CN114596091A - Method and device for examining and managing suspicious transaction subjects - Google Patents
Method and device for examining and managing suspicious transaction subjects Download PDFInfo
- Publication number
- CN114596091A CN114596091A CN202011420150.XA CN202011420150A CN114596091A CN 114596091 A CN114596091 A CN 114596091A CN 202011420150 A CN202011420150 A CN 202011420150A CN 114596091 A CN114596091 A CN 114596091A
- Authority
- CN
- China
- Prior art keywords
- suspicious transaction
- transaction
- subject
- target
- risk
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application relates to the technical field of artificial intelligence, and particularly provides a method and a device for examining and managing a suspicious transaction subject, wherein the method comprises the following steps: acquiring risk characteristics of a target suspicious transaction main body, wherein the risk characteristics are extracted from transaction data of the target suspicious transaction main body; according to the risk characteristics, calculating the similarity between each suspicious transaction subject and a target suspicious transaction subject in the suspicious transaction subject set to be examined; determining similar suspicious transaction main bodies of the target suspicious transaction main bodies from the suspicious transaction main body set according to the calculated similarity; and carrying out batch audit on similar suspicious transaction subjects according to the audit result of the target suspicious transaction subjects. By means of the scheme, the auditing efficiency can be greatly improved.
Description
Technical Field
The application relates to the technical field of artificial intelligence, in particular to a method and a device for examining and managing a suspicious transaction subject.
Background
In the prior art, after the suspicious transaction bodies are automatically identified, since there may be a case of false identification, the suspicious transaction bodies need to be examined and managed manually according to the information of each suspicious transaction body, and the examination and management results for the suspicious transaction bodies, such as the criminal types and examination and management messages of the transaction behaviors performed by the suspicious transaction bodies, are input. Because the corresponding audit results are input by respectively carrying out manual audit aiming at each suspicious transaction body, the workload of the manual audit is large, the audit speed is low, and the audit efficiency is low.
Therefore, how to improve the efficiency of the inquiry of the suspicious transaction body is a technical problem to be solved urgently in the prior art.
Disclosure of Invention
The embodiment of the application provides a method and a device for auditing and managing a suspicious transaction subject so as to improve auditing and managing efficiency of the suspicious transaction subject.
Other features and advantages of the present application will be apparent from the following detailed description, or may be learned by practice of the application.
According to an aspect of an embodiment of the present application, there is provided a method for auditing suspicious transaction subjects, including:
acquiring risk characteristics of a target suspicious transaction subject, wherein the risk characteristics are extracted from transaction data of the target suspicious transaction subject;
according to the risk characteristics, calculating the similarity between each suspicious transaction subject in a suspicious transaction subject set to be examined and the target suspicious transaction subject;
determining similar suspicious transaction subjects of the target suspicious transaction subjects from the suspicious transaction subject set according to the calculated similarity;
and carrying out batch audit on the similar suspicious transaction subjects according to the audit result of the target suspicious transaction subjects.
According to an aspect of an embodiment of the present application, there is provided an auditing apparatus for a suspicious transaction subject, including:
the risk characteristic acquisition module is used for acquiring risk characteristics of a target suspicious transaction main body, wherein the risk characteristics are extracted from transaction data of the target suspicious transaction main body;
the similarity calculation module is used for calculating the similarity between each suspicious transaction main body in the suspicious transaction main body set to be examined and the target suspicious transaction main body according to the risk characteristics;
a similar suspicious transaction subject determination module, configured to determine a similar suspicious transaction subject of the target suspicious transaction subject from the suspicious transaction subject set according to the calculated similarity;
and the batch auditing module is used for carrying out batch auditing on the similar suspicious transaction subjects according to the auditing result of the target suspicious transaction subjects.
According to an aspect of an embodiment of the present application, there is provided an electronic device including: a processor; a memory having computer readable instructions stored thereon which, when executed by the processor, implement the method as described above.
According to an aspect of embodiments of the present application, there is provided a computer-readable storage medium having stored thereon computer-readable instructions which, when executed by a processor, implement a method as described above.
According to the scheme of the application, after similar suspicious transaction subjects of the target suspicious transaction subjects in the suspicious transaction subject set to be examined are determined according to the risk characteristics of the target suspicious transaction subjects, the similar suspicious transaction subjects are examined in batches according to the examination results of the target suspicious transaction subjects; because the similarity between the risk characteristics of the similar suspicious transaction subjects and the risk characteristics of the target suspicious transaction subjects is high, the auditing results of the similar suspicious transaction subjects are similar to the auditing results of the target suspicious transaction subjects. According to the scheme of the application, for a plurality of suspicious transaction subjects with high similarity, the similar suspicious transaction subjects can be examined and managed in batches according to the examination and management result of one suspicious transaction subject (namely, the target suspicious transaction subject), and the similar suspicious transaction subjects can be examined and managed one by one without aiming at the plurality of suspicious transaction subjects with high similarity, so that the examination and management efficiency is improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application. It is obvious that the drawings in the following description are only some embodiments of the application, and that for a person skilled in the art, other drawings can be derived from them without inventive effort. In the drawings:
fig. 1 shows a schematic diagram of an exemplary system architecture to which the technical solution of the embodiments of the present application can be applied.
FIG. 2 is a flow diagram illustrating a method for auditing of suspicious transaction subjects according to one embodiment of the present application.
FIG. 3 is a flowchart illustrating step 220 according to an embodiment of the present application.
FIG. 4 is a flowchart illustrating step 320 according to an embodiment of the present application.
FIG. 5 is a flowchart illustrating steps prior to step 240 according to one embodiment of the present application.
FIG. 6 is a flowchart illustrating step 210 according to an embodiment of the present application.
FIG. 7 is a flowchart illustrating step 240 according to an embodiment of the present application.
FIG. 8 is a flowchart illustrating step 240 according to an embodiment of the present application.
FIG. 9 is a flow diagram illustrating a method for auditing suspicious transaction subjects, according to an embodiment of the present application.
FIG. 10 is a schematic diagram of a details page of an audit task shown in accordance with one embodiment.
FIG. 11 is a diagram illustrating a page displaying task information for similar suspicious transaction subjects, according to one embodiment.
FIG. 12 is a block diagram illustrating an auditing apparatus for a suspicious transaction subject, according to one embodiment.
FIG. 13 illustrates a schematic structural diagram of a computer system suitable for use in implementing the electronic device of an embodiment of the present application.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the application. One skilled in the relevant art will recognize, however, that the subject matter of the present application can be practiced without one or more of the specific details, or with other methods, components, devices, steps, and so forth. In other instances, well-known methods, devices, implementations, or operations have not been shown or described in detail to avoid obscuring aspects of the application.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
It should be noted that: reference herein to "a plurality" means two or more. "and/or" describe the association relationship of the associated objects, meaning that there may be three relationships, e.g., A and/or B may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship.
Artificial Intelligence (AI) is a theory, method, technique and application system that uses a digital computer or a machine controlled by a digital computer to simulate, extend and expand human Intelligence, perceive the environment, acquire knowledge and use the knowledge to obtain the best results. In other words, artificial intelligence is a comprehensive technique of computer science that attempts to understand the essence of intelligence and produce a new intelligent machine that can react in a manner similar to human intelligence. Artificial intelligence is the research of the design principle and the realization method of various intelligent machines, so that the machines have the functions of perception, reasoning and decision making.
The artificial intelligence technology is a comprehensive subject, and relates to the field of extensive technology, namely the technology of a hardware level and the technology of a software level. The artificial intelligence base technologies generally include technologies such as sensors, dedicated artificial intelligence chips, cloud computing, distributed storage, big data processing technologies, operation/interaction systems, mechatronics, and the like. The artificial intelligence software technology mainly comprises a computer vision technology, a voice processing technology, a natural language processing technology, machine learning/deep learning and the like.
With the development of network technology, more and more transactions are realized through networks, so that the transactions are more convenient and quicker. The user may conduct transactions based on an instant messaging software client, a client of a shopping application, or other application client that integrates transaction functionality. The way of conducting transactions over a network, while more convenient, also provides difficulties for transaction supervision, for example, some offenders may conduct financial-related fraud, gambling, and biography with the aid of the network, and thus it is a problem how to identify whether a transaction subject involved in a transaction is a suspicious transaction subject.
In this context, deep learning techniques are applied to identify suspicious transaction subjects. Specifically, the neural network model is trained through the transaction data of the transaction subject and the label of the transaction subject, so that the trained neural network model has the capability of identifying the suspicious transaction subject according to the transaction data. Although the automatic identification of the suspicious transaction subject is realized based on the neural network model, since the neural network model may have a false identification situation, the transaction subject determined as the suspicious transaction subject needs to be manually audited.
In the prior art, it is necessary to manually examine and manage information of each suspicious transaction subject, and input an examination and management result for the suspicious transaction subject, for example, input information such as a crime category, a qualitative result, and a message of a transaction action performed by the suspicious transaction subject. Because each suspicious transaction subject needs to be manually audited respectively by people so as to input the corresponding audit result, the workload of manual audit is large and the audit speed is low. In order to solve the problem, the scheme of the application is provided.
Fig. 1 shows a schematic diagram of an exemplary system architecture to which the technical solution of the embodiments of the present application can be applied.
As shown in fig. 1, the system architecture may include terminal devices (e.g., one or more of a smartphone 101, a tablet computer 102, and a portable computer 103 shown in fig. 1, but may also be a desktop computer, etc.), a network 104, and a server 105. The network 104 serves as a medium for providing communication links between terminal devices and the server 105. Network 104 may include various connection types, such as wired communication links, wireless communication links, and so forth.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation. For example, server 105 may be a server cluster comprised of multiple servers, or the like.
In some embodiments of the present application, the terminal device may be configured to display task detail information of the target suspicious transaction subject, so that the user may manually examine and manage the target suspicious transaction subject according to the displayed task detail information and input an examination and management result of the target suspicious transaction subject.
The task detail information can be transaction data of a target transaction main body, basic information of the transaction main body, such as an industry to which the target suspicious transaction main body belongs, a registration place of the target suspicious transaction main body, an operator of the target suspicious transaction main body and the like; the transaction data may include transaction information, such as the relative parties to the transaction, the location of the transaction, the amount of the transaction, etc., of transactions completed by the subject of the suspicious transaction during the statistical period. Further, the task detail information may also be subject features extracted from the transaction data of the target suspicious transaction subject and the basic information of the transaction subject, where the subject features include the number of transactions completed in a statistical period, the transaction amount, the transaction frequency, the transaction location, the gender of the transaction subject, or the gender of the operator corresponding to the transaction subject.
In some embodiments of the present application, the terminal device may further be configured to display task information of similar suspicious transaction subjects of the target suspicious transaction subject, so that the user may perform batch audit on the similar suspicious transaction subjects of the target suspicious transaction subject according to an audit result of the target suspicious transaction subject.
The similarity of the target suspicious transaction subjects may be determined by the server 105 or the terminal device according to the method of the present application, and is not particularly limited herein.
After the examination and management of the target suspicious transaction object and the batch examination and management of the target suspicious transaction object are completed, the examination and management result is uploaded to the server 105 correspondingly.
In some embodiments of the present application, in order to facilitate orderly examination and management of suspicious transaction objects, an examination and management task may be created for the examination and management of suspicious transaction objects, so that a user may manually examine and manage suspicious transaction subjects based on the created examination and management task.
The implementation details of the technical solution of the embodiment of the present application are set forth in detail below:
fig. 2 is a flowchart illustrating a method for auditing suspicious transaction subjects according to an embodiment of the present application, which may be implemented by a computer device with processing capability, such as a laptop, a desktop, a smart phone, a server, etc., or alternatively implemented by a system formed by a client and a server, and is not limited in this respect. Referring to fig. 1, the method includes at least steps 210 to 240, which are described in detail as follows:
in step 210, risk characteristics of the target suspicious transaction subject are obtained, wherein the risk characteristics are extracted from the transaction data of the target suspicious transaction subject.
The target suspicious transaction subject refers to the suspicious transaction subject as a reference. A suspicious transaction body refers to a transaction body in which the transaction action performed may be a criminal action. The transaction subject refers to a payee or payer participating in the transaction.
The transaction body may participate in the transaction based on a shopping page, such as an applet shopping page, a page in a shopping website, and the like. In some embodiments, the transaction subject may also conduct transactions through a chat window of the instant messaging software, such as transactions that are implemented by transferring money through the chat window, sending a red packet, and so forth.
In some embodiments of the present application, it may be determined whether a transaction subject is a suspicious transaction subject by: acquiring transaction data corresponding to a transaction main body; extracting main body characteristics corresponding to a transaction main body from the transaction data; performing suspected criminal behavior recognition on the transaction subject according to the subject characteristics; and if the suspected criminal behavior exists in the transaction subject, determining the transaction subject as a suspicious transaction subject.
The acquired transaction data is data generated by the transaction subject conducting the transaction within a statistical period, and the transaction data records transaction information of each transaction completed by the transaction subject within at least a period of time, wherein the transaction information includes transaction time, transaction place, another transaction participant except the transaction subject, transaction amount and the like. Further, the transaction data may also include basic information of the transaction subject, such as a type of subject to which the transaction subject belongs, and the type of subject includes a merchant and an individual. If the type of the transaction body is a merchant, the basic information of the transaction body may also include the industry where the transaction body is located, such as an off-line retail industry, an on-line food industry, and the like.
The extracted main body characteristics can be the main body type, age, sex, transaction amount in a set time period, transaction number in a statistical period, industry to which the transaction main body belongs, and occupation of the transaction main body as an individual. The extracted subject features are used for reflecting features of transaction behaviors implemented by the transaction subject.
In some embodiments of the present application, the subject feature may further include the extracted sensitive word and the number of transaction strokes in which the sensitive word occurs. The sensitive words can be extracted from commodity information corresponding to a commodity serving as a transaction object, wherein the commodity information includes commodity detail information, comment information of a user on the commodity and the like.
In some embodiments of the present application, a rule may be set to identify whether a transaction subject is a suspicious transaction subject according to subject characteristics of the transaction subject. The defined rule may set a main feature condition that the transaction subject is identified as a suspicious transaction subject and needs to satisfy, for example, a range of the number of transaction processes for determining the corresponding transaction subject as the suspicious transaction subject may be defined for the main feature of the number of transaction processes. Of course, the condition to be satisfied for identifying the transaction subject as a suspicious transaction subject may be a condition to be satisfied only by defining one subject feature, or may be a condition to be satisfied by defining a plurality of subject features, and is not specifically limited herein.
In some embodiments of the present application, the resulting neural network model may be trained to identify whether the transaction subject is a suspicious transaction subject based on subject characteristics of the transaction subject. The neural network model can be trained through subject features corresponding to the examined transaction subjects and labels of the examined transaction subjects, and the labels of the examined transaction subjects are used for indicating whether the examined transaction subjects are transaction subjects with criminal behaviors or not. The neural network model may be a convolutional neural network, a cyclic neural network, a long-term memory neural network, or the like, and is not particularly limited herein.
The main body characteristics of the examined transaction body input to the neural network model are used for constructing a characteristic vector of the examined transaction body, and the neural network model predicts whether the examined transaction body is a suspicious transaction body according to the characteristic vector of the examined transaction body. And then, adjusting parameters of the neural network model according to a prediction result obtained by the neural network model for the examined transaction subject until a training end condition is met. After the training is finished, the main body characteristics of a transaction main body are input into the neural network model, and the neural network model predicts whether the corresponding transaction main body is a suspicious transaction main body according to the input main body characteristics.
The risk feature is a main feature that characterizes the corresponding transaction subject as a suspicious transaction subject, and may be all main features of a transaction subject or a partial main feature of a transaction subject. If the set rule is used for identifying whether a transaction subject is a suspicious transaction subject, the risk characteristic of the transaction subject refers to a subject characteristic meeting the corresponding condition in the set rule. For example, if the set rule defines that the number of transactions exceeds 300, and the number of transactions corresponding to a transaction agent is 200, the main feature of "200 transactions" corresponding to the transaction agent does not satisfy the condition defined by the set rule, and therefore the main feature of "200 transactions" is not a risk feature for the transaction agent; if the transaction number of the transaction subject is 350, the subject feature of "transaction number is 350" is a risk feature for the transaction subject.
If the suspicious transaction subject is identified by the neural network model, the risk characteristics of the suspicious transaction subject can be determined by the contribution weight of each subject characteristic to the obtained prediction result of the suspicious transaction subject.
In some embodiments of the present application, in identifying a transaction subject as a suspicious transaction subject, subject characteristics of the transaction subject may be tagged to determine which of the subject characteristics are risk characteristics of the transaction subject.
In some embodiments of the present application, all subject features identified as suspicious transaction subjects may also be considered risk features of the suspicious transaction subjects. In this application scenario, the subject characteristics of the suspicious transaction subject need not be marked.
In some embodiments of the present application, in order to facilitate the examination of the suspicious transaction subjects, an examination task is correspondingly created for each suspicious transaction subject, so that after an examination task is completed, an examination task of the next suspicious transaction subject is correspondingly presented.
In some embodiments of the present application, during an examination and management process of a suspicious transaction subject (the suspicious transaction subject may be regarded as a target suspicious transaction subject in the present application), a similar suspicious transaction subject of the target suspicious transaction subject may also be determined according to a risk characteristic of the target suspicious transaction subject, and then after the examination and management of the target suspicious transaction subject is completed, a corresponding examination and management task of the determined similar suspicious transaction subject is pushed to a user, so that the user can process the examination and management task of the similar suspicious transaction subject after the examination and management task of the target suspicious transaction subject is completed.
And step 220, calculating the similarity between each suspicious transaction subject in the suspicious transaction subject set to be examined and the target suspicious transaction subject according to the risk characteristics.
The set of suspicious transaction subjects is used to store transaction subject identifications identified as suspicious transaction subjects. In the process of the examination, the transaction subject of the suspicious transaction subject which has completed the examination is removed from the suspicious transaction subject set, so that the transaction subject identifications stored in the suspicious transaction subject set are all the suspicious transaction subjects corresponding to the unexamined transaction.
In step 220, for each risk feature of the target suspicious transaction subject, a value of each suspicious transaction subject in the set of suspicious transaction subjects to be examined corresponding to the risk feature is correspondingly obtained, so that the similarity between the target suspicious transaction subject and each suspicious transaction subject to be examined is calculated according to the value of the target suspicious transaction subject corresponding to the risk feature and the value of the suspicious transaction subject to be examined corresponding to the same risk feature.
As described above, the risk profile of the target suspicious transaction subject may be one or more. Under the condition that the risk characteristics of the target suspicious transaction main body are multiple, the similarity of the target suspicious transaction main body and each suspicious transaction main body to be examined aiming at each same risk characteristic can be calculated firstly, then, the calculated multiple similarities are weighted, and the weighting result is used as the similarity of the target suspicious transaction main body and the suspicious transaction main body to be examined.
In some embodiments of the present application, the risk features of the target suspicious transaction subject may be subjected to numerical mapping and vectorization to obtain a feature vector of the target suspicious transaction subject. And carrying out numerical value mapping and vectorization on the risk characteristics corresponding to each suspicious transaction main body in the set of suspicious transaction main bodies to be examined correspondingly to obtain the characteristic vector of each suspicious transaction main body. On this basis, similarity calculation is performed based on the feature vector of the target suspicious transaction subject and the feature vector of each suspicious transaction subject in the set of suspicious transaction subjects to be examined, for example, by using a cosine similarity calculation formula, wherein the cosine similarity calculation formula is as follows:
where Sim (A, B) is a vector
And vector
Is a vector of
And vector
The included angle therebetween.
For example, if the risk characteristics of the target suspicious transaction agent a include: the trade belongs to the off-line retail trade, the number of trades is 100, the trade amount is 473 ten thousand yuan, and the trade place is Guangdong province; the risk characteristics of a suspicious transaction agent B in the suspicious transaction agent set comprise: the trade belongs to the food industry, the number of trade strokes is 150, the trade amount is 400 ten thousand yuan, and the trade place is Hunan province. If the setting is 10 for "offline retail industry" and 20 for "food industry"; "Guangdong province" is denoted by 100; denoted by 105 "Hunan province", the feature vector of the target suspicious transaction subject A may be (10, 100, 473, 100); the feature vector of the suspicious transaction object B may be (20, 150, 400, 105), and after obtaining the corresponding feature vector, the similarity between the target suspicious transaction object A and the suspicious transaction object B may be calculated according to the above formula 1.
Certainly, the above construction of the feature vector is only an exemplary example, and in other embodiments, normalization processing may be performed on the numerical risk features (e.g., transaction number and transaction amount) first, and then the feature vector of the corresponding suspicious transaction subject is constructed, so as to avoid the influence on similarity calculation caused by different value ranges of different risk feature vectors. Of course, the calculation of the similarity is not limited to the cosine similarity, and the similarity between the two may also be reflected by a distance (e.g., euclidean distance, minkowski distance, etc.), wherein the greater the distance, the lower the similarity.
In step 230, similar suspicious transaction subjects of the target suspicious transaction subjects are determined from the suspicious transaction subject set according to the calculated similarity.
The similar suspicious transaction body of the target suspicious transaction body refers to the suspicious transaction body similar to the target suspicious transaction body, which is determined according to the calculated similarity.
In some embodiments of the present application, a similarity threshold may be preset, and a suspicious transaction subject corresponding to a similarity exceeding the similarity threshold in the set of suspicious transaction subjects to be examined is determined as a similar suspicious transaction subject of the target suspicious transaction subject. The similarity threshold may be set according to actual needs, for example, 85%, 90%, 88%, 95%, etc., and is not particularly limited herein.
And step 240, performing batch audit on similar suspicious transaction subjects according to the audit result of the target suspicious transaction subjects.
It can be understood that the auditing of the target suspicious transaction body precedes the auditing of similar suspicious transaction bodies of the target suspicious transaction body, so any suspicious transaction body which is audited first can be used as the target suspicious transaction body in the scheme of the application.
The trial and error result of the target suspicious transaction subject can be obtained by manually and independently carrying out trial and error on the target suspicious transaction subject and inputting trial and error information. In a specific embodiment, a trial and error information input operation triggered by a user in a detail page of a trial and error task of a target suspicious transaction subject may be monitored to obtain a trial and error result of the target suspicious transaction subject. For example, in the detail page of the trial task shown in fig. 10, the user may input trial information in the trial terms such as "type of crime", "case qualification", "subject information", "capital feature", "transaction feature", and "final qualification", and after monitoring that the user inputs the information, the trial result of the target suspicious transaction subject may be obtained.
In some embodiments of the present application, the target suspicious transaction subject may also be a similar suspicious transaction subject of other examined suspicious transaction subjects, and therefore, the examination result of the target suspicious transaction subject may also be obtained by performing batch examination when the target suspicious transaction subject is used as a similar suspicious transaction subject of other suspicious transaction subjects. Because the similar suspicious transaction main body of the target suspicious transaction main body is determined according to the risk characteristics of the target suspicious transaction main body, and the risk characteristics reflect the characteristics of the transaction behavior of the target suspicious transaction main body, the similarity between the transaction behavior of the similar suspicious transaction main body determined for the target suspicious transaction main body and the transaction behavior of the target suspicious transaction main body is high. Correspondingly, the trial and error results of the similar suspicious transaction bodies are similar to the trial and error results of the target suspicious transaction body.
Therefore, in the scheme of the application, the determined similar suspicious transaction subjects are subjected to batch audit directly according to the audit result of the target suspicious transaction subject, for example, the audit result of the target suspicious transaction subject is directly used as the audit result of the similar suspicious transaction subject, or the modified audit result is used as the audit result of the similar suspicious transaction subject by simply modifying on the basis of the audit result of the target suspicious transaction subject.
In some embodiments of the present application, in an application scenario where a corresponding audit task is created for each suspicious transaction subject, a user may first audit task information of a displayed target suspicious transaction subject to input an audit result for the target suspicious transaction subject, and after the audit task corresponding to the target suspicious transaction subject is completed, the audit tasks corresponding to similar suspicious transaction subjects are displayed in a display interface, so that the user may perform batch processing on the audit tasks of the similar suspicious transaction subjects.
After the audit tasks of the target suspicious transaction subjects are completed, the audit tasks of the similar suspicious transaction subjects are correspondingly displayed, and it can be understood that the method breaks up the preset presentation sequence of the audit tasks of each suspicious transaction subject, and after the displayed audit tasks of the similar suspicious transaction subjects are processed, the similar suspicious transaction subjects continue to present the unscheduled audit tasks according to the preset sequence, so that the presentation sequence of the audit tasks is flexibly adjusted, and a user can conveniently and centrally process a plurality of audit tasks with high similarity.
In some embodiments of the present application, one or more similar suspicious transaction subjects of the target suspicious transaction subject may be provided, and in the case of multiple similar suspicious transaction subjects, a selection control may be displayed while the audit tasks of the similar suspicious transaction subjects are displayed, where the selection control is used to select the audit task corresponding to the similar suspicious transaction subject. After selection, the user may batch process selected audit tasks corresponding to similar suspicious transaction subjects.
According to the scheme of the application, after similar suspicious transaction subjects of the target suspicious transaction subjects in the suspicious transaction subject set to be examined are determined according to the risk characteristics of the target suspicious transaction subjects, the similar suspicious transaction subjects are examined in batches according to the examination results of the target suspicious transaction subjects; because the similarity between the risk characteristics of the similar suspicious transaction subjects and the risk characteristics of the target suspicious transaction subjects is high, the auditing results of the similar suspicious transaction subjects are similar to the auditing results of the target suspicious transaction subjects. According to the scheme of the application, for a plurality of suspicious transaction subjects with high similarity, batch examination can be performed on other suspicious transaction subjects according to the examination result of one suspicious transaction subject (namely, the target suspicious transaction subject), and the examination can be performed one by one without aiming at the plurality of suspicious transaction subjects with high similarity, so that the examination efficiency is improved.
In some embodiments of the present application, as shown in fig. 3, step 220, comprises:
In some embodiments of the application, the risk characteristic of which the corresponding value is text may be numerically mapped, and the text may be mapped to a quantitative numerical value. And then calculating the feature similarity of each risk feature corresponding to each suspicious transaction in the target suspicious transaction body and the suspicious transaction body to be examined based on the numerical value.
In some embodiments of the present application, the feature similarity corresponding to each risk feature may be calculated according to the following formula:
wherein S ist(A, B) representing the feature similarity of the target suspicious transaction agent A and the suspicious transaction agent B corresponding to the risk feature t; a istRepresenting a value corresponding to the risk characteristic t of the target suspicious transaction agent A; btRepresenting the value corresponding to the risk characteristic t of the suspicious transaction body B. For the numerical risk feature, the value corresponding to the risk feature may be an actual value of the risk feature, for example, if the number of transaction strokes is 100, the actual value of the risk feature, i.e., the number of transaction strokes, is 100; the value corresponding to the risk feature may also be a value subjected to numerical value mapping, for example, the number of transactions is 100 and 500, and may be represented by a numerical value 20. For a text-based risk feature, such as an industry, feature similarity calculation can be performed according to the above formula 2 based on the value after numerical mapping. Of course, the above calculation of feature similarity is only an illustrative example, and is not considered to be the scope of application of the present applicationThe limit of (2).
In step 320, feature similarities corresponding to all risk features of the suspicious transaction subject and the target suspicious transaction subject are weighted to obtain similarities between the suspicious transaction subject and the target suspicious transaction subject.
In some embodiments of the present application, a weighting coefficient corresponding to each risk feature may be preset, so that, in step 320, the calculated feature similarities corresponding to all the risk features are weighted according to the set weighting coefficients, so as to obtain the similarity between the suspicious transaction object and the target suspicious transaction object. The set weighting coefficients corresponding to each risk feature may be the same or different, and are not limited in detail herein.
In some embodiments of the present application, the result of the trial of the target suspicious transaction subject indicates the type of crime, as shown in FIG. 4, step 320, includes: and step 410, obtaining weight coefficients of the risk characteristics for crime type determination.
The crime type is used to indicate the type of action to which the transaction action conducted by the suspicious transaction subject belongs. According to the scheme, the crime type corresponding to the suspicious transaction subject is determined according to the risk features extracted from the transaction data of the suspicious subject. The crime types may include fraud, gambling, marketing and non-criminal behaviors, and in other embodiments, the crime types may be set according to actual needs.
The weighting factor is used to represent the degree to which the corresponding risk characteristic contributes to the crime type determination. In the scheme of the application, the contribution degrees of the risk characteristics to crime type determination may be different, so that the weight coefficient of each risk characteristic to the crime type is determined according to the risk characteristic of the examined and managed suspicious transaction subject and the crime type indicated by the examination result corresponding to the examined and managed suspicious transaction subject.
The weighting coefficient may be preset or may be obtained by statistics according to the risk characteristics of the historical approved transaction subjects.
In some embodiments of the present application, an IV (Information Value) of a risk feature may be used as a weighting coefficient of the risk feature. The IV of the risk profile can be obtained by the following procedure: acquiring risk characteristics corresponding to a plurality of examined transaction subjects; according to the classification of the risk features and the risk features corresponding to the examined transaction main bodies, classifying the examined transaction main bodies into the classification of the corresponding risk features; aiming at each risk characteristic, calculating evidence weight corresponding to each sub-box in the risk characteristic according to the number of examined transaction subjects divided into the sub-boxes in the risk characteristic; and weighting the evidence weights corresponding to all the sub-boxes in the risk characteristics to obtain the information value corresponding to the risk characteristics, and taking the information value as a weight coefficient determined by the corresponding risk characteristics for the crime type.
Because each risk characteristic has a different value, binning for a risk characteristic means dividing the value range according to the value of the risk characteristic, and each value range corresponds to a binning of the risk characteristic.
For example, for the risk feature "transaction count", the binning may include: thus, the bin in which a suspicious transaction body is located under the bin of the risk characteristic can be determined according to the value of the suspicious transaction body for the risk characteristic.
On the basis of the risk features being binned, vectorization can be performed according to each risk feature of the suspicious transaction subject. In some embodiments of the present application, one-hot approaches may be used for vectorization. Specifically, for a risk feature, the value corresponding to the sub-box where the suspicious transaction main body is located is 1, and the values of other sub-boxes are 0. For example, the above suspicious transaction subject with a transaction amount of 50 ten thousand dollars has a feature vector of (0, 0, 1, 0, 0) corresponding to the risk feature of the transaction amount.
On the basis, for each bin Of each risk feature, an Evidence Weight (Weight Of Evidence, WOE) corresponding to the bin can be calculated according to the following formula:
wherein, WOEi(T) represents the evidence weight for the ith bin in the risk feature T; m isi(T) is the number of suspicious transaction subjects with the value of 0 in the ith bin in the risk characteristic T; m (T) is the total number of suspicious transaction subjects with a value of 0 in the risk profile T; n isi(T) is the number of suspicious transaction subjects with the ith bin value of 1 in the risk characteristics T; n (T) refers to the total number of suspicious transaction subjects with a value of 1 in the risk profile T.
After the evidence weight of each bin for each risk feature is calculated, the information value of each bin for each risk feature can be calculated according to the following formula 2:
wherein IVi(T) refers to the information value for the ith bin in the risk profile T.
Then, the information value of each risk feature is calculated according to the following formula 3:
where K is the number of bins in the risk profile T.
The information value of each risk feature is obtained correspondingly through the above process, and the information value can be correspondingly used as the weight coefficient corresponding to the risk feature.
And step 420, weighting feature similarities corresponding to all risk features of the suspicious transaction main body and the target suspicious transaction main body according to the weight coefficient corresponding to each risk feature to obtain the similarity between the suspicious transaction main body and the target suspicious transaction main body.
The similarity between the suspicious transaction main body and the target suspicious transaction main body can be correspondingly obtained by weighting the feature similarity corresponding to all risk features of the suspicious transaction main body and the target suspicious transaction main body according to the corresponding weighting coefficients.
In some embodiments of the present application, as shown in fig. 5, prior to step 240, the method further comprises:
step 510, according to the feature similarity of each risk feature corresponding to the suspicious transaction body and the target suspicious transaction body, determining the risk features with the feature similarity satisfying the set similarity range.
The similarity range may be set according to actual needs, and is not specifically limited herein, for example, the set similarity range may be greater than 90%. And screening out the risk characteristics with higher characteristic similarity between the suspicious transaction main body and the target suspicious transaction main body through the set similarity range.
As described above, if the determined number of similar suspicious transaction subjects may be multiple, task information of the multiple similar suspicious transaction subjects is correspondingly and integrally displayed in step 530. In some embodiments of the present application, the task information displayed for the similar suspicious transaction subjects may further include similarity between the similar suspicious transaction subjects and the target suspicious transaction subject, so as to facilitate the user to select which similar suspicious transaction subjects to perform batch scrutiny.
In some embodiments of the present application, as shown in fig. 6, step 210, comprises:
And step 620, taking the subject feature selected by the feature selection operation as the risk feature of the target suspicious transaction subject.
In this implementation, the main body feature of the target suspicious transaction subject is correspondingly displayed in the page for examining the target suspicious transaction subject, and the displayed main body feature is provided with a selection control for selecting the corresponding main body feature as the risk feature of the target suspicious transaction subject based on the selection control. Of course, the selected risk profile may be one or more.
In some embodiments of the present application, the subject feature displayed in the page for examining the target suspicious transaction subject may be all subject features of the target suspicious transaction subject or may be part of the target suspicious transaction subject.
Based on the selected determined risk characteristics, it is thereby facilitated that in subsequent steps, a similarity between the target suspicious transaction subject and each suspicious transaction subject to be examined is calculated based on the selected risk characteristics.
In some embodiments of the present application, the result of the trial and error of the target suspicious transaction subject includes the inputted crime type, as shown in fig. 7, step 240 includes:
and step 710, acquiring the crime type input for the target suspicious transaction main body according to the triggered batch auditing operation.
And step 720, taking the crime type corresponding to the target suspicious transaction body as a trial and administration result of the target similar suspicious transaction body selected by the batch trial and administration operation.
In this embodiment, an entry for inputting a crime type is provided in the display page of the task detail information of the suspicious transaction main body, so that the crime type input for the suspicious transaction main body can be correspondingly obtained through an operation triggered in the corresponding entry. Among other things, crime types such as fraud, gambling, reimbursement, and compliance as described above.
By directly taking the acquired crime type of the target suspicious transaction subject as the auditing result of the similar suspicious transaction subjects, the user does not need to input the auditing result aiming at each similar suspicious transaction subject, and the auditing efficiency is improved.
In some embodiments of the present application, the audit result of the target suspicious transaction subject further includes an audit message, and the audit message is obtained according to the risk characteristics of the target suspicious transaction subject; in this embodiment, as shown in fig. 8, step 240 further includes: step 810, acquiring risk characteristics corresponding to similar suspicious transaction subjects for each similar suspicious transaction subject; step 820, replacing the risk characteristics in the review message corresponding to the target suspicious transaction subject with the risk characteristics corresponding to the similar suspicious transaction subject to obtain the review message of the similar suspicious transaction subject; step 830, adding the audit message of the similar suspicious transaction subject to the audit result of the similar suspicious transaction subject.
In this embodiment, since the audit message in the audit result is generated according to the risk features of the suspicious transaction subjects, in the process of performing batch audit on similar suspicious transaction subjects, the risk features in the audit message of the target suspicious transaction subject are directly replaced with the risk features corresponding to the similar suspicious transaction subjects. It should be noted that the replacement is performed according to the same parameter items, for example, if the audit message of the target suspicious transaction subject includes "the number of transaction strokes is 100", the content to be replaced when performing the replacement is the risk feature of the similar suspicious transaction subject corresponding to the number of transaction strokes.
The following describes the present invention with reference to a specific embodiment.
FIG. 9 is a flow diagram illustrating a method for auditing of suspicious transaction subjects, according to an example embodiment. In this embodiment, a corresponding examination and management task is created for a suspicious transaction subject to be examined, the examination and management tasks of each suspicious transaction subject are stored in a task list, and the corresponding examination and management tasks can be presented to a user in order according to the sequence of each suspicious transaction subject in the task list in the process of manual examination and management.
In this embodiment, the feature set is further configured to store feature information of the suspicious transaction subject to be examined, where the feature information includes, for example, the subject feature (or just the risk feature) of the suspicious transaction subject listed above, and further, may further include basic information of the suspicious transaction subject. Therefore, the suspicious transaction subject characteristic information corresponding to the task can be extracted from the characteristic set in the page for examining and managing the task and displayed.
In this embodiment, the user may examine and manage the target suspicious transaction body in the detail page of the examination and management task corresponding to the target suspicious transaction body, that is, corresponding to step 910 in fig. 9: and examining and managing the task corresponding to the target suspicious transaction main body. FIG. 10 is a diagram illustrating a detail page of an audit task, according to one embodiment.
As shown in fig. 10, in the column of "case related characteristics", the main body characteristics of the suspicious transaction subject corresponding to the current examination task may be displayed (the suspicious transaction subject corresponding to the current examination task may be the target suspicious transaction subject in the present embodiment). In the column of the case-related feature, a selection control is configured for the displayed main body feature, the selection control is used for a user to select the corresponding main body feature, and the selected main body feature can be used as a risk feature of the target suspicious transaction subject, so that in a subsequent process, a similar suspicious transaction subject of the target suspicious transaction subject is determined based on the risk feature of the target suspicious transaction subject.
In an embodiment, feature extraction may also be performed on transaction data of a transaction subject in advance to obtain a subject feature of the transaction subject, where the extracted subject feature may be as shown in table 1 below:
TABLE 1
Table 1 only shows some extracted main features, and in a specific embodiment, the main features to be extracted may also be determined according to actual needs, and are not specifically limited herein.
The content items requiring manual input by the user during the trial are shown in the right hand side of figure 10, as shown in fig. 10, the content items required to be input by the user include crime related type (crime type determined by the user for the target suspicious transaction body when the user inputs the item), case qualification (stage number determined by the user for the target suspicious transaction body when the user inputs the item, and the determined stage number is suspicious to facilitate classifying each auditing task by stage), subject information (basic information of the target suspicious transaction body, such as a registration place, an affiliated industry, an operator, and the like, is input by the user in the item), fund feature (information of the target suspicious transaction body directly related to fund is input by the user in the item), transaction feature (information of the target suspicious transaction body directly related to the transaction is input by the user in the item), and final qualification (result of whether the user reports the item input).
In this example, the content input by the user in the subject information, the fund characteristics, the transaction characteristics and the final qualification can be regarded as the audit message of the target suspicious transaction subject. And subsequently, corresponding risk characteristic replacement can be carried out according to the audit message of the target suspicious transaction subject, and the audit message similar to the suspicious transaction subject is automatically generated.
As shown in fig. 10, a "report" control for reporting and a "not report" control for not reporting are also set in the page. When the user triggers the "reporting" control, the task detail information (including subject characteristics, the examination and management message input by the user, and the like) corresponding to the target suspicious transaction subject corresponding to the examination and management task can be correspondingly reported, so that the target suspicious transaction subject can be further processed.
After completing the auditing task of the target suspicious transaction subject, step 920 is entered: displaying the tasks corresponding to the similar suspicious transaction subjects, and further executing step 930: and (6) carrying out batch approval.
Fig. 11 is a schematic diagram of a page displaying task information of similar suspicious transaction subjects according to an embodiment, where the displayed task information includes, for each similar suspicious transaction subject, as shown in fig. 11: similarity (i.e. similarity between the similar suspicious transaction subject and the target suspicious transaction subject), case number (serial number configured for the auditing task of the similar suspicious transaction subject), case subject type (indicating the subject type to which the similar suspicious transaction subject belongs), case core risk feature (indicating the core risk feature of the similar suspicious transaction subject relative to the target suspicious transaction subject). Further, the user may also trigger the "view details" in the operation item to enter the task detail page of the corresponding similar suspicious transaction subject to learn about the task details corresponding to the similar suspicious transaction subject, where the task detail page may be a page that requires the user to manually input for each item of content as shown in fig. 10.
In an embodiment, a message format corresponding to reporting and a message format corresponding to non-reporting may also be configured in advance, and then a message format corresponding to a matching response is configured according to a reporting or non-reporting operation triggered and selected for the target suspicious transaction subject. Furthermore, the risk characteristics of the similar suspicious transaction subjects selected for batch processing and the matched message format can be combined to automatically generate an auditing message.
In fig. 11, for the task information of each similar suspicious transaction subject, a selection control is set, and the selection control is used for the user to select the similar suspicious transaction subjects needing batch scrutiny. After the user selects the auditing task needing batch auditing based on the selection control, the user clicks batch reporting or batch not reporting to correspondingly trigger batch auditing, namely, automatically generating the auditing result of each similar suspicious transaction body according to the auditing result of the target suspicious transaction body, and executing corresponding reporting operation or not reporting operation. The process of automatically generating the trial result of each similar suspicious transaction subject is described above, and is not repeated herein.
In practice, it has been statistically found that more than 75% of criminal transaction activities involved in network transactions are fraud, gambling and reimbursement as listed above. For the transaction behaviors of the same crime type, the corresponding behavior patterns have the commonality, and the commonality is represented by high similarity of main body characteristics (or risk characteristics). Based on the characteristics, after the examination and management of the target suspicious transaction body is completed, the examination and management tasks of the similar suspicious transaction body can be automatically examined and managed in batches according to the examination and management result of the target suspicious transaction body. Practice shows that more than 80% of trial time can be saved by adopting the scheme of the application. Comprehensive evaluation shows that after the scheme is implemented, the auditing time can be shortened by about 60% on the whole, the efficiency is improved by 250%, the auditing speed is improved on the whole, and the auditing efficiency is greatly improved.
Embodiments of the apparatus of the present application are described below, which may be used to perform the methods of the above-described embodiments of the present application. For details which are not disclosed in the embodiments of the apparatus of the present application, reference is made to the above-described embodiments of the method of the present application.
Fig. 12 is a block diagram illustrating an auditing apparatus of a suspicious transaction subject according to an embodiment, and as shown in fig. 12, the auditing apparatus of the suspicious transaction subject includes:
a risk feature obtaining module 1210, configured to obtain a risk feature of the target suspicious transaction subject, where the risk feature is extracted from transaction data of the target suspicious transaction subject;
the similarity calculation module 1220 is configured to calculate, according to the risk features, the similarity between each suspicious transaction subject in the set of suspicious transaction subjects to be examined and the target suspicious transaction subject;
a similar suspicious transaction subject determining module 1230, configured to determine a similar suspicious transaction subject of the target suspicious transaction subject from the set of suspicious transaction subjects according to the calculated similarity;
and the batch auditing module 1240 is used for carrying out batch auditing on similar suspicious transaction subjects according to the auditing result of the target suspicious transaction subjects.
In some embodiments of the present application, the similarity calculation module 1220 includes:
the characteristic similarity calculation unit is used for calculating the characteristic similarity of each risk characteristic corresponding to each suspicious transaction main body and each target suspicious transaction main body aiming at each suspicious transaction main body;
and the characteristic similarity weighting unit is used for weighting the characteristic similarities corresponding to all the risk characteristics of the suspicious transaction main body and the target suspicious transaction main body to obtain the similarity between the suspicious transaction main body and the target suspicious transaction main body.
In some embodiments of the present application, the result of the trial and error of the target suspicious transaction subject indicates a crime type, and the feature similarity weighting unit includes:
the weight coefficient acquisition unit is used for acquiring the weight coefficient of each risk characteristic for determining the crime type;
and the first weighting unit is used for weighting the feature similarity corresponding to all the risk features of the suspicious transaction main body and the target suspicious transaction main body according to the weighting coefficient corresponding to each risk feature to obtain the similarity between the suspicious transaction main body and the target suspicious transaction main body.
In some embodiments of the present application, the weight coefficient obtaining unit includes:
the first acquisition unit is used for acquiring risk characteristics corresponding to a plurality of examined transaction subjects;
the dividing unit is used for dividing the examined transaction bodies into the sub-boxes with the corresponding risk characteristics according to the sub-boxes with the risk characteristics and the risk characteristics corresponding to the examined transaction bodies;
the evidence weight calculation unit is used for calculating the evidence weight corresponding to each sub-box in the risk characteristics according to the number of the examined transaction subjects divided into the sub-boxes in the risk characteristics aiming at each risk characteristic;
and the information value calculating unit is used for weighting the evidence weights corresponding to all the sub-boxes in the risk characteristics to obtain the information value corresponding to the risk characteristics, and the information value is used as a weight coefficient determined by the corresponding risk characteristics for the crime type.
In some embodiments of the present application, the auditing means of the suspicious transaction subject further comprises:
the determining module is used for determining the risk characteristics of which the characteristic similarity meets a set similarity range according to the characteristic similarity of each risk characteristic corresponding to the suspicious transaction main body and the target suspicious transaction main body;
the core risk characteristic determining module is used for taking the risk characteristics of which the determined characteristic similarity meets the set similarity range as the core risk characteristics of the similar suspicious transaction subjects;
and the task information display module is used for displaying task information similar to the suspicious transaction main body, and the task information comprises the core risk characteristics of the suspicious transaction main body.
In some embodiments of the present application, the risk profile obtaining module 1210 includes:
the detection unit is used for detecting the feature selection operation triggered by the subject feature of the target suspicious transaction subject;
and the risk characteristic determining unit is used for taking the subject characteristic selected by the characteristic selecting operation as the risk characteristic of the target suspicious transaction subject.
In some embodiments of the present application, the audit result of the target suspicious transaction subject includes an inputted crime type, and the batch audit module 1240 includes:
the system comprises a crime type and qualitative result acquisition unit, a crime type and qualitative result acquisition unit and a crime analysis unit, wherein the crime type and qualitative result acquisition unit is used for acquiring a crime type input for a target suspicious transaction main body according to triggered batch audit operation;
and the trial and management result determining unit is used for taking the crime type corresponding to the target suspicious transaction body as a trial and management result of the target similar suspicious transaction body selected by the batch trial and management operation.
In some embodiments of the present application, the audit result of the target suspicious transaction subject further includes an audit message, and the audit message is obtained according to the risk characteristics of the target suspicious transaction subject; the batch auditing module 1240 further includes:
the second acquisition unit is used for acquiring the risk characteristics corresponding to the similar suspicious transaction subjects for each similar suspicious transaction subject;
the examination message generating unit is used for replacing the risk characteristics in the examination message corresponding to the target suspicious transaction body with the risk characteristics corresponding to the similar suspicious transaction body to obtain the examination message of the similar suspicious transaction body;
and the adding unit is used for adding the examination and management message of the similar suspicious transaction body into the examination and management result of the similar suspicious transaction body.
In some embodiments of the present application, the examining and managing device of the suspicious transaction subject further comprises:
the transaction data acquisition module is used for acquiring transaction data corresponding to a transaction main body;
the main body feature extraction module is used for extracting main body features corresponding to the transaction main body from the transaction data;
the suspected criminal behavior identification module is used for identifying suspected criminal behaviors of the transaction main body according to the main body characteristics;
and the suspicious transaction main body determining module is used for determining the transaction main body as a suspicious transaction main body if the suspected criminal behavior of the transaction main body is identified.
FIG. 13 illustrates a schematic structural diagram of a computer system suitable for use to implement the electronic device of the embodiments of the subject application.
It should be noted that the computer system 1300 of the electronic device shown in fig. 13 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present application.
As shown in fig. 13, a computer system 1300 includes a Central Processing Unit (CPU)1301 that can perform various appropriate actions and processes, such as performing the methods in the above-described embodiments, according to a program stored in a Read-Only Memory (ROM) 1302 or a program loaded from a storage portion 1308 into a Random Access Memory (RAM) 1303. In the RAM 1303, various programs and data necessary for system operation are also stored. The CPU1301, the ROM1302, and the RAM 1303 are connected to each other via a bus 1304. An Input/Output (I/O) interface 1305 is also connected to bus 1304.
The following components are connected to the I/O interface 1305: an input portion 1306 including a keyboard, a mouse, and the like; an output section 1307 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage portion 1308 including a hard disk and the like; and a communication section 1309 including a Network interface card such as a LAN (Local Area Network) card, a modem, or the like. The communication section 1309 performs communication processing via a network such as the internet. A drive 1310 is also connected to the I/O interface 1305 as needed. A removable medium 1311 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 1310 as necessary, so that a computer program read out therefrom is mounted into the storage portion 1308 as necessary.
In particular, according to embodiments of the application, the processes described above with reference to the flow diagrams may be implemented as computer software programs. For example, embodiments of the present application include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated by the flow chart. In such embodiments, the computer program may be downloaded and installed from a network via communications component 1309 and/or installed from removable media 1311. The computer program executes various functions defined in the system of the present application when executed by a Central Processing Unit (CPU) 1301.
It should be noted that the computer readable medium shown in the embodiments of the present application may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a Read-Only Memory (ROM), an Erasable Programmable Read-Only Memory (EPROM), a flash Memory, an optical fiber, a portable Compact Disc Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present application, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In this application, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. Each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present application may be implemented by software, or may be implemented by hardware, and the described units may also be disposed in a processor. Wherein the names of the elements do not in some way constitute a limitation on the elements themselves.
As another aspect, the present application also provides a computer-readable storage medium, which may be contained in the electronic device described in the above embodiments; or may exist separately without being assembled into the electronic device. The computer-readable storage medium carries computer-readable instructions that, when executed by a processor, implement the method in the above-described embodiments.
According to an aspect of the present application, there is also provided an electronic device, including: a processor; a memory having computer readable instructions stored thereon which, when executed by the processor, implement the method of the above embodiments.
According to an aspect of an embodiment of the present application, there is provided a computer program product or a computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and executes the computer instructions, so that the computer device executes the method for auditing the suspicious transaction subjects provided in the above-mentioned optional embodiments.
It should be noted that although in the above detailed description several modules or units of the device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the application. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present application can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (which can be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which can be a personal computer, a server, a touch terminal, or a network device, etc.) to execute the method according to the embodiments of the present application.
Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the embodiments disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains.
It will be understood that the present application is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the application is limited only by the appended claims.
Claims (10)
1. A method for auditing suspicious transaction subjects, comprising:
acquiring a risk characteristic of a target suspicious transaction subject, wherein the risk characteristic is extracted from transaction data of the target suspicious transaction subject;
according to the risk characteristics, calculating the similarity between each suspicious transaction subject in a suspicious transaction subject set to be examined and the target suspicious transaction subject;
determining similar suspicious transaction subjects of the target suspicious transaction subjects from the suspicious transaction subject set according to the calculated similarity;
and carrying out batch audit on the similar suspicious transaction subjects according to the audit result of the target suspicious transaction subjects.
2. The method according to claim 1, wherein the calculating the similarity between each suspicious transaction subject in the set of suspicious transaction subjects to be examined and the target suspicious transaction subject according to the risk features comprises:
calculating the feature similarity of each risk feature corresponding to the suspicious transaction main body and the target suspicious transaction main body aiming at each suspicious transaction main body;
and weighting the feature similarity corresponding to all risk features of the suspicious transaction main body and the target suspicious transaction main body to obtain the similarity between the suspicious transaction main body and the target suspicious transaction main body.
3. The method according to claim 2, wherein the result of the trial and error of the target suspicious transaction body indicates a crime type, and the weighting the feature similarity corresponding to all risk features of the suspicious transaction body and the target suspicious transaction body to obtain the similarity between the suspicious transaction body and the target suspicious transaction body comprises:
acquiring a weight coefficient determined by each risk characteristic on a crime type;
and according to the weight coefficient corresponding to each risk characteristic, weighting the characteristic similarity corresponding to all the risk characteristics of the suspicious transaction main body and the target suspicious transaction main body to obtain the similarity between the suspicious transaction main body and the target suspicious transaction main body.
4. The method of claim 3, wherein obtaining the weight coefficient determined by each risk characteristic for the crime type comprises:
acquiring risk characteristics corresponding to a plurality of examined transaction subjects;
according to the classification of the risk features and the risk features corresponding to the examined transaction main bodies, classifying the examined transaction main bodies into the classification of the corresponding risk features;
for each risk feature, calculating an evidence weight corresponding to each sub-box in the risk features according to the number of examined transaction subjects divided into the sub-boxes in the risk features;
weighting the evidence weights corresponding to all the sub-boxes in the risk characteristics to obtain the information value corresponding to the risk characteristics, and taking the information value as a weight coefficient determined by the corresponding risk characteristics on the crime types.
5. The method according to claim 1, wherein before performing batch audit on the similar suspicious transaction subjects according to the audit result of the target suspicious transaction subject, the method further comprises:
determining the risk characteristics of which the feature similarity meets a set similarity range according to the feature similarity of each risk characteristic corresponding to the suspicious transaction main body and the target suspicious transaction main body;
taking the risk features with the determined feature similarity meeting a set similarity range as the core risk features of the similar suspicious transaction subjects;
displaying task information of the similar suspicious transaction subjects, wherein the task information comprises core risk characteristics of the suspicious transaction subjects.
6. The method of claim 1, wherein the obtaining the risk characteristics of the target suspicious transaction subject comprises:
detecting a feature selection operation triggered on a subject feature of a target suspicious transaction subject;
and taking the subject feature selected by the feature selection operation as a risk feature of the target suspicious transaction subject.
7. The method according to claim 1, wherein the audit result of the target suspicious transaction body includes an inputted crime type, and the batch audit of the similar suspicious transaction bodies according to the audit result of the target suspicious transaction body comprises:
acquiring a crime type input for the target suspicious transaction subject according to the triggered batch auditing operation;
and taking the crime type corresponding to the target suspicious transaction main body as a trial and administration result of the target similar suspicious transaction main body selected by the batch trial and administration operation.
8. The method according to claim 7, wherein the audit result of the target suspicious transaction subject further comprises an audit message obtained according to a risk characteristic of the target suspicious transaction subject;
the batch audit is carried out on the similar suspicious transaction subjects according to the audit result of the target suspicious transaction subjects, and the method further comprises the following steps:
for each similar suspicious transaction main body, acquiring a risk characteristic corresponding to the similar suspicious transaction main body;
replacing the risk characteristics in the review message corresponding to the target suspicious transaction subject with the risk characteristics corresponding to the similar suspicious transaction subject to obtain the review message of the similar suspicious transaction subject;
and adding the examination and management message of the similar suspicious transaction main body into the examination and management result of the similar suspicious transaction main body.
9. The method of claim 1, wherein prior to obtaining the risk profile of the target suspicious transaction entity, the method further comprises:
acquiring transaction data corresponding to a transaction main body;
extracting main body characteristics corresponding to the transaction main body from the transaction data;
performing suspected criminal behavior identification on the transaction main body according to the main body characteristics;
and if the suspected criminal behavior exists in the transaction subject, determining the transaction subject to be the suspected transaction subject.
10. An auditing apparatus for a suspect transaction subject, comprising:
the risk characteristic acquisition module is used for acquiring risk characteristics of a target suspicious transaction main body, wherein the risk characteristics are extracted from transaction data of the target suspicious transaction main body;
the similarity calculation module is used for calculating the similarity between each suspicious transaction main body in the suspicious transaction main body set to be examined and the target suspicious transaction main body according to the risk characteristics;
a similar suspicious transaction subject determination module, configured to determine a similar suspicious transaction subject of the target suspicious transaction subject from the suspicious transaction subject set according to the calculated similarity;
and the batch auditing module is used for carrying out batch auditing on the similar suspicious transaction subjects according to the auditing result of the target suspicious transaction subjects.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011420150.XA CN114596091A (en) | 2020-12-04 | 2020-12-04 | Method and device for examining and managing suspicious transaction subjects |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011420150.XA CN114596091A (en) | 2020-12-04 | 2020-12-04 | Method and device for examining and managing suspicious transaction subjects |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114596091A true CN114596091A (en) | 2022-06-07 |
Family
ID=81813404
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011420150.XA Pending CN114596091A (en) | 2020-12-04 | 2020-12-04 | Method and device for examining and managing suspicious transaction subjects |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114596091A (en) |
-
2020
- 2020-12-04 CN CN202011420150.XA patent/CN114596091A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110009174B (en) | Risk recognition model training method and device and server | |
| CN109583966B (en) | High-value customer identification method, system, equipment and storage medium | |
| CN109976997B (en) | Test method and device | |
| CN109360089A (en) | Credit risk prediction technique and device | |
| CN113656558B (en) | Method and device for evaluating association rule based on machine learning | |
| CN112561082A (en) | Method, device, equipment and storage medium for generating model | |
| CN113095927A (en) | Method and device for identifying suspicious transactions of anti-money laundering | |
| CN106408325A (en) | User consumption behavior prediction analysis method based on user payment information and system | |
| CN114140248A (en) | AI artificial intelligence technology-based abnormal transaction identification method | |
| CN112328869A (en) | User loan willingness prediction method and device and computer system | |
| CN108629508A (en) | Credit risk sorting technique, device, computer equipment and storage medium | |
| CN110569363A (en) | Decision flow component generation method and device, electronic equipment and storage medium | |
| CN112950347B (en) | Resource data processing optimization method and device, storage medium and terminal | |
| CN111553685B (en) | Method, device, electronic equipment and storage medium for determining transaction routing channel | |
| CN112950359A (en) | User identification method and device | |
| CN112950218A (en) | Business risk assessment method and device, computer equipment and storage medium | |
| CN116843395A (en) | Alarm classification method, device, equipment and storage medium of service system | |
| CN114596091A (en) | Method and device for examining and managing suspicious transaction subjects | |
| CN115099934A (en) | High-latency customer identification method, electronic equipment and storage medium | |
| CN113962216A (en) | Text processing method and device, electronic equipment and readable storage medium | |
| CN112116358A (en) | Transaction fraud prediction method and device and electronic equipment | |
| Lee et al. | Application of machine learning in credit risk scorecard | |
| JP2021018466A (en) | Rule extracting apparatus, information processing apparatus, rule extracting method, and rule extracting program | |
| CN111882339A (en) | Prediction model training and response rate prediction method, device, equipment and storage medium | |
| CN113963234B (en) | Data annotation processing method, device, electronic equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40069349 Country of ref document: HK |