CN117114681A - Theft and brushing risk analysis method and device, electronic equipment and medium - Google Patents

Theft and brushing risk analysis method and device, electronic equipment and medium Download PDF

Info

Publication number
CN117114681A
CN117114681A CN202311032198.7A CN202311032198A CN117114681A CN 117114681 A CN117114681 A CN 117114681A CN 202311032198 A CN202311032198 A CN 202311032198A CN 117114681 A CN117114681 A CN 117114681A
Authority
CN
China
Prior art keywords
transaction
regional
analysis
risk
behavior
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311032198.7A
Other languages
Chinese (zh)
Inventor
许思文
石岳蓉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202311032198.7A priority Critical patent/CN117114681A/en
Publication of CN117114681A publication Critical patent/CN117114681A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/242Query formulation
    • G06F16/2433Query languages
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2455Query execution
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4016Transaction verification involving fraud or risk level assessment in transaction processing

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • General Physics & Mathematics (AREA)
  • Finance (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mathematical Physics (AREA)
  • Alarm Systems (AREA)

Abstract

The method, the device, the electronic equipment and the medium for analyzing the risk of the robber brushing based on the multidimensional features can be applied to the technical field of cloud computing and the technical field of the Internet of things. The method comprises the following steps: acquiring authorized customer transaction data based on the current transaction, wherein the customer transaction data at least comprises transaction time characteristics, transaction area characteristics, transaction amount characteristics and transaction behavior characteristics; calculating the regional credibility of the current transaction based on the transaction regional characteristics; if the regional credibility is smaller than a preset threshold K, carrying out balance abnormality analysis to obtain a balance analysis result; if the balance analysis result is abnormal, performing time abnormality analysis to obtain a time analysis result; if the time analysis result is abnormal, performing behavior identification analysis to obtain a behavior analysis result; and obtaining a theft brushing risk judgment result based on the behavior analysis result.

Description

Theft and brushing risk analysis method and device, electronic equipment and medium
Technical Field
The invention relates to the technical field of cloud computing and the technical field of the Internet of things, in particular to a theft and brushing risk analysis method, a theft and brushing risk analysis device, electronic equipment and a theft and brushing risk analysis medium.
Background
With the widespread use of Automated Teller Machines (ATMs), ATM swipe events occur frequently, with significant loss and security risks to individual users and financial institutions. The ATM robbery is the act of obtaining information of bank cards of other people without authorization and illegally extracting funds through fraudulent or theft measures, and the robbery act not only damages the property safety and trust of individual users, but also has negative influence on the stability of the whole financial system.
Currently, in order to solve the above problems, financial institutions deal with the problems by strengthening physical security measures, improving technical protection means, strengthening monitoring and early warning systems, and the like, including: monitoring, protection and inspection of the ATM are enhanced; the security is improved by adopting a chip card technology, double-factor authentication, encryption communication and the like; monitoring is enhanced using a real-time monitoring system.
However, while current countermeasures have improved transaction security to some extent, there are still some shortcomings and challenges: the theft and brushing event has obvious regional abnormality, the existing means mainly carries out risk judgment by monitoring the single feature of the face, the obtained information is limited, and misjudgment or omission is easy to occur; meanwhile, as the technology of theft and brushing is continuously evolved, new security holes and attack modes are endlessly layered, so that the existing coping means has poor effect. In addition, the corresponding speed and accuracy of the monitoring and early warning system after abnormal transactions are found still has room for improvement.
Disclosure of Invention
In view of the foregoing, according to a first aspect of the present invention, there is provided a method for risk analysis of swipe based on multidimensional features, the method comprising: acquiring authorized customer transaction data based on the current transaction, wherein the customer transaction data at least comprises transaction time characteristics, transaction area characteristics, transaction amount characteristics and transaction behavior characteristics; calculating the regional credibility of the current transaction based on the transaction regional characteristics; if the regional credibility is smaller than a preset threshold K, carrying out balance exception analysis based on the transaction amount characteristics to obtain a balance analysis result; if the balance analysis result is abnormal, performing time abnormality analysis based on the transaction time characteristics to obtain a time analysis result; if the time analysis result is abnormal, performing behavior recognition analysis based on the transaction behavior characteristics to obtain a behavior analysis result; and obtaining a theft brushing risk judgment result based on the behavior analysis result.
According to some exemplary embodiments, the calculating the regional credibility of the current transaction based on the transaction regional characteristics specifically includes: acquiring historical regional transaction times of the current exchange place based on the transaction regional characteristics; introducing a regional risk coefficient table, and calculating a regional risk coefficient of the current transaction place based on the regional risk coefficient table; and calculating the regional credibility by using the historical regional transaction times and the regional risk coefficient.
According to some exemplary embodiments, the regional risk coefficient table includes a city grade score, a travel city grade score, a black-producing regional grade score, and an additional score, the introducing regional risk coefficient table calculates a regional risk coefficient of a current transaction location based on the regional risk coefficient table, and specifically includes: introducing a risk degree weighting table, wherein the risk degree weighting table comprises risk weighting coefficients corresponding to the city grade score, the travel city grade score, the black area grade score and the additional score; and correlating and calculating the risk degree weighting table and the regional risk coefficient table by using SQL sentences to obtain the regional risk coefficient.
According to some exemplary embodiments, the calculating the regional credibility by using the historical regional transaction times and the regional risk coefficient specifically includes: and calculating a first ratio of a preset constant to the regional risk coefficient, and adding the first ratio to the historical regional transaction times to obtain the regional credibility.
According to some exemplary embodiments, the acquiring authorized customer transaction data based on the current transaction specifically includes: establishing a connection with a transaction data analysis library, wherein the transaction data analysis library comprises the customer transaction data extracted and converted from a plurality of data sources; and acquiring the client transaction data from the transaction data analysis library in real time by utilizing SQL sentences.
According to some exemplary embodiments, the balance abnormality analysis is performed based on the transaction amount characteristics, and a balance analysis result is obtained, which specifically includes: acquiring a current balance before transaction and a current balance after transaction; calculating a second ratio of the current post-transaction balance to the current pre-transaction balance; and obtaining a balance analysis result by comparing the second ratio with a preset threshold L.
According to a second aspect of the present invention, there is provided a method for risk analysis of swipe based on multidimensional features, the method comprising: acquiring authorized customer transaction data based on the current transaction, wherein the customer transaction data comprises transaction card type characteristics, transaction time characteristics, transaction area characteristics, transaction amount characteristics and transaction behavior characteristics; based on the transaction card type characteristics, transaction time characteristics, transaction area characteristics, transaction amount characteristics and transaction behavior characteristics, acquiring comprehensive analysis credibility; and obtaining a theft and brushing risk judgment result based on the comprehensive analysis reliability.
According to some exemplary embodiments, the obtaining the comprehensive analysis reliability based on the transaction card type feature, the transaction time feature, the transaction area feature, the transaction amount feature, and the transaction behavior feature specifically includes: respectively comparing the transaction card type characteristics, the transaction time characteristics, the transaction area characteristics, the transaction amount characteristics and the transaction behavior characteristics with corresponding conditions by utilizing condition judgment and logic expression in the SQL sentence to obtain a condition satisfaction result; and calculating the comprehensive analysis credibility based on the condition meeting result and the preset distribution weight.
According to a third aspect of the present invention, there is provided a theft risk analysis device based on a multidimensional feature, the device comprising: a customer transaction data acquisition module for: acquiring authorized customer transaction data based on the current transaction, wherein the customer transaction data at least comprises transaction time characteristics, transaction area characteristics, transaction amount characteristics and transaction behavior characteristics; the regional credibility acquisition module is used for: calculating the regional credibility of the current transaction based on the transaction regional characteristics; the balance analysis result acquisition module is used for: if the regional credibility is smaller than a preset threshold K, carrying out balance exception analysis based on the transaction amount characteristics to obtain a balance analysis result; the time analysis result acquisition module is used for: if the balance analysis result is abnormal, performing time abnormality analysis based on the transaction time characteristics to obtain a time analysis result; the behavior analysis result acquisition module is used for: if the time analysis result is abnormal, performing behavior recognition analysis based on the transaction behavior characteristics to obtain a behavior analysis result; the theft and brushing risk judging result obtaining module is used for: and obtaining a theft brushing risk judgment result based on the behavior analysis result.
According to some example embodiments, the customer transaction data acquisition module may include a connection unit, a customer transaction data unit.
According to some exemplary embodiments, the connection unit may be configured to establish a connection with a transaction data analysis library, wherein the transaction data analysis library comprises the customer transaction data extracted and converted from a plurality of data sources.
According to some exemplary embodiments, the customer transaction data unit may be configured to obtain the customer transaction data from the transaction data analysis library in real-time using SQL statements.
According to some exemplary embodiments, the region reliability acquisition module may include a historical region transaction number acquisition unit, a region risk coefficient calculation module, and a region reliability calculation unit according to embodiments of the present invention.
According to some exemplary embodiments, the historical regional transaction number acquisition unit may be configured to acquire the historical regional transaction number of the current place of transaction based on the transaction regional characteristics.
According to some example embodiments, the regional risk factor calculation module may be configured to introduce a regional risk factor table, and calculate a regional risk factor for the current transaction location based on the regional risk factor table.
According to some example embodiments, the region reliability calculation unit may be configured to calculate the region reliability using the historical region transaction number and the region risk coefficient.
The region reliability calculation unit may further include a reliability calculation unit. The credibility calculation unit may be configured to calculate a first ratio of a preset constant to the regional risk coefficient, and sum the first ratio with the historical regional transaction number to obtain the regional credibility.
According to some example embodiments, the regional risk coefficient calculation module may include a risk degree weighting table introduction unit and a regional risk coefficient calculation unit.
According to some example embodiments, the risk degree weighting table introduction unit may be configured to introduce a risk degree weighting table including risk weighting coefficients corresponding to the city grade score, the travel city grade score, the black area grade score, and the additional score.
According to some exemplary embodiments, the regional risk coefficient calculation unit may be configured to correlate and calculate the risk degree weighting table and the regional risk coefficient table by using an SQL statement to obtain the regional risk coefficient.
According to some example embodiments, the balance analysis result acquisition module may include a balance acquisition unit, a second ratio calculation unit, and a balance analysis result acquisition unit.
According to some exemplary embodiments, the balance obtaining unit may be configured to obtain a current pre-transaction balance and a current post-transaction balance.
According to some example embodiments, the second ratio calculating unit may be configured to calculate a second ratio of the current post-transaction balance to the current pre-transaction balance.
According to some exemplary embodiments, the balance analysis result obtaining unit may be configured to obtain a balance analysis result by comparing the second ratio with a preset threshold L.
According to a fourth aspect of the present invention, there is provided a theft risk analysis device based on a multidimensional feature, the device comprising: a customer transaction data acquisition module for: acquiring authorized customer transaction data based on the current transaction, wherein the customer transaction data at least comprises transaction time characteristics, transaction area characteristics, transaction amount characteristics and transaction behavior characteristics; the comprehensive analysis reliability acquisition module is used for: based on the transaction card type characteristics, transaction time characteristics, transaction area characteristics, transaction amount characteristics and transaction behavior characteristics, acquiring comprehensive analysis credibility; the theft and brushing risk judging result obtaining module is used for: and obtaining a theft and brushing risk judging result based on the comprehensive analysis reliability.
According to some example embodiments, the integrated analysis reliability acquisition module may include a condition satisfaction result acquisition unit and an integrated analysis reliability calculation unit.
According to some exemplary embodiments, the condition satisfaction result obtaining unit may be configured to respectively compare the transaction card type feature, the transaction time feature, the transaction area feature, the transaction amount feature, and the transaction behavior feature with corresponding conditions by using a condition judgment and a logic expression in the SQL statement, to obtain a condition satisfaction result.
According to some exemplary embodiments, the integrated analysis reliability calculation unit may be configured to calculate the integrated analysis reliability based on the condition satisfaction result and a preset allocation weight.
According to a fifth aspect of the present invention, there is provided an electronic device comprising: one or more processors; and a storage device for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method as described above.
According to a sixth aspect of the present invention there is provided a computer readable storage medium having stored thereon executable instructions which when executed by a processor cause the processor to perform the method as described above.
According to a seventh aspect of the present invention there is provided a computer program product comprising a computer program which, when executed by a processor, implements a method as described above.
One or more of the above embodiments have the following advantages or benefits: according to the multi-dimensional feature-based theft risk analysis method provided by the invention, the features such as the transaction area, the transaction time, the transaction amount, the transaction behavior and the like of the ATM withdrawal of the customer are analyzed, the analysis can be performed according to the importance of the features, and a plurality of features are comprehensively considered, so that a potential abnormal model and risk signals are better captured, and a more comprehensive and accurate theft risk judgment result can be obtained.
Drawings
The foregoing and other objects, features and advantages of the invention will be apparent from the following description of embodiments of the invention with reference to the accompanying drawings, in which:
fig. 1 schematically illustrates an application scenario diagram of a method, a device, equipment and a medium for analysis of risk of piracy based on multidimensional features according to an embodiment of the invention.
Fig. 2 schematically shows a flow chart of a method of robber-brush risk analysis based on multidimensional features according to an embodiment of the invention.
Fig. 3 schematically shows a flow chart of a method of acquiring customer transaction data according to an embodiment of the invention.
Fig. 4 schematically illustrates a flow chart of a method of calculating regional trustworthiness of a current transaction according to an embodiment of the invention.
Fig. 5 schematically illustrates a flow chart of a method of calculating regional risk factors for a current transaction location according to an embodiment of the present invention.
FIG. 6 schematically illustrates a flow chart of a method of balance anomaly analysis according to an embodiment of the present invention.
Fig. 7 schematically shows a flow chart of a method of a theft risk analysis based on multidimensional features according to another embodiment of the invention.
FIG. 8 schematically illustrates a flow chart of a method of calculating integrated analytical confidence in accordance with an embodiment of the present invention.
Fig. 9 schematically shows a block diagram of a piracy risk analysis device based on a multidimensional feature according to an embodiment of the invention.
Fig. 10 schematically shows a block diagram of a theft risk analysis device based on a multi-dimensional feature according to a further embodiment of the present invention.
Fig. 11 schematically shows a block diagram of an electronic device adapted for a method of a piracy risk analysis based on multi-dimensional features according to an embodiment of the invention.
Detailed Description
Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings. It should be understood that the description is only illustrative and is not intended to limit the scope of the invention. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the invention. It may be evident, however, that one or more embodiments may be practiced without these specific details. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the present invention.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. The terms "comprises," "comprising," and/or the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It should be noted that the terms used herein should be construed to have meanings consistent with the context of the present specification and should not be construed in an idealized or overly formal manner.
Where expressions like at least one of "A, B and C, etc. are used, the expressions should generally be interpreted in accordance with the meaning as commonly understood by those skilled in the art (e.g.," a system having at least one of A, B and C "shall include, but not be limited to, a system having a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
In the technical scheme of the invention, the acquisition, storage, application and the like of the related personal information of the user accord with the regulations of related laws and regulations, necessary security measures are taken, and the public order harmony is not violated.
First, technical terms described herein are explained and illustrated as follows.
SQL (Structured Query Language): a standardized language for managing relational databases is a powerful programming language for storing, manipulating, and retrieving data in the databases. SQL allows users to create databases, tables, views, and store procedures, as well as perform various data operations, such as inserting, updating, deleting, and querying data.
Cloud computing: a mode for providing computing resources and services through the Internet provides resources such as computing, storage, network and the like to users through cloud services based on virtualization technology and distributed computing concepts.
The Internet of things: refers to a network where the internet interconnects and communicates with various items (e.g., sensors, actuators, smart devices, etc.). Through the internet of things, intelligent interaction and information sharing between objects and people can be realized, so that various intelligent devices, sensors, actuators and the like cooperate with each other to form an intelligent system, and more intelligent, efficient and convenient service experience is provided.
ATM robbery events occur in banking industry, and with the continuous development of information technology, the attack means of black-product group partners and the effectiveness of crime tools are continuously improved, and the black-product fraud is more concealed and difficult to prevent. The lawbreaker steals the magnetic stripe information and the password of the customer bank card by installing a magnetic stripe copying part on a card reader of the ATM and installing a camera on a password keyboard, thereby stealing the funds of the customer bank card.
The ATM theft-brushing scheme is usually a group centralized scheme and has the following characteristics: firstly, places are abnormal, according to statistics, ATM stolen transaction mostly occurs in an external port, namely, the transaction is taken out from different places, and the transaction is done by a partner and is done across areas, so that the ATM stolen transaction has high concealment and large difficulty in case breaking; secondly, time is unusual, and the stolen action of brushing of bank card mostly takes place in late night and early morning, because the ATM withdraws money limited in single day, at 0: the money drawing can be carried out by using two days before and after 00 days, and the money drawing at late night is not easy to draw attention, a stolen brushing client wakes up in the morning to find that the funds are stolen, lawbreakers usually select late night and early morning to act, and the money drawing is not victory; thirdly, the card is special, and most of the cards stolen by the ATM are single magnetic stripe debit cards. For historical reasons, the single magnetic stripe debit card has a loophole that magnetic stripe information can be copied, and the chip card has higher security and lower risk of being stolen and swiped, so lawbreakers mainly conduct criminal investigation on the single magnetic stripe debit card; fourthly, the money amount is abnormal, when an lawbreaker steals and swipes a bank card to conduct ATM cash-out transaction, the money in the client card is always taken out as much as possible to obtain the maximum benefit, and the money in the client card is always left; fifthly, the bank cash dispenser is generally provided with a camera according to related requirements so as to monitor the operation process of a cash dispenser, and in order to prevent the cash dispenser from being shot by the camera, lawless persons can select a mask to shield the face when making a case, so that the difficulty of solving the case is increased.
Because of the occurrence of ATM robbing events in recent years, great hidden danger is brought to the fund security of clients, and how to prevent lawbreakers and attacks of black-product group partners, the protection of the transaction security of the clients is a problem to be solved urgently.
Based on the above, an embodiment of the present invention provides a method for analyzing risk of theft and brushing based on multidimensional features, which is characterized in that the method includes: acquiring authorized customer transaction data based on the current transaction, wherein the customer transaction data at least comprises transaction time characteristics, transaction area characteristics, transaction amount characteristics and transaction behavior characteristics; calculating the regional credibility of the current transaction based on the transaction regional characteristics; if the regional credibility is smaller than a preset threshold K, carrying out balance exception analysis based on the transaction amount characteristics to obtain a balance analysis result; if the balance analysis result is abnormal, performing time abnormality analysis based on the transaction time characteristics to obtain a time analysis result; if the time analysis result is abnormal, performing behavior recognition analysis based on the transaction behavior characteristics to obtain a behavior analysis result; and obtaining a theft brushing risk judgment result based on the behavior analysis result. According to the multi-dimensional feature-based theft risk analysis method provided by the invention, the features such as the transaction area, the transaction time, the transaction amount, the transaction behavior and the like of the ATM withdrawal of the customer are analyzed, the analysis can be performed according to the importance of the features, and a plurality of features are comprehensively considered, so that a potential abnormal model and risk signals are better captured, and a more comprehensive and accurate theft risk judgment result can be obtained.
In some embodiments, the present invention further provides a method for analyzing risk of piracy based on multidimensional features, which is characterized in that the method includes: acquiring authorized customer transaction data based on the current transaction, wherein the customer transaction data comprises transaction card type characteristics, transaction time characteristics, transaction area characteristics, transaction amount characteristics and transaction behavior characteristics; based on the transaction card type characteristics, transaction time characteristics, transaction area characteristics, transaction amount characteristics and transaction behavior characteristics, acquiring comprehensive analysis credibility; and obtaining a theft and brushing risk judgment result based on the comprehensive analysis reliability. According to the multidimensional feature-based theft risk analysis method provided by the invention, the characteristics of the transaction card types, the transaction time, the transaction area, the transaction amount, the transaction behavior and the like of the ATM withdrawal of the customer are analyzed, so that a plurality of characteristics can be comprehensively considered at the same time, and omission in judging according to the sequence of a plurality of single characteristics is avoided.
It should be noted that the method, the device, the equipment and the medium for analyzing the risk of the robber brushing based on the multidimensional features, which are determined by the invention, can be used in the technical field of cloud computing and the technical field of the internet of things, can also be used in the financial field, and can also be used in various fields except the technical field of the cloud computing, the technical field of the internet of things and the financial field. The application fields of the method, the device, the equipment and the medium for the piracy risk analysis based on the multidimensional features provided by the embodiment of the invention are not limited.
In the technical scheme of the invention, the related user information (including but not limited to user personal information, user image information, user equipment information, such as position information and the like) and data (including but not limited to data for analysis, stored data, displayed data and the like) are information and data authorized by a user or fully authorized by all parties, and the processing of the related data such as collection, storage, use, processing, transmission, provision, disclosure, application and the like are all conducted according to the related laws and regulations and standards of related countries and regions, necessary security measures are adopted, no prejudice to the public welfare is provided, and corresponding operation inlets are provided for the user to select authorization or rejection.
Fig. 1 schematically illustrates an application scenario diagram of a method, a device, equipment and a medium for analysis of risk of piracy based on multidimensional features according to an embodiment of the invention.
As shown in fig. 1, an application scenario 100 according to this embodiment may include terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 is used as a medium to provide communication links between the terminal devices 101, 102, 103 and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
The user may interact with the server 105 via the network 104 using the terminal devices 101, 102, 103 to receive or send messages or the like. Various communication client applications, such as shopping class applications, web browser applications, search class applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only) may be installed on the terminal devices 101, 102, 103.
The terminal devices 101, 102, 103 may be a variety of electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The server 105 may be a server providing various services, such as a background management server (by way of example only) providing support for websites browsed by users using the terminal devices 101, 102, 103. The background management server may analyze and process the received data such as the user request, and feed back the processing result (e.g., the web page, information, or data obtained or generated according to the user request) to the terminal device.
It should be noted that the method for analyzing the risk of piracy based on the multidimensional feature according to the embodiment of the present invention may be generally performed by the server 105. Accordingly, the multi-dimensional feature-based theft risk analysis device provided by the embodiment of the present invention may be generally disposed in the server 105. The method for risk analysis of piracy based on multidimensional features provided by the embodiments of the present invention may also be performed by a server or a cluster of servers other than the server 105 and capable of communicating with the terminal devices 101, 102, 103 and/or the server 105. Accordingly, the multi-dimensional feature-based theft risk analysis device provided by the embodiment of the present invention may also be provided in a server or a server cluster that is different from the server 105 and is capable of communicating with the terminal devices 101, 102, 103 and/or the server 105.
It should be understood that the number of terminal devices, networks and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
Fig. 2 schematically shows a flow chart of a method of robber-brush risk analysis based on multidimensional features according to an embodiment of the invention.
As shown in fig. 2, the multi-dimensional feature-based theft risk analysis method 200 of this embodiment may include operations S210 to S260.
In operation S210, authorized customer transaction data is obtained based on the current transaction, wherein the customer transaction data includes at least a transaction time characteristic, a transaction area characteristic, a transaction amount characteristic, and a transaction behavior characteristic.
In the embodiment of the invention, in order to help the client to avoid the risk of robbery and to protect the security of data, when the client handles payment tools such as credit cards, debit cards and the like, the bank or the payment mechanism should clearly explain the purpose, the scope and the use mode of data acquisition to the client, and inform the client of the protection measures about the data privacy so as to ensure the transparency and the informed consent of the client to the data acquisition process. In the card handling process, the bank or the payment mechanism can provide clear authorization terms for the clients, so that the clients can clearly agree to provide the transaction data thereof for the mechanism for real-time acquisition and analysis, and the authorization terms are specific and clear, so that the authorization willingness of the clients is ensured to be clearly expressed.
In the technical scheme of the invention, the related user information (including but not limited to user personal information, user image information, user equipment information, such as position information and the like) and data (including but not limited to data for analysis, stored data, displayed data and the like) are collected, stored, used, processed, transmitted, provided, disclosed, applied and the like, and all the related laws and regulations and standards of related countries and regions are complied with, necessary security measures are taken, and the public welfare is not violated.
Fig. 3 schematically shows a flow chart of a method of acquiring customer transaction data according to an embodiment of the invention.
As shown in fig. 3, the method of acquiring customer transaction data of this embodiment may include operations S310 to S320.
In operation S310, a connection is established with a transaction data analysis library, wherein the transaction data analysis library includes the customer transaction data extracted and converted from a plurality of data sources.
In an embodiment of the present invention, the transaction data analysis library contains customer transaction data extracted and converted from a plurality of data sources. These data sources may include transaction card type, transaction time, transaction area, transaction amount, transaction device, transaction activity, etc. The data are integrated into a transaction data analysis library, so that the data can be stored, managed and analyzed conveniently.
In embodiments of the present invention, a connection may be established with a transaction data analysis library to obtain up-to-date customer transaction data in real time. The connection may be implemented via a network communication protocol, such as TCP/IP, to ensure that the system can exchange data with the data analysis library.
In operation S320, the customer transaction data is acquired from the transaction data analysis library in real time using an SQL statement.
In the embodiment of the invention, the required customer transaction data can be obtained from the transaction data analysis library in real time by writing a proper SQL query statement. The query statement may include a transaction record that selects a particular customer, including transaction time, transaction locale, etc., which may be implemented by an SQL statement.
In an embodiment of the invention, the transaction locale characteristics describe the geographic location or locale information at which the current transaction occurs, which characteristics may be used to determine the geographic distribution of the customer's transaction and compare it to the customer's normal transaction behavior. An abnormal transaction area may imply a potential risk of theft.
In embodiments of the invention, the transaction amount characteristics may include the amount of the current transaction, the current pre-transaction balance, and the current post-transaction balance. This feature may be used to detect abnormal amounts of transactions, such as abnormally high or abnormally low transactions, where large transactions may pose a risk and small transactions may be the act of a swiper testing the validity of an account; the feature can also be used to detect if the balance is abnormal, avoiding the thief from taking out the funds in the card as much as possible.
In embodiments of the present invention, the transaction time characteristic refers to the specific time at which the current transaction occurs, and abnormal transaction time may be an indicator of risk.
In an embodiment of the invention, transaction behavior features describe the transaction behavior of an ATM transactor, such as whether to wear a mask, cap to mask, etc.
In operation S220, a regional credibility of the current transaction is calculated based on the transaction regional characteristics.
In embodiments of the present invention, regional credibility may be determined based on historical transaction data, risk indices for customer transaction locations, and the like, which may be used to evaluate whether the current transaction location is credible.
Fig. 4 schematically illustrates a flow chart of a method of calculating regional trustworthiness of a current transaction according to an embodiment of the invention.
As shown in fig. 4, the method of calculating the regional credibility of the current transaction of this embodiment may include operations S410 to S430.
In operation S410, a historical regional transaction number of the current exchange location is obtained based on the transaction regional characteristics.
In the embodiment of the invention, historical transaction records of clients in different areas can be collected, the historical transaction records comprise geographic position information of transaction occurrence, the transaction times of each area can be counted, and data of the transaction times of the historical areas can be formed. Specifically, the transaction data may be grouped BY locale field using a grouping function of the GROUP BY clause in the SQL statement, and the number of transaction data per locale may be calculated BY a COUNT function.
It should be noted that the methods listed herein are only exemplary, and are not intended to limit the method for obtaining the transaction number of the historical region in the embodiment of the present invention, that is, the method for obtaining the transaction number of the historical region in the embodiment of the present invention may refer to other methods.
In operation S420, a regional risk coefficient table is introduced, and a regional risk coefficient of the current transaction location is calculated based on the regional risk coefficient table.
In an embodiment of the present invention, the regional risk coefficient table may be a pre-created table, which includes risk coefficient scores for each region. The risk factor score may include a base risk score based on the grade of the city and/or region. Further, the risk factor score may also include additional risk scores that are statistically and analyzable based on historical robbery data, crime rates, transaction security, and the like. The grade based on the city and/or the region can account for a larger proportion of the grade, and the grade based on factors such as historical robbery data, crime rate, transaction safety and the like can be used as a supplement to distinguish the risk grade of the city and/or the region with the same grade.
In the embodiment of the invention, the purpose of introducing the regional risk coefficient table is to perform risk assessment on different regions, the risk coefficient of the high-risk region can be higher, and the risk coefficient of the low-risk region can be lower. By searching the regional risk coefficient table, the regional risk coefficient of the current transaction location can be found.
In embodiments of the present invention, additional risk scores based on historical robbery data, crime rates, transaction security, etc. factors may be evaluated by training a machine learning model. Specifically, a training data set can be prepared and characteristic engineering can be performed according to factors including historical theft and brushing data, crime rate, transaction safety and the like and corresponding risk labels; selecting appropriate models such as logistic regression, decision trees, neural networks and the like, establishing an additional scoring model, and training and evaluating; predicting the current trade place according to the trained additional scoring model to obtain scores based on factors such as historical robbery data, crime rate, trade safety and the like.
In an embodiment of the present invention, the regional risk factor table may include a city level, a travel city level, and a black producing regional level. Correspondingly, the risk factor score may be: first line city +10, second line city +20, other cities +30; hot tourism city +0, popular tourism city +10, non-tourism city +30; active black-producing region +50, active black-producing surrounding region +20, and common region +0. Further, the regional risk coefficient table may further include additional scores of 0-9 based on additional scoring models for each city and/or region.
Fig. 5 schematically illustrates a flow chart of a method of calculating regional risk factors for a current transaction location according to an embodiment of the present invention.
As shown in fig. 5, the method for calculating the regional risk coefficient of the current transaction location according to this embodiment may include operations S510 to S520.
In operation S510, a risk degree weighting table including risk weighting coefficients corresponding to the city grade score, the travel city grade score, the black producing region grade score, and the additional score is introduced.
In the embodiment of the present invention, the risk degree weighting table may also be a pre-created table, which includes risk weighting coefficients corresponding to a city grade score, a travel city grade score, a black area grade score, and an additional score. These weighting coefficients are determined in advance and can be determined based on historical data, statistical information, and expertise. The risk degree weighting table aims at carrying out weighted calculation on regional risks of different categories so as to comprehensively consider risk factors of different categories.
In operation S520, the risk weighting table and the regional risk coefficient table are associated and calculated by using an SQL statement, so as to obtain the regional risk coefficient.
In an embodiment of the present invention, a JOIN clause may be used to correlate the risk weighting table with the regional risk coefficient table, followed by a multiplication to calculate the regional risk coefficient, where the regional risk coefficient F i The calculation formula of (2) is as follows:
F i =k 1 C i +k 2 T i +k 3 B i +k 4 P i (1)
wherein C is i Scoring city grade, T i Grade score for tourist city, B i Grade score for black producing region, P i To add a score, k 1 ~k 4 Weighting the corresponding risk factors.
Referring back to fig. 4, the regional credibility is calculated using the historical regional transaction times and the regional risk coefficient in operation S430.
In an embodiment of the present invention, the calculating the regional credibility by using the historical regional transaction times and the regional risk coefficient specifically includes: and calculating a first ratio of a preset constant to the regional risk coefficient, and adding the first ratio to the historical regional transaction times to obtain the regional credibility. Thus, regional reliability K b The calculation formula is as follows:
wherein D is the transaction number of the historical region, and M is a preset constant. The purpose of the first ratio is to normalize or standardize the regional risk coefficient, so that the numerical range of the regional risk coefficient is not too large or too small, and the selection of the constant M can be adjusted according to actual conditions and needs so as to adapt to specific business scenes and data characteristics. The value of the regional credibility will reflect the credibility of the current transaction location, with higher values indicating more credible regions and lower values indicating possible risk to the region.
Referring back to fig. 2, in operation S230, if the regional reliability is less than a preset threshold K, balance exception analysis is performed based on the transaction amount characteristics, and a balance analysis result is obtained.
FIG. 6 schematically illustrates a flow chart of a method of balance anomaly analysis according to an embodiment of the present invention.
As shown in fig. 6, the method for performing balance abnormality analysis of this embodiment may include operations S610 to S630.
In operation S610, a current pre-transaction balance and a current post-transaction balance are obtained.
In operation S620, a second ratio of the current post-transaction balance to the current pre-transaction balance is calculated.
In operation S630, a balance analysis result is obtained by comparing the second ratio with a preset threshold L.
In an embodiment of the invention, the calculation of the second ratio is intended to analyze the extent to which the current transaction affects the account balance. If the second ratio is greater than the preset threshold L, the balance after the current transaction is not greatly different from the balance before the current transaction, and the normal transaction is possible; if the second ratio is less than the preset threshold L, indicating that the current transaction results in a sharp decrease in account balance, an abnormal condition may exist, which may be theft or fraud.
Referring back to fig. 2, in operation S240, if the balance analysis result is abnormal, a time abnormality analysis is performed based on the transaction time characteristics, and a time analysis result is obtained.
In embodiments of the present invention, the transaction time characteristics may be compared with data related to historical transaction habits and behavioral patterns of the customer, e.g., historical transaction times for the transaction card may be obtained and analyzed, with transactions occurring at times when the customer is not typically transacting being identified as abnormal transaction times; the characteristics may also be compared with a time period set by the system, for example, the transaction time is determined to be abnormal in 11:00 a evening to 3:00 a next morning, or the target client is determined to be abnormal in 3:00 a afternoon to 5:00 a afternoon, where the target client does not normally conduct transactions, and the time period may be adjusted according to requirements.
In embodiments of the present invention, anomalies in transaction time may be detected by modeling or using statistical methods. For example, outlier detection algorithms may be used to identify abnormal transaction times.
It should be noted that the methods listed herein are only exemplary, and are not intended to limit the reference method for detecting the abnormal situation of the transaction time in the embodiment of the present invention, that is, the reference method for detecting the abnormal situation of the transaction time in the embodiment of the present invention may also refer to other methods.
In operation S250, if the time analysis result is abnormal, performing behavior recognition analysis based on the transaction behavior characteristics, and obtaining a behavior analysis result.
In the embodiment of the invention, the face image can be acquired according to the camera to identify whether suspicious behaviors exist in the client, such as face shielding and the like.
In operation S260, a theft risk determination result is obtained based on the behavior analysis result.
In the embodiment of the invention, the transaction which is finally judged to be abnormal is subjected to in-process intervention, such as short message verification, artificial phone verification and the like, and the current transaction is interrupted.
According to the multi-dimensional feature-based theft risk analysis method provided by the embodiment of the invention, the characteristics of the transaction card types, the transaction time, the transaction area, the transaction amount, the transaction equipment, the transaction behavior and the like of the ATM withdrawal of the customer are analyzed, the reliability of the transaction is calculated by using the area risk coefficient table, normal transaction and suspicious transaction of the customer are distinguished, and the suspicious transaction is subjected to in-process intervention to prevent the theft of the funds of the customer. By integrating the information of the multiple features, the theft risk analysis method can more accurately identify abnormal transactions and risk behaviors, and compared with a method which only considers single features, the method which integrates the multidimensional features can more capture abnormal modes and rules, and the accuracy of theft risk judgment is improved. Therefore, the embodiment of the invention has the following beneficial effects:
1. The risk that the conventional ATM steals and brushes a partner is hidden and not easy to be perceived is overcome, and the fund safety of a customer is effectively ensured;
2. according to the method, real-time transaction data in the database are utilized for analysis, so that risk assessment can be timely carried out, potential theft risk can be found out more quickly by timely acquiring latest transaction information, and timely measures are taken to prevent risks;
3. the database is used as a basis for data storage and management, and can store a large amount of transaction data, so that the method has good expandability. As the amount of transaction data increases, the analysis method can be flexibly expanded to cope with the increasing data demand;
4. databases typically have access control and security mechanisms that protect customers' transaction data from unauthorized access or disclosure. Meanwhile, the sensitive information can be encrypted, so that the security of the data is improved.
In the method for analyzing the risk of robber brushing based on the multidimensional features provided in the embodiment of the present invention, the risk is analyzed according to the order of importance of the features. When the regional credibility is larger than a preset threshold K, the analysis process can be terminated, and the transaction is output as normal transaction. Similarly, when the balance analysis result, the time analysis result and the behavior analysis result are normal, the analysis process can be terminated, and the current transaction is output as a normal transaction.
Therefore, in order to further improve the accuracy and reliability of the robber brushing risk judgment result and avoid omission of judgment according to the sequence of a plurality of single features, another embodiment of the present invention further provides a robber brushing risk method based on comprehensive multidimensional features.
Fig. 7 schematically shows a flow chart of a method of a theft risk analysis based on multidimensional features according to another embodiment of the invention.
As shown in fig. 7, the method for analyzing the risk of piracy based on the multidimensional feature of the embodiment may include operations S710 to S730.
In operation S710, authorized customer transaction data is obtained based on the current transaction, wherein the customer transaction data includes a transaction card type characteristic, a transaction time characteristic, a transaction area characteristic, a transaction amount characteristic, and a transaction behavior characteristic.
In operation S720, based on the transaction card type feature, the transaction time feature, the transaction area feature, the transaction amount feature, and the transaction behavior feature, a comprehensive analysis reliability is obtained.
In embodiments of the present invention, the transaction card seed features may include chip cards or magnetic stripe cards.
In the embodiment of the invention, the comprehensive analysis method and model can be utilized to comprehensively analyze the customer transaction data to obtain the comprehensive analysis credibility. The comprehensive analysis reliability can be an index of comprehensive evaluation, which considers a plurality of factors such as transaction card type, transaction time, transaction area, transaction amount, transaction behavior and the like to evaluate the reliability of the current transaction.
FIG. 8 schematically illustrates a flow chart of a method of calculating integrated analytical confidence in accordance with an embodiment of the present invention.
As shown in fig. 8, the method of calculating the integrated analysis reliability of this embodiment may include operations S810 to S820.
In operation S810, the transaction card type feature, the transaction time feature, the transaction area feature, the transaction amount feature, and the transaction behavior feature are compared with the corresponding conditions respectively by using the condition judgment and the logic expression in the SQL statement, so as to obtain a condition satisfaction result.
In the embodiment of the invention, through SQL sentences, the values of the characteristics can be compared and judged with preset conditions to obtain the condition satisfaction result.
In operation S820, the integrated analysis reliability is calculated based on the condition satisfaction result and the preset allocation weight.
In the embodiment of the invention, after the condition meeting result is obtained, the condition meeting result of each feature can be weighted according to the preset distribution weight, so that the comprehensive analysis reliability is obtained.
Referring back to fig. 7, in operation S730, a theft risk judgment result is obtained based on the integrated analysis reliability.
In the embodiment of the invention, the theft risk judgment result is obtained according to the result of comprehensive analysis of the credibility. If the integrated analysis has higher reliability, the current transaction is more reliable and can be normal customer behavior. Otherwise, if the comprehensive analysis reliability is low, the potential risk of the current transaction is indicated, and the current transaction may be a theft and brushing behavior. According to the theft risk judging result, corresponding precautionary measures can be adopted to protect the funds and the safety of the clients.
According to the multidimensional feature-based theft risk analysis method provided by the invention, customer transaction data including transaction card type features, transaction time features, transaction area features, transaction amount features and transaction behavior features can be acquired and analyzed from multiple dimensions. Through comprehensive analysis, the transaction behavior and habit of the client can be more comprehensively known, missing caused by judging according to the sequence of a plurality of single features is avoided, and whether abnormal transaction exists is complementarily judged; meanwhile, the method can be better suitable for different transaction scenes and data distribution, and the interpretation of risk analysis is improved.
It should be noted that, the method for analyzing the risk of the piracy based on the multidimensional features provided in operations S210 to S260 and operations S710 to S710 may be applied simultaneously or sequentially, and as long as one of the output robbery risk judging results is abnormal, the transaction should be performed with in-process intervention, such as performing a sms check, a phone call check, etc., and interrupting the current transaction; and carrying out normal transaction or terminating transaction according to the intervention result.
Fig. 9 schematically shows a block diagram of a piracy risk analysis device based on a multidimensional feature according to an embodiment of the invention.
As shown in fig. 9, the multi-dimensional feature-based theft risk analysis device 900 according to this embodiment includes a customer transaction data acquisition module 910, a regional reliability acquisition module 920, a balance analysis result acquisition module 930, a time analysis result acquisition module 940, a behavior analysis result acquisition module 950, and a theft risk judgment result acquisition module 960.
The customer transaction data acquisition module 910 may be configured to acquire authorized customer transaction data based on a current transaction, where the customer transaction data includes at least a transaction time characteristic, a transaction area characteristic, a transaction amount characteristic, and a transaction behavior characteristic. In an embodiment, the customer transaction data acquisition module 910 may be configured to perform the operation S210 described above, which is not described herein.
The regional credibility acquisition module 920 may be configured to calculate a regional credibility of the current transaction based on the transaction regional characteristics. In an embodiment, the region reliability obtaining module 920 may be configured to perform the operation S220 described above, which is not described herein.
The balance analysis result obtaining module 930 may be configured to perform balance exception analysis based on the transaction amount characteristic if the regional reliability is less than a preset threshold K, so as to obtain a balance analysis result. In an embodiment, the balance analysis result obtaining module 930 may be configured to perform the operation S230 described above, which is not described herein.
The time analysis result obtaining module 940 may be configured to perform time anomaly analysis based on the transaction time feature to obtain a time analysis result if the balance analysis result is abnormal. In an embodiment, the time analysis result obtaining module 940 may be configured to perform the operation S240 described above, which is not described herein.
The behavior analysis result obtaining module 950 may be configured to perform behavior recognition analysis based on the transaction behavior feature to obtain a behavior analysis result if the time analysis result is abnormal. In an embodiment, the behavior analysis result obtaining module 950 may be configured to perform the operation S250 described above, which is not described herein.
The theft risk determination module 960 may be configured to obtain a theft risk determination result based on the behavioral analysis result. In an embodiment, the theft risk determination result obtaining module 960 may be configured to perform the operation S260 described above, which is not described herein.
According to an embodiment of the present invention, the customer transaction data acquisition module 910 may include a connection unit, a customer transaction data unit.
The connection unit may be configured to establish a connection with a transaction data analysis library, wherein the transaction data analysis library includes the customer transaction data extracted and converted from a plurality of data sources. In an embodiment, the connection unit may be used to perform the operation S310 described above, which is not described herein.
The customer transaction data unit may be configured to obtain the customer transaction data from the transaction data analysis library in real-time using SQL statements. In an embodiment, the customer transaction data unit may be used to perform operation S320 described above, which is not described herein.
According to an embodiment of the present invention, the regional reliability obtaining module 920 may include a historical regional transaction number obtaining unit, a regional risk coefficient calculating module, and a regional reliability calculating unit.
The historical regional transaction number acquisition unit may be configured to acquire the historical regional transaction number of the current place of exchange based on the transaction regional characteristics. In an embodiment, the historical region transaction number obtaining unit may be configured to perform the operation S410 described above, which is not described herein.
The regional risk coefficient calculation module may be configured to introduce a regional risk coefficient table, and calculate a regional risk coefficient for the current transaction location based on the regional risk coefficient table. In an embodiment, the regional risk factor calculation module may be configured to perform the operation S420 described above, which is not described herein.
The regional credibility calculation unit may be configured to calculate the regional credibility using the historical regional transaction times and the regional risk coefficient. In an embodiment, the region reliability calculation unit may be configured to perform the operation S430 described above, which is not described herein.
The region reliability calculation unit may further include a reliability calculation unit. The credibility calculation unit may be configured to calculate a first ratio of a preset constant to the regional risk coefficient, and sum the first ratio with the historical regional transaction number to obtain the regional credibility.
According to an embodiment of the present invention, the regional risk coefficient calculation module may include a risk degree weighting table introduction unit and a regional risk coefficient calculation unit.
The risk degree weighting table introduction unit may be configured to introduce a risk degree weighting table including risk weighting coefficients corresponding to the city grade score, the travel city grade score, the black area grade score, and the additional score. In an embodiment, the risk weighting table introducing unit may be configured to perform the operation S510 described above, which is not described herein.
The regional risk coefficient calculation unit may be configured to correlate and calculate the risk degree weighting table and the regional risk coefficient table by using an SQL statement, to obtain the regional risk coefficient. In an embodiment, the regional risk factor calculating unit may be configured to perform the operation S520 described above, which is not described herein.
According to an embodiment of the present invention, the balance analysis result obtaining module 930 may include a balance obtaining unit, a second ratio calculating unit, and a balance analysis result obtaining unit.
The balance acquisition unit can be used for acquiring the current balance before transaction and the current balance after transaction. In an embodiment, the balance obtaining unit may be configured to perform the operation S610 described above, which is not described herein.
The second ratio calculating unit may be configured to calculate a second ratio of the current post-transaction balance to the current pre-transaction balance. In an embodiment, the second ratio calculating unit may be configured to perform the operation S620 described above, which is not described herein.
The balance analysis result obtaining unit may be configured to obtain a balance analysis result by comparing the second ratio with a preset threshold L. In an embodiment, the balance analysis result obtaining unit may be configured to perform the operation S630 described above, which is not described herein.
Any of the customer transaction data acquisition module 910, the regional reliability acquisition module 920, the balance analysis result acquisition module 930, the time analysis result acquisition module 940, the behavior analysis result acquisition module 950, and the theft risk judgment result acquisition module 960 may be combined in one module to be implemented, or any of the modules may be split into a plurality of modules according to an embodiment of the present invention. Alternatively, at least some of the functionality of one or more of the modules may be combined with at least some of the functionality of other modules and implemented in one module. According to embodiments of the present disclosure, at least one of the customer transaction data acquisition module 910, the regional reliability acquisition module 920, the balance analysis result acquisition module 930, the time analysis result acquisition module 940, the behavioral analysis result acquisition module 950, and the theft risk determination result acquisition module 960 may be implemented, at least in part, as hardware circuitry, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system-on-chip, a system-on-substrate, a system-on-package, an Application Specific Integrated Circuit (ASIC), or may be implemented in hardware or firmware in any other reasonable manner of integrating or packaging circuitry, or in any one of or a suitable combination of three of software, hardware, and firmware. Alternatively, at least one of the customer transaction data acquisition module 910, the regional reliability acquisition module 920, the balance analysis result acquisition module 930, the time analysis result acquisition module 940, the behavior analysis result acquisition module 950, and the theft risk judgment result acquisition module 960 may be at least partially implemented as a computer program module, which when executed, may perform the corresponding functions.
Fig. 10 schematically shows a block diagram of a theft risk analysis device based on a multi-dimensional feature according to a further embodiment of the present invention.
As shown in fig. 10, the multi-dimensional feature-based theft risk analysis device 1000 according to this embodiment includes a customer transaction data acquisition module 1010, an integrated analysis reliability acquisition module 1020, and a theft risk judgment result acquisition module 1030.
The customer transaction data acquisition module 1010 may be configured to acquire authorized customer transaction data based on a current transaction, wherein the customer transaction data includes at least a transaction time characteristic, a transaction area characteristic, a transaction amount characteristic, and a transaction behavior characteristic. In an embodiment, the customer transaction data acquisition module 1010 may be configured to perform the operation S710 described above, which is not described herein.
The integrated analysis confidence level obtaining module 1020 may be configured to obtain integrated analysis confidence levels based on the transaction card type characteristics, the transaction time characteristics, the transaction area characteristics, the transaction amount characteristics, and the transaction behavior characteristics. In an embodiment, the integrated analysis reliability obtaining module 1020 may be configured to perform the operation S720 described above, which is not described herein.
The theft risk determination result obtaining module 1030 may be configured to obtain a theft risk determination result based on the comprehensive analysis reliability. In an embodiment, the theft risk determination result obtaining module 1030 may be configured to perform the operation S730 described above, which is not described herein.
According to an embodiment of the present invention, the integrated analysis reliability acquisition module 1020 may include a condition satisfaction result acquisition unit and an integrated analysis reliability calculation unit.
The condition satisfaction result obtaining unit may be configured to respectively compare the transaction card type feature, the transaction time feature, the transaction area feature, the transaction amount feature, and the transaction behavior feature with corresponding conditions by using condition judgment and a logic expression in the SQL statement, to obtain a condition satisfaction result. In an embodiment, the condition satisfaction result obtaining unit may be configured to perform the operation S810 described above, which is not described herein.
The comprehensive analysis reliability calculation unit may be configured to calculate the comprehensive analysis reliability based on the condition satisfaction result and a preset allocation weight. In an embodiment, the integrated analysis reliability calculation unit may be configured to perform the operation S820 described above, which is not described herein.
Any of the customer transaction data acquisition module 1010, the integrated analysis reliability acquisition module 1020, and the theft risk determination result acquisition module 1030 may be combined in one module to be implemented, or any of the modules may be split into a plurality of modules, according to an embodiment of the present invention. Alternatively, at least some of the functionality of one or more of the modules may be combined with at least some of the functionality of other modules and implemented in one module. According to embodiments of the present disclosure, at least one of the customer transaction data acquisition module 1010, the integrated analysis reliability acquisition module 1020, and the theft risk determination result acquisition module 1030 may be implemented at least in part as hardware circuitry, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system-on-chip, a system-on-substrate, a system-on-package, an Application Specific Integrated Circuit (ASIC), or may be implemented in hardware or firmware in any other reasonable manner of integrating or packaging the circuitry, or in any one of or a suitable combination of any of the three implementations of software, hardware, and firmware. Alternatively, at least one of the customer transaction data acquisition module 1010, the integrated analysis reliability acquisition module 1020, and the theft risk determination result acquisition module 1030 may be at least partially implemented as a computer program module that, when executed, performs the corresponding functions.
Fig. 11 schematically shows a block diagram of an electronic device adapted for a method of a piracy risk analysis based on multi-dimensional features according to an embodiment of the invention.
As shown in fig. 11, an electronic device 1100 according to an embodiment of the present invention includes a processor 1101 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 1102 or a program loaded from a storage section 1108 into a Random Access Memory (RAM) 1103. The processor 1101 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or an associated chipset and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. The processor 1101 may also include on-board memory for caching purposes. The processor 1101 may comprise a single processing unit or a plurality of processing units for performing the different actions of the method flow according to an embodiment of the invention.
In the RAM 1103, various programs and data necessary for the operation of the electronic device 1100 are stored. The processor 1101, ROM 1102, and RAM 1103 are connected to each other by a bus 1104. The processor 1101 performs various operations of the method flow according to the embodiment of the present invention by executing programs in the ROM 1102 and/or the RAM 1103. Note that the program may be stored in one or more memories other than the ROM 1102 and the RAM 1103. The processor 1101 may also perform various operations of the method flow according to an embodiment of the present invention by executing programs stored in the one or more memories.
According to an embodiment of the invention, the electronic device 1100 may also include an input/output (I/O) interface 1105, the input/output (I/O) interface 1105 also being connected to the bus 1104. The electronic device 1100 may also include one or more of the following components connected to the I/O interface 1105: an input section 1106 including a keyboard, a mouse, and the like; an output portion 1107 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage section 1108 including a hard disk or the like; and a communication section 1109 including a network interface card such as a LAN card, a modem, and the like. The communication section 1109 performs communication processing via a network such as the internet. The drive 1110 is also connected to the I/O interface 1105 as needed. Removable media 1111, such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like, is installed as needed in drive 1110, so that a computer program read therefrom is installed as needed in storage section 1108.
The present invention also provides a computer-readable storage medium that may be embodied in the apparatus/device/system described in the above embodiments; or may exist alone without being assembled into the apparatus/device/system. The computer-readable storage medium carries one or more programs which, when executed, implement methods in accordance with embodiments of the present invention.
According to embodiments of the present invention, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example, but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the invention, the computer-readable storage medium may include ROM 1102 and/or RAM 1103 described above and/or one or more memories other than ROM 1102 and RAM 1103.
Embodiments of the present invention also include a computer program product comprising a computer program containing program code for performing the method shown in the flowcharts. The program code means for causing a computer system to carry out the methods provided by embodiments of the present invention when the computer program product is run on the computer system.
The above-described functions defined in the system/apparatus of the embodiment of the present invention are performed when the computer program is executed by the processor 1101. The systems, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the invention.
In one embodiment, the computer program may be based on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program can also be transmitted, distributed over a network medium in the form of signals, downloaded and installed via the communication portion 1109, and/or installed from the removable media 1111. The computer program may include program code that may be transmitted using any appropriate network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In such an embodiment, the computer program can be downloaded and installed from a network via the communication portion 1109, and/or installed from the removable media 1111. The above-described functions defined in the system of the embodiment of the present invention are performed when the computer program is executed by the processor 1101. The systems, devices, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the invention.
According to embodiments of the present invention, program code for carrying out computer programs provided by embodiments of the present invention may be written in any combination of one or more programming languages, and in particular, such computer programs may be implemented in high-level procedural and/or object-oriented programming languages, and/or in assembly/machine languages. Programming languages include, but are not limited to, such as Java, c++, python, "C" or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The embodiments of the present invention are described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present invention. Although the embodiments are described above separately, this does not mean that the measures in the embodiments cannot be used advantageously in combination. Various alternatives and modifications can be made by those skilled in the art without departing from the scope of the invention, and such alternatives and modifications are intended to fall within the scope of the invention.

Claims (13)

1. A method for risk analysis of swipe based on multidimensional features, the method comprising:
acquiring authorized customer transaction data based on the current transaction, wherein the customer transaction data at least comprises transaction time characteristics, transaction area characteristics, transaction amount characteristics and transaction behavior characteristics;
calculating the regional credibility of the current transaction based on the transaction regional characteristics;
if the regional credibility is smaller than a preset threshold K, carrying out balance exception analysis based on the transaction amount characteristics to obtain a balance analysis result;
if the balance analysis result is abnormal, performing time abnormality analysis based on the transaction time characteristics to obtain a time analysis result;
If the time analysis result is abnormal, performing behavior recognition analysis based on the transaction behavior characteristics to obtain a behavior analysis result; and
and obtaining a theft brushing risk judgment result based on the behavior analysis result.
2. The method according to claim 1, wherein said calculating the regional credibility of the current transaction based on the transaction regional characteristics, in particular comprises:
acquiring historical regional transaction times of the current exchange place based on the transaction regional characteristics;
introducing a regional risk coefficient table, and calculating a regional risk coefficient of the current transaction place based on the regional risk coefficient table; and
and calculating the regional credibility by using the historical regional transaction times and the regional risk coefficient.
3. The method according to claim 2, wherein the regional risk factor table includes a city grade score, a travel city grade score, a black-producing regional grade score, and an additional score, the introducing the regional risk factor table, calculating a regional risk factor for the current transaction location based on the regional risk factor table, specifically comprising:
introducing a risk degree weighting table, wherein the risk degree weighting table comprises risk weighting coefficients corresponding to the city grade score, the travel city grade score, the black area grade score and the additional score; and
And correlating and calculating the risk degree weighting table and the regional risk coefficient table by using SQL sentences to obtain the regional risk coefficient.
4. A method according to claim 2 or 3, wherein said calculating said regional credibility using said historical regional transaction times and said regional risk factors comprises:
and calculating a first ratio of a preset constant to the regional risk coefficient, and adding the first ratio to the historical regional transaction times to obtain the regional credibility.
5. A method according to any of claims 1-3, characterized in that said obtaining authorized customer transaction data based on the current transaction, in particular comprises:
establishing a connection with a transaction data analysis library, wherein the transaction data analysis library comprises the customer transaction data extracted and converted from a plurality of data sources; and
and acquiring the client transaction data from the transaction data analysis library in real time by utilizing SQL sentences.
6. A method according to any one of claims 1-3, wherein said performing a balance anomaly analysis based on said transaction amount characteristics to obtain a balance analysis result, comprises:
Acquiring a current balance before transaction and a current balance after transaction;
calculating a second ratio of the current post-transaction balance to the current pre-transaction balance; and
and obtaining a balance analysis result by comparing the second ratio with a preset threshold L.
7. A method for risk analysis of swipe based on multidimensional features, the method comprising:
acquiring authorized customer transaction data based on the current transaction, wherein the customer transaction data comprises transaction card type characteristics, transaction time characteristics, transaction area characteristics, transaction amount characteristics and transaction behavior characteristics;
based on the transaction card type characteristics, transaction time characteristics, transaction area characteristics, transaction amount characteristics and transaction behavior characteristics, acquiring comprehensive analysis credibility; and
and obtaining a theft and brushing risk judging result based on the comprehensive analysis reliability.
8. The method according to claim 7, wherein the obtaining the integrated analysis reliability based on the transaction card type feature, the transaction time feature, the transaction area feature, the transaction amount feature, and the transaction behavior feature specifically includes:
respectively comparing the transaction card type characteristics, the transaction time characteristics, the transaction area characteristics, the transaction amount characteristics and the transaction behavior characteristics with corresponding conditions by utilizing condition judgment and logic expression in the SQL sentence to obtain a condition satisfaction result; and
And calculating the comprehensive analysis credibility based on the condition meeting result and the preset distribution weight.
9. A theft risk analysis device based on multidimensional features, the device comprising:
a customer transaction data acquisition module for: acquiring authorized customer transaction data based on the current transaction, wherein the customer transaction data at least comprises transaction time characteristics, transaction area characteristics, transaction amount characteristics and transaction behavior characteristics;
the regional credibility acquisition module is used for: calculating the regional credibility of the current transaction based on the transaction regional characteristics;
the balance analysis result acquisition module is used for: if the regional credibility is smaller than a preset threshold K, carrying out balance exception analysis based on the transaction amount characteristics to obtain a balance analysis result;
the time analysis result acquisition module is used for: if the balance analysis result is abnormal, performing time abnormality analysis based on the transaction time characteristics to obtain a time analysis result;
the behavior analysis result acquisition module is used for: if the time analysis result is abnormal, performing behavior recognition analysis based on the transaction behavior characteristics to obtain a behavior analysis result;
The theft and brushing risk judging result obtaining module is used for: and obtaining a theft brushing risk judgment result based on the behavior analysis result.
10. A theft risk analysis device based on multidimensional features, the device comprising:
a customer transaction data acquisition module for: acquiring authorized customer transaction data based on the current transaction, wherein the customer transaction data at least comprises transaction time characteristics, transaction area characteristics, transaction amount characteristics and transaction behavior characteristics;
the comprehensive analysis reliability acquisition module is used for: based on the transaction card type characteristics, transaction time characteristics, transaction area characteristics, transaction amount characteristics and transaction behavior characteristics, acquiring comprehensive analysis credibility;
the theft and brushing risk judging result obtaining module is used for: and obtaining a theft and brushing risk judging result based on the comprehensive analysis reliability.
11. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-8.
12. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method according to any of claims 1-8.
13. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any one of claims 1 to 8.
CN202311032198.7A 2023-08-16 2023-08-16 Theft and brushing risk analysis method and device, electronic equipment and medium Pending CN117114681A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311032198.7A CN117114681A (en) 2023-08-16 2023-08-16 Theft and brushing risk analysis method and device, electronic equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311032198.7A CN117114681A (en) 2023-08-16 2023-08-16 Theft and brushing risk analysis method and device, electronic equipment and medium

Publications (1)

Publication Number Publication Date
CN117114681A true CN117114681A (en) 2023-11-24

Family

ID=88806834

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311032198.7A Pending CN117114681A (en) 2023-08-16 2023-08-16 Theft and brushing risk analysis method and device, electronic equipment and medium

Country Status (1)

Country Link
CN (1) CN117114681A (en)

Similar Documents

Publication Publication Date Title
US10742671B2 (en) Systems and methods for detecting resources responsible for events
US11023963B2 (en) Detection of compromise of merchants, ATMs, and networks
US20180365696A1 (en) Financial fraud detection using user group behavior analysis
EP4361934A2 (en) Interleaved sequence recurrent neural networks for fraud detection
CN108062674B (en) Order fraud identification method, system, storage medium and electronic equipment based on GPS
Darwish A bio-inspired credit card fraud detection model based on user behavior analysis suitable for business management in electronic banking
CN109829721B (en) Online transaction multi-subject behavior modeling method based on heterogeneous network characterization learning
US20200234307A1 (en) Systems and methods for detecting periodic patterns in large datasets
CN111915468B (en) Network anti-fraud active inspection and early warning system
KR102259838B1 (en) Apparatus and method for building a blacklist of cryptocurrencies
CN108092985A (en) Network safety situation analysis method, device, equipment and computer storage media
KR102113347B1 (en) Method, apparatus and computer program for classifying cryptocurrency accounts using artificial intelligence
US11983720B2 (en) Mixed quantum-classical method for fraud detection with quantum feature selection
CN110210868B (en) Numerical value transfer data processing method and electronic equipment
CN115689571A (en) Abnormal user behavior monitoring method, device, equipment and medium
CN111861699B (en) Anti-fraud index generation method based on operator data
CN117114681A (en) Theft and brushing risk analysis method and device, electronic equipment and medium
US20210182710A1 (en) Method and system of user identification by a sequence of opened user interface windows
US20210035121A1 (en) Proactive determination of fraud through linked accounts
KR20210106592A (en) Method, apparatus and computer program for classifying cryptocurrency accounts using artificial intelligence
US20230052225A1 (en) Methods and computer systems for automated event detection based on machine learning
Julisch Risk-based payment fraud detection
CN117974297A (en) Service processing method, device, electronic equipment and computer readable medium
Swathiga et al. DEEP LEARNING ALGORITHMS USING FRAUDULENT DETECTION IN BANKING DATASETS
CN118096353A (en) Anti-fraud method and device for network finance, electronic equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination