7, further comprising:
and updating the address class cluster according to a preset time interval.
14. A risk control device, the device comprising:
the screening module is used for screening a target address class cluster from the address class clusters according to the risk characteristics of the historical order address; the address cluster is obtained by clustering historical order addresses;
and the risk control module is used for establishing an address blacklist according to the target address class cluster and performing risk control on the current order according to the address blacklist, wherein the address blacklist also comprises a historical order address with a rejection rate greater than a preset value, and the rejection rate is determined according to the historical order address and the payment condition of the order corresponding to the relevant address.
15. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method of any one of claims 1 to 13.
16. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method of any one of claims 1 to 13 when executing the program.
CN202111288707.3A 2018-06-29 Risk control method and apparatus Active CN114119137B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111288707.3A CN114119137B (en) 2018-06-29 Risk control method and apparatus

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810712672.3A CN109191226B (en) 2018-06-29 2018-06-29 Risk control method and device
CN202111288707.3A CN114119137B (en) 2018-06-29 Risk control method and apparatus

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN201810712672.3A Division CN109191226B (en) 2018-06-29 2018-06-29 Risk control method and device

Publications (2)

Publication Number Publication Date
CN114119137A true CN114119137A (en) 2022-03-01
CN114119137B CN114119137B (en) 2024-06-28

Family

ID=

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040153663A1 (en) * 2002-11-01 2004-08-05 Clark Robert T. System, method and computer program product for assessing risk of identity theft
JP2008146211A (en) * 2006-12-07 2008-06-26 Seiko Epson Corp Check processor, processing program and check processing method
US20150161609A1 (en) * 2013-12-06 2015-06-11 Cube, Co. System and method for risk and fraud mitigation while processing payment card transactions
CN105991574A (en) * 2015-02-10 2016-10-05 阿里巴巴集团控股有限公司 Risk behavior monitoring method and apparatus thereof
CN106296344A (en) * 2016-07-29 2017-01-04 北京小米移动软件有限公司 Maliciously address recognition methods and device
CN107102998A (en) * 2016-02-22 2017-08-29 阿里巴巴集团控股有限公司 A kind of String distance computational methods and device
CN107203522A (en) * 2016-03-16 2017-09-26 北京京东尚科信息技术有限公司 A kind of decision method and device of malice Order Address
CN107526967A (en) * 2017-07-05 2017-12-29 阿里巴巴集团控股有限公司 A kind of risk Address Recognition method, apparatus and electronic equipment
CN107666490A (en) * 2017-10-18 2018-02-06 中国联合网络通信集团有限公司 A kind of suspicious domain name detection method and device
CN107967603A (en) * 2017-12-20 2018-04-27 杭州几禾科技有限公司 Shopping settlement method and sell equipment

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040153663A1 (en) * 2002-11-01 2004-08-05 Clark Robert T. System, method and computer program product for assessing risk of identity theft
JP2008146211A (en) * 2006-12-07 2008-06-26 Seiko Epson Corp Check processor, processing program and check processing method
US20150161609A1 (en) * 2013-12-06 2015-06-11 Cube, Co. System and method for risk and fraud mitigation while processing payment card transactions
CN105991574A (en) * 2015-02-10 2016-10-05 阿里巴巴集团控股有限公司 Risk behavior monitoring method and apparatus thereof
CN107102998A (en) * 2016-02-22 2017-08-29 阿里巴巴集团控股有限公司 A kind of String distance computational methods and device
CN107203522A (en) * 2016-03-16 2017-09-26 北京京东尚科信息技术有限公司 A kind of decision method and device of malice Order Address
CN106296344A (en) * 2016-07-29 2017-01-04 北京小米移动软件有限公司 Maliciously address recognition methods and device
CN107526967A (en) * 2017-07-05 2017-12-29 阿里巴巴集团控股有限公司 A kind of risk Address Recognition method, apparatus and electronic equipment
CN107666490A (en) * 2017-10-18 2018-02-06 中国联合网络通信集团有限公司 A kind of suspicious domain name detection method and device
CN107967603A (en) * 2017-12-20 2018-04-27 杭州几禾科技有限公司 Shopping settlement method and sell equipment

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
YUE GUO, ET AL.: "To Sell or Not to Sell: Exploring Seller’s Trust and Risk of Chargeback Fraud in Cross-Border Electronic Commerce", INFORMATION SYSTEMS JOURNAL, 1 June 2017 (2017-06-01), pages 359 - 383 *
全球速卖通: "全球速卖通关于更改收货地址的风险提醒", pages 1, Retrieved from the Internet <URL:https://sell.aliexpress.com/zh/_pc/announcement/1949.htm> *
赵慈拉: "现阶段我国货币信用供给侧改革的思考——兼议融资性票据市场的创建", 上海金融, no. 8, 31 December 2017 (2017-12-31), pages 11 - 16 *
顾卓;: "外卡支付扑面而来", 电子商务世界, no. 12, 5 December 2007 (2007-12-05), pages 66 - 67 *

Also Published As

Publication number Publication date
CN109191226B (en) 2021-10-12
CN109191226A (en) 2019-01-11

Similar Documents

Publication Publication Date Title
CN109191226B (en) Risk control method and device
US20230088436A1 (en) Reducing false positives using customer feedback and machine learning
CN109271418B (en) Suspicious group identification method, device, equipment and computer readable storage medium
TWI673666B (en) Method and device for data risk control
US20150363875A1 (en) System and Method for Filtering and Analyzing Transaction Information
CN111325248A (en) Method and system for reducing pre-loan business risk
CN112990386B (en) User value clustering method and device, computer equipment and storage medium
US11928722B2 (en) Item level data determination device, method, and non-transitory computer-readable media
US20230153581A1 (en) Artificial intelligence system employing graph convolutional networks for analyzing multi-entity-type multi-relational data
CN113159922A (en) Data flow direction identification method, device, equipment and medium
CN114116802A (en) Data processing method, device, equipment and storage medium of Flink computing framework
CN115545886A (en) Overdue risk identification method, overdue risk identification device, overdue risk identification equipment and storage medium
JP2019185595A (en) Information processor, method for processing information, information processing program, determination device, method for determination, and determination program
US20230316284A1 (en) Reducing false positives using customer data and machine learning
CN112801784A (en) Bit currency address mining method and device for digital currency exchange
CN111476657A (en) Information pushing method, device and system
CN114119137B (en) Risk control method and apparatus
JP2005346730A (en) Method of determination of unauthorized utilization of credit card using history information
CN111461863A (en) Data processing method and device, computer equipment and storage medium
CN116385175A (en) Recommendation method and device for financial products, processor and electronic equipment
CN113538154A (en) Risk object identification method and device, storage medium and electronic equipment
CN114842237A (en) Method and device for determining hasty receiving mode, computer equipment and storage medium
CN116485550A (en) Method for determining foundation product, electronic equipment and storage medium
CN113052608A (en) Small amount embezzlement recognition method and device
CN117349541A (en) Bank application-based resource transfer method, device, computer equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant