CN117114693B - Event-based resource loss detection method and system - Google Patents

Event-based resource loss detection method and system Download PDF

Info

Publication number
CN117114693B
CN117114693B CN202311392828.1A CN202311392828A CN117114693B CN 117114693 B CN117114693 B CN 117114693B CN 202311392828 A CN202311392828 A CN 202311392828A CN 117114693 B CN117114693 B CN 117114693B
Authority
CN
China
Prior art keywords
determining
risk
account change
server
change request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202311392828.1A
Other languages
Chinese (zh)
Other versions
CN117114693A (en
Inventor
刘晨
祁朋涛
邓俊华
石杰
陶嘉驹
张雪
陈煜�
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangyin Consumer Finance Co ltd
Original Assignee
Hangyin Consumer Finance Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangyin Consumer Finance Co ltd filed Critical Hangyin Consumer Finance Co ltd
Priority to CN202311392828.1A priority Critical patent/CN117114693B/en
Publication of CN117114693A publication Critical patent/CN117114693A/en
Application granted granted Critical
Publication of CN117114693B publication Critical patent/CN117114693B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4016Transaction verification involving fraud or risk level assessment in transaction processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/22Matching criteria, e.g. proximity measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • G06Q30/0601Electronic shopping [e-shopping]
    • G06Q30/0633Lists, e.g. purchase orders, compilation or processing
    • G06Q30/0635Processing of requisition or of purchase orders

Abstract

The invention provides a method and a system for detecting loss of funds based on events, which belong to the technical field of fund management and specifically comprise the following steps: the method comprises the steps that a server based on a financial institution obtains an account change request of a user, determines the running state of the server based on access delay data and processing data of the account change request, determines the network connection state of a collection terminal of a collection party corresponding to the account change request of the user and access data of different account change requests of the server of the financial institution, takes the collection party corresponding to the collection terminal with the network connection state as a suspected problem collection party, determines the cost evaluation risk of the financial institution according to the number of the suspected problem collection parties, the cost evaluation risk and the running state of the server, determines the range of the cost detection based on the cost evaluation risk, and improves the real-time performance of the cost detection.

Description

Event-based resource loss detection method and system
Technical Field
The invention belongs to the technical field of fund management, and particularly relates to an event-based fund loss detection method and system.
Background
The resource loss refers to an event that consumption data of a user is not matched with consumption records of a background or asset balances of the user in a server background of a financial consumption institution, and in order to detect the resource loss event in the prior art, the consumption data of the user and the fund balances of the background server are usually checked regularly to detect the resource loss event, so that efficiency is low, and serious resource loss conditions are possibly caused.
In order to avoid the technical problems, in the prior art, real-time detection of the loss is often realized by improving the loss verification rule, and specifically, in CN202110860235.8, "a loss prevention and control processing method and device", a historical payment order of a target account is obtained according to a plurality of loss rules; if the historical payment order is obtained, based on the target rule decision tree, determining whether the real-time payment request triggers a payoff event based on the real-time payment request and the historical payment order, but ignoring the following:
the occurrence of the resource loss event is often caused by the problem of updating the database due to the network failure of the consuming finance company or the payee, or caused by the failure of the server of the consuming finance company or the payee, except when the payment order of the user is problematic, so that the real-time detection of the resource loss event cannot be realized if the factors are not considered.
When the event of the loss occurs, a great number of consumption records of the same payment channel exist in a short time for users at the same place or different places, so if the event of the loss cannot be identified according to the event, real-time monitoring of the event of the loss cannot be realized in real time.
Aiming at the technical problems, the invention provides an event-based resource loss detection method and system.
Disclosure of Invention
In order to achieve the purpose of the invention, the invention adopts the following technical scheme:
according to one aspect of the invention, a drainage basin flood forecasting and early warning method is provided.
The event-based cost loss detection method is characterized by comprising the following steps:
s1, acquiring an account change request of a user based on a server of a financial institution, determining an operation state of the server based on access delay data and processing data of the account change request, and entering a next step when the operation state of the server has no problem;
s2, determining the network connection state of the collection terminal based on the access data of different account change requests of the collection terminal of the collection party corresponding to the account change request of the user and the server of the financial institution, and taking the collection party corresponding to the collection terminal with the network connection state having a problem as a suspected problem collection party;
s3, acquiring a transaction order of a collection terminal of the suspected problem collection party, determining the similarity of different transaction orders and the similarity of the similar orders through user data corresponding to the transaction order, and determining the loss risk of the suspected problem collection party by combining the time interval of the similar orders and the network connection state of the collection terminal;
s4, determining the financial loss evaluation risk of the financial institution through the number of suspected problem payees, the financial loss risk and the running state of the server, and determining the range of the financial loss detection based on the financial loss evaluation risk.
The invention has the beneficial effects that:
1. the method has the advantages that the running state of the server is determined based on the access delay data and the processing data of the account change request, the access delay condition of a single account change request is considered, meanwhile, the processing data such as the processing time of the server of the account change request are comprehensively considered, the screening of the server in an abnormal running state is realized, and the evaluation of the cost risk from the perspective of the server is further realized.
2. By evaluating the network connection state and taking the payee corresponding to the payee with the network connection state in question as the suspected problem payee, the evaluation of the network connection state of the payee from multiple angles is realized, the positioning of the network connection state to the payee with the cost risk is realized, and the detection efficiency of the cost risk is ensured.
3. By combining the similarity of different transaction orders and the determination of the loss risk of the suspected problem payee according to the similar orders, the network connection condition of a single suspected payee is considered, and meanwhile, the accurate evaluation of the loss risk of the suspected problem payee is realized by comprehensively considering the similarity of different orders.
Further, the method comprises determining access delay data of the account change request by time deviation of sending time of the account change request and receiving time of a processing result.
The further technical scheme is that the processing data of the account change request comprises the processing time and the processing success rate of the account change request.
The further technical scheme is that the running states of the server comprise a problem running state, an access abnormality permission state, an abnormal running state and a normal running state.
In a second aspect, the present invention provides an event-based resource loss detection system, and the event-based resource loss detection method specifically includes:
the system comprises a server evaluation module, a payee classification module, a loss risk evaluation module and a detection range determination module;
the server evaluation module is responsible for acquiring an account change request of a user based on a server of a financial institution, and determining the running state of the server based on access delay data and processing data of the account change request;
the payee classification module is responsible for determining the network connection state of the payee terminal based on the access data of different account change requests of the payee terminal of the payee corresponding to the account change request of the user and the server of the financial institution, and taking the payee corresponding to the payee terminal with the network connection state having a problem as a suspected problem payee;
the cost risk assessment module is responsible for acquiring a transaction order of a collection terminal of the suspected problem collection party, determining similarity of different transaction orders and similar orders through user data corresponding to the transaction order, and determining the cost risk of the suspected problem collection party by combining the time interval of the similar orders and the network connection state of the collection terminal;
the detection range determining module is responsible for determining the financial loss assessment risk of the financial institution through the number of suspected problem payee, the financial loss risk and the running state of the server, and determining the range of the financial loss detection based on the financial loss assessment risk.
Additional features and advantages will be set forth in the description which follows, and in part will be apparent from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and drawings.
In order to make the above objects, features and advantages of the present invention more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
The above and other features and advantages of the present invention will become more apparent by describing in detail exemplary embodiments thereof with reference to the attached drawings;
FIG. 1 is a flow chart of a method of event-based asset detection;
FIG. 2 is a flow chart of a method of determining an operational state of a server;
FIG. 3 is a flow chart of another possible method of determining the operational status of a server;
FIG. 4 is a flow chart of a method of determining a network connection status of a payee terminal;
FIG. 5 is a flow chart of a method of determining a risk of loss for a suspected problem payee;
fig. 6 is a block diagram of an event-based asset detection system.
Detailed Description
In order to make the technical solutions in the present specification better understood by those skilled in the art, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only some embodiments of the present specification, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, shall fall within the scope of the present disclosure.
The applicant finds that, in the existing technical scheme, a certain period is often required for monitoring the loss condition of the previous period, and once the loss problem occurs, if the real-time monitoring cannot be performed, the loss may be enlarged.
Considering that the occurrence of the resource loss event is often accompanied with the occurrence of a fault in the running state of the server or the abnormal condition of the network connection of the collecting terminal, and the occurrence of the resource loss event is also often accompanied with the similarity of consumption data, the dynamic monitoring of the resource loss event can be realized by comprehensively considering the factors in the aspects.
In order to solve the above problems, the applicant adopts the following technical means:
firstly, determining the running state of a server according to the access delay condition and the processing time of the server when the account change request of a user is processed, specifically determining the running state of the server according to the number of the account change requests of which the access delay does not meet the requirement and the number of the account change requests of which the processing time does not meet the requirement, and entering the next step when the running state of the server is not abnormal;
then according to the network connection data of the collection terminal corresponding to the account change request and the historical data of the account change request of the collection terminal, the network connection state of the collection terminal can be determined, and the collection party corresponding to the collection terminal with the network connection state having a problem is taken as a suspected problem collection party;
the determination of the cost risk of the suspected problem payee can be realized by the network connection state of the suspected problem payee and the similar situation of the transaction order in a certain time, the network connection cost risk of the suspected problem payee can be obtained by the network connection state of the suspected problem payee, according to the transaction orders with higher similarity in a certain time, other resource risks of suspected problem payees can be obtained, and the resource risks are determined through the other resource risks and the network connection resource risks.
On the basis, the determination of the financial loss assessment risk of the financial institution can be realized by comprehensively considering the number of suspected problem collection parties, the cost loss risk and the running state of the server, specifically, the determination of the financial loss risk of the financial institution is respectively carried out according to the number and the running state of the suspected problem collection parties with the cost loss risk, the determination of the financial loss assessment risk of the financial institution is carried out according to the maximum value of the two types of the financial loss risks of the institution, and the detection of the cost loss risk or the monitoring of the cost loss risk is carried out only on the suspected problem collection parties is carried out according to the determination of the cost loss assessment risk.
Further explanation of the above technical solution will be realized from two angles of the method class embodiment and the system class embodiment.
To solve the above problems, according to one aspect of the present invention, as shown in fig. 1, there is provided an event-based cost detection method according to one aspect of the present invention, which is characterized by comprising:
s1, acquiring an account change request of a user based on a server of a financial institution, determining an operation state of the server based on access delay data and processing data of the account change request, and entering a next step when the operation state of the server has no problem;
the access delay data of the account change request is determined by a time difference between the transmission time of the account change request and the reception time of the processing result.
Further, the processing data of the account change request in the step S1 includes a processing time and a processing success rate of the account change request.
In one possible embodiment, as shown in fig. 2, the method for determining the operation state of the server in the step S1 is as follows:
s11, determining access time of the account change request based on the access delay data of the account change request, determining delay change requests in the account change request according to the access time, judging whether the number and the proportion of the delay change requests of the server meet requirements, if yes, entering the next step, and if no, determining that the running state of the server has problems;
s12, determining processing time of the account change request through processing data of the account change request, determining account change request of overtime processing based on the processing time, judging whether the number and the proportion of the account change requests of the overtime processing of the server meet requirements, if yes, entering the next step, and if no, determining that the running state of the server has problems;
s13, determining the processing success rate of the account change request through the processing data of the account change request, judging whether the processing success rate of the account change request of the server meets the requirement, if so, entering the next step, and if not, determining that the running state of the server has a problem;
s14, determining the average value of the access time of the account change request through the access time of the account change request, determining the account change access time evaluation value of the server by combining the number, the proportion and the average value of the access time of the delay change requests of the server, and judging whether the account change access time evaluation value is in a preset range, if so, entering the next step, and if not, determining that the running state of the server has a problem;
s15, determining an average value of processing time of the account change request according to the processing time of the account change request, determining an account change processing time evaluation value of the server according to the account change request processing success rate, the account change request processing failure number, the account change processing time evaluation value and the account change access time evaluation value in combination with the average value of account change request number, proportion and processing time of overtime processing of the server, determining an operation state value of the server according to the account change request processing success rate, the account change request processing failure number, the account change processing time evaluation value and the account change access time evaluation value, and determining the operation state of the server according to the operation state value.
Further, the operation states of the server include a problem operation state, an access abnormality permission state, a process abnormality operation state, and a normal operation state.
In another possible embodiment, as shown in fig. 3, the method for determining the operation state of the server in the step S1 is as follows:
s11, determining the processing success rate of the account change request through the processing data of the account change request, judging whether the processing success rate of the account change request of the server meets the requirement, if so, entering the next step, and if not, determining that the running state of the server has a problem;
s12, determining access time of the account change request based on the access delay data of the account change request, determining the delay change request in the account change request through the access time, determining the average value of the access time of the account change request through the access time of the account change request, determining the account change access time evaluation value of the server by combining the number, the proportion and the average value of the access time of the delay change requests of the server, and judging whether the account change access time evaluation value is in a preset range or not, if yes, entering the next step, and if no, determining that the running state of the server has a problem;
s13, determining processing time of the account change request through processing data of the account change request, determining account change request of overtime processing based on the processing time, determining average value of the processing time of the account change request through the processing time of the account change request, determining account change processing time evaluation value of the server by combining the account change request quantity, proportion and average value of the processing time of overtime processing of the server, judging whether the account change processing time evaluation value is in a preset range, if yes, entering the next step, and if no, determining that the running state of the server has problems;
s14, determining an operation state value of the server according to the processing success rate of the account change request, the processing failure number of the account change request, the account change processing time evaluation value and the account change access time evaluation value, and determining the operation state of the server according to the operation state value.
In this embodiment, the determination of the running state of the server is performed based on the access delay data and the processing data of the account change request, so that not only is the access delay condition of a single account change request considered, but also the screening of the server in the abnormal running state is realized by comprehensively considering the processing data such as the processing time of the server of the account change request, and the evaluation of the cost risk from the perspective of the server is further realized.
S2, determining the network connection state of the collection terminal based on the access data of different account change requests of the collection terminal of the collection party corresponding to the account change request of the user and the server of the financial institution, and taking the collection party corresponding to the collection terminal with the network connection state having a problem as a suspected problem collection party;
in one possible embodiment, as shown in fig. 4, the method for determining the network connection state of the receiving terminal in the above step S2 is as follows:
s21, determining access processing delays of different account change requests of the receiving terminal based on the access data, determining the number of the account change requests of which the access processing delays do not meet the requirements according to the access processing delays of the different account change requests of the receiving terminal, judging whether the number of the account change requests of which the access processing delays do not meet the requirements is within a preset number range, if so, entering a next step, and if not, determining that the receiving terminal is a receiving terminal with a network connection state problem;
s22, determining whether the network connection state of the receiving terminal is possibly problematic according to the average value and the maximum value of the access processing delay of the account change request of which the access processing delay does not meet the requirement, if so, entering a step S24, and if not, entering a step S23;
s23, determining whether the network connection state of the receiving terminal is likely to have a problem or not according to the average value of the access processing delay of the account change request, if so, entering a step S24, and if not, determining that the network connection state of the receiving terminal is not likely to have a problem;
s24, determining a network connection state value of the collection terminal according to the average value of the access processing delays of the account change requests, the number of the account change requests with the access processing delays which do not meet the requirements, the average value of the access processing delays and the maximum value, and determining whether the collection has a problem or not based on the network connection state value.
It should be further noted that determining whether the network connection state of the receiving terminal may have a problem according to the average value and the maximum value of the access processing delays of the account change request, where the access processing delays do not meet the requirement, specifically includes:
and when any one of the average value and the maximum value of the access processing delay of the account change request, of which the access processing delay does not meet the requirement, is not in the set range of the access processing delay, determining that the network connection state of the receiving terminal is likely to have a problem, and if not, determining that the network connection state of the receiving terminal is not likely to have a problem.
In this embodiment, by evaluating the network connection state and taking the payee corresponding to the payee with the network connection state having a problem as the suspected problem payee, the evaluation of the network connection state of the payee from multiple angles is realized, and meanwhile, the positioning of the network connection state to the payee with the resource loss risk is also realized, so that the detection efficiency of the resource loss risk is ensured.
S3, acquiring a transaction order of a collection terminal of the suspected problem collection party, determining the similarity of different transaction orders and the similarity of the similar orders through user data corresponding to the transaction order, and determining the loss risk of the suspected problem collection party by combining the time interval of the similar orders and the network connection state of the collection terminal;
in one possible embodiment, as shown in fig. 5, the method for determining the risk of loss of the suspected problem payee in the step S3 is as follows:
acquiring a transaction order of a collection terminal of the suspected problem collection party, determining the similarity of different transaction orders and the similarity of the similar orders through user data corresponding to the transaction order, and determining the loss risk of the suspected problem collection party by combining the time interval of the similar orders and the network connection state of the collection terminal;
determining transaction time, transaction amount, transaction type and transaction subject of the transaction order according to the user data corresponding to the transaction order, determining similarity of different transaction orders according to the transaction time, transaction amount, transaction type and similarity of the transaction subject of different transaction orders, and determining the similarity of the similar orders based on the similarity of the different transaction orders;
judging whether a similar order exists in a collection terminal of the suspected problem collection party within a preset time range, if so, entering a next step, and if not, determining the resource loss risk of the suspected problem collection party through the network connection state of the collection terminal;
acquiring the number and the similarity of similar orders of the collection terminal of the suspected problem collection party in a preset time range, determining the cost evaluation risk of the suspected problem collection party by combining the network connection state of the collection terminal of the suspected problem collection party in the preset time range, judging whether the cost evaluation risk of the suspected problem collection party is greater than a preset risk threshold, if so, entering the next step, and if not, determining the cost risk of the suspected problem collection party through the cost evaluation risk of the suspected problem collection party;
acquiring time intervals of similar orders and other transaction orders of the collection terminal of the suspected problem collection party in a preset time range, dividing the similar orders into suspected similar orders and other similar orders through the time intervals, and dividing the other transaction orders into suspected orders and other orders through the time intervals;
and determining the order loss risk assessment amount of the receiving terminal of the suspected problem receiving party through the suspected similar orders and other similar orders, the suspected orders and other orders of the receiving terminal of the suspected problem receiving party in a preset time range, and determining the loss risk of the suspected problem receiving party through the order loss risk assessment amount and the loss assessment risk.
In this embodiment, by integrating the similarity of different trade orders and the determination of the loss risk of the suspected problem payee according to the similar orders, not only the network connection condition of a single suspected payee is considered, but also the accurate assessment of the loss risk of the suspected problem payee is realized by comprehensively considering the similar conditions of different orders.
S4, determining the financial loss evaluation risk of the financial institution through the number of suspected problem payees, the financial loss risk and the running state of the server, and determining the range of the financial loss detection based on the financial loss evaluation risk.
In one possible embodiment, the method for determining the risk of evaluating the loss of the financial institution in the step S4 is as follows:
dividing the suspected problem payee into a high-risk payee and a low-risk payee through the cost risk of the suspected problem payee, determining whether the financial institution has the cost risk based on the number of the high-risk payee, if so, determining that the financial institution has the cost risk, giving the number of the high-risk payee and the cost risk to determine the cost evaluation risk of the financial institution, and if not, entering the next step;
determining whether the financial institution is at risk for the loss through the number of high-risk payees, the maximum value of the loss risk, the loss risk and the loss risk evaluation value of the high-risk payees of the financial institution, determining whether the financial institution is at risk for the loss based on the loss risk evaluation value of the high-risk payees of the financial institution, if so, determining that the financial institution is at risk for the loss, and giving the loss risk evaluation value of the high-risk payees to determine the loss evaluation risk of the financial institution, otherwise, entering the next step;
determining the comprehensive evaluation quantity of the payees of the financial institution according to the quantity of the suspected problem payees, the cost risk and the quantity of the low-risk payees, and determining the cost risk of the payees of the financial institution according to the cost risk evaluation value of the high-risk payees of the financial institution;
and determining the server loss risk of the financial institution through the running state of the server, and determining the loss evaluation risk of the financial institution through the payee loss risk and the maximum value of the server loss risk.
On the other hand, as shown in fig. 6, the present invention provides an event-based resource loss detection system, and the event-based resource loss detection method specifically includes:
the system comprises a server evaluation module, a payee classification module, a loss risk evaluation module and a detection range determination module;
the server evaluation module is responsible for acquiring an account change request of a user based on a server of a financial institution, and determining the running state of the server based on access delay data and processing data of the account change request;
the payee classification module is responsible for determining the network connection state of the payee terminal based on the access data of different account change requests of the payee terminal of the payee corresponding to the account change request of the user and the server of the financial institution, and taking the payee corresponding to the payee terminal with the network connection state having a problem as a suspected problem payee;
the cost risk assessment module is responsible for acquiring a transaction order of a collection terminal of the suspected problem collection party, determining similarity of different transaction orders and similar orders through user data corresponding to the transaction order, and determining the cost risk of the suspected problem collection party by combining the time interval of the similar orders and the network connection state of the collection terminal;
the detection range determining module is responsible for determining the financial loss assessment risk of the financial institution through the number of suspected problem payee, the financial loss risk and the running state of the server, and determining the range of the financial loss detection based on the financial loss assessment risk.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for apparatus, devices, non-volatile computer storage medium embodiments, the description is relatively simple, as it is substantially similar to method embodiments, with reference to the section of the method embodiments being relevant.
The foregoing describes specific embodiments of the present disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
The foregoing is merely one or more embodiments of the present description and is not intended to limit the present description. Various modifications and alterations to one or more embodiments of this description will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, or the like, which is within the spirit and principles of one or more embodiments of the present description, is intended to be included within the scope of the claims of the present description.

Claims (6)

1. The event-based cost loss detection method is characterized by comprising the following steps:
acquiring an account change request of a user based on a server of a financial institution, determining an operation state of the server based on access delay data and processing data of the account change request, and entering a next step when the operation state of the server has no problem;
the method for determining the running state of the server comprises the following steps:
determining access time of the account change request based on the access delay data of the account change request, determining delay change requests in the account change request according to the access time, judging whether the number and the proportion of the delay change requests of the server meet requirements, if yes, entering the next step, and if no, determining that the running state of the server has problems;
determining the processing time of the account change request through the processing data of the account change request, determining the account change request of overtime processing based on the processing time, judging whether the number and the proportion of the account change requests of the overtime processing of the server meet the requirements, if so, entering the next step, and if not, determining that the running state of the server has problems;
determining the processing success rate of the account change request through the processing data of the account change request, judging whether the processing success rate of the account change request of the server meets the requirement, if so, entering the next step, and if not, determining that the running state of the server has a problem;
determining an average value of the access time of the account change request according to the access time of the account change request, determining an account change access time evaluation value of the server according to the number, the proportion and the average value of the access time of the server, judging whether the account change access time evaluation value is in a preset range, if so, entering the next step, and if not, determining that the running state of the server has a problem;
determining an average value of processing time of the account change request according to the processing time of the account change request, determining an account change processing time evaluation value of the server according to the account change request processing success rate, the account change request processing failure number, the account change processing time evaluation value and the account change access time evaluation value in combination with the account change request number, the proportion and the processing time average value of overtime processing of the server, determining an operation state value of the server according to the operation state value;
determining a network connection state of a receiving terminal based on access data of different account change requests of the receiving terminal of the receiving party corresponding to the account change request of the user and a server of the financial institution, and taking the receiving party corresponding to the receiving terminal with the network connection state having a problem as a suspected problem receiving party;
the method for determining the network connection state of the receiving terminal comprises the following steps:
s21, determining access processing delays of different account change requests of the receiving terminal based on the access data, determining the number of the account change requests of which the access processing delays do not meet the requirements according to the access processing delays of the different account change requests of the receiving terminal, judging whether the number of the account change requests of which the access processing delays do not meet the requirements is within a preset number range, if so, entering a next step, and if not, determining that the receiving terminal is a receiving terminal with a network connection state problem;
s22, determining whether the network connection state of the receiving terminal is possibly problematic according to the average value and the maximum value of the access processing delay of the account change request of which the access processing delay does not meet the requirement, if so, entering a step S24, and if not, entering a step S23;
s23, determining whether the network connection state of the receiving terminal is likely to have a problem or not according to the average value of the access processing delay of the account change request, if so, entering a step S24, and if not, determining that the network connection state of the receiving terminal is not likely to have a problem;
s24, determining a network connection state value of the collection terminal through the average value of the access processing delays of the account change requests, the number of the account change requests with the access processing delays not meeting the requirements, the average value of the access processing delays and the maximum value, and determining whether the collection has a problem or not based on the network connection state value;
acquiring a transaction order of a collection terminal of the suspected problem collection party, determining the similarity of different transaction orders and the similarity of the similar orders through user data corresponding to the transaction order, and determining the loss risk of the suspected problem collection party by combining the time interval of the similar orders and the network connection state of the collection terminal;
determining the cost evaluation risk of the financial institution through the number of suspected problem payees, the cost risk and the running state of a server, and determining the scope of the cost detection based on the cost evaluation risk;
the method for determining the loss risk of the suspected problem payee comprises the following steps:
acquiring a transaction order of a collection terminal of the suspected problem collection party, determining the similarity of different transaction orders and the similarity of the similar orders through user data corresponding to the transaction order, and determining the loss risk of the suspected problem collection party by combining the time interval of the similar orders and the network connection state of the collection terminal;
determining transaction time, transaction amount, transaction type and transaction subject of the transaction order according to the user data corresponding to the transaction order, determining similarity of different transaction orders according to the transaction time, transaction amount, transaction type and similarity of the transaction subject of different transaction orders, and determining the similarity of the similar orders based on the similarity of the different transaction orders;
judging whether a similar order exists in a collection terminal of the suspected problem collection party within a preset time range, if so, entering a next step, and if not, determining the resource loss risk of the suspected problem collection party through the network connection state of the collection terminal;
acquiring the number and the similarity of similar orders of the collection terminal of the suspected problem collection party in a preset time range, determining the cost evaluation risk of the suspected problem collection party by combining the network connection state of the collection terminal of the suspected problem collection party in the preset time range, judging whether the cost evaluation risk of the suspected problem collection party is greater than a preset risk threshold, if so, entering the next step, and if not, determining the cost risk of the suspected problem collection party through the cost evaluation risk of the suspected problem collection party;
acquiring time intervals of similar orders and other transaction orders of the collection terminal of the suspected problem collection party in a preset time range, dividing the similar orders into suspected similar orders and other similar orders through the time intervals, and dividing the other transaction orders into suspected orders and other orders through the time intervals;
determining an order loss risk assessment amount of the receiving terminal of the suspected problem receiving party through the suspected similar orders and other similar orders, the suspected orders and other orders of the receiving terminal of the suspected problem receiving party in a preset time range, and determining the loss risk of the suspected problem receiving party through the order loss risk assessment amount and the loss assessment risk;
the method for determining the loss assessment risk of the financial institution comprises the following steps:
dividing the suspected problem payee into a high-risk payee and a low-risk payee through the cost risk of the suspected problem payee, determining whether the financial institution has the cost risk based on the number of the high-risk payee, if so, determining that the financial institution has the cost risk, giving the number of the high-risk payee and the cost risk to determine the cost evaluation risk of the financial institution, and if not, entering the next step;
determining whether the financial institution is at risk for the loss through the number of high-risk payees, the maximum value of the loss risk, the loss risk and the loss risk evaluation value of the high-risk payees of the financial institution, determining whether the financial institution is at risk for the loss based on the loss risk evaluation value of the high-risk payees of the financial institution, if so, determining that the financial institution is at risk for the loss, and giving the loss risk evaluation value of the high-risk payees to determine the loss evaluation risk of the financial institution, otherwise, entering the next step;
determining the comprehensive evaluation quantity of the payees of the financial institution according to the quantity of the suspected problem payees, the cost risk and the quantity of the low-risk payees, and determining the cost risk of the payees of the financial institution according to the cost risk evaluation value of the high-risk payees of the financial institution;
and determining the server loss risk of the financial institution through the running state of the server, and determining the loss evaluation risk of the financial institution through the payee loss risk and the maximum value of the server loss risk.
2. The event-based asset detection method of claim 1, wherein the access latency data of the account change request is determined by a time offset of a time of transmission of the account change request and a time of receipt of a processing result.
3. The event-based asset detection method of claim 1, wherein the processing data of the account change request comprises a processing time and a processing success rate of the account change request.
4. The event based asset detection method of claim 1, wherein the operational state of the server comprises a problem operational state, an access exception allowed state, a process exception operational state, and a normal operational state.
5. The event-based asset transition detection method of claim 1, wherein determining whether the network connection status of the receiving terminal is likely to be problematic by the average and the maximum of access processing delays of the account change requests for which the access processing delays do not satisfy requirements, comprises:
and when any one of the average value and the maximum value of the access processing delay of the account change request, of which the access processing delay does not meet the requirement, is not in the set range of the access processing delay, determining that the network connection state of the receiving terminal is likely to have a problem, and if not, determining that the network connection state of the receiving terminal is not likely to have a problem.
6. An event-based asset detection system employing an event-based asset detection method according to any one of claims 1 to 5, comprising:
the system comprises a server evaluation module, a payee classification module, a loss risk evaluation module and a detection range determination module;
the server evaluation module is responsible for acquiring an account change request of a user based on a server of a financial institution, and determining the running state of the server based on access delay data and processing data of the account change request;
the payee classification module is responsible for determining the network connection state of the payee terminal based on the access data of different account change requests of the payee terminal of the payee corresponding to the account change request of the user and the server of the financial institution, and taking the payee corresponding to the payee terminal with the network connection state having a problem as a suspected problem payee;
the cost risk assessment module is responsible for acquiring a transaction order of a collection terminal of the suspected problem collection party, determining similarity of different transaction orders and similar orders through user data corresponding to the transaction order, and determining the cost risk of the suspected problem collection party by combining the time interval of the similar orders and the network connection state of the collection terminal;
the detection range determining module is responsible for determining the financial loss assessment risk of the financial institution through the number of suspected problem payee, the financial loss risk and the running state of the server, and determining the range of the financial loss detection based on the financial loss assessment risk.
CN202311392828.1A 2023-10-25 2023-10-25 Event-based resource loss detection method and system Active CN117114693B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311392828.1A CN117114693B (en) 2023-10-25 2023-10-25 Event-based resource loss detection method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311392828.1A CN117114693B (en) 2023-10-25 2023-10-25 Event-based resource loss detection method and system

Publications (2)

Publication Number Publication Date
CN117114693A CN117114693A (en) 2023-11-24
CN117114693B true CN117114693B (en) 2024-02-06

Family

ID=88806076

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311392828.1A Active CN117114693B (en) 2023-10-25 2023-10-25 Event-based resource loss detection method and system

Country Status (1)

Country Link
CN (1) CN117114693B (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002324205A (en) * 2001-04-24 2002-11-08 Nec Corp Transaction account monitoring and notifying method
KR20050101896A (en) * 2004-04-20 2005-10-25 김동진 Real-time risk management system and method for on-line stock trading and loan
KR20060112095A (en) * 2005-04-26 2006-10-31 이상엽 Funds management system of user selection type using account savings of bank
KR20080077065A (en) * 2008-07-10 2008-08-21 장시영 Financial service system on internet available a deposit-holder to decide a loan contractor
WO2016170386A1 (en) * 2015-04-20 2016-10-27 Beidas Moussa Burhan System, method, and computer program product for facilitating financial transactions
CN113298512A (en) * 2020-12-29 2021-08-24 阿里巴巴集团控股有限公司 Capital data information processing method and device and electronic equipment
CN113721950A (en) * 2021-07-28 2021-11-30 北京阳光消费金融股份有限公司 Resource loss prevention and control processing method and device
CN115689577A (en) * 2022-11-11 2023-02-03 中国银联股份有限公司 Information processing method, device, equipment and storage medium
CN116737495A (en) * 2023-06-12 2023-09-12 中国工商银行股份有限公司 Method, device, computer equipment and storage medium for determining running state
CN116862236A (en) * 2023-07-11 2023-10-10 河南金盾信安检测评估中心有限公司 Risk scene assessment method, system, terminal equipment and storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110178915A1 (en) * 2010-01-15 2011-07-21 Lime Brokerage Holding Llc Trading Order Validation System and Method and High-Performance Trading Data Interface
US10748154B2 (en) * 2016-12-23 2020-08-18 Early Warning Services, Llc System and method using multiple profiles and scores for assessing financial transaction risk
CN115456786A (en) * 2022-09-21 2022-12-09 江苏苏宁银行股份有限公司 Transaction link resource loss detection system, method and device based on big data

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002324205A (en) * 2001-04-24 2002-11-08 Nec Corp Transaction account monitoring and notifying method
KR20050101896A (en) * 2004-04-20 2005-10-25 김동진 Real-time risk management system and method for on-line stock trading and loan
KR20060112095A (en) * 2005-04-26 2006-10-31 이상엽 Funds management system of user selection type using account savings of bank
KR20080077065A (en) * 2008-07-10 2008-08-21 장시영 Financial service system on internet available a deposit-holder to decide a loan contractor
WO2016170386A1 (en) * 2015-04-20 2016-10-27 Beidas Moussa Burhan System, method, and computer program product for facilitating financial transactions
CN113298512A (en) * 2020-12-29 2021-08-24 阿里巴巴集团控股有限公司 Capital data information processing method and device and electronic equipment
CN113721950A (en) * 2021-07-28 2021-11-30 北京阳光消费金融股份有限公司 Resource loss prevention and control processing method and device
CN115689577A (en) * 2022-11-11 2023-02-03 中国银联股份有限公司 Information processing method, device, equipment and storage medium
CN116737495A (en) * 2023-06-12 2023-09-12 中国工商银行股份有限公司 Method, device, computer equipment and storage medium for determining running state
CN116862236A (en) * 2023-07-11 2023-10-10 河南金盾信安检测评估中心有限公司 Risk scene assessment method, system, terminal equipment and storage medium

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
Financial Crises and the Transmission of Monetary Policy to Consumer Credit Markets;Indarte, S;《REVIEW OF FINANCIAL STUDIES 》;第36卷(第10期);4045-4081 *
农村合作金融机构高风险资产价值评估问题探讨;颜章雄;黄宗葵;;企业科技与发展(第09期);134-135 *
基于COSO框架构建企业应收账款内部控制;颜晓燕;;科技广场(第12期);196-198 *
财务内部交换系统的开发及应用;李赏等;天津冶金(第06期);29-31 *

Also Published As

Publication number Publication date
CN117114693A (en) 2023-11-24

Similar Documents

Publication Publication Date Title
US7849029B2 (en) Comprehensive identity protection system
US20110131122A1 (en) Behavioral baseline scoring and risk scoring
US20120109802A1 (en) Verifying identity through use of an integrated risk assessment and management system
CN117149797B (en) Accounting method and system based on multidimensional data monitoring
CN110852878B (en) Credibility determination method, device, equipment and storage medium
US11301351B2 (en) Machine learning based data monitoring
Song et al. Predicting accounting fraud: Evidence from Japan
US20210342825A1 (en) Blockchain network risk management universal blockchain data model
CN117435630B (en) Rule preposition-based data verification method and system
CN117294657B (en) Flow control method and device
CN117235743B (en) Intelligent power management method and system based on security risk
CN117114693B (en) Event-based resource loss detection method and system
CN117112371B (en) Observable full-link log tracking method and system
CN116664310A (en) Unified monitoring and controlling method, device and system for customer risk
CN107784578B (en) Bank foreign exchange data supervision method and device
Kurniawati Red Flags to Detect Fraudulent Financial Reporting in Indonesian Banking Sector
CN114202411A (en) Enterprise capital risk prediction system based on cash flow measurement and calculation and liquidity analysis
CN116861364B (en) ERP system-based data processing method and system
CN112184238A (en) Anti-money laundering monitoring method and device for financial leasing industry, electronic equipment and medium
CN116341917B (en) Engineering financial management risk assessment system based on data analysis
US20230325683A1 (en) Automatically assessing alert risk level
CN117591530B (en) Data cross section processing method and system
US20230394069A1 (en) Method and apparatus for measuring material risk in a data set
US20210312449A1 (en) Online incremental machine learning clustering in anti-money laundering detection
CN116777633A (en) Financial asset management system based on data management

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant