CN114357523A - Method, device, equipment, storage medium and program product for identifying risk object - Google Patents

Method, device, equipment, storage medium and program product for identifying risk object Download PDF

Info

Publication number
CN114357523A
CN114357523A CN202210045988.8A CN202210045988A CN114357523A CN 114357523 A CN114357523 A CN 114357523A CN 202210045988 A CN202210045988 A CN 202210045988A CN 114357523 A CN114357523 A CN 114357523A
Authority
CN
China
Prior art keywords
data
service
risk
account
identified
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210045988.8A
Other languages
Chinese (zh)
Inventor
郝振
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Construction Bank Corp
Original Assignee
China Construction Bank Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Construction Bank Corp filed Critical China Construction Bank Corp
Priority to CN202210045988.8A priority Critical patent/CN114357523A/en
Publication of CN114357523A publication Critical patent/CN114357523A/en
Pending legal-status Critical Current

Links

Images

Abstract

The disclosure provides a risk object identification method which can be applied to the field of big data. The identification method of the risk object comprises the following steps: acquiring a service request sent by an object to be identified; determining the service type of the service request and service data associated with the object to be identified; generating a risk identification model corresponding to the service type on the basis of the service data; and carrying out risk identification on the object to be identified through the risk identification model. The present disclosure also provides an apparatus, a device, a storage medium, and a program product for risk object identification.

Description

Method, device, equipment, storage medium and program product for identifying risk object
Technical Field
The present disclosure relates to the field of big data, and in particular, to a method, an apparatus, a device, a storage medium, and a program product for identifying a risk object.
Background
Risk monitoring of an account in a transaction state is an important measure for guaranteeing the property security of the account. However, the existing risk management and control system generally has the problems of single function, insufficient abundance of built-in models and high cost of newly added models, so that the original risk management and control system cannot perform full-process monitoring analysis on the account when the original risk management and control system faces the updated business process.
In addition, the data information of the account is usually dispersed in a plurality of systems, and the incompatibility of the risk management and control system to heterogeneous systems can cause that the data information cannot be shared, so that the management and control effect is not ideal.
Disclosure of Invention
In view of the above, the present disclosure provides a method, apparatus, device, medium, and program product for risk object identification.
According to a first aspect of the present disclosure, there is provided a method for identifying a risk object, comprising: acquiring a service request sent by an object to be identified; determining the service type of the service request and service data associated with the object to be identified; generating a risk identification model corresponding to the service type on the basis of the service data; and carrying out risk identification on the object to be identified through the risk identification model.
According to an embodiment of the present disclosure, the method further comprises: acquiring full data of a plurality of system components; generating a source pasting data layer according to the full data; performing data quality analysis on the data of the source pasting data layer to obtain a detailed data layer; and analyzing the service type of the data of the detail data layer to obtain a service data layer, wherein the service data is used for generating the risk identification model.
According to an embodiment of the present disclosure, generating a risk identification model corresponding to the service type based on the service data includes: acquiring a data unit corresponding to the service data from the service data layer; and obtaining the risk identification model according to the service type and the data unit.
According to an embodiment of the present disclosure, the business data includes a transaction object related to the business request, and the generating a risk identification model corresponding to the business type based on the business data includes: acquiring historical data of the transaction object, wherein the historical data comprises first historical transaction data of the transaction object and the object to be identified and second historical transaction data of the transaction object and a third-party object; obtaining data units from the service data layer, the data units including a first data unit related to the first historical transaction data, a second data unit related to second historical transaction data, and a third data unit related to the third party object; and generating the risk identification model according to the service type and the first data unit, the second data unit and the third data unit.
According to an embodiment of the present disclosure, the generating a source data layer according to the full-scale data includes: and collecting the full data to a source pasting data layer, wherein the collection mode comprises file import, database import, log import, message queue import and point burying.
According to the embodiment of the disclosure, the service request is an account opening request; the risk identification of the object to be identified through the risk identification model comprises the following steps: acquiring account opening agent information and account opening legal person information in the account opening request; and sending an account opening early warning to the object to be identified under the condition that the account opening agent information and/or the account opening legal person information are determined to be in the blacklist through the risk identification model.
According to an embodiment of the present disclosure, the service data includes account data associated with the object to be identified; the risk identification of the object to be identified through the risk identification model comprises the following steps: acquiring target account data in the account data, wherein the target account data comprises account data of an account opening person having the same account opening person as the object to be identified; and inputting the target account data into the risk identification model to obtain a risk identification result of the object to be identified.
A second aspect of the present disclosure provides an apparatus for identifying a risk object, including: the first acquisition module is used for acquiring a service request sent by an object to be identified; the determining module is used for determining the service type of the service request and the service data associated with the object to be identified; the first generation module is used for generating a risk identification model corresponding to the business type on the basis of the business data; and the first analysis module is used for carrying out risk identification on the object to be identified through the risk identification model.
A third aspect of the present disclosure provides an electronic device, comprising: one or more processors; a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the above-described method of risk object identification.
The fourth aspect of the present disclosure also provides a computer-readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to perform the above-mentioned method of risk object identification.
A fifth aspect of the present disclosure also provides a computer program product comprising a computer program which, when executed by a processor, implements the above method of risk object identification.
Compared with the prior art, the risk identification method and the risk identification device generate corresponding risk identification models according to the service types handled by the account, and realize accurate risk identification of the whole-process service of the account. In addition, the data of multiple data sources are processed to form multiple bins which are stored in a layered mode, rapid expansion of a risk identification model can be achieved, and the cost of the model is reduced. The method for identifying the risk object improves adaptability to business change, meets the innovativeness of a system model, and improves accuracy of a risk identification process.
Drawings
The foregoing and other objects, features and advantages of the disclosure will be apparent from the following description of embodiments of the disclosure, which proceeds with reference to the accompanying drawings, in which:
fig. 1 schematically illustrates an application scenario diagram of a risk object identification method, apparatus, device, medium and program product according to an embodiment of the present disclosure;
FIG. 2 schematically illustrates an architecture diagram of a risk object identification system according to an embodiment of the present disclosure;
FIG. 3 schematically shows a flow chart of a method of identification of risk objects according to an embodiment of the present disclosure;
FIG. 4 schematically shows a flow chart of a method of identification of a risk object according to another embodiment of the present disclosure;
FIG. 5 schematically illustrates a flow chart for analyzing risk of an object to be identified according to an embodiment of the present disclosure;
FIG. 6 schematically shows a flow chart for analyzing risk of an object to be identified according to another embodiment of the present disclosure;
fig. 7 schematically shows a block diagram of the structure of a risk object identification apparatus according to an embodiment of the present disclosure; and
fig. 8 schematically shows a block diagram of an electronic device adapted to implement a method of identification of a risk object according to an embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
It should be noted that the method and apparatus for identifying a risk object disclosed in the present disclosure may be used in the field of big data, may also be used in the field of information security in the financial field, and may also be used in any field other than the financial field.
In the technical scheme of the disclosure, the collection, storage, use, processing, transmission, provision, disclosure, application and other processing of the personal information of the related user are all in accordance with the regulations of related laws and regulations, necessary confidentiality measures are taken, and the customs of the public order is not violated. In the technical scheme of the disclosure, before the personal information of the user is acquired or collected, the authorization or the consent of the user is acquired.
The embodiment of the disclosure provides a risk object identification method, which includes: acquiring a service request sent by an object to be identified; determining the service type of the service request and service data associated with the object to be identified; generating a risk identification model corresponding to the service type on the basis of the service data; and carrying out risk identification on the object to be identified through the risk identification model.
Fig. 1 schematically illustrates an application scenario diagram of a risk object identification method, apparatus, device, medium, and program product according to an embodiment of the present disclosure.
As shown in fig. 1, the application scenario 100 according to this embodiment may include terminal devices 101, 102, 103, a network 104 and a server 105. The network 104 serves as a medium for providing communication links between the terminal devices 101, 102, 103 and the server 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The user may use the terminal devices 101, 102, 103 to interact with the server 105 via the network 104 to receive or send messages or the like. The terminal devices 101, 102, 103 may have installed thereon various communication client applications, such as shopping-like applications, web browser applications, search-like applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only).
The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 105 may be a server providing various services, such as a background management server (for example only) providing support for websites browsed by users using the terminal devices 101, 102, 103. The background management server may analyze and perform other processing on the received data such as the user request, and feed back a processing result (e.g., a webpage, information, or data obtained or generated according to the user request) to the terminal device.
It should be noted that the identification method of the risk object provided by the embodiment of the present disclosure may be generally executed by the server 105. Accordingly, the risk object identification apparatus provided by the embodiments of the present disclosure may be generally disposed in the server 105. The identification method of the risk object provided by the embodiment of the present disclosure may also be performed by a server or a server cluster different from the server 105 and capable of communicating with the terminal devices 101, 102, 103 and/or the server 105. Accordingly, the risk object identification device provided by the embodiment of the present disclosure may also be disposed in a server or a server cluster different from the server 105 and capable of communicating with the terminal devices 101, 102, 103 and/or the server 105.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
The method for identifying a risk object of the disclosed embodiment will be described in detail below with reference to fig. 2 to 6, which will be described based on fig. 1.
Fig. 2 schematically shows an architecture diagram of a system of a risk object identification method according to an embodiment of the present disclosure.
As shown in fig. 2, the identification method of a risk object provided by the present disclosure may be used for risk identification of a bank account. The bank account wind control platform comprises a data collection group, a data development component, a data system component, a data asset management component, a data service system component, a data operation system component and a data security management component.
The bank account wind control platform acquires service data from a plurality of data sources, and the data sources comprise internal system data and external system data. Internal system data includes in-line deposit account system data, customer information system data, blacklist system data, anti-fraud system data, and the like.
The data collection component is the most fundamental link of the platform. The data collection component can collect heterogeneous data, offline data and real-time data and perform visual configuration so that monitoring personnel can check monitoring results conveniently.
The data development component is used for processing data. The data development component provides functions of off-line development, real-time development, algorithm development, intelligent scheduling and the like. The original data are processed through the data development component, so that the processed data have business meanings and accord with business rules, and subsequent business use is facilitated. For example, the raw data is subjected to aggregation classification through a data development component, and the classified data is endowed with corresponding business meanings.
The data schema component is used to specify data structures and data types. For example, the criteria, coefficients, and various indicators of the data are normalized. The standard unified data is beneficial to ensuring the accuracy of data analysis.
The data asset management component is used for facing business personnel and providing data analysis and data management tools for the business personnel. The data is subjected to asset transformation, so that the value of the data is improved.
The data service architecture component is used for providing customized services based on data. And selecting the data service in the platform according to the actual business requirements, and expanding various models to meet the requirements of various innovative application developments.
Fig. 3 schematically shows a flow chart of a method of identification of a risk object according to an embodiment of the present disclosure.
As shown in fig. 3, the method for identifying a risk object according to this embodiment includes operations S310 to S340.
In operation S310, a service request sent by an object to be identified is acquired.
The objects to be identified comprise various accounts, and the user initiates a service request on the corresponding service platform through the various accounts.
Illustratively, the object to be identified may be a bank account, and the bank account includes a public account and a private account. The service request includes an account opening application, a seller application, a loan application, a transfer application, a payment application, and the like. For example, a customer logging into an electronic banking account initiates a transfer request at a mobile client of a banking application.
The object to be identified may also be a stock exchange account, e-commerce account, communication account, social account, and other accounts that may be involved in a fund exchange.
In operation S320, a service type of the service request and service data associated with the object to be identified are determined.
The service type includes an account transaction type and an account behavior type. The account transaction type includes traffic related to the monetary transaction. The type of account activity includes traffic unrelated to the monetary transactions. Illustratively, for a bank account, the types of account transaction transactions include deposit transactions, loan transactions, payment settlement transactions, foreign exchange transactions, cash transactions, and credit card transactions, among others. The account behavior type includes account information change and the like.
It should be noted that the service request and the service type are only exemplary, and the disclosure does not limit the specific content of the service request and the service type. Those skilled in the art can set the corresponding service type according to the actual application scenario.
In case of obtaining the authorization of the user, the service data related to the object to be identified also needs to be obtained from the database. The business data associated with the object to be identified comprises the business data related to the business request and historical business data generated by the object to be identified, and also comprises a transaction object transacted with the object to be identified in the business request and the historical business data generated by the transaction object. For example, an electronic bank account initiates a request for electronic payment, and in case of obtaining the authorization of the user, the payment information related to the electronic payment at the time, the historical transaction data of the electronic bank account and the related information of the payee in the electronic payment request are obtained.
In operation S330, a risk identification model corresponding to the business type is generated based on the business data.
In the disclosed embodiment, since the participants who complete a business request are generally not limited to only the object to be identified itself, a complete risk identification model needs to be built on the data basis of the business data associated with the object to be identified to identify whether the object is at risk from multiple dimensions.
Illustratively, when a bank account initiates a transfer service request, the risk identification model only identifies risks according to relevant data of the current transfer service request, and the problem of inaccurate identification occurs. When the bank account is identified to have money laundering risk, if the transfer behavior of the bank account cannot be identified as money laundering behavior only according to the relevant data of one transfer transaction.
For a bank account, in a plurality of business processes which can be performed by the bank account, business requests of different business processes belong to different business types, and corresponding risk identification models are generated according to the business types, so that risk identification can be performed on the whole process business of the bank account. In addition, risk identification is carried out on the object to be identified according to the risk identification models corresponding to the service requests of different service types, and accuracy of risk identification can be improved.
In operation S340, risk recognition is performed on the object to be recognized through the risk recognition model.
For example, when a bank client transacts an account opening business, whether the bank account has an over-authority account opening behavior is identified through a risk identification model for carrying out risk identification on account opening party information. For another example, when a bank client transacts a sales service, whether the bank account has malicious sales behaviors or not is identified through a risk identification model for performing risk identification on historical transaction information of the bank account. For another example, when a bank account transacts transfer business, whether the transfer behavior of the bank account is at risk of being cheated is identified through a risk identification model for carrying out risk identification on the information of a payee.
In any application scenario, the services involved in an account are of a wide variety. For bank accounts, with the development of financial business and the continuous improvement of life demand, the business process related to one bank account is gradually increased. Therefore, the built-in model of the original system cannot meet the updating change of banking business. Even if the original model is directly expanded, the development is difficult and the model cannot be compatible.
According to the embodiment of the disclosure, a corresponding risk identification model is generated according to the service type handled by the account, and the full-flow service of the account is accurately identified. The identification method of the risk object improves the adaptability to business change, meets the innovativeness of a system model, and improves the accuracy of a risk identification process.
Fig. 4 schematically shows a flow chart of a method of identification of a risk object according to another embodiment of the present disclosure.
As shown in fig. 4, the method for identifying a risk object according to this embodiment includes operations S410 to S420.
In operation S410, full data of a plurality of system components is acquired.
In the embodiment of the disclosure, a plurality of system components are used as a plurality of data sources, and a data base is provided for generating different risk identification models. The data source for generating the risk model identifying bank account risk may include a plurality of banking system components, such as system components of a plurality of branches. The banking system components include self-building databases within the banking system, such as a service system for public customers, a blacklist system, a service system for public deposits, an anti-fraud service system, and an anti-money laundering service system. The banking system components also include system databases and the like external to the bank.
In operation S420, a posting source data layer is generated from the full-size data.
In an embodiment of the present disclosure, the generating a pasting source data layer according to the full amount of data in operation S420 includes: and collecting the full data to a source pasting data layer, wherein the collection mode comprises file import, database import, log import, message queue import and point burying. The paste source data layer supports structured data and unstructured data, and can integrate data with various structures. Therefore, a plurality of data import modes need to be supported to obtain data with a plurality of structures. The data is summarized to the source data layer without changing the original state of the data.
In operation S430, data quality analysis is performed on the data of the source data layer to obtain a detailed data layer.
Data cleaning is carried out on the data attached to the source data layer, data quality analysis is carried out, low-quality data can be screened out, the quality of the data is guaranteed from the data source, customization and differentiation management of the data quality are achieved, and accuracy of risk identification is improved.
In operation S440, a service type analysis is performed on the data in the detail data layer to obtain a service data layer, and the service data layer is used to generate a risk identification model.
The detail data layer comprises historical data from a plurality of data sources, and each historical data is related to a certain business type in the business process. And according to the service types, carrying out classified statistics on the data of the detailed data layer to obtain data for depicting different service types, and generating a service data layer. The service data layer comprises data units used for generating different risk identification models, and each data unit corresponds to at least one service type.
For example, the data generated by the foreign exchange transaction in the detail data layer is counted to obtain data describing the foreign exchange transaction process, and a data unit in the service data layer is generated. The data unit is used for generating a risk identification model for carrying out risk identification on the foreign exchange.
In this embodiment of the present disclosure, in operation S330, generating a risk identification model corresponding to a business type based on the business data includes: acquiring a data unit corresponding to the service data from a service data layer; and generating a risk identification model according to the service type and the data unit.
And acquiring a data unit corresponding to the business data from the service data layer, and acquiring all data information related to the object to be identified, so as to establish a comprehensive risk identification model. And generating a corresponding risk identification model based on the obtained data unit and combining with the risk judgment logic of the service type.
Illustratively, a bank account initiates a business request for purchasing foreign currency, and data units related to the bank account are acquired from a service data layer. Because the purchase of the foreign exchange is the foreign exchange transaction type in the account transaction types, part of the data units need to be selected from the data units according to the judgment logic for risk identification of the foreign exchange transaction, and a corresponding risk identification model is generated. For example, the logic for determining risk identification of a foreign exchange transaction includes determining whether the foreign exchange transaction is illegal to buy or sell a foreign exchange and determining whether the foreign exchange transaction belongs to money laundering behaviors, so that not only needs to obtain a foreign exchange transaction data unit of the bank account, determine whether illegal behaviors such as illegal remittance, illegal remittance evasion and remittance splitting occur in the foreign exchange transaction, but also needs to obtain data units of the bank account and other transactions, and determine whether the foreign exchange transaction has money laundering risk by combining the foreign exchange transaction data unit.
The risk identification model is generated according to the data unit of the service data layer and can be realized through SQL statements and a customized DSL language, so that the non-invasiveness of the model generation process can be ensured, and the maintainability and flexibility of the risk identification model can be improved.
The data source of the data unit is a plurality of system components, and the data of the system components is obtained by pulling the total amount of data of the system components every day, so that the data unit of the service data layer can be continuously updated according to historical data. When a risk identification model needs to be generated for a service request of an object to be identified, a corresponding data unit can be selected from the existing service data layer according to the service type of the service request, so that an application data layer is generated, and the data of the application data layer is used as the risk identification model to carry out risk identification on the service request of the object to be identified.
The application data layer may also provide risk identification for multiple applications. The application data layer may be interfaced with a visualization system, for example, to import data of the application data layer into Business Intelligence (BI) software.
In the embodiment of the present disclosure, in the case that the service data includes a transaction object related to the service request, operation S330 is performed to generate a risk identification model corresponding to the service type based on the service data, which includes steps S3301 to S3303.
Step S3301, obtaining historical data of the transaction object, wherein the historical data comprises first historical transaction data of the transaction object and the object to be identified and second historical transaction data of the transaction object and a third-party object.
Step S3302, data units are obtained from the service data layer, where the data units include a first data unit related to the first historical transaction data, a second data unit related to the second historical transaction data, and a third data unit related to the third-party object.
And step S3303, generating a risk identification model according to the service type, the first data unit, the second data unit and the third data unit.
In the embodiment of the present disclosure, in a transaction in which a plurality of bank accounts participate, it is possible that one of the bank accounts is a risk account, and the other bank accounts are normal accounts. Therefore, the service request is a transaction involving multiple parties, and data information of all the parties needs to be acquired under the condition that a client allows the transaction, so that whether a normal account is a potential risk account needs to be judged by multiple parties.
For example, when a bank account transfers a large amount of money, for the transfer service types participated by multiple parties, the logic for judging whether the service request of the bank account has a risk by the risk identification model includes directly judging whether the service request has a risk, judging whether a payee is a risk account, and judging whether the payee has historical risk transactions with other third parties. Still further, the decision logic may also include passing through a blacklist system, an anti-fraud model, an anti-money laundering model, and the like.
And under the condition of obtaining the user authorization corresponding to the bank account, acquiring historical transaction data of the bank account, user information of a payee and historical transaction data of the payee. The historical transaction data of the payee includes historical transaction records of the payee and the current payer and historical transaction records of the payee and other third parties. And acquiring a corresponding data unit from the service data layer, and generating a risk identification model according to the judgment logic required by the service type.
Through the embodiment of the disclosure, the data of multiple data sources are processed to form the multiple bins which are stored in a layered mode, and each layer of data strictly depends on the upper layer of data, so that the orderliness and the integrity of the data are ensured. On the basis of a multi-bin structure, the expansion of a risk identification model can be realized, and the cost increase of the model is reduced. In addition, the method is connected with a visualization system, so that the difficulty of data analysis is reduced, and related analysis models and analysis views can be drawn on line under the condition that a data analyst only needs to know simple SQL statements, so that the efficiency of data analysis is improved.
Fig. 5 schematically shows a flow chart for analyzing the risk of an object to be identified according to an embodiment of the present disclosure.
As shown in fig. 5, in the case that the service request is an account opening request, in operation S340 of this embodiment, risk identification is performed on the object to be identified through a risk identification model, which includes operation S510 to operation S520.
In operation S510, account opening agent information and account opening legal person information in the account opening request are obtained.
In operation S520, an account opening warning is issued to the object to be identified under the condition that the account opening agent information and/or the account opening legal person information is determined to be in the blacklist through the risk identification model.
In the embodiment of the disclosure, a customer initiates a service request for opening a bank account, and the service request comprises account opening agent information and account opening legal person information. And under the condition of obtaining the authorization of the client, acquiring account opening agent information and account opening legal person information filled by the client, acquiring data units related to the account opening agent information and the account opening legal person information from a service data layer, and generating a corresponding risk identification model. When an account opening request is responded, the judgment logic of the risk identification model comprises the judgment of whether the account opening agent information and/or the account opening legal person information are in the blacklist database. And (3) the risk identification model of the account opening agent information and the account opening legal person information data sends an account opening early warning to the account opening request of the client or rejects the account opening request under the condition that the account opening agent information and/or the account opening legal person information are determined to be in the blacklist. Therefore, the generation of illegal accounts can be avoided, and the risk identification of the related processes of the bank accounts is realized.
For example, after the account opening agent information and the account opening legal person information filled by the client in the service request are obtained, all the bank account information under the name of the account opening agent or under the name of the account opening legal person can be obtained under the condition of obtaining the authorization of the client. Whether the account opening agent and/or the account opening legal person have risks or not is analyzed, and under the condition that the account opening agent and/or the account opening legal person are determined to have risks, an account opening early warning can be sent to account opening business or the account opening request is rejected.
Fig. 6 schematically shows a flow chart for analyzing the risk of an object to be identified according to another embodiment of the present disclosure.
As shown in fig. 6, in the case that the business data includes account data associated with the object to be recognized, operation S340 of this embodiment performs risk recognition on the object to be recognized through the risk recognition model, including operations S610 to S620.
In operation S610, target account data among the account data is acquired, the target account data including account data of an account issuer identical to the object to be recognized.
In operation S620, the target account data is input into the risk recognition model, and a risk recognition result of the object to be recognized is obtained.
In the embodiment of the present disclosure, for the bank accounts of the banking system, the account data of the bank accounts in the bank self-establishment database may be acquired at a preset time node, for example, once a month, and the target account data in each bank account data may be counted. The target account data comprises account data of an account opening person same as the bank account, all account numbers under the same account opening person name are counted, and whether the bank account has risks or not is determined through a risk identification model.
Under the condition that the number of the accounts under the same account name is larger than the threshold value, the bank account under the account name can be considered to have the illegal condition of super-authority account opening, and the bank account is a risk account.
For example, whether a bank account is a risk account is judged through a risk identification model, and the judgment can also be carried out according to a company registration place of a public account. And acquiring a company registration place for the public account in the bank self-built database, and acquiring all associated account information according to the company registration place. And inputting the associated account information, and determining whether the illegal condition of filling the false company registration place exists in the public account according to the associated account information.
Illustratively, the risk identification of the bank account in the whole process further comprises risk identification according to the fund traffic condition of the bank account. For example, whether a certain bank account has an abnormal condition of short-term access of large amount of funds or whether a certain bank account has an abnormal condition of fund exchange with a risk account is judged.
After the bank account with the abnormality is identified, risk monitoring can be carried out on the bank account, and the risk behavior can be identified in time. After the bank account is determined to have the risk behavior, the bank account can be forcibly intervened, and the risk account is prevented from conducting business handling.
Based on the file batch detection method, the disclosure also provides a risk object identification device. The apparatus will be described in detail below with reference to fig. 7.
Fig. 7 schematically shows a block diagram of the structure of a risk object identification apparatus according to an embodiment of the present disclosure.
As shown in fig. 7, the apparatus 700 for identifying a risk subject according to this embodiment includes a first obtaining module 710, a determining module 720, a first generating module 730, and a first analyzing module 740.
The first obtaining module 710 is configured to obtain a service request sent by an object to be identified. In an embodiment, the first obtaining module 710 may be configured to perform the operation S310 described above, which is not described herein again.
The determining module 720 is configured to determine a service type of the service request and service data associated with the object to be identified. In an embodiment, the determining module 720 may be configured to perform the operation S320 described above, which is not described herein again.
The first generating module 730 is configured to generate a risk identification model corresponding to the service type based on the service data. In an embodiment, the first generating module 730 may be configured to perform the operation S330 described above, which is not described herein again.
The first analysis module 740 is configured to perform risk identification on the object to be identified through the risk identification model. In an embodiment, the first analysis module 740 may be configured to perform the operation S340 described above, which is not described herein again.
According to an embodiment of the present disclosure, the apparatus 700 for identifying a risk object of the embodiment further includes a second obtaining module, a second generating module, a second analyzing module, and a third analyzing module.
The second acquisition module is used for acquiring the full data of the plurality of system components. The second generation module is used for generating a paste source data layer according to the full data, and is specifically used for collecting the full data to the paste source data layer, wherein the collection mode comprises file import, database import, log import, message queue import and point burying. And the second analysis module is used for carrying out data quality analysis on the data of the source data layer to obtain a detailed data layer. And the third analysis module is used for carrying out service type analysis on the data of the detail data layer to obtain a service data layer, and the service data layer is used for generating a risk identification model.
According to an embodiment of the present disclosure, the first generating module 730 includes a first obtaining unit and a first analyzing unit. The first obtaining unit is used for obtaining a data unit corresponding to the service data from the service data layer. The first generating unit is used for generating a risk identification model according to the service type and the data unit.
According to an embodiment of the present disclosure, in the case that the service data includes a transaction object related to the service request, the first generation module 730 includes a second acquisition unit, a third acquisition unit, and a second generation unit. The second acquisition unit is used for acquiring historical data of the transaction object, wherein the historical data comprises first historical transaction data of the transaction object and the object to be identified and second historical transaction data of the transaction object and a third-party object. And the third acquisition unit is used for acquiring data units from the service data layer, wherein the data units comprise a first data unit related to the first historical transaction data, a second data unit related to the second historical transaction data and a third data unit related to a third-party object. And the second generating unit is used for generating the risk identification model according to the service type, the first data unit, the second data unit and the third data unit.
According to an embodiment of the present disclosure, in a case that the service request is an account opening request, the first analysis module 740 includes a fourth obtaining unit and a first determining unit. The fourth acquisition unit is used for acquiring the account opening agent information and the account opening legal person information in the account opening request. The first determining unit is used for sending an account opening early warning to the object to be identified under the condition that the account opening agent information and/or the account opening legal person information are determined to be in the blacklist through the risk identification model.
According to an embodiment of the present disclosure, in case the traffic data comprises account data associated with the object to be identified, the first analysis module 740 comprises a fifth obtaining unit and an input unit. The fifth acquisition unit is used for acquiring target account data in the account data, wherein the target account data comprises account data of an account opening person having the same account opening person as the object to be identified. The input unit is used for inputting the target account data into the risk identification model to obtain a risk identification result of the object to be identified.
According to an embodiment of the present disclosure, any plurality of the first obtaining module 710, the determining module 720, the first generating module 730, and the first analyzing module 740 may be combined and implemented in one module, or any one of them may be split into a plurality of modules. Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of the other modules and implemented in one module. According to an embodiment of the present disclosure, at least one of the first obtaining module 710, the determining module 720, the first generating module 730, and the first analyzing module 740 may be at least partially implemented as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented by hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or implemented by any one of three implementations of software, hardware, and firmware, or by a suitable combination of any of them. Alternatively, at least one of the obtaining module 710, the identifying module 720, the generating module 730, and the first analyzing module 740 may be at least partially implemented as a computer program module, which when executed, may perform a corresponding function.
Fig. 8 schematically shows a block diagram of an electronic device adapted to implement a method of identification of a risk object according to an embodiment of the present disclosure.
As shown in fig. 8, an electronic device 800 according to an embodiment of the present disclosure includes a processor 801 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)802 or a program loaded from a storage section 808 into a Random Access Memory (RAM) 803. The processor 801 may include, for example, a general purpose microprocessor (e.g., CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., Application Specific Integrated Circuit (ASIC)), among others. The processor 801 may also include onboard memory for caching purposes. The processor 801 may include a single processing unit or multiple processing units for performing different actions of the method flows according to embodiments of the present disclosure.
In the RAM 803, various programs and data necessary for the operation of the electronic apparatus 800 are stored. The processor 801, the ROM 802, and the RAM 803 are connected to each other by a bus 804. The processor 801 performs various operations of the method flows according to the embodiments of the present disclosure by executing programs in the ROM 802 and/or RAM 803. Note that the programs may also be stored in one or more memories other than the ROM 802 and RAM 803. The processor 801 may also perform various operations of method flows according to embodiments of the present disclosure by executing programs stored in the one or more memories.
Electronic device 800 may also include input/output (I/O) interface 805, input/output (I/O) interface 805 also connected to bus 804, according to an embodiment of the present disclosure. Electronic device 800 may also include one or more of the following components connected to I/O interface 805: an input portion 806 including a keyboard, a mouse, and the like; an output section 807 including a signal such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage portion 808 including a hard disk and the like; and a communication section 809 including a network interface card such as a LAN card, a modem, or the like. The communication section 809 performs communication processing via a network such as the internet. A drive 810 is also connected to the I/O interface 805 as necessary. A removable medium 811 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 810 as necessary, so that a computer program read out therefrom is mounted on the storage section 808 as necessary.
The present disclosure also provides a computer-readable storage medium, which may be contained in the apparatus/device/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example but is not limited to: a portable computer diskette, a rigid diskette, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, a computer-readable storage medium may include the ROM 802 and/or RAM 803 described above and/or one or more memories other than the ROM 802 and RAM 803.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the method illustrated in the flow chart. When the computer program product runs in a computer system, the program code is used for causing the computer system to realize the risk object identification method provided by the embodiment of the disclosure.
The computer program performs the above-described functions defined in the system/apparatus of the embodiments of the present disclosure when executed by the processor 801. The systems, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In one embodiment, the computer program may be hosted on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted in the form of a signal on a network medium, distributed, downloaded and installed via communication section 809, and/or installed from removable media 811. The computer program containing program code may be transmitted using any suitable network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In such an embodiment, the computer program can be downloaded and installed from a network through the communication section 809 and/or installed from the removable medium 811. The computer program, when executed by the processor 801, performs the above-described functions defined in the system of the embodiments of the present disclosure. The systems, devices, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In accordance with embodiments of the present disclosure, program code for executing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, these computer programs may be implemented using high level procedural and/or object oriented programming languages, and/or assembly/machine languages. The programming language includes, but is not limited to, programming languages such as Java, C + +, python, the "C" language, or the like. The program code may execute entirely on the user computing device, partly on the user device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
The embodiments of the present disclosure have been described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used in advantageous combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the present disclosure, and such alternatives and modifications are intended to be within the scope of the present disclosure.

Claims (11)

1. A method of identifying a risk object, comprising:
acquiring a service request sent by an object to be identified;
determining the service type of the service request and service data associated with the object to be identified;
generating a risk identification model corresponding to the service type on the basis of the service data; and
and carrying out risk identification on the object to be identified through the risk identification model.
2. The identification method of claim 1, wherein the method further comprises:
acquiring full data of a plurality of system components;
generating a source pasting data layer according to the full data;
performing data quality analysis on the data of the source pasting data layer to obtain a detailed data layer; and
and analyzing the service type of the data of the detail data layer to obtain a service data layer, wherein the service data layer is used for generating the risk identification model.
3. The identification method of claim 2, wherein the generating a risk identification model corresponding to the business type based on the business data comprises:
acquiring a data unit corresponding to the service data from the service data layer;
and generating the risk identification model according to the service type and the data unit.
4. The identification method of claim 2, wherein the business data comprises a transaction object related to the business request, and the generating of the risk identification model corresponding to the business type based on the business data comprises:
acquiring historical data of the transaction object, wherein the historical data comprises first historical transaction data of the transaction object and the object to be identified and second historical transaction data of the transaction object and a third-party object;
obtaining data units from the service data layer, the data units including a first data unit related to the first historical transaction data, a second data unit related to second historical transaction data, and a third data unit related to the third party object; and
and generating the risk identification model according to the service type, the first data unit, the second data unit and the third data unit.
5. The identification method of claim 2, wherein the generating a source-attached data layer from the full amount of data comprises:
and collecting the full data to a source pasting data layer, wherein the collection mode comprises file import, database import, log import, message queue import and point burying.
6. The identification method of claim 1, wherein the service request is an account opening request; the risk identification of the object to be identified through the risk identification model comprises the following steps:
acquiring account opening agent information and account opening legal person information in the account opening request; and
and sending an account opening early warning to the object to be identified under the condition that the account opening agent information and/or the account opening legal person information are determined to be in the blacklist through the risk identification model.
7. The identification method according to claim 1, wherein the business data comprises account data associated with the object to be identified; the risk identification of the object to be identified through the risk identification model comprises the following steps:
acquiring target account data in the account data, wherein the target account data comprises account data of an account opening person having the same account opening person as the object to be identified; and
and inputting the target account data into the risk identification model to obtain a risk identification result of the object to be identified.
8. An apparatus for identifying a risk object, comprising:
the first acquisition module is used for acquiring a service request sent by an object to be identified;
the determining module is used for determining the service type of the service request and the service data associated with the object to be identified;
the first generation module is used for generating a risk identification model corresponding to the business type on the basis of the business data; and
and the first analysis module is used for carrying out risk identification on the object to be identified through the risk identification model.
9. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-7.
10. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method of any one of claims 1 to 7.
11. A computer program product comprising a computer program which, when executed by a processor, implements a method according to any one of claims 1 to 7.
CN202210045988.8A 2022-01-14 2022-01-14 Method, device, equipment, storage medium and program product for identifying risk object Pending CN114357523A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210045988.8A CN114357523A (en) 2022-01-14 2022-01-14 Method, device, equipment, storage medium and program product for identifying risk object

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210045988.8A CN114357523A (en) 2022-01-14 2022-01-14 Method, device, equipment, storage medium and program product for identifying risk object

Publications (1)

Publication Number Publication Date
CN114357523A true CN114357523A (en) 2022-04-15

Family

ID=81090701

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210045988.8A Pending CN114357523A (en) 2022-01-14 2022-01-14 Method, device, equipment, storage medium and program product for identifying risk object

Country Status (1)

Country Link
CN (1) CN114357523A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116775620A (en) * 2023-08-18 2023-09-19 建信金融科技有限责任公司 Multi-party data-based risk identification method, device, equipment and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116775620A (en) * 2023-08-18 2023-09-19 建信金融科技有限责任公司 Multi-party data-based risk identification method, device, equipment and storage medium
CN116775620B (en) * 2023-08-18 2023-11-10 建信金融科技有限责任公司 Multi-party data-based risk identification method, device, equipment and storage medium

Similar Documents

Publication Publication Date Title
JP6913241B2 (en) Systems and methods for issuing loans to consumers who are determined to be creditworthy
US11423365B2 (en) Transaction card system having overdraft capability
US8606695B1 (en) Decision making engine and business analysis tools for small business credit product offerings
US8799161B2 (en) Automatically decisioning transaction requests
US20190073714A1 (en) System and method for issuing a loan to a consumer determined to be creditworthy onto a transaction card
CN102203775A (en) Market dynamics
US11803854B1 (en) System and method for fraud detection using event driven architecture
CN111198873A (en) Data processing method and device
US20210110359A1 (en) Dynamic virtual resource management system
CN112308698B (en) WeChat end loan product management method and system supporting second-level legal person
CN114357523A (en) Method, device, equipment, storage medium and program product for identifying risk object
US20150066773A1 (en) Claim rate black box
CN115994819A (en) Risk customer identification method, apparatus, device and medium
CN116934131A (en) Enterprise operation condition assessment method, device and equipment
AU2021387911A1 (en) Real-time online transactional processing systems and methods
KR20160094157A (en) Chain bankruptcy risk management system and bankruptcy risk management method using the same
CN111429257B (en) Transaction monitoring method and device
CN111681101A (en) Access detection method, device, equipment and storage medium for object
US10296882B2 (en) Multicomputer processing of client device request data using centralized event orchestrator and link discovery engine
CN112734352A (en) Document auditing method and device based on data dimensionality
US11301929B1 (en) System and method for closing financial accounts using event driven architecture
CN114723548A (en) Data processing method, apparatus, device, medium, and program product
CN114565462A (en) Fund change reminding method, device, equipment, storage medium and program product
CN116629873A (en) Transaction risk assessment method, device, equipment and storage medium
CN115099639A (en) Remote inspection method, system, device, medium, and program product

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination