CN114443409A

CN114443409A - Payment business system monitoring method, device and equipment and computer storage medium

Info

Publication number: CN114443409A
Application number: CN202011217403.3A
Authority: CN
Inventors: 滕彬; 谭文意; 夏璐; 李志颖
Original assignee: Tenpay Payment Technology Co Ltd
Current assignee: Tenpay Payment Technology Co Ltd
Priority date: 2020-11-04
Filing date: 2020-11-04
Publication date: 2022-05-06

Abstract

The application discloses a payment service system monitoring method, a device and equipment and a computer storage medium, which relate to the technical field of monitoring, and the method comprises the following steps: acquiring monitoring data of a payment service system in a set monitoring period, wherein the monitoring data comprises monitoring data corresponding to a plurality of service attribute dimensions of the payment service system, and one attribute dimension corresponds to one monitoring index of the payment service system; performing anomaly analysis according to the monitoring data corresponding to each service attribute dimension to obtain the anomaly degree of the payment service system on each service attribute dimension; obtaining the abnormal degree of the payment service system and the abnormal type of the payment service system according to the abnormal degree of the payment service system on each service attribute dimension; determining the abnormal grade of the payment service system according to the abnormal degree of the payment service system; and performing service control of the payment service system according to the abnormal grade and the abnormal type.

Description

Payment business system monitoring method, device and equipment and computer storage medium

Technical Field

The application relates to the technical field of computers, in particular to the technical field of monitoring, and provides a payment service system monitoring method, device and equipment and a computer storage medium.

Background

At present, with the development of network technology, electronic payment methods such as mobile phone payment gradually replace traditional payment methods with the advantages of being more convenient and faster. For a manufacturer who provides a payment service, in order to optimize the payment service, the payment service system needs to be monitored and evaluated in the background, so that problems occurring in the payment service system can be solved in time, and inconvenience and potential risks brought to payment of a user are avoided.

Therefore, it is necessary for the payment service to monitor the payment service system.

Disclosure of Invention

The embodiment of the application provides a method, a device and equipment for monitoring a payment service system and a computer storage medium.

In one aspect, a method for monitoring a payment service system is provided, where the method includes:

acquiring monitoring data of a payment service system in a set monitoring period, wherein the monitoring data comprises monitoring data corresponding to a plurality of service attribute dimensions of the payment service system, and one attribute dimension corresponds to one monitoring index of the payment service system;

performing anomaly analysis according to the monitoring data corresponding to each service attribute dimension to obtain the anomaly degree of the payment service system on each service attribute dimension;

obtaining the abnormal degree of the payment service system and the abnormal type of the payment service system according to the abnormal degree of the payment service system on each service attribute dimension;

determining the abnormal grade of the payment service system according to the abnormal degree of the payment service system;

and performing service control of the payment service system according to the abnormal grade and the abnormal type.

In one aspect, a payment service system monitoring apparatus is provided, where the apparatus includes:

the system comprises a data acquisition unit, a data processing unit and a monitoring unit, wherein the data acquisition unit is used for acquiring monitoring data of a payment service system in a set monitoring period, the monitoring data comprises monitoring data corresponding to a plurality of service attribute dimensions of the payment service system, and one attribute dimension corresponds to one monitoring index of the payment service system;

the abnormity analysis unit is used for respectively carrying out abnormity analysis according to the monitoring data corresponding to each service attribute dimension to obtain the abnormity degree of the payment service system on each service attribute dimension; obtaining the abnormal degree of the payment service system and the abnormal type of the payment service system according to the abnormal degree of the payment service system on each service attribute dimension; determining the abnormal grade of the payment service system according to the abnormal degree of the payment service system;

and the service control unit is used for controlling the service of the payment service system according to the abnormal grade and the abnormal type.

Optionally, the service control unit is specifically configured to:

and generating a monitoring report according to the abnormal grade and the abnormal type, and sending the monitoring report to a management user associated with the payment service system, so that the management user performs service control on the payment service system according to the monitoring report.

Optionally, the service control unit is specifically configured to:

and when the abnormal grade of the payment service system is higher than a set abnormal grade threshold value, sending early warning information to a management user associated with the payment service system, wherein the early warning information carries abnormal type indication information of the payment service system, so that the management user adjusts and controls the payment service system according to the abnormal type of the payment service system.

Optionally, the abnormality analysis unit is specifically configured to:

obtaining an abnormal index value of any service attribute dimension according to the monitoring data corresponding to the any service attribute dimension;

and determining the abnormality degree of the payment service system on any service attribute dimension according to the abnormality index value of any service attribute dimension and the abnormality index interval threshold set for any service attribute dimension.

Optionally, the service attribute dimension includes one or more of the following dimensions:

stability dimension, wherein the stability comprises stability of user attribute distribution and transaction attribute distribution in the payment service system;

an account suspicion degree dimension;

a transaction suspicion degree dimension;

the non-conventional service uses data dimensions;

a user complaint data dimension;

limiting a transaction area data dimension;

optionally, when any service attribute dimension is a stability dimension, the monitoring data corresponding to any service attribute dimension is user attribute data and/or transaction attribute data;

the abnormality analysis unit is specifically configured to:

acquiring attribute value distribution corresponding to each attribute in a monitoring period according to the user attribute data and/or the transaction attribute data;

determining the stability of each attribute according to the attribute value distribution of each attribute in the monitoring period and the historical attribute value distribution of each attribute;

and determining an abnormal index value of the payment service system on the stability dimension according to the stability on each attribute.

Optionally, when any service attribute dimension is an account suspicious dimension, the monitoring data corresponding to any service attribute dimension is account data of at least one account of which the service volume is greater than a preset service volume threshold;

the abnormality analysis unit is specifically configured to:

determining the suspicious degree of each account according to the account data of each account in the at least one account;

determining a suspicious account in the at least one account according to the suspicious degree of each account;

and determining an abnormal index value of the payment service system on the account suspicious dimension according to the determined suspicious account quantity.

Optionally, the abnormality analyzing unit is further configured to:

aiming at each suspicious account, determining the matching degree of each suspicious account and each suspicious type according to the matching degree between each suspicious account and the suspicious account marked with the suspicious type;

determining the suspicious type of each suspicious account according to the matching degree of each suspicious account and each suspicious type;

and generating a monitoring report according to the suspicious type of each suspicious account.

Optionally, when any service attribute dimension is a transaction suspicious dimension, the monitoring data corresponding to any service attribute dimension is transaction data;

the abnormality analysis unit is specifically configured to:

and determining an abnormal index value on a transaction suspicion dimension according to the transaction value of the suspicious transaction in the transaction data in the monitoring period.

Optionally, when any service attribute dimension is an unconventional service use dimension, the monitoring data corresponding to any service attribute dimension is transaction data;

the abnormality analysis unit is specifically configured to:

and determining an abnormal index value on the use dimension of the unconventional business according to the number of target objects used by the unconventional business in the transaction data in the monitoring period, wherein the target objects comprise users using payment business and transaction scenes.

Optionally, when any service attribute dimension is a customer complaint dimension, the monitoring data corresponding to any service attribute dimension is the complaint data of the customer on the payment service system;

the abnormality analysis unit is specifically configured to:

and determining the number of complaint records of the user in the monitoring period according to the complaint data, and determining the abnormal index value on the complaint dimension of the user according to the number of the complaint records.

Optionally, the abnormality analyzing unit is further configured to:

extracting a complaint text in the complaint data;

after the complaint text is segmented, extracting at least one keyword in terms obtained by segmentation;

clustering is carried out according to the at least one keyword to obtain at least one category and keywords included by each category;

determining complaint events in the monitoring period according to the keywords included in each category;

and generating a complaint analysis report according to the complaint event.

In one aspect, a computer device is provided, comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of any of the above methods when executing the computer program.

In one aspect, a computer storage medium is provided having computer program instructions stored thereon that, when executed by a processor, implement the steps of any of the above-described methods.

In one aspect, a computer program product or computer program is provided that includes computer instructions stored in a computer-readable storage medium. The computer instructions are read by a processor of a computer device from a computer-readable storage medium, and the computer instructions are executed by the processor to cause the computer device to perform the steps of any of the methods described above.

In the embodiment of the application, by acquiring the monitoring data of the payment service system in a set monitoring period, the monitoring data comprises monitoring data corresponding to a plurality of attribute dimensions of the payment service system, one attribute dimension corresponds to a monitoring index of the payment service system, and then the abnormal degree of the payment service system in each attribute dimension can be respectively obtained according to the monitoring data corresponding to each attribute dimension, so as to obtain the abnormal degree of the payment service system and the abnormal type of the payment service system, the abnormal grade of the payment service system can be determined according to the abnormal degree, and further the service control of the payment service system can be performed according to the abnormal grade and the abnormal type, so that the abnormal grade and the abnormal type of the payment service system in the monitoring period can be obtained by analyzing the data in the monitoring period of the payment service system, and further background personnel can timely sense the current service health degree of the payment service system, and timely intervene to troubleshoot and correct problems when abnormity exists, so that serious influence on service is avoided, and probability of bringing poor use experience to users is reduced.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments or related technologies, the drawings needed to be used in the description of the embodiments or related technologies are briefly introduced below, it is obvious that the drawings in the following description are only the embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.

Fig. 1 is a schematic view of an application scenario provided in an embodiment of the present application;

fig. 2 is a schematic flowchart of a payment service system monitoring method according to an embodiment of the present application;

fig. 3 is a schematic view of service attribute dimensions provided in an embodiment of the present application;

FIG. 4 is a schematic diagram of an anomaly analysis of a stability dimension provided by an embodiment of the present application;

FIG. 5 is a schematic diagram illustrating an anomaly analysis of an account suspicious dimension according to an embodiment of the present disclosure;

FIG. 6 is a schematic flow chart illustrating anomaly analysis of a transaction suspicion dimension according to an embodiment of the present disclosure;

fig. 7 is a schematic flow chart of a clustering process provided in an embodiment of the present application;

FIGS. 8a to 8d are schematic diagrams illustrating a clustering process using a K-Means algorithm according to an embodiment of the present application;

FIG. 9 is a schematic flow chart illustrating an anomaly analysis for limiting data dimensions of a transaction area according to an embodiment of the present application;

fig. 10 is a schematic structural diagram of a payment service system monitoring apparatus according to an embodiment of the present application;

fig. 11 is a schematic structural diagram of a computer device according to an embodiment of the present application.

Detailed Description

In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions in the embodiments of the present application will be described clearly and completely with reference to the accompanying drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application. In the present application, the embodiments and features of the embodiments may be arbitrarily combined with each other without conflict. Also, while a logical order is shown in the flow diagrams, in some cases, the steps shown or described may be performed in an order different than here.

For the convenience of understanding the technical solutions provided by the embodiments of the present application, some key terms used in the embodiments of the present application are explained first:

and (4) payment service: for example, the transaction may include a common electronic payment service, such as a code scanning payment service, a face payment service, a payment service, or a money transfer service, and the like, and the financial product is also actually provided with two transaction parties when being bought and sold, that is, one transaction of the financial product involves a seller and a buyer, and thus the payment service may also include the financial product of a financial platform.

The payment service system comprises: the system for providing service support for payment services is a payment service system.

A monitoring period: the monitoring period may be set according to actual requirements, for example, when the real-time performance of the monitoring of the payment service system is high, the monitoring period may be set to be shorter, for example, 10 minutes, 1 hour, or half a day, and the like.

Service attribute dimension: the method is used for monitoring the monitoring dimensionality set for the payment service system, monitoring the health degree of the payment service system from each dimensionality, and summarizing the health degrees of multiple attribute dimensionalities to obtain the overall health degree of the payment service system, so that background personnel can analyze the condition of the payment service system and control the payment service system.

Stability dimension: the stability may include stability of a user group and stability of transaction attributes in the payment service system, and generally speaking, in each monitoring time period, the payment service system tends to be stable in distribution of the whole user group, when the user group is abnormally distributed, it may be reflected that the payment service may be abnormal laterally.

The suspicious degree of the account is as follows: in a payment business system, an account which has performed some illegal transactions is suspicious and called a suspicious account, and the higher the suspicious degree of the account is, the higher the risk degree of the account is. For a payment service system, the greater the number of suspicious accounts present in the system, the higher the risk level of the system is obviously, and the lower the credibility given to normal users is, which may reduce the viscosity of the normal users to the payment system. Therefore, it is necessary to monitor suspicious accounts involved in the payment service system and limit certain services, thereby reducing the payment risk of other normal accounts in the payment service system.

Transaction suspicion degree: for a transaction, by performing a suspicion analysis on related data related to the transaction, when the suspicion degree is greater than a certain threshold, the transaction can be determined as a suspicious transaction. Similarly, for a payment transaction system, the higher the number of suspicious transactions present in the system, the higher the risk level of the system is obviously, and thus, the service usage of the transaction parties in the payment transaction system, which need to perform suspicious transactions, is limited.

Non-regular traffic usage: for a payment service, product usage policies of the payment service are generally set, such as a user permitted to use and a transaction scenario permitted to use, and non-regular service usage refers to an action of using the payment service outside a permitted range of the payment service. For example, a user who is permitted to use is set, and the behavior of a user other than the permitted user to use the payment service may be regarded as irregular use.

For a manufacturer providing a payment service, in order to optimize the payment service, the payment service needs to be monitored and evaluated in the background, so that problems occurring in the payment service can be solved in time, and inconvenience and potential risks brought to payment of a user are avoided. Therefore, it is necessary for the payment service to monitor the payment service.

However, currently, the monitoring of the payment service is only performed with respect to transaction data, such as a total transaction amount or an online interception amount, and an alarm is given when the total transaction amount or the online interception amount exceeds a threshold. The method only considers the single characteristic of the payment service, the monitoring of the payment service system is not comprehensive enough, the health degree of the payment service system cannot be truly reflected, and the reference for performing service control on background analysts is not large.

In view of this, an embodiment of the present application provides a method for monitoring a payment service system, in which monitoring data of the payment service system in a set monitoring period is obtained, the monitoring data includes monitoring data corresponding to a plurality of attribute dimensions of the payment service system, one attribute dimension corresponds to a monitoring index of the payment service system, and then an abnormality degree of the payment service system in each attribute dimension can be respectively obtained according to the monitoring data corresponding to each attribute dimension, so as to obtain an abnormality degree of the payment service system and an abnormality type of the payment service system, an abnormality level of the payment service system can be determined according to the abnormality degree, and further service control of the payment service system can be performed according to the abnormality level and the abnormality type, so that the abnormality level and the abnormality type of the payment service system in the monitoring period can be obtained by analyzing data in the monitoring period of the payment service system, and then background personnel can sense the current business health degree of the payment business system in time, and intervene in time to troubleshoot and correct problems when abnormity exists, so that serious influence on the business is avoided, and the probability of bringing poor use experience to users is reduced.

After introducing the design concept of the embodiment of the present application, some simple descriptions are provided below for application scenarios to which the technical solution of the embodiment of the present application can be applied, and it should be noted that the application scenarios described below are only used for describing the embodiment of the present application and are not limited. In a specific implementation process, the technical scheme provided by the embodiment of the application can be flexibly applied according to actual needs.

The scheme provided by the embodiment of the present application may be applicable to most of the scenarios that require payment service system monitoring, and is certainly applicable to other service scenarios besides payment service, as shown in fig. 1, a scenario diagram provided by the embodiment of the present application is provided, where the application scenario includes a system monitoring device 101, a database 102, and a management terminal 103.

The database 102 may be a database corresponding to the payment service system, and is used to store all data generated during the operation of the payment service system. The database may be any type of database, and the embodiment of the present application is not limited to the type of database.

The system monitoring apparatus 101 may be a computer apparatus with certain processing capability, for example, a Personal Computer (PC), a notebook computer, or a server. The server may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a network service, cloud communication, middleware service, a domain name service, a security service, a CDN, and a big data and artificial intelligence platform, but is not limited thereto.

In one possible implementation, the system monitoring apparatus 101 may be a background server of the payment service system.

The management terminal 103 may be a terminal device used by a management user of the payment service system, and may be a PC, a mobile phone, a notebook computer, or a wearable device, etc.

In a specific implementation process, data generated in an operation process of the payment service system may be stored in the database 102, the system monitoring device 101 may obtain monitoring data in a monitoring period from the database 102 in one monitoring period, and obtain a monitoring result of the payment service system by using the payment service system monitoring method provided in the embodiment of the present application, that is, obtain an abnormality degree and an abnormality type of the payment service system, and may generate a monitoring report of the payment service system according to the monitoring result and send the monitoring report to the management terminal 103, so that a management user may determine whether to perform service adjustment control on the payment service system according to the monitoring report, for example, when the monitoring report shows that the payment service is abnormal, may check for abnormality and perform service adjustment according to the monitoring report.

Among other things, the system monitoring device 101 may include one or more processors 1011, memory 1012, and I/O interfaces 1013 to interact with other devices. In addition, the robot arm posture detecting apparatus 101 may further configure a database 1014, and the database 1014 may be configured to store data such as monitoring data and monitoring reports related to the solution provided in the embodiment of the present application. The memory 1012 of the system monitoring device 101 may store program instructions of the payment service system monitoring method provided in the embodiment of the present application, and when the program instructions are executed by the processor 1011, the program instructions can be used to implement the steps of the payment service system monitoring method provided in the embodiment of the present application, so as to monitor the payment service system.

The system monitoring device 101, the database 102, and the management terminal 103 may be in direct or indirect communication connection via one or more networks 104. The network 104 may be a wired network or a Wireless network, for example, the Wireless network may be a mobile cellular network, or may be a Wireless-Fidelity (WIFI) network, or may also be other possible networks, which is not limited in this embodiment of the present invention.

Of course, the method provided in the embodiment of the present application is not limited to be used in the application scenario shown in fig. 1, and may also be used in other possible application scenarios, and the embodiment of the present application is not limited. The functions that can be implemented by each device in the application scenario shown in fig. 1 will be described in the following method embodiments, and will not be described in detail herein. Hereinafter, the technology related to the embodiments of the present application will be briefly described.

Artificial Intelligence (AI) is a theory, method, technique and application system that uses a digital computer or a machine controlled by a digital computer to simulate, extend and expand human Intelligence, perceive the environment, acquire knowledge and use the knowledge to obtain the best results. In other words, artificial intelligence is a comprehensive technique of computer science that attempts to understand the essence of intelligence and produce a new intelligent machine that can react in a manner similar to human intelligence. Artificial intelligence is the research of the design principle and the realization method of various intelligent machines, so that the machines have the functions of perception, reasoning and decision making.

The artificial intelligence technology is a comprehensive subject and relates to the field of extensive technology, namely the technology of a hardware level and the technology of a software level. The artificial intelligence infrastructure generally includes technologies such as sensors, dedicated artificial intelligence chips, cloud computing, distributed storage, big data processing technologies, operation/interaction systems, mechatronics, and the like. The artificial intelligence software technology mainly comprises a computer vision technology, a voice processing technology, a natural language processing technology, machine learning/deep learning and the like.

Natural Language Processing (NLP) is an important direction in the fields of computer science and artificial intelligence. It studies various theories and methods that enable efficient communication between humans and computers using natural language. Natural language processing is a science integrating linguistics, computer science and mathematics. Therefore, the research in this field will involve natural language, i.e. the language that people use everyday, so it is closely related to the research of linguistics. Natural language processing techniques typically include text processing, semantic understanding, machine translation, robotic question and answer, knowledge mapping, and the like.

Machine Learning (ML) is a multi-domain cross discipline, and relates to a plurality of disciplines such as probability theory, statistics, approximation theory, convex analysis, algorithm complexity theory and the like. The special research on how a computer simulates or realizes the learning behavior of human beings so as to acquire new knowledge or skills and reorganize the existing knowledge structure to continuously improve the performance of the computer. Machine learning is the core of artificial intelligence, is the fundamental approach for computers to have intelligence, and is applied to all fields of artificial intelligence. Machine learning and deep learning generally include techniques such as artificial neural networks, belief networks, reinforcement learning, transfer learning, inductive learning, and formal education learning.

With the research and progress of the artificial intelligence technology, the artificial intelligence technology is researched and applied in multiple fields, the scheme provided by the embodiment of the application relates to an intelligent monitoring technology, a process of analyzing a complaint text through an NLP technology and classifying keywords extracted from the text through a clustering algorithm or a machine learning algorithm, and the following embodiment is specifically used for explanation.

Referring to fig. 2, a flow chart of a payment service system monitoring method provided in an embodiment of the present application is schematically illustrated, and the method may be executed by the system monitoring device 101 in fig. 1, where the flow chart of the method is described as follows.

Step 201: and acquiring monitoring data of the payment service system in a set monitoring period.

In the embodiment of the application, the monitoring of the payment service system can be carried out in real time, so that the monitoring data of the payment service system can be obtained in real time and then a subsequent abnormal analysis process is carried out, and all the monitoring data in the monitoring period can be obtained after one overhead period is finished, and the abnormal analysis is carried out on the monitoring period. Of course, the setting may be performed according to a specific monitoring requirement in specific implementation, which is not limited in the embodiment of the present application.

In order to evaluate the health degree of the payment service system more comprehensively, monitoring data of the payment service west-jolt on a plurality of service attribute dimensions can be acquired, and then the payment service system is evaluated according to the monitoring data on the plurality of service attribute dimensions.

The plurality of service attribute dimensions may be a plurality of dimensions in which an anomaly may occur in the payment service system. As shown in fig. 3, the plurality of service attribute dimensions may include one or more of the following dimensions:

(1) stability of

(2) Degree of suspicion of account

(3) Degree of transaction suspicion

(4) Irregular traffic usage data

(5) Customer complaint data

(6) Limiting transaction area data

Wherein, the abnormal degree of the payment service system is respectively measured from the service internal angle and the service external angle. For example, the dimensions of stability, account suspicious degree, transaction suspicious degree, irregular service usage data, and user complaint data are service attribute dimensions from the service interior perspective, and the transaction area data is limited to service attribute dimensions from the service exterior perspective.

Of course, when the service is used specifically, other possible dimensions may be set according to a specific service usage scenario, which is not limited in the embodiment of the present application.

Step 202: and respectively carrying out anomaly analysis according to the monitoring data corresponding to each service attribute dimension to obtain the anomaly degree of the payment service system on each service attribute dimension.

In the embodiment of the application, specific anomaly analysis is performed on each service attribute dimension to obtain the anomaly degree on each service attribute dimension.

Specifically, in actual use, an anomaly analysis policy of each service attribute dimension may be set in advance, for example, a threshold for anomaly determination is set. The setting basis can be obtained by analyzing historical abnormalities, or can be set according to experience.

Taking the setting of the discrimination threshold as an example, after the monitoring data is acquired, the monitoring data corresponding to any service attribute dimension can be screened from the acquired monitoring data, the abnormal index value of the service attribute dimension is obtained according to the screened monitoring data, and the abnormal degree of the payment service system in any service attribute dimension is determined according to the abnormal index value of any service attribute dimension and the abnormal index interval threshold set for any service attribute dimension.

For example, a stability abnormal threshold may be set for the stability dimension, and when an abnormal index value obtained from the monitoring data exceeds the abnormal threshold, it is determined that there is an abnormality in the stability dimension.

The abnormality determination process for each dimension will be described in detail in the following description, and thus will not be described excessively herein.

Step 203: and obtaining the abnormal degree of the payment service system and the abnormal type of the payment service system according to the abnormal degree of the payment service system on each service attribute dimension.

After anomaly analysis is performed on each service attribute dimension, the anomaly degree of each service attribute dimension can be obtained, and the anomaly degree of the payment service system can be further obtained according to the anomaly degree of each service attribute dimension.

For example, when one service attribute dimension is abnormal, the abnormality degree score of the service attribute dimension may be 1, and if there is no abnormality or it is considered that the abnormality degree of each service attribute dimension is not abnormal approximately, the abnormality degree of the service attribute dimension may be scored as 0, and then the abnormality degree scores of each service attribute dimension may be added to obtain the total abnormality degree score of the payment service system. Because the importance degrees of different service attribute dimensions may be different, or the influence of the abnormality of each service attribute dimension on the payment service system may be different, a weight may be set for each service attribute dimension, and when calculating the total abnormality degree score, the calculation may be performed according to the weight of each service attribute dimension, so as to improve the accuracy of the obtained abnormality degree of the payment service system.

Specifically, for the service attribute dimension with the abnormality, the abnormality type of each service attribute dimension can be further analyzed, so that the monitoring report contains the abnormality type data, and the background management user can conveniently locate the abnormality.

Step 204: and determining the abnormity grade of the payment service system according to the abnormity degree of the payment service system.

Specifically, corresponding abnormality levels may be set for different degrees of abnormality, and one abnormality level may correspond to one abnormality degree interval, so that after the degree of abnormality of the payment service system is obtained based on the above process, the abnormality level of the payment service system in the currently calculated monitoring period may be determined according to a corresponding relationship between the degree of abnormality and the abnormality level.

For example, if there is an abnormality in one service attribute dimension, the degree of abnormality of the service attribute dimension may be scored as 1, and if there is no abnormality or it is approximately assumed that there is no abnormality in each service attribute dimension, the degree of abnormality of the service attribute dimension may be scored as 0, and the correspondence between the degree of abnormality and the abnormality level may be as shown in table 1.

Section of degree of abnormality	Grade of anomaly	Risk level
			[0，1]	Is low with	Low risk
[2，3]	In	Middle risk
			[4，6]	Is higher than	Higher risk
[7，+∞]	Height of	High risk

TABLE 1

Wherein the risk level may measure the risk to the user and the risk to the payment service provider.

When the abnormality degree score is [0, 1], the corresponding abnormality grade is low, and the risk grade of the corresponding payment service system is low; when the abnormality degree score is [2, 3], the corresponding abnormality grade is middle, and the risk grade of the corresponding payment service system is middle risk; when the abnormality degree score is [4, 6 ], the corresponding abnormality grade is higher, and the risk grade of the corresponding payment service system is higher risk; when the abnormality degree score is [7, + ∞ ], the corresponding abnormality level is high, and the risk level of the corresponding payment service system is high risk.

Step 205: and performing service control of the payment service system according to the abnormal grade and the abnormal type.

In the embodiment of the application, after the abnormal grade and the abnormal type of the payment service system are determined, the service control of the payment service system can be performed according to the abnormal grade and the abnormal type.

Specifically, the service control means corresponding to each abnormal class and abnormal type may be preset according to the abnormal class, abnormal type and corresponding service control means obtained by the historical data analysis, and then after the abnormal analysis is completed, the corresponding service means may be determined and executed according to the abnormal class and abnormal type obtained by the analysis. For example, when the anomaly level is higher risk and the anomaly type includes too many suspicious accounts in the monitoring period, the transaction related to the suspicious accounts can be limited, or the transaction upper limit value in the current payment service system can be dynamically adjusted; or, when the exception type is that the user has excessive complaints about a certain merchant, the transaction of the merchant can be limited.

Specifically, a monitoring report can be generated according to the exception grade and the exception type, and the monitoring report is sent to a management user associated with the payment service system, so that the management user performs service control on the payment service system according to the monitoring report. And aiming at some conditions that the adjustment control cannot be automatically carried out, the background management user can analyze and locate the abnormity according to the monitoring report, and then carry out service adjustment control on the payment service system.

Or, in order to deal with some high-risk situations, when the exception level of the payment service system is higher than a set exception level threshold, sending early warning information to a management user associated with the payment service system, where the early warning information carries exception type indication information of the payment service system, so that the management user can adjust and control the payment service system according to the exception type of the payment service system.

In the following, the process of anomaly analysis is introduced separately for specific service attribute dimensions.

(1) Anomaly analysis of stability dimensions

The data related to the stability dimension is mainly user attribute data and transaction attribute data in the payment service system, the user attribute data and the transaction attribute data are subdivided according to different user attributes or transaction attributes, attribute value distribution of each attribute in a monitoring period is obtained through calculation respectively, the stability of each attribute is determined according to the attribute value distribution of each attribute in the monitoring period and historical attribute value distribution of each attribute, and then the abnormal index value of the payment service system in the stability dimension is determined according to the stability of each attribute.

Exemplary, as shown in fig. 4, is an anomaly analysis diagram of the stability dimension.

The attributes are obtained according to the user attributes and the subdivision of the transaction attributes, for example, fig. 4 may include attributes such as real-name/non-real-name user ratio, certificate type ratio, operator ratio of bound mobile phone number, new and old user number ratio, user data ratio of each age group, and the like according to the user attribute division, and may include attributes such as day-night transaction ratio, transaction period ratio, intra-and-foreign transaction ratio, user number ratio of transaction amount hierarchy, and user number ratio of each payment scenario according to the transaction attribute division.

The Stability Index (PSI) is an Index for measuring the deviation between the expected value and the actual value, and is mainly used for observing whether the proportion of people in different groups in different samples has significant change, that is, the Stability Index (PSI) can be used for measuring the distribution change degree of each attribute. The PSI values of the attributes may be calculated, when the PSI value is larger, it indicates that the distribution condition of the attribute is changed greatly, and an abnormal condition may exist, and the change of a single attribute may not reflect the stability of the entire system, so the PSI value may be determined by integrating the PSI of each attribute, that is, a set number threshold, when the number of the attributes of which the PSI value is larger than the set threshold is larger, that is, the number of the attributes of which the PSI value is larger than the set threshold is larger than the set number threshold, it may indicate that the payment service system is abnormal, and thus, the stability dimension of the payment service system may be considered to be abnormal, the abnormality degree score of the stability dimension may be set to 1, and if the number of the attributes of which the PSI value is larger than the set threshold is smaller, the stability dimension of the payment service system may be considered to be normal, and the abnormality degree score of the stability dimension may be set to 0.

Generally, when the PSI is less than 0.1, the stability is high, and when the PSI is greater than 0.25, the system is unstable, and attention and updating are required. For example, the index threshold may be set to 0.25, and the number threshold may be set to 2, then if the PSI values of 2 or more attributes are greater than or equal to 0.25, then a score of 1 is counted, otherwise a score of 0 is counted.

Of course, in addition to the above-described manner, the corresponding abnormality values may be set according to the number, for example, when the percentage of the number of attributes greater than the set threshold is 10%, the degree of abnormality of the stability dimension is 10%, and when the percentage of the number of attributes greater than the set threshold is 80%, the degree of abnormality of the stability dimension is 80%, and the like.

Specifically, the specific calculation formula of PSI is as follows:

wherein,

representing the actual value of attribute i derived from the attribute data in the monitoring period,

the expected value of the attribute i is represented, and the expected value may be set based on historical data or may be set empirically.

Taking the attribute as the user data proportion of each age group as an example, the user age data of number 1 is selected here, the account number distribution situation of different age intervals is counted as an expected value, and the user age data of number 15 is selected as an actual value, as shown in table 2.

TABLE 2

The PSI calculation method comprises the steps of calculating the proportion of the actual user number in each age interval to the total user number according to the actual user number in each age interval, calculating the proportion of the expected user number in each age interval to the total user number according to the expected user number in each age interval, calculating the PSI of each age interval according to the actual user number proportion and the expected user number proportion, and obtaining the PSI of each age interval, wherein the synthesis of the PSI of each age interval is the PSI of the user data proportion of each age interval.

As can be seen from table 2, the PSI value of the user data ratio of each age group is 0.23 and is smaller than the set index threshold value 0.25, that is, the age of the user using the payment service is stable.

(2) Anomaly analysis of account suspicious dimension

In the embodiment of the application, the account suspicious degree may also be referred to as a malicious degree of the account, and when the transaction with the suspicious account in the payment service system is too many, the health degree of the system is obviously not high, so that the suspicious account needs to be found by conducting suspicious analysis on the account in the payment service system, and further, the abnormal degree of the payment service system is judged.

When the service attribute dimension is an account suspicious dimension, the monitoring data corresponding to the service attribute dimension is account data of at least one account with the service volume larger than a preset service volume threshold, wherein the service volume can be measured by the collection amount, the transaction times or the transfer amount. And then the suspicious degree of each account can be determined according to the account data of each account in at least one account, the suspicious account in at least one account is determined according to the suspicious degree of each account, and the abnormal index value of the payment service system on the account suspicious dimension is determined according to the determined number of the suspicious accounts.

In the embodiment of the application, a blacklist library can be established in advance according to the identified suspicious account, and then whether the account is the suspicious account can be judged according to the blacklist library. The blacklist library can be established and updated through the following processes.

A. Suspicious account identification model analysis

The suspicious degree of the account can be identified through the trained suspicious account identification model, and the account with the suspicious degree larger than a certain threshold value is added into the blacklist library. The suspicious account identification model can respectively establish sub-models according to different types, and accurately identifies suspicious accounts, and the sub-models comprise sub-models of gambling, fraud, exchange, reimbursement and the like.

B. Manual review

Accounts are also characterized as suspicious by manual review during daily routine and may be added to the blacklist repository.

C. Online intercepted data analysis

In actual use, the background of the payment service system also judges the security of the transaction, when the current transaction is judged to be unsafe, the transaction is intercepted, and when the transaction of one account number is intercepted for multiple times, the account number is obviously risky, so that the account number with the intercepted times larger than a certain number can be added into the blacklist library.

D. Managed account

In actual use, there may be some accounts which are manually subjected to operations such as fund freezing or account entering limitation, and these accounts may be referred to as managed accounts, and may also add the managed accounts into a blacklist.

In the embodiment of the application, in a monitoring period, the number of account numbers involved in transaction is large, and account numbers with large risk influence on a payment service system can be selected for suspicious analysis in order to reduce workload of abnormal analysis. As shown in fig. 5, a schematic diagram of an anomaly analysis of an account suspicious degree dimension is shown, where a plurality of account numbers with top-ranked collection amounts, for example, 200 account numbers, may be selected, the account data of the 200 account numbers are obtained from the monitoring data, and the account data is matched with the account numbers in the blacklist library for each account, the matching degree between each account and the blacklist account may be used as the suspicious degree of the account, and then whether each account is a suspicious account may be determined according to the suspicious degree, and the suspicious account occupation ratio is counted, and then whether the anomaly degree of the account suspicious degree dimension is determined according to the suspicious account occupation ratio.

For example, the degree of abnormality may be determined according to whether the suspicious account exceeds a threshold, where the threshold may be set to 50%, for example, when the proportion of the suspicious account is greater than 50%, the payment service system is considered to be abnormal, and the degree of abnormality in the dimension of the suspicious account is scored as 1, otherwise, the degree of abnormality is scored as 0.

Of course, the corresponding abnormality value may also be set according to the percentage of suspicious accounts, for example, when the percentage of suspicious accounts is 10%, the abnormality degree of the dimensionality of the account suspicious degrees is 10%, and when the percentage of suspicious accounts is 80%, the abnormality degree of the dimensionality of the account suspicious degrees is 80%.

In the embodiment of the application, suspicious accounts in the blacklist library can be further labeled with suspicious types, so that the matching degree between each suspicious account in the determined monitoring period can be determined according to the matching degree between the suspicious account and the suspicious account labeled with the suspicious types, so that the suspicious type to which the suspicious account belongs can be determined, and a monitoring report can be generated according to the suspicious type to which each suspicious account belongs, namely the suspicious types of each suspicious account can be given in the monitoring report, the occupation ratios of various suspicious types can be counted, the large-disk risk details can be given, and the subsequent targeted model disposal of a background management user is facilitated.

(3) Anomaly analysis of transaction suspicion dimensions

When the service attribute dimension is a transaction suspicious dimension, the monitoring data corresponding to the service attribute dimension may be transaction data, and specifically, an abnormal index value in the transaction suspicious dimension may be determined according to a transaction value in the transaction data, where the suspicious degree is greater than a preset suspicious degree threshold in a monitoring period.

Fig. 6 is a schematic flow chart of anomaly analysis of the transaction suspicion degree dimension. The transaction value threshold of the suspicious transaction can be preset, so that whether the total intercepted amount in the monitoring period is greater than or equal to the transaction value threshold can be judged, if the total intercepted amount is less than the transaction value threshold, the abnormality degree of the transaction suspicious dimension is 0, and if the total intercepted amount is greater than or equal to the transaction value threshold, the abnormality degree of the transaction suspicious dimension is 1.

Similarly, the value intervals can be divided for the transaction value, and different value intervals correspond to respective abnormal degrees, so that the abnormal degree on the transaction suspicious dimension can be determined according to the value interval in which the total interception amount in the monitoring period is located, and the abnormal degree can be used as an abnormal index value on the transaction suspicious dimension.

(4) Anomaly analysis of unconventional traffic usage data dimensions

When the service attribute dimension is an unconventional service use dimension, the monitoring data corresponding to the service attribute dimension may be transaction data, and the transaction data specifically includes data related to product policies, such as a transaction account and a transaction location.

Specifically, the abnormal index value in the abnormal service use dimension may be determined according to the number of target objects used by the abnormal service in the monitoring period in the transaction data, where the target objects include users who use the payment service and transaction scenarios.

In the embodiment of the application, for a payment service, generally, a user and a transaction scenario which are permitted to use need to be limited, and if the user and the transaction scenario exceed the permitted use range, the service is used by a conventional service, so that the degree of abnormality of the user and the transaction scenario which are permitted to use can be measured, and finally the degree of abnormality scores of the two aspects are summarized to be used as the degree of abnormality of the dimension of the data used by the non-conventional service.

A. Granting use of a user

When the payment transaction is carried out by the payment service, the identity of the user is judged, which users can use the product and which can not use the product, for example, only Chinese nationality users are allowed to use the product, foreign nationality users cannot use the product and other requirements, so that if users who illegally use the product are found from transaction data in a monitoring period, the abnormal degree score of the dimension of the unconventional service use data is increased by 1 point, and otherwise, the abnormal degree score is not increased.

B. Defining a transaction scenario

Limiting transaction scenarios, e.g. reporting to a supervisor

Before some financial products are on line, the usage scenes and the transaction places of the products are reported to the supervision, for example, only the usage in the environment is allowed, the foreign transactions are not allowed, and otherwise, the compliance risk exists, so the limited transaction scenes can be the transaction scenes reported to the supervision, for example, the abnormality degree score of the unconventional service usage data dimension is increased by 1 point if the transaction scenes without reports are found in the transaction data in the monitoring period, and otherwise, the abnormality degree score is not increased.

Similarly, the numerical intervals can be divided according to the number of the target objects, different numerical intervals correspond to respective abnormality degrees, and further, the abnormality degree on the unconventional service use data dimension can be determined according to the numerical interval in which the number of the target objects in the monitoring period is located, and the abnormality degree can be used as the abnormality index value on the unconventional service use data dimension.

(5) Anomaly analysis of user complaint data dimensions

When the service attribute dimension is a customer complaint dimension, the monitoring data corresponding to the service attribute dimension may be complaint data of the customer for the payment service system. Then the number of complaint records of the user in the monitoring period can be determined according to the complaint data, and the value of the anomaly index in the complaint dimension of the user can be determined according to the number of complaint records.

The complaint record threshold value can be preset, so that whether the complaint record in the monitoring period is greater than or equal to the complaint record threshold value or not can be judged, if the complaint record threshold value is smaller than the complaint record threshold value, the abnormality degree of the transaction suspicious dimension is 0, and if the complaint record threshold value is greater than or equal to the complaint record threshold value, the abnormality degree of the user complaint dimension is 1. For example, when a group fraud case occurs, the number of involved users may be large, and the corresponding number of complaints may also increase explosively, so that complaint records can be monitored, and if the number of complaint records in the monitoring period exceeds the set threshold maximum limit, the abnormality degree score is 1, otherwise the abnormality degree score is 0.

Currently, value intervals can also be divided according to the numerical values of the complaint records, and different value intervals correspond to respective abnormal degrees, so that the abnormal degree in the complaint dimension of the user can be determined according to the value interval in which the complaint records in the monitoring period are positioned, and the abnormal degree can be used as the abnormal index value in the complaint dimension of the user.

In order to learn the cause of the complaint of the user, that is, to determine which events are complained, so that the subsequent background management user correspondingly performs business adjustment management and control, the efficiency of an analyst is improved, and text analysis can be performed on the complaint text of the user to determine the specific events targeted by the complaint.

Specifically, after the complaint data is obtained from the monitoring data, a complaint text in the complaint data can be extracted, the complaint text is subjected to word segmentation, stop words removal and other processing to obtain a plurality of terms, and at least one keyword is extracted from the obtained terms. The processing process can be performed by using a word segmentation tool, for example, a jieba (jieba) word segmentation which is a Python Chinese word segmentation component can perform functions of word segmentation, part of speech tagging, keyword extraction and the like on a Chinese text. Of course, other possible word segmentation tools may also be adopted, and the embodiment of the present application is not limited thereto.

And then, after converting the keywords into word vectors, clustering the keywords by using a clustering algorithm, and then respectively outputting the keywords and the word frequency in each category. The clustering algorithm may be, for example, an unsupervised algorithm such as a K-Means (K-Means) algorithm, and of course, other possible algorithms may also be adopted, and may be an unsupervised algorithm or a supervised algorithm, which is not limited in this embodiment of the present application.

Taking the K-Means algorithm as an example, the number K of classifications may be set empirically, and then cluster classification is performed according to this value of K. Specifically, as shown in fig. 7, a flow chart of classification is illustrated.

Step 701: selecting k keywords from the plurality of keywords as initial cluster centers m_i(i＝1，2，…，k)。

Step 702: and calculating the distance from the rest keywords in the keyword set to the center of k clusters, and dividing the keywords into the clusters with the minimum distance.

The distance may be, for example, a euclidean distance between vectors of the keyword, and the smaller the distance, the more similar the representation. For example, for two n-dimensional objects, keyword i and keyword j, where i ═ x_i1，x_i2，…，x_in) And j ═ x_j1，x_j2，…，x_jn) The formula for calculating the Euclidean distance d (i, j) between the keyword i and the keyword j is as follows:

step 703: it is determined whether a loop termination condition is satisfied.

The loop termination condition may be, for example, convergence of a square error criterion function of the current clustering result, that is, the clustering center does not change any more, and the square error criterion function is defined as follows:

wherein p is a keyword, m_iIs a cluster C_iThe principle of this criterion function is to make the generated clusters as independent as possible from each other and the members in the clusters as similar as possible.

Step 704: if the result of step 703 is no, a new cluster center is calculated based on the keywords included in the divided clusters, for example, an average value of each cluster may be calculated as the new cluster center, and step 702 is skipped.

If the result of step 703 is yes, clustering ends.

Fig. 8a to 8d are schematic diagrams illustrating a process of finding three clusters in a data set by using the K-Means algorithm. Fig. 8a shows the selected initial cluster center, where a plus sign indicates the cluster center, objects of the same shape indicate that they belong to the same cluster, for example, a triangle is a cluster, and a square and a circle each indicate other two clusters, and fig. 8b to 8d respectively correspond to the clustering results after 1 st to 3 rd loop iterations, and it can be seen that, through multiple iterations, a plurality of objects with similar distances are gradually divided into the same class.

After clustering, the complaint event and the keyword information of the corresponding time in the monitoring period can be determined according to at least one category obtained by clustering, and then a monitoring report can be generated according to the complaint event, so that a background manager can perform targeted processing.

There may be some complaints about historical events, for example, the determined at least one event includes events that have occurred in a monitoring period before the current monitoring period, and for these events, since previous monitoring reports have already mentioned, it may have been adjusted for the event, so in order to reduce the analysis workload of the management user in the future, these historical events and related keyword information may also be filtered out, and newly occurred events and related keyword information are output. Of course, it should be understood that the historical event herein refers to an event in a set time period before the current monitoring period, for example, the last week or the last 3 days, and the like, and of course, the length of the time period may be set according to actual situations.

(6) Anomaly analysis to limit data dimensions of a transaction region

In the embodiment of the present application, the restricted transaction area is an area where there is a high risk, such as high risk countries and regions and sanctioned countries, which are countries or regions recognized by the united nations, the special Financial Action Task Force (FATF) and other international organizations as drug-selling, terrorism or other crimes, and where financial transactions are threatened by risks such as money laundering and terrorism financing, and thus these regions can be used as the restricted transaction area.

As for the case where the transaction frequency or the transaction amount in the limited transaction area is large, the risk of the payment service system may be increased, as shown in fig. 9, for a schematic flow diagram of the abnormal analysis of the data dimension in the limited transaction area, the transaction record in the limited transaction area may be obtained from the monitoring data, and then the transaction frequency or the transaction amount in the limited transaction area is monitored according to the transaction record, when the transaction frequency or the transaction amount in the limited transaction area exceeds a set threshold, the abnormality degree is divided into 1 point, otherwise, the abnormality degree is 0 point.

Taking the limited trading area including the high-risk country and region and the sanctioned country as an example, when the number of trades or the trade amount in the high-risk country and region exceeds a set threshold, the abnormality degree score of the data dimension of the limited trading area is increased by 1 point, and when the number of trades or the trade amount in the sanctioned country exceeds a set threshold, the abnormality degree score of the data dimension of the limited trading area is increased by 1 point.

Of course, the value intervals may also be divided for the transaction frequency or the transaction amount value, and different value intervals correspond to respective abnormal degrees, so that the abnormal degree in the data dimension of the limited transaction area may be determined according to the value interval in which the transaction frequency or the transaction amount in the monitoring period is located, and the abnormal degree may be used as the abnormal index value in the data dimension of the limited transaction area.

In summary, the payment service system according to the embodiment of the application can monitor the payment service risk in time, evaluate the health degree of the payment service system, give a risk evaluation result, clarify the details of the service risk, facilitate timely perception and intervention of an analyst, and avoid serious influence on the service.

Referring to fig. 10, based on the same inventive concept, an embodiment of the present application further provides a payment service system monitoring apparatus 100, including:

a data obtaining unit 1001, configured to obtain monitoring data of a payment service system in a set monitoring period, where the monitoring data includes monitoring data corresponding to multiple service attribute dimensions of the payment service system, and one attribute dimension corresponds to one monitoring index of the payment service system;

the anomaly analysis unit 1002 is configured to perform anomaly analysis according to the monitoring data corresponding to each service attribute dimension, respectively, to obtain an anomaly degree of the payment service system in each service attribute dimension; obtaining the abnormal degree of the payment service system and the abnormal type of the payment service system according to the abnormal degree of the payment service system on each service attribute dimension; determining the abnormal grade of the payment service system according to the abnormal degree of the payment service system;

and a service control unit 1003, configured to perform service control on the payment service system according to the exception level and the exception type.

Optionally, the service control unit 1003 is specifically configured to:

and when the abnormal grade of the payment service system is higher than the set abnormal grade threshold, sending early warning information to a management user associated with the payment service system, wherein the early warning information carries abnormal type indication information of the payment service system, so that the management user can adjust and control the payment service system according to the abnormal type of the payment service system.

Optionally, the anomaly analysis unit 1002 is specifically configured to:

obtaining an abnormal index value of any service attribute dimension according to the monitoring data corresponding to any service attribute dimension;

and determining the abnormal degree of the payment service system on any service attribute dimension according to the abnormal index value of any service attribute dimension and the abnormal index interval threshold set for any service attribute dimension.

stability dimension, wherein the stability comprises the stability of user attribute distribution and transaction attribute distribution in the payment service system;

an account suspicion degree dimension;

a transaction suspicion degree dimension;

the non-conventional service uses data dimensions;

a user complaint data dimension;

limiting a transaction area data dimension;

the anomaly analysis unit 1002 is specifically configured to:

and determining an abnormal index value of the payment service system in the stability dimension according to the stability of each attribute.

the anomaly analysis unit 1002 is specifically configured to:

determining the suspicious degree of each account according to the account data of each account in at least one account;

determining a suspicious account in at least one account according to the suspicious degree of each account;

Optionally, the anomaly analysis unit 1002 is further configured to:

the anomaly analysis unit 1002 is specifically configured to:

and determining an abnormal index value on the transaction suspicion dimension according to the transaction value of the suspicious transaction in the transaction data in the monitoring period.

the anomaly analysis unit 1002 is specifically configured to:

and determining an abnormal index value on the use dimension of the unconventional business according to the number of target objects used by the unconventional business in the transaction data in the monitoring period, wherein the target objects comprise users using the payment business and transaction scenes.

the anomaly analysis unit 1002 is specifically configured to:

Optionally, the anomaly analysis unit 1002 is further configured to:

extracting a complaint text in the complaint data;

clustering is carried out according to at least one keyword to obtain at least one category and the keyword included by each category;

and generating a complaint analysis report according to the complaint event.

The apparatus may be configured to execute the methods shown in the embodiments shown in fig. 2 to fig. 9, and therefore, for functions and the like that can be realized by each functional module of the apparatus, reference may be made to the description of the embodiments shown in fig. 2 to fig. 9, which is not repeated here.

The device may be an entity device for implementing the monitoring of the payment service system, or may be implemented in a software manner, that is, the payment service system monitoring device may be a computer program (including a program code) running in a computer device, for example, the payment service system monitoring device is an application software, and the device may be configured to execute corresponding steps in the payment service system monitoring method provided in the embodiment of the present application. Fig. 10 shows a payment transaction system monitoring device stored in memory, which may be software in the form of programs and plug-ins, etc., and includes a series of modules including a data acquisition unit 1001, an anomaly analysis unit 1002, and a transaction control unit 1003; the obtaining unit 1001, the anomaly analysis unit 1002, and the service control unit 1003 are used to implement the payment service system monitoring method provided in the embodiment of the present invention.

Referring to fig. 11, based on the same technical concept, an embodiment of the present application further provides a computer device 110, which may include a memory 1101 and a processor 1102.

The memory 1101 is used for storing computer programs executed by the processor 1102. The memory 1101 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created according to use of the computer device, and the like. The processor 1102 may be a Central Processing Unit (CPU), a digital processing unit, or the like. The specific connection medium between the memory 1101 and the processor 1102 is not limited in the embodiments of the present application. In the embodiment of the present application, the memory 1101 and the processor 1102 are connected by a bus 1103 in fig. 11, the bus 1103 is indicated by a thick line in fig. 11, and the connection manner between other components is merely illustrative and not limited thereto. The bus 1103 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in FIG. 11, but this is not intended to represent only one bus or type of bus.

The memory 1101 may be a volatile memory (volatile memory), such as a random-access memory (RAM); the memory 1101 may also be a non-volatile memory (non-volatile memory) such as, but not limited to, a read-only memory (rom), a flash memory (flash memory), a Hard Disk Drive (HDD) or a solid-state drive (SSD), or the memory 1101 may be any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. The memory 1101 may be a combination of the above memories.

A processor 1102 for executing the method performed by the apparatus in the embodiments shown in fig. 2-9 when invoking the computer program stored in the memory 1101.

In some possible embodiments, various aspects of the methods provided by the present application may also be implemented in the form of a program product including program code for causing a computer device to perform the steps of the methods according to various exemplary embodiments of the present application described above in this specification when the program product is run on the computer device, for example, the computer device may perform the methods performed by the devices in the embodiments shown in fig. 2-9.

In one possible implementation, the executable instructions of the program product may be deployed to be executed on one computing device or on multiple computing devices located at one site or distributed across multiple sites and interconnected by a communication network, which may constitute a block chain system.

The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

While the preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all alterations and modifications as fall within the scope of the application.

It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims

1. A payment transaction system monitoring method, the method comprising:

2. The method of claim 1, wherein performing traffic control of the payment traffic system based on the anomaly level and the anomaly type comprises:

3. The method of claim 1, wherein performing traffic control of the payment traffic system based on the anomaly level and the anomaly type comprises:

4. The method of claim 1, wherein for any service attribute dimension, performing anomaly analysis according to the monitoring data corresponding to each service attribute dimension, respectively, to obtain the degree of anomaly of the payment service system in each service attribute dimension, comprises:

5. The method of claim 1, wherein the service attribute dimensions include one or more of the following dimensions:

an account suspicion degree dimension;

a transaction suspicion degree dimension;

the non-conventional service uses data dimensions;

a user complaint data dimension;

limiting the transaction area data dimension.

6. The method according to claim 4, wherein when any service attribute dimension is a stability dimension, the monitoring data corresponding to any service attribute dimension is user attribute data and/or transaction attribute data;

obtaining an abnormal index value of any service attribute dimension according to the monitoring data corresponding to any service attribute dimension, including:

7. The method of claim 4, wherein when any service attribute dimension is an account suspicious dimension, the monitoring data corresponding to any service attribute dimension is account data of at least one account with a service volume larger than a preset service volume threshold;

8. The method of claim 7, wherein after determining suspect accounts of the at least one account based on the suspect extent of each account, the method further comprises:

9. The method of claim 4, wherein when any business attribute dimension is a transaction suspicion dimension, then the monitoring data corresponding to any business attribute dimension is transaction data;

10. The method of claim 4, wherein when any service attribute dimension is an unconventional service usage dimension, then the monitoring data corresponding to any service attribute dimension is transaction data;

11. The method of claim 4, wherein when any service attribute dimension is a customer complaint dimension, the monitoring data corresponding to any service attribute dimension is the complaint data of the customer for the payment service system;

12. The method of claim 11, wherein the method further comprises:

extracting a complaint text in the complaint data;

and generating a complaint analysis report according to the complaint event.

13. A payment transaction system monitoring apparatus, the apparatus comprising:

14. A computer device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor,

the processor, when executing the computer program, realizes the steps of the method of any one of claims 1 to 12.

15. A computer storage medium having computer program instructions stored thereon, wherein,

the computer program instructions, when executed by a processor, implement the steps of the method of any one of claims 1 to 12.