CN115115378A - Transaction security monitoring method and device - Google Patents

Transaction security monitoring method and device Download PDF

Info

Publication number
CN115115378A
CN115115378A CN202210854983.XA CN202210854983A CN115115378A CN 115115378 A CN115115378 A CN 115115378A CN 202210854983 A CN202210854983 A CN 202210854983A CN 115115378 A CN115115378 A CN 115115378A
Authority
CN
China
Prior art keywords
score
user
account
transaction
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210854983.XA
Other languages
Chinese (zh)
Inventor
曹蓉
敬桦
卢飞
罗立新
李思颖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202210854983.XA priority Critical patent/CN115115378A/en
Publication of CN115115378A publication Critical patent/CN115115378A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4016Transaction verification involving fraud or risk level assessment in transaction processing

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The application provides a transaction security monitoring method and a device, which can be used in the technical field of data processing, and the method comprises the following steps: when a transaction request submitted by a user is detected, acquiring login time of the user for logging in an account when the current transaction is initiated, touch force of an input device of the portable equipment and gesture and angle when the portable equipment is used; respectively inputting the login time, the touch force, the gesture and the angle into a preset scoring model, and calculating a corresponding first score, a second score and a third score; carrying out weighted calculation on the first score, the second score and the third score to obtain an evaluation score; and judging the current transaction as a safe transaction under the condition that the evaluation score is more than or equal to a first threshold value. Therefore, whether the user initiating the current transaction is the user corresponding to the account initiating the current transaction can be judged based on the behavior habits of the user, the safety of the current transaction is monitored, and the account safety of the user is guaranteed.

Description

Transaction security monitoring method and device
Technical Field
The present application relates to the field of data processing technologies, and in particular, to a method and an apparatus for monitoring transaction security.
Background
With the continuous integration of internet technologies and financial services, internet finance is rapidly developing. The application of mobile in the life of people is wide, the application boundary of mobile payment is further expanded by various payment scenes, the increase of the scale of a user is promoted by diversified scenes, the service innovation of financial institutions is promoted, the user experience is improved, meanwhile, the huge challenge is brought to commercial banks, and particularly, the huge challenge is brought to the aspect of guaranteeing the account safety of the user.
The traditional financial institution generally adopts the modes of password, short message verification code, fingerprint, facial recognition and the like to reduce the transaction risk, for example, the mode of password or short message verification code is adopted when logging in a mobile bank to confirm whether to log in an account for the owner; when the mobile phone bank is not logged in for a long time or the mobile phone bank is logged in for the first time on new equipment, whether the mobile phone bank logs in for the account is judged by adopting a face recognition method according to the actions of blinking, turning left and turning right, nodding head and the like; and during the transaction, a transaction password or fingerprint or face recognition mode is input, and whether the user carries out the transaction is confirmed again.
With the coming of the mobile internet financial era, the traditional short message verification control mode is difficult to meet the requirements of continuous innovation of services, the call for improving the user experience in the mobile internet era is difficult to meet, and increasingly severe fraud forms are difficult to deal with.
When the mobile phone is stolen or attacked by a false base station, the mobile phone verification code and other equipment-based protection are almost invalid. In addition, if the user information is not properly stored, the password information is leaked, and the like, the account may be used by others and the transaction is performed. In addition, frequent authentication also reduces user experience, which is not conducive to improving user stickiness.
This section is intended to provide a background or context to the embodiments of the application that are recited in the claims. The description herein is not admitted to be prior art by inclusion in this section.
Disclosure of Invention
The embodiment of the application provides a transaction security monitoring method, which is used for judging whether a user operating a portable device is the user corresponding to an account initiating a current transaction or not by matching the behavior habits of the user operating the portable device with the pre-stored corresponding behavior habits, so that the security of the current transaction is monitored, and the account security of the user is guaranteed. The method comprises the following steps:
when a transaction request submitted by a user is detected, acquiring login time of the user for logging in an account when the current transaction is initiated, touch force of an input device of a touch portable device and a gesture and an angle when the portable device is used;
inputting the login time into a preset first scoring model, and calculating a first score;
inputting the touch force into a preset second scoring model, and calculating a second score;
inputting the postures and the angles to a preset third scoring model, and calculating a third score;
carrying out weighted calculation on the first score, the second score and the third score to obtain an evaluation score;
and judging the current transaction as a safe transaction under the condition that the evaluation score is more than or equal to a first threshold value.
The embodiment of the application further provides a transaction security monitoring device, which is used for judging whether a user operating the portable device is the user corresponding to the account initiating the current transaction or not by matching the behavior habits of the user operating the portable device with the pre-stored corresponding behavior habits, so that the security of the current transaction is monitored, and the account security of the user is guaranteed. The device includes:
a behavior feature extraction unit which acquires login time of a user logging in an account when a current transaction is initiated, touch strength of an input device touching a portable device, and a posture and an angle when the portable device is used, when it is detected that the user submits a transaction request;
a first calculation unit that inputs the login time to a predetermined first score model and calculates a first score;
a second calculation unit which inputs the touch force to a predetermined second score model and calculates a second score;
a third calculation unit which inputs the attitude and the angle to a predetermined third scoring model and calculates a third score;
a fourth calculating unit configured to perform weighted calculation on the first score, the second score, and the third score to obtain an evaluation score;
and a determination unit that determines that the current transaction is a safe transaction when the evaluation score is equal to or greater than a first threshold value.
The embodiment of the present application further provides a computer device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and the processor implements the above method when executing the computer program.
An embodiment of the present application further provides a computer-readable storage medium, which stores a computer program, and when the computer program is executed by a processor, the computer program implements the method.
An embodiment of the present application further provides a program product, which includes a computer program, and when the computer program is executed by a processor, the method is implemented.
In the embodiment of the application, whether the current transaction is a safe transaction or not is judged by grading the login time, the touch strength, the gesture and the angle when the user initiates the current transaction by using the portable equipment and calculating the evaluation score, whether the user initiating the current transaction is the user corresponding to the account initiating the current transaction or not can be judged, the safety of the current transaction is monitored, and therefore the account safety of the user is guaranteed.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts. In the drawings:
fig. 1 is a schematic diagram of a transaction security monitoring method according to an embodiment of the present application.
Fig. 2 is a schematic diagram of a practical application of the transaction security monitoring method according to the embodiment of the present application.
Fig. 3 is another schematic diagram of a transaction security monitoring method according to an embodiment of the present application.
Fig. 4 is another schematic diagram of a transaction security monitoring method according to an embodiment of the present application.
FIG. 5 is a schematic diagram of a relationship map according to an embodiment of the present application.
Fig. 6 is a schematic diagram of a transaction security monitoring apparatus according to an embodiment of the present application.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present application more apparent, the embodiments of the present application are further described in detail below with reference to the accompanying drawings. The exemplary embodiments and descriptions of the present application are provided herein to explain the present application and not to limit the present application.
It should be noted that the transaction security monitoring method disclosed in the present application may be used in the field of financial technology, and may also be used in any field other than the field of financial technology.
In addition, it should be noted that the technical solutions in the present application, such as acquiring, storing, using, and processing data, all conform to relevant regulations of national laws and regulations.
The embodiment of the application provides a transaction security monitoring method. Fig. 1 is a schematic diagram of a transaction security monitoring method according to an embodiment of the present application.
As shown in fig. 1, the method 100 includes:
step 101: when a transaction request submitted by a user is detected, acquiring login time of the user for logging in an account when the current transaction is initiated, touch force of an input device of a touch portable device and a gesture and an angle when the portable device is used;
step 103: inputting the login time into a preset first scoring model, and calculating a first score;
step 105: inputting the touch force into a preset second scoring model, and calculating a second score;
step 107: inputting the postures and the angles into a preset third scoring model, and calculating a third score;
step 109: carrying out weighted calculation on the first score, the second score and the third score to obtain an evaluation score;
step 111: and judging the current transaction as a safe transaction under the condition that the evaluation score is more than or equal to a first threshold value.
Therefore, whether the current transaction is the safe transaction or not can be judged by grading the login time, the touch strength, the gesture and the angle when the user initiates the current transaction by using the portable equipment and calculating the evaluation score, whether the user initiating the current transaction is the user corresponding to the account initiating the current transaction or not can be judged, the safety of the current transaction is monitored, and the account safety of the user is guaranteed.
In the embodiment of the present application, the portable device may be a mobile phone, a tablet computer, a laptop computer, a notebook computer, or the like, and the portable device may also be other devices.
In addition, the input device of the portable device includes, for example, a key of a mobile phone, a touch screen of a tablet computer, a key of a notebook computer, a mouse, a touch screen, and the like, and the input device of the portable device only needs to be capable of detecting a touch force when a user uses the portable device.
In addition, the posture and angle of the user when using the portable device can be detected by a sensor in the portable device, for example, by a gyroscope and a gravity sensor built in the mobile phone, the rotational angular velocity of the mobile phone when the mobile phone is tilted and deflected, the current direction and horizontal position of the mobile phone, and the like, and the angle of the user when holding the mobile phone is analyzed, thereby determining the use posture of the user. The attitude and the angle of the portable device during use can be detected by other sensors, which is not limited in the embodiments of the present application, and reference may be made to related technologies.
In addition, the method of the embodiment of the application can be applied to a data center of a bank to monitor the security of the transaction initiated by the user, for example, when the user logs in a mobile banking application through a mobile phone or a tablet computer to initiate the transaction, the data center can utilize the method of the embodiment of the application to monitor the security of the initiated current transaction; or when the user logs in a transaction website of a bank through a notebook computer to initiate a transaction, the data center can utilize the method of the embodiment of the application to perform security monitoring on the initiated current transaction. However, the embodiment of the present application is not limited to this, and the method of the embodiment of the present application may also be applied to other scenarios, and may be set according to actual situations.
For convenience of understanding and explaining the embodiments of the present application, the following description will be given by taking the transaction security monitoring method of the embodiments of the present application as an example in a scenario where a mobile phone is logged in a mobile banking application to initiate a transaction, but it should be understood by those skilled in the art that the embodiments of the present application may also be applied in other scenarios where a transaction is initiated by a portable device.
Fig. 2 is a schematic diagram of a practical application of the transaction security monitoring method according to the embodiment of the present application.
As shown in fig. 2, the mobile phone 201 communicates with the data center 203 of the bank through a network, which is not limited in the embodiment of the present application and may be a wired network or a wireless network. When a user logs in a mobile banking application installed in the mobile phone 201, the user can log in through three ways: password login, short message verification code and fingerprint verification login, and short message verification code and face verification login. After the authentication is passed by the data center 203, the user can log into the mobile banking account of the user.
The data center 203 can instruct the mobile phone 201 to collect the behavior habit of the user after the user logs in the mobile phone bank account each time, for example, collect the time period information of the mobile phone bank used by the user, collect the rotation angle of the mobile phone 201 by using a gyroscope, collect the current direction of the mobile phone 201 by using a gravity sensor, collect the touch screen strength of the user by using a pressure sensor, and the like, the data center 203 can construct a behavior habit library of the user according to the information collected by the mobile phone 201, for example, the behavior habit library of the user includes the time period of the mobile phone bank frequently used by the user, the angle and the posture when using the mobile phone, the touch screen strength when clicking the mobile phone, and the like, and the data center 203 can construct a behavior habit scoring model for the user according to the behavior habit library of the user, for example, construct a first scoring model of the time period when using the mobile phone bank, construct a second scoring model of the angle and the posture when using the mobile phone, and constructing a third grading model of the touch screen force for clicking the mobile phone.
When it is detected that the user logs in the mobile phone bank and initiates a transaction or when it is detected that the user logs in the mobile phone bank for the first time by using a new device, the data center 203 may instruct the mobile phone 201 to collect data of behavior habits of the user during using the mobile phone bank, for example, instruct the mobile phone 201 to send information such as time when the user logs in the mobile phone bank, angle and posture when using the mobile phone, and touch screen force for clicking the mobile phone to the data center 203.
The data center 203 compares the received data of the behavior habits of the user during the period of using the mobile phone bank with the data in the user behavior habit library of the user, for example, calculates corresponding scores according to the scoring models of the behavior habits, and then weights each score to calculate the final score.
In addition, when the user logs in the mobile phone bank, if fingerprint authentication or face authentication is used, the fingerprint information or face information during logging in may be matched with the fingerprint information or face information stored in the data center 203, a matching score may be calculated, and then the matching score and the scores corresponding to various behavioural habits may be weighted to calculate a final score.
If the final score is above a first threshold value, judging that the current transaction is initiated by the user; otherwise, judging that the user is not the self-initiated user. The first threshold is, for example, 85 points, and the specific score of the first threshold is not limited in this embodiment of the application and may be set according to an actual situation.
When the transaction object is determined to be the user's owner, the determination of whether the transaction object is a fraud molecule may be continued, for example, by using a relationship map of the account, which will be described in the following embodiments.
In addition, when it is determined that the user has not initiated the transaction, the transaction may be temporarily suspended or may be terminated as it is.
For example, when the final score is lower than the first threshold but close to the first threshold, the transaction may be temporarily suspended, and re-verification and/or scoring may be performed, thereby preventing the user from being unable to perform a normal transaction because the user himself or herself does not operate the mobile phone according to usual habits. For example, when the final score is lower than the first threshold by, for example, within 10% (or other ratio than 10%, which is not limited in the present embodiment and may be set according to actual conditions), the user may perform re-verification and/or scoring, and when re-verification is performed, the user may be further requested to perform a human judgment operation such as a head-shaking, or a blinking in accordance with a voice prompt, and when re-scoring is performed, the weight ratio between the scores may be adjusted. Reference may be made in particular to the related art, which is not limited by the embodiments of the present application.
For example, in the case where the final score is lower than the first threshold, for example, 20% or more, the transaction is directly terminated, thereby securing the account of the user.
Fig. 3 is another schematic diagram of a transaction security monitoring method according to an embodiment of the present application.
In at least one embodiment, as shown in FIG. 3, the method 300 may include:
step 301: matching the biological information input by the user when logging in the account with the pre-stored biological information corresponding to the account, and calculating a matching score;
step 303: and carrying out weighted calculation on the matching score, the first score, the second score and the third score to obtain the evaluation score.
In the embodiment of the application, for example, when the user transacts a bank account, the biological information of the user is stored in association with the bank account. In step 301, the matching score may be calculated based on a hash algorithm, or may be calculated based on histogram similarity comparison, which may specifically refer to related technologies, and the embodiment of the present application does not limit this.
In at least one embodiment, the biometric information may include at least one of fingerprint information, face information, iris information, and voice information. The biological information of the embodiments of the present application may also include other biological information, which is not limited in the embodiments of the present application.
Further, the method 300 may further include: in the calculating of the evaluation score, the weighted matching score, the first score, the second score, and the third score are weighted to obtain the evaluation score.
For example, when fingerprint information and face information are input, the weight of the matching score corresponding to the fingerprint information may be set to be greater than the weight of the matching score corresponding to the face information, thereby avoiding the situation that the identity of the user is not accurately identified due to inaccurate comparison of the face information caused by environmental light and the like. In addition, matching scores can be weighted and calculated by combining iris information, voice information and the like, so that the accuracy of identification is further improved.
In at least one embodiment, the first scored first weight, the second scored second weight, and the third scored third weight may be determined according to the login time, the touch force, the historical login time corresponding to the gesture and the angle, the historical touch force, the historical gesture and the angle, the historical touch force being the touch force when the account is operated within the predetermined period, and the gesture and the angle being the gesture and the angle when the account is operated within the predetermined period.
For example, if the user logs into the account often for a fixed period of time, the first weight may be set to a maximum, or if the user's touch strength while operating the account is often within a fixed range, the second weight may be set to a maximum, or if the user operates the phone often at a certain gesture or angle while operating the account, the third weight may be set to a maximum, and so on; or the setting may be performed according to user selection or actual conditions, which is not limited in the embodiment of the present application. In addition, the predetermined period may be approximately 3 days, approximately 1 month, approximately 1 year, and the like, which is not limited by the embodiment of the present application.
In at least one embodiment, the fourth weight of the match score is greater than the first weight of the first score, the second weight of the second score, and the third weight of the third score. Therefore, when the user himself does not operate the famous account according to the common behavior habit, the user can be ensured to carry out normal transaction.
In at least one embodiment, as shown in fig. 3, the method 300 may further comprise:
step 305: judging the current transaction as a risk transaction under the condition that the evaluation score is lower than the first threshold value;
step 307: in the case where the current transaction is determined to be a risk transaction, the current transaction is aborted.
In the present embodiment, the first threshold is, for example, 70 minutes, 80 minutes, 85 minutes, 90 minutes, etc., and the value of the first threshold is not limited in the present embodiment and may be set according to actual circumstances.
In step 305, in the case that the evaluation score is lower than the first threshold, it is determined that the current transaction may not be initiated by the user corresponding to the transaction account, and the current transaction may have a security risk, and therefore, the current transaction is determined to be a risk transaction.
In step 307, when it is determined that the current transaction has a security risk, the current transaction may be terminated, and further, the user identity may be required to be verified again, for example, the user may be required to further input information such as a transaction password and a withdrawal password, or biological information matching may be performed again.
In addition, the current transaction can be terminated when the current transaction is judged to be a risk transaction, so that the account security of the user is protected to the maximum extent.
In at least one embodiment, the first scoring model is obtained by training a model established based on a user behavior habit library storing historical login time of the user;
the second scoring model is obtained by training a model established based on the user behavior habit library storing the historical touch strength of the user;
the third scoring model is obtained by training a model established based on the user behavior habit library storing the historical postures and angles of the user.
In the embodiment of the application, the user behavior habit library can be constructed according to the historical behavior habit information of the user, the behavior habit model is established based on the user behavior habit library, and the behavior of the user when the user operates the account is scored, so that whether the user operates the account is judged, complex operation is avoided on the basis of guaranteeing the safety of the account, and the user experience is improved.
Fig. 4 is another schematic diagram of a transaction security monitoring method according to an embodiment of the present application.
In at least one embodiment, as shown in FIG. 4, method 400 may include:
step 401: judging whether the object of the current transaction is marked according to the relation map of the account;
step 403: and under the condition that the object is judged to be marked, outputting information for reminding the user to close the current transaction.
In step 401, the object of the current transaction is marked as "fraud risk", for example, then information reminding the user is output in step 401, for example, information controlling the display screen to display "the current transaction object is fraud risk, please stop the transaction", and so on.
FIG. 5 is a schematic diagram of a relationship map according to an embodiment of the present application.
As shown in fig. 5, for example, the current account Re initiates a remittance transaction, the transaction object is the account Co, the account Co has transacted with the account E, the account E has transacted with the account Ri, the account Ri is marked as "fraud risk", and the account E has frequent transaction with the account Ri, so that the account E has a very high probability of fraud risk, and thus the account Co transacted with the account E is determined to have fraud risk, that is, the account Co can be marked and the user of the account Re is prompted to close the remittance transaction with the account Co.
In at least one embodiment, the relationship map of the account may be formed based on information of the account and association information of other accounts that have transacted with the account, and the account may be marked when the number of transactions initiated by the account is determined to be risk transactions is greater than a second threshold.
For example, the relationship graph in fig. 5 may be formed based on information of account Re (e.g., including account D that has transacted with account Re), information of account D (e.g., including account I that has transacted with account D), information of account I (e.g., including account Co that has transacted with account I), information of account Co (e.g., including account E that has transacted with account Co), information of account E (e.g., including account Ri that has transacted with account E), and information of account Ri.
In the embodiment of the application, the account can be marked as the risk account when multiple risk transactions are initiated by the account, for example, in the case that the password of the mobile bank of the user is stolen, the account is marked as the risk account because the other users do not attempt multiple logins through behavior habit recognition when logging in the mobile bank of the user, so that the other users can be prevented from cheating others on the behalf of the user.
Furthermore, the account may be marked by knowing that there is a risk in a certain account through information from other channels, for example, networking with a public security system, synchronizing account information marked as a fraudulent account in the public security system to a data center of a bank, and the like. The embodiments of the present application do not limit this.
The embodiment of the present application further provides a transaction security monitoring apparatus, as described in the following embodiments. Because the principle of solving the problems of the transaction safety monitoring device is similar to that of the transaction safety monitoring method, the implementation of the transaction safety monitoring device can refer to the implementation of the transaction safety monitoring method, and repeated parts are not described again.
Fig. 6 is a schematic diagram of a transaction security monitoring device according to an embodiment of the present application.
As shown in fig. 6, the transaction security monitoring apparatus 600 may include a behavior feature obtaining unit 601, a first calculating unit 602, a second calculating unit 603, a third calculating unit 604, a fourth calculating unit 605, and a first determining unit 606.
The behavior feature acquisition unit 601 acquires login time of a user logging in an account when a current transaction is initiated, touch strength of an input device touching a portable device, and a posture and an angle when the portable device is used when it is detected that the user submits a transaction request;
the first calculation unit 602 inputs the login time to a predetermined first scoring model, and calculates a first score;
the second calculating unit 603 inputs the touch force to a predetermined second scoring model, and calculates a second score;
the third calculation unit 604 inputs the attitude and the angle to a predetermined third score model, and calculates a third score;
the fourth calculating unit 605 performs weighted calculation on the first score, the second score and the third score to obtain an evaluation score;
when the evaluation score is equal to or greater than the first threshold, the first determination unit 606 determines that the current transaction is a safe transaction.
Therefore, whether the current transaction is the safe transaction or not can be judged by grading the login time, the touch strength, the gesture and the angle when the user initiates the current transaction by using the portable equipment and calculating the evaluation score, whether the user initiating the current transaction is the user corresponding to the account initiating the current transaction or not can be judged, the safety of the current transaction is monitored, and the account safety of the user is guaranteed.
In at least one embodiment, as shown in fig. 6, the transaction security monitoring apparatus 600 may further include a fifth calculating unit 607, where the fifth calculating unit 607 matches the biometric information input by the user when logging in the account with the pre-stored biometric information corresponding to the account, and calculates a matching score;
the fourth calculation unit 605 may perform weighted calculation on the matching score calculated by the fifth calculation unit 607, the first score, the second score, and the third score to obtain the evaluation score.
In at least one embodiment, as shown in fig. 6, the transaction security monitoring apparatus 600 may further include a weight assignment unit 608, and the weight assignment unit 608 sets a first weight of the first score to a second weight smaller than the second score, and sets the second weight to a third weight smaller than the third score.
In at least one embodiment, the weight assignment unit 608 may also set a fourth weight of the match score to be greater than the first weight of the first score, the second weight of the second score, and the third weight of the third score.
In at least one embodiment, as shown in fig. 6, the transaction security monitoring apparatus 600 may further include a transaction unit 609, and in the case that the evaluation score is lower than the first threshold, the first judgment unit 606 judges that the current transaction is a risk transaction, in which case the transaction unit 609 suspends the current transaction.
In at least one embodiment, the first scoring model is obtained by training a model established based on a user behavior habit library storing historical login time of the user; the second scoring model is obtained by training a model established based on the user behavior habit library storing the historical touch strength of the user; the third scoring model is obtained by training a model established based on the user behavior habit library storing the historical postures and angles of the user.
In at least one embodiment, as shown in fig. 6, the transaction security monitoring apparatus 600 may further include a marking unit 610 and a second judging unit 611.
When the number of times of risk transactions in multiple transactions initiated by the account is determined to be greater than the second threshold by the first determining unit 606, the marking unit 610 marks the account; the second determination unit 611 determines whether the object of the current transaction is marked according to the relationship map of the account; in the event that a determination is made that the object is marked, the transaction unit 609 may output information that alerts the user to close the current transaction.
In at least one embodiment, as shown in fig. 6, the transaction security monitoring apparatus 600 may further include a map forming unit 612, and the map forming unit 612 forms the relationship map of the account based on the information of the account and the association information of other accounts with which transactions have occurred.
The embodiment of the present application further provides a computer device, which includes a memory, a processor, and a computer program stored on the memory and capable of running on the processor, and when the processor executes the computer program, the transaction security monitoring method is implemented.
An embodiment of the present application further provides a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the method for monitoring transaction security is implemented.
An embodiment of the present application further provides a computer program product, where the computer program product includes a computer program, and when the computer program is executed by a processor, the method for monitoring transaction security as described above is implemented.
In the embodiment of the application, whether the current transaction is a safe transaction or not is judged by grading the login time, the touch strength, the gesture and the angle when the user initiates the current transaction by using the portable equipment and calculating the evaluation score, whether the user initiating the current transaction is the user corresponding to the account initiating the current transaction or not can be judged, the safety of the current transaction is monitored, and therefore the account safety of the user is guaranteed.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, apparatus, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to schematic and/or flowchart illustrations and/or block diagrams of methods, apparatus, systems, and computer program products according to embodiments of the application. It will be understood that each step and/or operation and/or flow and/or block of the illustrations and/or flow diagrams and/or block diagrams, and combinations of steps and/or operations and/or flow and/or blocks in the illustrations and/or flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the schematic diagram step or steps and/or flowchart flow or flow and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the block or blocks of the flowchart and/or flow diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the schematic diagram step or steps and/or flowchart flow or flows and/or block diagram block or blocks.
The above-mentioned embodiments are further described in detail for the purpose of illustrating the invention, and it should be understood that the above-mentioned embodiments are only illustrative of the present invention and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements, etc. made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (13)

1. A transaction security monitoring method, the method comprising:
when a transaction request submitted by a user is detected, acquiring login time of the user for logging in an account when the current transaction is initiated, touch force of an input device of a touch portable device and a gesture and an angle when the portable device is used;
inputting the login time into a preset first scoring model, and calculating a first score;
inputting the touch force into a preset second scoring model, and calculating a second score;
inputting the postures and the angles to a preset third scoring model, and calculating a third score;
carrying out weighted calculation on the first score, the second score and the third score to obtain an evaluation score;
and judging the current transaction as a safe transaction under the condition that the evaluation score is more than or equal to a first threshold value.
2. The method of claim 1, wherein the method further comprises:
matching the biological information input by the user when logging in the account with the pre-stored biological information corresponding to the account, and calculating a matching score;
and carrying out weighted calculation on the matching score, the first score, the second score and the third score to obtain the evaluation score.
3. The method of claim 2, wherein,
the biological information includes at least one of fingerprint information, face information, iris information and voice information,
the method further comprises the following steps:
weighting a matching score corresponding to biometric information input when a user logs in the account according to weights corresponding to the fingerprint information, the face information, the iris information, and the voice information in a case where at least two of the fingerprint information, the face information, the iris information, and the voice information are input when the user logs in the account, calculating the weighted matching score,
in the step of calculating the evaluation score, the weighted matching score, the first score, the second score and the third score are weighted to calculate the evaluation score.
4. The method of claim 1, wherein,
the first scored first weight, the second scored second weight and the third scored third weight are determined according to the login time, the touch force, the historical login time corresponding to the gesture and the angle, the historical touch force, the historical gesture and the angle stability, the greater the stability is, the greater the corresponding weight is, the historical login time is the login time for logging in the account in a preset period, the historical touch force is the touch force when the account is operated in the preset period, and the historical gesture and the angle are the gesture and the angle when the account is operated in the preset period.
5. The method of claim 2, wherein,
the fourth weight of the match score is greater than the first weight of the first score, the second weight of the second score, and the third weight of the third score.
6. The method of claim 1, wherein the method further comprises:
judging the current transaction as a risk transaction under the condition that the evaluation score is lower than the first threshold value;
in the case where the current transaction is determined to be a risk transaction, the current transaction is aborted.
7. The method of any one of claims 1 to 6,
the first scoring model is obtained by model training established on the basis of a user behavior habit library storing the historical login time of the user;
the second scoring model is obtained by training a model established on the basis of the user behavior habit library storing the historical touch strength of the user;
the third scoring model is obtained by training a model established on the basis of the user behavior habit library storing the historical postures and angles of the user.
8. The method of claim 1, wherein the method further comprises:
judging whether the object of the current transaction is marked according to the relation map of the account;
and under the condition that the object is judged to be marked, outputting information for reminding the user to close the current transaction.
9. The method of claim 8, wherein,
the relationship map of the account is formed based on information of the account and associated information of other accounts with which transactions have occurred,
and when the number of the transactions initiated by the account is judged to be risk transactions is larger than a second threshold value, marking the account.
10. A transaction security monitoring device, the device comprising:
a behavior feature acquisition unit which acquires a login time when a user logs in an account when a current transaction is initiated, a touch force when an input device of a portable device is touched, and a posture and an angle when the portable device is used, when it is detected that the user submits a transaction request;
a first calculation unit that inputs the login time to a predetermined first score model and calculates a first score;
a second calculation unit which inputs the touch force to a predetermined second score model and calculates a second score;
a third calculation unit which inputs the attitude and the angle to a predetermined third scoring model and calculates a third score;
a fourth calculating unit configured to perform weighted calculation on the first score, the second score, and the third score to obtain an evaluation score;
and a judging unit which judges that the current transaction is a safe transaction when the evaluation score is more than or equal to a first threshold value.
11. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method of any of claims 1 to 9 when executing the computer program.
12. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program which, when executed by a processor, implements the method of any one of claims 1 to 9.
13. A computer program product, characterized in that the computer program product comprises a computer program which, when being executed by a processor, carries out the method of any one of claims 1 to 9.
CN202210854983.XA 2022-07-19 2022-07-19 Transaction security monitoring method and device Pending CN115115378A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210854983.XA CN115115378A (en) 2022-07-19 2022-07-19 Transaction security monitoring method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210854983.XA CN115115378A (en) 2022-07-19 2022-07-19 Transaction security monitoring method and device

Publications (1)

Publication Number Publication Date
CN115115378A true CN115115378A (en) 2022-09-27

Family

ID=83334054

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210854983.XA Pending CN115115378A (en) 2022-07-19 2022-07-19 Transaction security monitoring method and device

Country Status (1)

Country Link
CN (1) CN115115378A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117171720A (en) * 2023-08-17 2023-12-05 哈尔滨工业大学 Data attribution right identification system and method based on behavior fingerprint

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117171720A (en) * 2023-08-17 2023-12-05 哈尔滨工业大学 Data attribution right identification system and method based on behavior fingerprint
CN117171720B (en) * 2023-08-17 2024-03-22 哈尔滨工业大学 Data attribution right identification system and method based on behavior fingerprint

Similar Documents

Publication Publication Date Title
US11100481B2 (en) Image authentication and security system and method
US10515264B2 (en) Systems and methods for authenticating a user based on captured image data
WO2018001371A1 (en) Method and apparatus for identity recognition
US11783335B2 (en) Transaction confirmation and authentication based on device sensor data
US20210029112A1 (en) Taptic authentication system and method
JP2017524998A (en) Method and system for performing identity verification
US20160350761A1 (en) Method and Apparatus for Managing Reference Templates for User Authentication Using Behaviometrics
CN107818251B (en) Face recognition method and mobile terminal
US10922396B2 (en) Signals-based authentication
JP7254311B2 (en) Apparatus and method for user authentication based on face recognition and handwritten signature verification
JP2018532181A (en) Segment-based handwritten signature authentication system and method
CN111563746A (en) Method, device, electronic equipment and medium for user identity authentication
CA3228679A1 (en) Systems and methods for continuous user authentication
CN115115378A (en) Transaction security monitoring method and device
US10885168B2 (en) User authentication via fingerprint and heartbeat
CN111882425B (en) Service data processing method, device and server
US11669604B2 (en) Methods and systems for authenticating a user
JP2018085010A (en) Identity determination apparatus and identity determination method
TWI728557B (en) Account stealing detection system
TWM590732U (en) Account stealing detection system
TWI687885B (en) Fund transfer system and method thereof
CN115841703A (en) Signing intention recognition method, system, equipment and medium based on handwriting characteristics
CN118154194A (en) Digital payment identity security verification method and system based on cloud platform
CN117688539A (en) User identity verification method and device, electronic equipment and computer storage medium
CN113592626A (en) Method and device for checking application information of anti-fraud credit card

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination