CN116308384A - Transaction risk monitoring method, device, equipment, medium and program product - Google Patents

Transaction risk monitoring method, device, equipment, medium and program product Download PDF

Info

Publication number
CN116308384A
CN116308384A CN202310205377.XA CN202310205377A CN116308384A CN 116308384 A CN116308384 A CN 116308384A CN 202310205377 A CN202310205377 A CN 202310205377A CN 116308384 A CN116308384 A CN 116308384A
Authority
CN
China
Prior art keywords
wind control
type
transaction
control type
risk monitoring
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310205377.XA
Other languages
Chinese (zh)
Inventor
高延太
马坤
徐秀星
刘迪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202310205377.XA priority Critical patent/CN116308384A/en
Publication of CN116308384A publication Critical patent/CN116308384A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4016Transaction verification involving fraud or risk level assessment in transaction processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange

Abstract

The disclosure provides a transaction risk monitoring method, which can be applied to the fields of information security and financial technology. The method comprises the following steps: responding to a transaction request initiated by a user, and calling a background wind control service to determine the hit wind control type; determining treatment measures according to the wind control type; prompting the user to continue the transaction or terminate the transaction according to the processing measures; the wind control type comprises a pre-event monitoring type, an in-event monitoring type and a post-event monitoring type, wherein the pre-event monitoring type, the in-event monitoring type and the post-event monitoring type are respectively used for controlling risks before, during and after transaction; and acquiring processing measures by calling a pre-established risk monitoring model. The disclosure also provides a transaction risk monitoring method device, equipment, a storage medium and a program product.

Description

Transaction risk monitoring method, device, equipment, medium and program product
Technical Field
The present disclosure relates to the field of information security and finance, and in particular, to a transaction risk monitoring method, apparatus, device, medium and program product.
Background
With the rapid development of the internet, telecommunication security events are frequently sent out, so that a great deal of property loss is caused for users, and the demand for transaction risk monitoring is more urgent than before.
At present, most of the methods adopted in the industry are blacklist checking methods for risk monitoring, processing is carried out before account deduction, different transactions need to be controlled one by one, monitoring of IP addresses of different areas in a short time, monitoring of unsuccessful login of different accounts by the same IP in a short time, and monitoring of a plurality of IP login of the same account in a short time are adopted for risk monitoring, and the problems of single monitoring method, incomplete scene coverage, poor expandability and the like exist.
Disclosure of Invention
In view of the foregoing, the present disclosure provides a transaction risk monitoring method, apparatus, device, medium and program product that enhance the monitoring effect, for at least partially solving the above technical problems.
According to a first aspect of the present disclosure, there is provided a transaction risk monitoring method comprising: responding to a transaction request initiated by a user, and calling a background wind control service to determine the hit wind control type; determining treatment measures according to the wind control type; prompting the user to continue the transaction or terminate the transaction according to the processing measures; the wind control type comprises a pre-event monitoring type, an in-event monitoring type and a post-event monitoring type, wherein the pre-event monitoring type, the in-event monitoring type and the post-event monitoring type are respectively used for controlling risks before, during and after transaction; and acquiring processing measures by calling a pre-established risk monitoring model.
According to an embodiment of the present disclosure, invoking a background wind control service to determine a hit wind control type in response to a user initiated transaction request includes: receiving a transaction request through a foreground public module; according to the transaction request, a request is initiated to a background public module through a foreground public module so as to call a background wind control service in the background public module; and judging the time attribute of the transaction request through a background wind control service to determine that the wind control type is any one of a pre-monitoring type, an in-event monitoring type and a post-monitoring type.
According to an embodiment of the present disclosure, determining the treatment measure includes: according to the wind control type, calling a risk monitoring model; inquiring a wind control type inquiry data table according to the risk monitoring model to determine processing measures; the risk monitoring model comprises a pre-event risk monitoring model, an event risk monitoring model and a post-event risk monitoring model, and the pre-event risk monitoring model, the event risk monitoring model and the post-event risk monitoring model are respectively and correspondingly provided with a pre-event risk treatment measure, an event risk treatment measure and a post-event risk treatment measure.
According to an embodiment of the present disclosure, prompting the user to continue or terminate the transaction according to the processing measure includes: feeding back processing measures to the front public module through the back public module; judging the processing measures through a foreground public module, and displaying the judging result to a user; under the condition that the wind control type is a pre-monitoring type or an in-process monitoring type, judging that the risk monitoring model is any one of a blacklist, a gray list and a declaration form; and prompting the user to terminate the transaction if the blacklist is hit; prompting the user to continue the transaction or terminate the transaction under the condition of hitting the gray list; and prompting the user to know the leaflet under the condition of hitting the leaflet.
According to an embodiment of the present disclosure, the transaction risk monitoring method further includes: and registering the post risk monitoring model and the elements of the transaction request under the condition that the wind control type is the post monitoring type.
According to an embodiment of the present disclosure, invoking the background wind control service to determine the hit wind control type in response to the user initiated transaction request further comprises: inquiring a data table by inquiring the wind control type, and determining a region number and a language corresponding to the transaction request; determining a preset wind control type of the area where the transaction request is located through the area code; determining the wind control type according to the preset wind control type and the time attribute of the transaction request; and determining, by language, a language that matches the transaction request.
According to an embodiment of the present disclosure, the transaction risk monitoring method further includes: under the condition of continuing the transaction, judging whether the hit wind control type is tampered; continuing the transaction under the condition that the hit wind control type is not tampered; and judging whether the hit wind control type is tampered or not in a tamper-proof module arranged in the background.
According to an embodiment of the present disclosure, the transaction risk monitoring method further includes: according to the wind control type, maintaining the risk monitoring model in an internal management module; synchronizing the maintained risk monitoring model to a model database arranged in a background public module to update a wind control type query data table; under the condition of triggering the new addition, adding a risk monitoring model and processing measures corresponding to the new risk monitoring model; under the condition of triggering modification, modifying the risk monitoring model and processing measures corresponding to the risk monitoring model; and under the condition of triggering deletion, deleting the risk monitoring model and the processing measures corresponding to the risk monitoring model.
According to an embodiment of the present disclosure, determining the treatment measure further includes, according to the wind control type: querying a wind control type query data table to determine a client type corresponding to the transaction request; and calling a risk monitoring model according to the client type and the wind control type.
A second aspect of the present disclosure provides a transaction risk monitoring device, comprising: the hit module is used for responding to a transaction request initiated by a user and calling a background wind control service so as to determine the hit wind control type; the processing module is used for determining processing measures according to the wind control type; the prompting module is used for prompting the user to continue the transaction or terminate the transaction according to the processing measures; the wind control type comprises a pre-event monitoring type, an in-event monitoring type and a post-event monitoring type, wherein the pre-event monitoring type, the in-event monitoring type and the post-event monitoring type are respectively used for controlling risks before, during and after transaction; and acquiring processing measures by calling a pre-established risk monitoring model.
A third aspect of the present disclosure provides an electronic device, comprising: one or more processors; and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of the embodiments described above.
A fourth aspect of the present disclosure also provides a computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method of any of the embodiments described above.
A fifth aspect of the present disclosure also provides a computer program product comprising a computer program which, when executed by a processor, implements the method of any of the embodiments described above.
Compared with the prior art, the transaction risk monitoring method, device, electronic equipment, storage medium and program product provided by the present disclosure have at least the following beneficial effects:
(1) According to the method, the wind control type is divided into the pre-event monitoring type, the in-event monitoring type and the post-event monitoring type, so that the transaction can be monitored under different conditions before, during and after the transaction, a multi-dimensional and full-flow transaction risk monitoring mode is provided, the processing measures are maintained through the risk monitoring model, the abstract unification of the measures of different transactions can be realized, the expansibility of the monitoring method is improved, the workload of repeated development is reduced, and the operation and maintenance pressure is reduced.
(2) The risk monitoring of the transaction request is realized through the interaction of the foreground public module and the background public module, so that the transaction only needs to refer to the public module, the internal processing and the realization are not required to be concerned, the reusability is high, the embedding is realized, and the maintenance is convenient.
Drawings
The foregoing and other objects, features and advantages of the disclosure will be more apparent from the following description of embodiments of the disclosure with reference to the accompanying drawings, in which:
FIG. 1 schematically illustrates an application scenario diagram of transaction risk monitoring methods, apparatus, devices, media and program products according to embodiments of the present disclosure;
FIG. 2 schematically illustrates a flow chart of a transaction risk monitoring method according to an embodiment of the present disclosure;
FIG. 3 schematically illustrates a flow chart of a method of determining an air control type according to an embodiment of the disclosure;
FIG. 4A schematically illustrates a block diagram of a transaction risk monitoring system according to an embodiment of the present disclosure;
FIG. 4B schematically illustrates a block diagram of a transaction risk monitoring system according to another embodiment of the present disclosure;
FIG. 5 schematically illustrates a method flow diagram of determining a treatment measure in accordance with an embodiment of the present disclosure;
FIG. 6 schematically illustrates a method flow diagram of determining a treatment measure in accordance with an embodiment of the present disclosure;
FIG. 7 schematically illustrates a flow chart of internal management module and application channel interactions, in accordance with an embodiment of the present disclosure;
FIG. 8 schematically illustrates a method flowchart for prompting a user for operation in accordance with an embodiment of the present disclosure;
FIG. 9 schematically illustrates a flow chart of a method of determining a type of air control according to another embodiment of the present disclosure;
FIG. 10 schematically illustrates a block diagram of an apparatus according to an embodiment of the disclosure; and
fig. 11 schematically illustrates a block diagram of an electronic device suitable for implementing a method according to an embodiment of the disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is only exemplary and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the present disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and/or the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It should be noted that the terms used herein should be construed to have meanings consistent with the context of the present specification and should not be construed in an idealized or overly formal manner.
Where expressions like at least one of "A, B and C, etc. are used, the expressions should generally be interpreted in accordance with the meaning as commonly understood by those skilled in the art (e.g.," a system having at least one of A, B and C "shall include, but not be limited to, a system having a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
Embodiments of the present disclosure provide a transaction risk monitoring method, apparatus, device, medium, and program product, which may be used in the financial field or other fields. It should be noted that the transaction risk monitoring method, apparatus, device, medium and program product of the present disclosure may be used in the financial field, and may also be used in any field other than the financial field, and the application fields of the transaction risk monitoring method, apparatus, device, medium and program product of the present disclosure are not limited.
In the technical scheme of the disclosure, the acquisition, storage, application and the like of the related personal information of the user all conform to the regulations of related laws and regulations, necessary security measures are taken, and the public order harmony is not violated.
In the technical scheme of the disclosure, the authorization or consent of the user is obtained before the personal information of the user is obtained or acquired.
Fig. 1 schematically illustrates an application scenario diagram of a transaction risk monitoring method, apparatus, device, medium and program product according to an embodiment of the present disclosure.
As shown in fig. 1, an application scenario 100 according to this embodiment may include terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 is used as a medium to provide communication links between the terminal devices 101, 102, 103 and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
The user may interact with the server 105 via the network 104 using the terminal devices 101, 102, 103 to receive or send messages or the like. Various communication client applications, such as shopping class applications, web browser applications, search class applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only) may be installed on the terminal devices 101, 102, 103.
The terminal devices 101, 102, 103 may be a variety of electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The server 105 may be a server providing various services, such as a background management server (by way of example only) providing support for websites browsed by users using the terminal devices 101, 102, 103. The background management server may analyze and process the received data such as the user request, and feed back the processing result (e.g., the web page, information, or data obtained or generated according to the user request) to the terminal device.
It should be noted that the transaction risk monitoring method provided by the embodiments of the present disclosure may be generally performed by the server 105. Accordingly, the transaction risk monitoring devices provided by embodiments of the present disclosure may be generally disposed in the server 105. The transaction risk monitoring method provided by the embodiments of the present disclosure may also be performed by a server or cluster of servers other than the server 105 and capable of communicating with the terminal devices 101, 102, 103 and/or the server 105. Accordingly, the transaction risk monitoring apparatus provided by the embodiments of the present disclosure may also be provided in a server or server cluster that is different from the server 105 and is capable of communicating with the terminal devices 101, 102, 103 and/or the server 105.
It should be understood that the number of terminal devices, networks and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
The transaction risk monitoring method of the disclosed embodiment will be described in detail below with reference to fig. 2 to 9 based on the scenario described in fig. 1.
Fig. 2 schematically illustrates a flow chart of a transaction risk monitoring method according to an embodiment of the present disclosure.
As shown in fig. 2, an embodiment of the present disclosure provides a transaction risk monitoring method, for example, including:
s210, responding to a transaction request initiated by a user, and calling a background wind control service to determine the hit wind control type.
For example, the background wind control service is REAF (enterprise-level real-time protection system) service, and REAF is based on a big data platform, realizes a protection engine and a feature library, provides real-time, quasi-real-time and batch protection services such as list detection and model monitoring, and supports protection functions such as credit card, electronic bank, third party quick payment, professional customer-oriented application protection, in-process transaction protection and post risk monitoring.
S220, determining treatment measures according to the wind control type.
S230, prompting the user to continue the transaction or terminate the transaction according to the processing measures. The wind control type comprises a pre-event monitoring type, an in-event monitoring type and a post-event monitoring type, wherein the pre-event monitoring type, the in-event monitoring type and the post-event monitoring type are respectively used for controlling risks before, during and after transactions, and processing measures are obtained by calling a pre-established risk monitoring model.
Fig. 3 schematically illustrates a flow chart of a method of determining an air control type according to an embodiment of the disclosure. Fig. 4A schematically illustrates a block diagram of a transaction risk monitoring system according to an embodiment of the present disclosure. Fig. 4B schematically illustrates a block diagram of a transaction risk monitoring system according to another embodiment of the present disclosure.
According to an embodiment of the present disclosure, as shown in fig. 3, the type of wind control hit is determined, for example, through steps S311 to S313.
S311, receiving a transaction request through the foreground public module.
For example, as shown in FIG. 4A, transaction risk monitoring may be implemented through interaction of a foreground common module with a background common module. When clients submit transactions, the foreground public module is called, transaction request data related to wind control is processed in the foreground public module, then the data is uploaded to the background public module, and then the foreground public module carries out different risk control measure processing on the transaction request of the foreground according to the return result of the background public module.
For example, a customer submits a transaction on a page, the transaction risk monitoring system prepares data, and then invokes a detection method of a pre-established foreground public module to check and process the transaction data. Processing the transaction request data related to the wind control in the foreground public module comprises checking the validity of input, checking transaction data such as money, performing data conversion and the like. And calling the background public module, processing the hit risk monitoring model and the processing measures returned by the background public module, and adopting different monitoring measures according to the risk monitoring model and the processing measures. The foreground public module can also process the abnormal branches, for example, no return result, return timeout or return abnormal data, and the like, and then compatible processing is performed.
S312, according to the transaction request, a request is initiated to the background public module through the foreground public module, so that the background wind control service is invoked in the background public module.
For example, as shown in fig. 4A, a background public module is pre-established, data uploaded by a foreground public module is received, data inspection is performed, for example, business rules such as account numbers are checked, a read wind control service is called, hit wind control types are checked, corresponding monitoring processing measures are queried in an application monitoring model database according to the wind control types returned by the read, and state data (namely, hit wind control type processing measures) are returned to the foreground public module.
S313, judging the time attribute of the transaction request through the background wind control service to determine that the wind control type is any one of the prior monitoring type, the in-process monitoring type and the post-process monitoring type.
For example, the REAF air control service determines the type of air control based on the time node at which the transaction request occurred. And when the time node is before the transaction occurs, determining that the wind control type is the pre-monitoring type. And when the time node is in the transaction occurrence, determining that the wind control type is the in-process monitoring type. And when the time node is the transaction, determining that the wind control type is the post-monitoring type. If the monitoring type is the pre-monitoring type or the in-process monitoring type, the result returned to the front public module is assigned, for example, a blacklist is hit, a number type 1 is returned, and a gray list is hit, a number type 2 is returned, so that the system can understand the returned result conveniently. And then acquiring information such as processing measures and prompts of the monitoring type in the wind control type query data table, and returning the risk monitoring model and the processing measures to the foreground public module.
For example, if the post-hoc monitoring type is used, a background registration module is called after the transaction is successful to register the risk monitoring table. The returned hit model can be stored into session (time domain) through a background public module for tamper resistance of monitoring results. As shown in fig. 4B, after the transaction is completed, for example, after account deduction, a post-processing flow is newly added, and by calling the read service, it is determined whether the post-monitoring model is hit, if not, the transaction is ended, and if hit, registration is performed, and then the transaction is ended.
Fig. 5 schematically illustrates a method flow diagram of determining processing measures according to an embodiment of the disclosure.
According to an embodiment of the present disclosure, as shown in fig. 5, processing measures are determined, for example, by steps S521 to S522.
S521, according to the wind control type, a risk monitoring model is called.
S522, inquiring the wind control type inquiry data table according to the risk monitoring model to determine the processing measures. The risk monitoring model comprises a pre-event risk monitoring model, an event risk monitoring model and a post-event risk monitoring model, and the pre-event risk monitoring model, the event risk monitoring model and the post-event risk monitoring model are respectively and correspondingly provided with a pre-event risk treatment measure, an event risk treatment measure and a post-event risk treatment measure. The method is convenient for summarizing related elements by inquiring the wind control type inquiry data table, and improves maintainability of the risk monitoring model and the intervention measures.
For example, the wind control type lookup data table is shown in table 1.
TABLE 1 wind control type lookup data table
Field sequence number Field description
1 Land area code
2 Channel type
3 Language (L)
4 Column number
5 Hit model
6 Trade name
7 Intervention measures
8 Prompt content
9 Update time
According to the hit wind control type, the risk monitoring model corresponding to the hit wind control type is called, and then the hit model can be matched with the table 1 recorded with the hit model. The intervention in table 1 is queried and fed back to the foreground common module.
It will be appreciated that there are multiple types of clients, such as PC (computer) end, mobile end (mobile phone, tablet computer), etc., and that the risk monitoring models employed by different clients may be the same or different. Therefore, for different clients, channel types can be introduced into the wind control type query data table, channels for transaction are limited, and the risk monitoring model can be matched faster and more accurately.
Fig. 6 schematically illustrates a method flow diagram of determining processing measures according to an embodiment of the disclosure. FIG. 7 schematically illustrates a flow chart of internal management module and application channel interactions, according to an embodiment of the present disclosure.
According to an embodiment of the present disclosure, as shown in fig. 6, processing measures are determined, for example, by steps S621 to S622.
S621, inquiring the wind control type inquiry data table to determine the client type corresponding to the transaction request.
For example, from the channel types in table 1, the type of client corresponding to the transaction request may be determined.
S622, according to the client type and the wind control type, a risk monitoring model is called. By combining the specific client type with the confirmed wind control type, the risk monitoring model corresponding to the transaction request can be more accurately matched.
For example, as shown in fig. 7, after determining the client (i.e. transaction channel) where the transaction occurs by querying the wind control type query data table, the read service may be invoked through a specific channel, the risk monitoring model may be matched in the database by the column number, the read type (i.e. hit type), the language query, and the like, and the hit result returned by the read may be processed. The method can also synchronize databases with an internal management system according to days, and improves the applicability of the risk monitoring method.
Fig. 8 schematically illustrates a method flowchart for prompting a user for operation in accordance with an embodiment of the present disclosure.
According to an embodiment of the present disclosure, as shown in fig. 8, the user is prompted to continue or terminate the transaction, for example, through steps S831-S832.
S831, the processing measures are fed back to the front public module through the back public module.
S832, judging the processing measures through the foreground public module and displaying the judging result to the user. Under the condition that the wind control type is a pre-monitoring type or an in-process monitoring type, judging that the risk monitoring model is any one of a blacklist, a gray list and a declaration form. And prompting the user to terminate the transaction if the blacklist is hit. In the event of a gray list hit, the user is prompted to continue the transaction or terminate the transaction. And prompting the user to know the leaflet under the condition of hitting the leaflet. The method has the advantages that the specific processing under the condition that the judgment result is the pre-monitoring type and the in-process monitoring type and the classification processing according to the transaction time nodes are beneficial to standardization of risk monitoring, and the risk monitoring efficiency is improved while the transaction monitoring range is enlarged.
For example, the risk monitoring model may be a blacklist model: if the collection account number or the payee name hits, the customer is prohibited from submitting the transaction. Gray list model: maintaining a gray list (the account numbers are the same), and a transaction hit rule is that a warning window needs to be popped up before a client submits, and the client selects termination or continuation to prompt: the payee information relates to suspicious or high risk transactions, please verify the payee identity before deciding whether the payment is continued or not, etc.
For example, when the wind control type is a post-event monitoring type, the post-event risk monitoring model and the elements of the transaction request are registered. For example, a post-registration transaction module is established in the background, when the wind control type is judged to be the post-monitoring type through the REAF service, and after the transaction is successful, a corresponding risk monitoring model can be sent to the post-registration transaction module for registration and modification, or the risk monitoring model is newly added under the condition that the risk monitoring model is not matched. The hit monitoring model and elements of the transaction request can be registered in the risk monitoring table and exported for subsequent analysis and research, so that the expansibility of the transaction risk monitoring method is further embodied.
Fig. 9 schematically illustrates a flow chart of a method of determining a type of air control according to another embodiment of the present disclosure.
According to an embodiment of the present disclosure, as shown in fig. 9, the type of wind control hit is determined, for example, through steps S911 to S913.
S911, by inquiring the wind control type inquiry data table, the area number corresponding to the transaction request is determined.
For example, after the risk monitoring model is invoked to match to table 1 with the hit model, the area number may be queried, and the area where the transaction request is located may be determined according to the area number, so that the wind control type preset corresponding to the area may be obtained. Because different areas, such as different provinces and different countries, can have great differences in transaction types, the transaction characteristics and the faced transaction risks of the areas can be reflected by carrying out regional classification summarization on the risk monitoring model, and further the accuracy and the monitoring efficiency of the transaction risk monitoring can be improved.
S912, determining the preset wind control type of the area where the transaction request is located through the area code.
S913, determining the wind control type according to the preset wind control type and the time attribute of the transaction request.
For example, in connection with determining a preset wind control type for a region and a time node for a particular transaction request, the wind control type for monitoring the particular transaction request may be more quickly and accurately determined.
For cross-border transactions, when facing different transaction languages, language options can be introduced into the wind control type query data table for calling language translation services, so that multi-language transaction risk monitoring can be realized.
For example, as shown in Table 1, the language corresponding to the transaction request may also be determined by querying a wind control type lookup data table. By language, a language that matches the transaction request is determined.
According to an embodiment of the present disclosure, as shown in fig. 4A, the transaction risk monitoring method further includes, for example:
s240, judging whether the hit wind control type is tampered or not under the condition of continuing the transaction.
S250, continuing the transaction when the hit wind control type is not tampered. And judging whether the hit wind control type is tampered or not in a tamper-proof module arranged in the background.
For example, a tamper-proof module is pre-built in the background for performing a secondary verification on the transaction before continuing the business process, preventing modification of the hit model. For example, when the foreground public module judges that the hit result returned by the background public module is a blacklist, if the hit result is tampered to be a gray list by a related technical means, the error is reported when the tamper-proof module performs secondary verification, and then the transaction is ended. By carrying out secondary verification on the monitoring judgment result of the transaction, the risk of attack of risk monitoring is reduced, and the reliability of monitoring is further improved.
According to an embodiment of the present disclosure, as shown in fig. 2, the transaction risk monitoring method further includes, for example:
and S260, maintaining the risk monitoring model in the internal management module according to the wind control type.
For example, as shown in fig. 4A, the transaction risk monitoring system further includes an internal management module that can support maintenance of the wind control type, such as adding a risk monitoring model, modifying an existing wind control model, and deleting an existing monitoring model. After one development is completed, support professionals can configure a plurality of different risk monitoring models and corresponding wind control treatment measures for different transactions through an internal management module.
For example, the internal management module operates by default to query the risk monitoring type already configured in the relevant region, and displays the configured wind control type query data table. When the new addition is triggered, the wind control model and the processing measures of the types in advance, in the past and after the past are newly added. When the modification is triggered, the existing wind control models and processing measures of all types are modified. When the deletion is triggered, deleting the wind control model and the processing measures of each type. And synchronizing the data to the application database at daily timings.
And S270, synchronizing the maintained risk monitoring model into a model database arranged in the background public module so as to update the wind control type query data table. Under the condition of triggering the new addition, a risk monitoring model and processing measures corresponding to the new addition risk monitoring model are added. And under the condition of triggering modification, modifying the risk monitoring model and the processing measures corresponding to the risk monitoring model. And under the condition of triggering deletion, deleting the risk monitoring model and the processing measures corresponding to the risk monitoring model. The internal management module is used for carrying out maintenance such as addition, modification, deletion and the like on the risk monitoring model, so that the configurability of transaction risk monitoring is improved, and further, the risk monitoring requirement of variable business can be met.
For example, the area A realizes a blacklist monitoring model, if the area B also needs to add blacklist monitoring measures, the monitoring model data of the corresponding area only needs to be added in the internal management module, and the foreground and the background do not need to be modified. If the business personnel want to modify the model of gray list monitoring in a certain area, the code is not required to be modified, and only the corresponding monitoring prompt information is required to be modified in the internal management module, so that the business personnel can maintain the related risk monitoring model conveniently, repeated development is reduced, and a large amount of cost is saved.
Based on the transaction risk monitoring method, the disclosure further provides a transaction risk monitoring device. The device will be described in detail below in connection with fig. 10.
Fig. 10 schematically illustrates a block diagram of a transaction risk monitoring device according to an embodiment of the present disclosure.
As shown in fig. 10, the transaction risk monitoring apparatus 1000 of this embodiment includes a hit module 1010, a processing module 1020, and a hint module 1030.
The hit module 1010 is configured to invoke a background wind control service in response to a user initiated transaction request to determine a hit wind control type. In an embodiment, the hit module 1010 may be used to perform the operation S210 described above, which is not described herein.
The processing module 1020 is configured to determine a processing measure according to the wind control type. In an embodiment, the processing module 1020 may be configured to perform the operation S220 described above, which is not described herein.
The prompting module 1030 is configured to prompt a user to continue or terminate a transaction based on the processing actions. The wind control type comprises a pre-event monitoring type, an in-event monitoring type and a post-event monitoring type, wherein the pre-event monitoring type, the in-event monitoring type and the post-event monitoring type are respectively used for controlling risks before, during and after transactions. And acquiring processing measures by calling a pre-established risk monitoring model. In an embodiment, the prompting module 1030 may be configured to perform the operation S230 described above, which is not described herein.
Any of the hit module 1010, the processing module 1020, and the hint module 1030 may be combined and implemented in one module or any of the modules may be split into multiple modules according to embodiments of the present disclosure. Alternatively, at least some of the functionality of one or more of the modules may be combined with at least some of the functionality of other modules and implemented in one module. At least one of hit module 1010, processing module 1020, and hint module 1030 may be implemented at least in part as hardware circuitry, such as a Field Programmable Gate Array (FPGA), programmable Logic Array (PLA), system-on-chip, system-on-substrate, system-on-package, application Specific Integrated Circuit (ASIC), or in hardware or firmware, in any other reasonable manner of integrating or packaging circuitry, or in any one of or a suitable combination of three of software, hardware, and firmware, in accordance with embodiments of the present disclosure. Alternatively, at least one of the hit module 1010, the processing module 1020, and the hint module 1030 may be implemented at least in part as a computer program module that, when executed, performs the corresponding functions.
Fig. 11 schematically illustrates a block diagram of an electronic device adapted to implement a transaction risk monitoring method according to an embodiment of the present disclosure.
As shown in fig. 11, an electronic device 1100 according to an embodiment of the present disclosure includes a processor 1101 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 1102 or a program loaded from a storage section 1108 into a Random Access Memory (RAM) 1103. The processor 1101 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or an associated chipset and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. The processor 1101 may also include on-board memory for caching purposes. The processor 1101 may comprise a single processing unit or a plurality of processing units for performing the different actions of the method flow according to embodiments of the present disclosure.
In the RAM 1103, various programs and data necessary for the operation of the electronic device 900 are stored. The processor 1101, ROM 1102, and RAM 1103 are connected to each other by a bus 1104. The processor 1101 performs various operations of the method flow according to the embodiments of the present disclosure by executing programs in the ROM 1102 and/or the RAM 1103. Note that the program may be stored in one or more memories other than the ROM 1102 and the RAM 1103. The processor 1101 may also perform various operations of the method flow according to embodiments of the present disclosure by executing programs stored in the one or more memories.
According to an embodiment of the disclosure, the electronic device 900 may also include an input/output (I/O) interface 1105, the input/output (I/O) interface 1105 also being connected to the bus 1104. The electronic device 900 may also include one or more of the following components connected to the I/O interface 1105: an input section 1106 including a keyboard, a mouse, and the like; an output portion 1107 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage section 1108 including a hard disk or the like; and a communication section 1109 including a network interface card such as a LAN card, a modem, and the like. The communication section 1109 performs communication processing via a network such as the internet. The drive 1110 is also connected to the I/O interface 1105 as needed. Removable media 1111, such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like, is installed as needed in drive 1110, so that a computer program read therefrom is installed as needed in storage section 1108.
The present disclosure also provides a computer-readable storage medium that may be embodied in the apparatus/device/system described in the above embodiments; or may exist alone without being assembled into the apparatus/device/system. The computer-readable storage medium carries one or more programs which, when executed, implement methods in accordance with embodiments of the present disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example, but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, the computer-readable storage medium may include ROM1102 and/or RAM1103 described above and/or one or more memories other than ROM1102 and RAM 1103.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the methods shown in the flowcharts. The program code, when executed in a computer system, causes the computer system to implement the item recommendation method provided by embodiments of the present disclosure.
The above-described functions defined in the system/apparatus of the embodiments of the present disclosure are performed when the computer program is executed by the processor 1101. The systems, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.
In one embodiment, the computer program may be based on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program can also be transmitted, distributed over a network medium in the form of signals, downloaded and installed via the communication portion 1109, and/or installed from the removable media 1111. The computer program may include program code that may be transmitted using any appropriate network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In such an embodiment, the computer program can be downloaded and installed from a network via the communication portion 1109, and/or installed from the removable media 1111. The above-described functions defined in the system of the embodiments of the present disclosure are performed when the computer program is executed by the processor 1101. The systems, devices, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.
According to embodiments of the present disclosure, program code for performing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, such computer programs may be implemented in high-level procedural and/or object-oriented programming languages, and/or assembly/machine languages. Programming languages include, but are not limited to, such as Java, c++, python, "C" or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that the features recited in the various embodiments of the disclosure and/or in the claims may be provided in a variety of combinations and/or combinations, even if such combinations or combinations are not explicitly recited in the disclosure. In particular, the features recited in the various embodiments of the present disclosure and/or the claims may be variously combined and/or combined without departing from the spirit and teachings of the present disclosure. All such combinations and/or combinations fall within the scope of the present disclosure.
The embodiments of the present disclosure are described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described above separately, this does not mean that the measures in the embodiments cannot be used advantageously in combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be made by those skilled in the art without departing from the scope of the disclosure, and such alternatives and modifications are intended to fall within the scope of the disclosure.

Claims (13)

1. A transaction risk monitoring method, comprising:
responding to a transaction request initiated by a user, and calling a background wind control service to determine the hit wind control type;
Determining a treatment measure according to the wind control type;
prompting the user to continue the transaction or terminate the transaction according to the processing measure;
the wind control type comprises a pre-event monitoring type, an in-event monitoring type and a post-event monitoring type, wherein the pre-event monitoring type, the in-event monitoring type and the post-event monitoring type are respectively used for controlling risks before, during and after transactions;
and acquiring the processing measures by calling a pre-established risk monitoring model.
2. The method of claim 1, wherein invoking a background wind control service to determine a hit wind control type in response to a user initiated transaction request comprises:
receiving the transaction request through a foreground public module;
according to the transaction request, a request is initiated to a background public module through the foreground public module, so that the background wind control service is invoked in the background public module;
and judging the time attribute of the transaction request through the background wind control service to determine that the wind control type is any one of the pre-monitoring type, the in-process monitoring type and the post-process monitoring type.
3. The method of claim 2, wherein said determining a treatment based on said wind control type comprises:
According to the wind control type, calling the risk monitoring model;
inquiring a wind control type query data table according to the risk monitoring model to determine the treatment measures;
the risk monitoring model comprises a pre-event risk monitoring model, an event risk monitoring model and a post-event risk monitoring model, and the pre-event risk monitoring model, the event risk monitoring model and the post-event risk monitoring model are respectively and correspondingly provided with a pre-event risk processing measure, an event risk processing measure and a post-event risk processing measure.
4. A method according to claim 3, wherein prompting the user to continue or terminate the transaction in accordance with the processing means comprises:
feeding back the processing measures to the foreground common module through the background common module;
judging the processing measures through the foreground public module, and displaying the judging result to a user;
under the condition that the wind control type is the pre-monitoring type or the in-event monitoring type, judging that the risk monitoring model is any one of a blacklist, a gray list and a declaration leaflet; and
prompting the user to terminate the transaction under the condition of hitting the blacklist;
Prompting the user to continue the transaction or terminate the transaction under the condition of hitting the gray list;
and prompting the user to know the leaflet under the condition of hitting the leaflet.
5. The method as recited in claim 4, further comprising:
and registering the post risk monitoring model and the elements of the transaction request under the condition that the wind control type is the post monitoring type.
6. The method of claim 3, wherein invoking a background wind control service to determine a hit wind control type in response to a user initiated transaction request further comprises:
determining a land area code and a language corresponding to the transaction request by querying the wind control type query data table;
determining a preset wind control type of the area where the transaction request is located through the area number;
determining the wind control type according to the preset wind control type and the time attribute of the transaction request; and
and determining the language matched with the transaction request through the language.
7. The method as recited in claim 1, further comprising:
judging whether the hit wind control type is tampered or not under the condition of continuing the transaction;
Continuing the transaction if the hit wind control type is not tampered;
and judging whether the hit wind control type is tampered or not in a tamper-proof module arranged in the background.
8. A method according to claim 3, further comprising:
according to the wind control type, maintaining the risk monitoring model in an internal management module;
synchronizing the maintained risk monitoring model to a model database arranged in the background public module so as to update the wind control type query data table;
under the condition of triggering the new addition, adding a risk monitoring model and processing measures corresponding to the newly added risk monitoring model;
under the condition of triggering modification, modifying the risk monitoring model and the processing measures corresponding to the risk monitoring model;
and deleting the risk monitoring model and the processing measures corresponding to the risk monitoring model under the condition of triggering deletion.
9. A method according to claim 3, wherein said determining a treatment based on said wind control type further comprises:
querying the wind control type query data table to determine a client type corresponding to the transaction request;
And calling the risk monitoring model according to the client type and the wind control type.
10. A transaction risk monitoring device, comprising:
the hit module is used for responding to a transaction request initiated by a user and calling a background wind control service so as to determine the hit wind control type;
the processing module is used for determining processing measures according to the wind control type;
the prompting module is used for prompting the user to continue the transaction or terminate the transaction according to the processing measures;
the wind control type comprises a pre-event monitoring type, an in-event monitoring type and a post-event monitoring type, wherein the pre-event monitoring type, the in-event monitoring type and the post-event monitoring type are respectively used for controlling risks before, during and after transactions;
and acquiring the processing measures by calling a pre-established risk monitoring model.
11. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-9.
12. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method according to any of claims 1-9.
13. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any one of claims 1 to 9.
CN202310205377.XA 2023-03-03 2023-03-03 Transaction risk monitoring method, device, equipment, medium and program product Pending CN116308384A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310205377.XA CN116308384A (en) 2023-03-03 2023-03-03 Transaction risk monitoring method, device, equipment, medium and program product

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310205377.XA CN116308384A (en) 2023-03-03 2023-03-03 Transaction risk monitoring method, device, equipment, medium and program product

Publications (1)

Publication Number Publication Date
CN116308384A true CN116308384A (en) 2023-06-23

Family

ID=86799005

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310205377.XA Pending CN116308384A (en) 2023-03-03 2023-03-03 Transaction risk monitoring method, device, equipment, medium and program product

Country Status (1)

Country Link
CN (1) CN116308384A (en)

Similar Documents

Publication Publication Date Title
CN106850346B (en) Method and device for monitoring node change and assisting in identifying blacklist and electronic equipment
US11580259B1 (en) Identity security architecture systems and methods
WO2019037417A1 (en) Webpage data crawling method and apparatus, webpage data crawling platform, and storage medium
US20230298032A1 (en) Advanced data collection using browser extension application for internet security
CN115587575A (en) Data table creation method, target data query method, device and equipment
CN113191892A (en) Account risk prevention and control method, device, system and medium based on equipment fingerprint
CN113949560B (en) Network security identification method, device, server and storage medium
CN113139869A (en) Credit investigation authorization query processing method and device
US20230012460A1 (en) Fraud Detection and Prevention System
CN116308384A (en) Transaction risk monitoring method, device, equipment, medium and program product
CN114780807A (en) Service detection method, device, computer system and readable storage medium
CN114218283A (en) Abnormality detection method, apparatus, device, and medium
CN114240060A (en) Risk control method, risk processing system, risk processing device, server, and storage medium
CN111782967A (en) Information processing method, information processing device, electronic equipment and computer readable storage medium
CN113904828B (en) Method, apparatus, device, medium and program product for detecting sensitive information of interface
US8977564B2 (en) Billing account reject solution
CN116932214A (en) Instruction sending method and device, electronic equipment and computer storage medium
CN116483654A (en) Data detection method, device, electronic equipment and medium
CN116894642A (en) Information processing method and device, electronic equipment and computer readable storage medium
CN115423633A (en) Transaction data processing method, device, electronic equipment and medium
CN114971897A (en) Abnormal object processing method, device, equipment and medium
CN115952485A (en) Information processing method, device, equipment and storage medium
CN115687284A (en) Information processing method, device, equipment and storage medium
CN114138818A (en) Information processing method, processing device, electronic device and readable storage medium
CN117422416A (en) Block chain-based business handling method, device, equipment, medium and product

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination