GB2479131A - Fraud detection system for determining fraud risk associated with a transaction - Google Patents

Fraud detection system for determining fraud risk associated with a transaction Download PDF

Info

Publication number
GB2479131A
GB2479131A GB1005240A GB201005240A GB2479131A GB 2479131 A GB2479131 A GB 2479131A GB 1005240 A GB1005240 A GB 1005240A GB 201005240 A GB201005240 A GB 201005240A GB 2479131 A GB2479131 A GB 2479131A
Authority
GB
United Kingdom
Prior art keywords
mobile communications
detection system
fraud detection
network
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB1005240A
Other versions
GB201005240D0 (en
Inventor
Peter Mcmenemy
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
IT CONSULTANCY SOLUTIONS Ltd
Original Assignee
IT CONSULTANCY SOLUTIONS Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by IT CONSULTANCY SOLUTIONS Ltd filed Critical IT CONSULTANCY SOLUTIONS Ltd
Priority to GB1005240A priority Critical patent/GB2479131A/en
Publication of GB201005240D0 publication Critical patent/GB201005240D0/en
Publication of GB2479131A publication Critical patent/GB2479131A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3224Transactions dependent on location of M-devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A fraud detection system determines a fraud risk associated with a user transaction. The transaction involves at least one payment means, e.g. payment card 20, associated with the user 15. The user is also associated with at least one mobile communications device 10. The system determines a mobile communications network to which the at least one mobile device is or has been connected and also the geographical area covered by that network. The system then compares the geographical area with a location of the transaction to determine the fraud risk. The system may obtain information concerning a network cell to which the mobile device is or has been connected. The mobile device may comprise a location determination device, for example a GPS device. The system may determine whether the mobile device is listed in a database of lost and/or stolen devices. The invention determines the likelihood of the user being present at the country of the payment card transaction.

Description

FRPJUD DETECTION SYSTEM
FIELD OF INVENTION
The present invention relates to a fraud detection system, and in particular though not exclusively to a fraud detection system that is configured to determine an indication of whether or not a user associated with a payment means is or was present at, or in the vicinity of, a transaction.
BACKGROUND TO INVENTION
Credit or debit card fraud results in sizable losses that largely have to be borne by card providers, banks and retailers. Although initiatives such as chip and pin have resulted in some success in reducing fraud, the effect of many of these initiatives has been to move fraud away from retail locations requiring chip and pin, to retail channels having lower security, such as cardholder not present (CNP) transactions and transactions conducted in foreign countries, particularly those requiring a lower degree of authentication or security. According to figures from the UK Payments Administration (formally the Association for Payment C]earing Services (Apacs)) -the trade forum for banks, building societies, and credit card firms -CNP fraud accounted for more than £328.4 million in 2008 an increase of 13% from the previous year. Fraud abroad on UK credit cards amounted to £230.1 million in 2008, an increase of 11% from the previous year.
When card transactions are made, certain information regarding the card, such as a card identifier, may be obtained by the merchant and sent along with merchant identifiers and information and details of the transaction, such as the value of the transaction to a card provider and/or card transaction processor in order to process the transaction and arrange for payment.
The card provider or card transaction processor may monitor the information supplied as part of the transaction process and analyse the information against certain criteria in order to identify transaction patterns or information that is associated with a high risk that the transaction is fraudulent.
For example, card providers may monitor use of a card in countries other than a cardholder's country of residence and when use of a card in a country other than a card holder's country of residence is detected, the card provider may put a hold or stop on the card and decline transactions until the user contacts the provider to confirm that the transactions are genuine.
This may lead to inconvenience and embarrassment for the user if their payment card is refused, even though the user has sufficient funds or credit to cover the transaction cost. It may also leave the user unable to pay for goods or services when the cardholder's access to alternative payment options in a foreign location may be limited or non existent, leaving the cardholder without means of payment.
An object of at least one embodiment of at least one aspect of the present invention is to seek to overcome or
mitigate at least one problem with the prior art.
StThRY OF INVENTION According to a first aspect of the present invention there is provided a fraud detection system for use in determining a fraud risk associated with a transaction involving at least one payment means associated with a user and the user is associated with at least one mobile communications device, wherein the fraud detection system is adapted to determine a mobile communications network to which the at least one mobile communications device associated with the user is or has been connected, and the fraud detection system is adapted to determine a geographical area covered by the mobile communications network to which the mobile communications device is or has been connected and compare the determined geographical area with a location of the transaction, the results of the comparison being usable to determine a fraud risk associated with the transaction.
The mobile communications device associated with the user may be a mobile communications device that is registered to and/or assigned to and/or owned by and/or contracted to and/or legitimately used by the user.
The payment means associated with the user may be a payment means that is registered to and/or assigned to and/or issued to and/or legitimately usable by the user.
The mobile communications network may comprise a cellular network.
The mobile communications device may preferably comprise a communications enabled portable computing device such as a pda, ]aptop computer, tab]et computer, netbook computer, smart-phone, or the like, or most preferably comprises a mobile or cellular phone.
The fraud detection system may be configured to provide an indication of fraud risk based on the comparison between the determiried geograpfr±cal area arid the Jocatori of the transaction. The indication of fraud risk may be provided to a provider or financial institution associated with the payment means.
The fraud detection system may be configured to interface with one or more mobile network operator's cellular network components in order to directly or indirectly retrieve connection data for the at least one mobile communications device, the network connection data indicating, or being usable to determine, the mobile communications network to which the mobile communications device is or has been connected.
Examples of the mobile communications network components that may be referenced directly or indirectly may comprise, but are not limited to, a Home Location Registry (HLR), a Virtual Location Registry (VLR), the mobile communications network's Intelligent Network (IN), a Mobile Switching Centre (MSC), Network Application Programme Interfaces (API) and the like.
The fraud detection system may be arranged to receive transaction data originating from a transaction processing system, which may be a transaction processing system of a merchant, such as a point of sale terminal. The transaction data may comprise data indicating the location of the terminal, or which is usable in determining the location of the terminal. The fraud detection system may be configured to use transaction data or data derived from it in order to determine the location of the transaction.
The fraud detection system may be adapted to use the comparison of the geographical area covered by the mobile communications network to which the mobile communications device is connected with the location data associated with the transaction in order to determine a fraud risk.
It will be appreciated that mobile communications networks are generally associated with or cover defined geographical areas. The geographical areas may correspond to countries, for example, a UK based mobile communications network operator's network may substantially cover only the UK or a German mobile communications network operator's network may substantially cover only Germany. Even if a particular mobile communications network operator has a mobile communications network in each of a plurality of countries, there is usually a well defined distinction between the networks of each country. However, in some cases, particularly for larger countries, mobile communications network operators may be arranged regionally, and each geographical area may cover only a portion of a country, for example, a particular region, jurisdiction, cities or other conurbations or counties. Other examples of geographical areas may comprise international or national countries or time-zones.
The mobile communications device held by a user may be associated, registered or contracted with a mobile communications network operator (including organisations that operate virtual mobile communication networks (MVNO)) The associated, registered or contracted mobile communications network operator may be a mobile communications network operator who holds the details of the mobile communications device and/or user details and/or is responsible for billing or charging the user. The user details may be stored within the systems operated by the mobile communications network provider and unique mobile identifying information may be stored in a home location registry (HLR) of the mobile communications network operator. HLR5 are a technical mobile communication network component/system allowing the authentication and routing of mobile telephony events.
The fraud detection system may be arranged to determine if the mobile communication device is or has been connected to a mobile communications network other than the mobile communications network of the user's associated, registered or contracted mobile communications network operator. The fraud detection system may be arranged to determine if the mobile communications device is or has been roaming on a mobile communications network other than that of its associated, registered or contracted mobile communications network operator.
The mobile communications network to which the mobile communications device is or has been connected may be associated with a geographical area other than a geographical area of residence of the user (e.g. roaming on a network of a foreign mobile communications network) or a geographical area associated with the mobile communication network of the user's associated, registered or contracted mobile communications network operator.
The fraud detection system may be adapted to determine a geographical area covered by or associated with the mobile communications network to which the mobile communications device is or has been connected.
The fraud detection system may be adapted to compare the geographical area covered by or associated with the mobile communications network to which the mobile communications device is or has been connected with a geographical area associated with the transaction. The geographical area associated with the transaction may be determined from the location data associated with the transaction, merchant or merchant services provider. The determination of mobile communications network may be for a time related to the transaction.
The fraud detection system may be adapted to determine if the user is connected to a mobile communications network to which the user is associated, registered or contracted.
The fraud detection system may be adapted to determine a mobile telephony network cell associated with a last network-attach to the mobile communications network of the mobile communications network operator either before the transaction is authorised to be carried out or used for post event fraud detection analysis and/or reporting.
A network attach may comprise a radio connection between a handset and a nearest base transceiver station (BTS), i.e. there may be a connection between the handset and the network.
The fraud detection system may comprise or be arranged to access at least one reference data storage system. The reference data storage system may be configured to store a list of departure cells. A departure cell may comprise a cell of a mobile communications network covering a departure point from a geographical area, for example, an airport, a ferry terminal or vessel, aircraft or other vehicle with its own base transceiver station (creating a cell), a train station, a bridge, a tunnel entrance or exit, a roadway, a border crossing or the like.
The fraud detection system may be configured to compare the location of the cell associated with a last network-attach to the mobile communications provider's network before the transaction is authorised to be carried out or used for post event analysis and/or reporting, with the list of departure cells, and may be configured to determine a fraud risk accordingly.
The reference data storage system may be configured to store a list of peripheral departure cells. A peripheral departure cell may comprise a cell of a mobile communications network adjacent to and/or associated with the departure point. For example, peripheral departure cells may comprise those cells surrounding and servicing an airport long term offsite car park, the cells last registered immediately after the plane takes off (should the user have forgotten to switch their mobile communications device off), the final land mass connection, or national or international border, should the user be travelling by ferry or ship where the ferry or ship remains within network coverage following the departure from port or the like.
The fraud detection system may be configured to compare the location of the cell associated with a last network-attach to the mobile communications provider's network before the transaction is carried out with the list of peripheral departure cells, and may be configured to determine a fraud risk accordingly.
The fraud detection system may be configured to determine or access a list of destinations associated with and/or travelable from a departure cell or peripheral departure cell. Each destination may comprise a defined geographical area such as an international country, city, region, time-zone or the like. The fraud detection system may be configured to compare the location and/or geographical area associated with the transaction to the list of destinations and/or destination geographical locations associated with or travelable from the departure and/or peripheral cell, and the fraud detection system may be configured to determine a fraud risk accordingly.
The list of departure cells, peripheral departure cells and/or the list of destinations associated with each departure cell and/or peripheral departure cell may be stored on a database and/or storage device of the fraud detectioi system.
The fraud detection system may be configured to determine if the destination, such as a destination geographical area or country, is a day trip location and if so, determine a fraud risk accordingly.
The fraud detectori system may be coriilcjured to determine time elapsed since last network attach and/or a time associated with the payment card transaction. The fraud detection system may be configured to determine if the travel time to the destination, such as a destination geographical area or country, from the departure cell and/or peripheral departure cell associated with the last attach and/or network connection data, is greater and/or less than a minimum permitted travel time as stored or determined by the reference data storage system and may determine a fraud risk accordingly.
The fraud detection system may be configured to access at least one address associated with the user and/or mobile communications device, which may comprise an address associated with a payment means used in the transaction.
The fraud detection system may be configured to determine an area covered by the cell to which the mobile communications device is currently connected. The fraud detection system may be configured to determine if at least one address of the user is within the geographical area covered by the cell to which the mobile communications device is or has been connected, and the fraud detection system may be configured to determine a fraud risk accordingly.
The mobile communications device may comprise a location determination device, such as a GPS device, a GSM enabled device (including but not limited to a mobile phone handset, a UMTS or mobile broadband data card, a laptop, tablet computer, net-book or workstation comprising an internal or external communications means such as a SIM card, UMTS device or mobile broadband device), wi-fi connection device, other mobile telephony communications device etc. The location of the mobile communications device may be identifiable using its location determination device by a location determination system of the mobile communications network operator. The fraud detection system may be adapted to receive location data determined by the location determination system of the mobile communications network operator, or from the unique reference data provided by the device via any other location determining method for example GPS, geo-location tagging via wi-fi etc. The fraud detection system may be adapted to determine a geographical area associated with the mobile communications device using the location data.
The fraud detection system may be configured to determine an identifier associated with the mobile communications devices recently used (e.g. within a predetermined period of time, such as a week) for the mobile telephony service by the user, which may be an international mobile equipment identifier (IMEI), access a database of lost and/or stolen mobile communications devices (e.g. equipment identity register (FIR) -a recognised global central database of all telephony equipment, including but not limited to, mobile phone handsets registered lost or stolen), determine if the identifier associated with the mobile communications device is included on the list of lost and/or stolen devices and may determine a fraud risk accordingly.
The fraud detection system may be configured to determine if the identifier associated with the mobile communications device has been entered on the FIR or similar databases of lost and/or stolen mobile communications devices within a predetermined period and may determine a fraud risk accordingly. If the mobile communications device has recently been registered lost or stolen, i.e. within the predetermined period, then there may be an increased likelihood of it being stolen. If the phone was registered lost or stolen before the predetermined period, then there may be an increased likelihood that the phone has been replaced.
The fraud detection system may be configured to store and/or access a list of countries to which the user has previously travelled to. The list of geographical locations may comprise countries, cities or regions associated with and/or covered by, a mobile communications network that the mobile communications device has previously connected to or where the user has specified or informed the payment card provider of routine travel to that geographical location.
The fraud detection system may be configured to determine if the country associated with the mobile communications network to which the user is or has been connected matches a country to which the user has previously travelled to or advised of regular or impending travel to and may determine a fraud risk accordingly.
The fraud detection system may comprise a location determination means or system for determining the mobile communications network to which the mobile communications device is or has been connected and determining a geographical area covered by the mobile communications network.
The fraud detection system may comprise a fraud determination means or system for comparing the determined geographical area with the location of the transaction.
According to a second aspect of the invention is a fraud detection method for use in determining a fraud risk associated with a transaction involving at least one payment means associated with a user and the user is associated with at least one mobile communications device, comprising: determining a mobile communications network to which the at least one mobile communications device associated with the user or payment means is or has been connected, determining a geographical area covered by the mobile communications network to which the mobile communications device is or has been connected, and comparing the determined geographical area with a location of the transaction, the results of the comparison being usable to determine a fraud risk associated with the transaction.
The method may comprise receiving location data associated with the transaction. The method may comprise determining the mobile communications device associated with a user or payment means associated with the transaction.
The method may comprise communicating with one or more mobile network operator's cellular network components in order to retrieve network connection data for at least one mobile communications device, the network connection data indicating a mobile communications network to which the mobile communications device is or has been connected.
According to a third aspect of the present invention there is provided a fraud detection system for use in determining a fraud risk associated with a transaction involving at least one payment means associated with a user and the user is associated with at least one mobile communications device, wherein the fraud detection system is adapted to determine a cell of the mobile communications network associated with a last attach by the mobile communications device to the mobile communications network, and determine a fraud risk based on the cell associated with the last attach and the location data associated with the transaction.
The fraud detection system may be configured to receive location data associated with a transaction.
The fraud detection system may be adapted to interface with one or more mobile communications network operator's cellular network components in order to directly or indirectly determine the cell of the mobile communications network associated with a last attach by the mobile communications device to the mobile communications network.
The mobile communications network may be a network to which the user is associated, contracted or registered.
The fraud detection system may comprise and/or be configured to access a database of transit cells that are associated with and/or cover arrival and/or departure points for arriving in or departing a geographical area associated with or covered by the mobile communications network operator.
The fraud detection system may comprise and/or be configured to access a database of peripheral departure cells that are adjacent transit cells and/or associated with transit points.
The fraud detection system may be configured to compare the cell associated with a last network attach with the list of transit cells and/or peripheral cells.
The fraud detection system may comprise and/or be adapted to access a database of destinations linked to or travelable from the transit cells.
The fraud detection system may be adapted to compare the location data associated with the transaction with the destinations linked to or travelable from the geographical area covered by the cell associated with the last attach and determine a fraud risk accordingly.
The fraud detection system may be adapted to determine a time associated with the last attach. The fraud detection system may be adapted to determine a minimum transit time from a geographical area covered by the transit or peripheral cell associated with the last network attach to the location associated with the transaction. The fraud detection system may be configured to compare the minimum transit time with the time since the last attach and determine a fraud risk accordingly.
According to an fourth aspect of the present invention there is provided a method of operating a fraud detection system for use in determining a fraud risk associated with a transaction involving at least one payment means associated with a user and the user is associated with at least one mobile communications device, the method comprising: determining a cell associated with a last attach by the mobile communications device to the mobile communications network; and determining a fraud risk based on the cell associated with the last network attach and the location data associated with the transaction.
The method may comprise directly or indirectly receiving location data associated with a transaction.
The method may comprise interfacing with one or more mobile communications network operator's cellular network components in order to determine the cell associated with a last attach by the mobile communications device to the mobile communications network.
According to a fifth aspect of the present invention there is provided a fraud detection system for use in determining a fraud risk associated with a transaction involving at least one payment means associated with a user and the user is associated with at least one mobile communications device, wherein the fraud detection system is configured to access a database of lost and/or stolen mobile communications devices and determine a fraud risk associated with the transaction at least partially based on whether or not the mobile communications device is listed in the database of lost and/or stolen mobile communications devices.
Determining an associated mobile communications device may comprise determining an identifier, such as a unique identifier, associated with the mobile communications device. The unique identifier may comprise an international mobile equipment identifier (IMEI) The database may comprise an equipment identity register (FIR) . The database may comprise identifiers, such as unique identifiers, e.g. IMEI's, of mobile communications devices that have been reported lost or stolen.
Determining a fraud risk may comprise comparing the identifier of the associated mobile communications device with the identifiers in the database of lost and/or stolen mobile communications devices.
If a mobile communications device has been stolen, it may be indicative of the payment means also being stolen, for example, if both were contained in a stolen handbag, laptop bag or jacket together. Furthermore, if a mobile communications device is lost or stolen, then it is an indication that any fraud detection processes that rely on comparing the location of the mobile communications device and the location of an associated payments means may be compromised, and appropriate warnings may be provided or actions taken.
According to a sixth aspect of the present invention there is provided a method of operating a fraud detection system for use in determining a fraud risk associated with a transaction involving at least one payment means associated with a user, the method comprising: determining a mobile communications device associated with the user; accessing a database of lost and/or stolen mobile communications devices; and determining a fraud risk associated with a transaction at least partially based on whether or not a mobile communications device associated with a user or a payment means associated with the transaction is listed in the database of lost arid/or stolen mobile communLicationls devices.
The method may comprise receiving transaction data associated with a transaction.
According to a seventh aspect of the invention is a fraud detection system adapted to determine a mobile communications network to which a mobile communications device is or has been connected, and determine or provide an indication for use in determining fraud risk for a user or payment means associated with the mobile communications device based on the mobile communications network to which the mobile communications device is or has been connected.
The fraud detection system may be adapted to determine a geographical location covered by the mobile communications network to which the mobile communications device is connected. The geographical location may comprise a country. The fraud risk may be based on the determined geographical location.
According to a eighth aspect of the invention is a fraud detection system adapted to determine a cell of a mobile communications network associated with a last attach by the mobile communications device to the mobile communications network and determine, or provide an indication for use in determining, fraud risk for a user or payment means associated with the mobile communications device based on the last attach cell.
According to a ninth aspect of the present invention is a fraud detection system configured to access a database of lost and/or stolen mobile communications devices and determine, or provide an indication for use in determining, a fraud risk associated with a user and/or payment means associated with the mobile communications device based on whether or not the associated mobile communications device is listed in the database of lost and/or stolen mobile commurdcatoris devices.
According to a tenth aspect of the present invention is a fraud detection system for use with at least one mobile communications device comprising location determination means, the fraud detection system being configured to retrieve a location identifier determined by the location determination means of the mobile communications device, and compare the location identifier with a location of a transaction with which the mobile communications device is associated, the results of the determination being usable to determine a fraud risk.
The location determination means may comprise a GPS device, a GSM enabled device (including but not limited to a mobile phone handset, a UMTS data card, a laptop, tablet computer, net-book or workstation comprising an internal or external communications means such as a SIM card, UMTS device or mobile broadband device), wi-fi connection device, other mobile telephony communications device etc. The location of the mobile communications device may be identifiable using its location determination means by a location determination system of the mobile communications network operator. The fraud detection system may be adapted to receive the location identifier from a mobile communications network operator, or from a unique reference provided by the device via any other location determining method for example GPS, geo-location tagging via wi-fi etc. The fraud detection system may be adapted to determine a geographical area associated with the mobile communications device using the location data.
According to aspects of the invention may be provided a mobile communications network and/or a financial transaction processor comprising a fraud detection system according to the first, third, fifth, seventh, eighth, ninth or tenth aspects.
It will be appreciated that features analogous to features described in relation to any of the first to tenth aspects may be applicable to other of the first to tenth aspects. Furthermore, various aspects and/or features of the invention that have been described in relation to a system may also at least partially define a method of operating the system and/or various aspects and/or features described in relation to a method of operating a system may also at least partially define features of an analogous system.
BRIEF DESCRIPTION OF DRAWINGS
Figure 1 is a schematic showing the use of a fraud detection system according to an aspect of the invention in a transaction; Figure 2 is a flowchart detailing a part of a process performed by the fraud detection system of Figure 1; Figure 3 is a flowchart detailing a part of a process performed by the fraud detection system of Figure 1; Figure 4 is an illustration of an example of a departure cell and a peripheral departure cell useable by the fraud detection system of Figure 1; and Figure 5 is an illustration of another example of a departure cell and peripheral departure cells useable by the fraud detection system of Figure 1.
DETAILED DESCRIPTION OF DRAWINGS
At the simplest level, it is an example of an object of the system described herein to enable financial institutions to substantially reduce any payment card (e.g. credit or dehit cards or other electronic payment means) fraud where a payment card transaction takes place in countries other than the payment card user's home country by determining the likelihood of the user being present at the country or other geographical location of the payment card transaction at the time that it took place. This may include, but is not limited to, the locating of the user's mobile communications device.
Figure 1 shows a schematic of a fraud detection system for use in identifying potential fraud cases based on the physical location of a mobile communication device 10 belonging to a user 15 who is a registered user of a payment means 20. The fraud detection system 5 operates by identifying a mobile communications network 25 with which the user's mobile communication device 10 has connected and comparing a country associated with the mobile network 25 with a country or other geographical area in which a transaction involving the payment means is being conducted.
In general, in order to process certain financial transactions, such as credit or debit card payments, a merchant 45 will need to be registered with at least one merchant services provider 42,46 or in some cases directly with the transaction services provider/credit card issuer 55, which may comprise one or more providers 42,46,55 of payments means 20, or the merchant's bank but may instead be an intermediary transaction services provider.
Merchants may be domestic merchants 41, i.e. located in the same country in which the user 15 generally lives or in which the payment means 20 was issued, or foreign merchants 45, i.e. located in a different country.
Upon registering with the transaction services provider or the merchant services provider 42,46, the merchant 41,45 is required to pass checks to confirm the merchant's identity and to ensure that the merchant 41,45 meets certain criteria, such as criteria relating to the security of the merchant's system and the merchant's ability to meet any liabilities placed on it, such as the processing of chargebacks.
The merchant 41, 45 may have one or more terminals 40, for inputting transaction information and processing transactions at a point of sale. Each terminal 40, 30 is generally assigned a unique identifier, associated with the merchant 41, 45. The location information may be used to determine if the terminal 40 is situated in a user's home country, i.e. it is domestic, or if the terminal 30 is situated abroad, i.e. it is in a country other than the user's country of residence. The merchant provides certain information such as the geographical location of terminals.
The merchant information and terminal identifiers are stored by the transaction services provider 42, 46 in a suitable data store.
Various payment means 20 may be available to a user 15 and may be handled by the merchant's terminal 40, 30.
Examples of payment means 20 include a credit or debit card, a cheque, an electronic wallet, a contactless payment card, a portable computing device such as a PDA or mobile phone operating as a payment means, a money order or the like.
When the user 15 makes a payment with a payment means 20, the merchant's terminal acquires data relating to the payment means 20 and/or the user 15, such as an account identifier, security and/or authentication data such as a pin number, biometric data or a digital code stored on a memory. The data relating to the payment means 20 may be collected from the payment means 20 itself by techniques known in the art, such as reading of a magnetic strip on a card or reading a chip based memory or from the user 15 making the purchase, such as pin input via a keypad, input of biometric data via a suitable biometric reader or by non electronic means such as making a physical copy of the card details onto triplicated carbon paper in a card imprint machine 31, provided by the transaction services provider 42,46 and having the user 15 sign the carbon copy or the like.
The merchant terminal 40,30 provides transaction data such as the transaction amount, the type of transaction, the time and date of the transaction and the like.
Select data relating to the transaction, payment means 20 and merchant 41,45, such as an account identifier, a terminal 40, 30 and/or merchant 41, 45 identifier, and transaction data such as cost, time and date of the transaction are communicated from the merchant's terminal 40, 30 via a secure transmission channel 50 if transmitted electronically. This data can also be physically sent through the post in certain circumstances. If the merchant 41, 45 is using the payment means provider 55 to directly process payment for the transaction, then the data is sent directly to a transaction server of the payment means provider 55. If the merchant 41, 45 is using an intermediary transaction services provider 42, 46, then the data sent by the merchant 41, 45 and/or any data derived from it, such as a terminal 40, 30 location, is sent to the payment means provider 55 via the intermediary transaction services provider 42,46.
The transaction server is configured to analyse the merchant and/or terminal identifier received from the merchant's terminal 40, 30 and determine pre-registered location data associated with the merchant and/or terminal identifier. The transaction server is also operable to analyse the account identifier and determine pre-registered user 15 information, such as a home address and/or an identifier of the mobile communications device 10 associated with the user 15. Where an intermediary transaction services provider 42, 46 is used, one or more of these determination steps may be performed by the intermediary transaction services provider and provided to the payment means provider 55, although the intermediary transaction service provider 42, 46 often does not have access to the same level of customer data as the payment means provider 55.
As part of the payment approval process, the payment means provider 55 uses their own internal fraud analysis system or an in-house fraud department or team of individuals.
The payment means provider's own fraud department (this can be provided in many forms such as internal, outsourced or provided at a group level) only compares the data received from the merchant 41,45 or intermediary transaction services provider 42,46 and any further data determined there against certain internally determined criteria that are considered by the payment means provider 55 as being indicative of a high risk of fraud. For example, if a payment means 20 is generally used for low value transactions and is suddenly used for one or more high value transactions within a short space of time, then the internal fraud department may determine that there is a high risk of fraud and reject any transactions involving that payment means 20, e.g. refuse the card, until such times as the user authenticates that the transactions are genuine.
One criteria often associated with high risk is a payment means 20 suddenly being used in a country other than that in which the user 15 associated with the payment means resides. In certain cases, this can lead to the payment means provider 55 declining transactions involving the payment means 20 after it has been used in foreign countries, particularly those countries having a record of high incidences of fraud or whose security and/or authentication procedures may be less stringent than those normally required by the payment means provider 55.
However, often the user 15 has merely travelled abroad on business or holiday and the use of the payment means 20 is genuine. In this case, refusal of a payment means 20 can cause a great deal of embarrassment or difficulty for a user 15, particularly as the user 15 is away from their usual country of residence and may have difficulty in accessing other forms of payment or in contacting their financial institution to confirm that the transactions are genuine.
In order to mitigate the risk of incorrectly refusing payment to a user 15 who has genuinely travelled to a foreign country and to identify fraudulent use of a payment means 20, the fraud department of the payment means provider 55 sends a request for a fraud risk indicator to the fraud detection system 5 via a secure communications channel 60.
The fraud detection system 5 is arranged to determine at least one indicator of a current or recent location of the user 15 involved in the transaction by determining the connection status of the user's mobile communication device 10. In particular, the fraud detection system is operable to determine a likelihood of the user 15 being located in a country that corresponds with the country that the payment means 20 associated with the user 15 is being used in.
The fraud detection system 5 comprises a fraud detection server 65, at least one reference data store 70, a communications interface 75 to systems belonging to at least one payment means provider 55, a connection data extractor 80, a data store 85 for storing lost and/or stolen mobile communications device data, and a network application program interface (API) 90 for interfacing with systems 95 and/or network components 100 of at least one mobile communications network operator 105. The network components that are interfaced may comprise a Home Location Registry (HLR), a Virtual Location Registry (VLR), the mobile communications network's Intelligent Network (IN), a Mobile Switching Centre (MSC), and the like.
The fraud detection server 65 is configured to obtain and store data for use in determining a fraud risk for a transaction from a payment means provider 55, the reference data store 70, the lost and/or stolen mobile phone data store 85 and from mobile communications network operators 105, and determining an indication of fraud risk accordingly.
The reference data store 70 is configured to store reference data that may be required by the fraud detection system 5, such as a list of departure cells and peripheral cells, optionally mobile communications device 10 information associated with the user 15 or payment means 20, a list of destinations travelable from a departure cell, and optionally any data required to determine a minimum travel time from a departure cell to a transaction location.
The connection data extractor 80 is configured to access network components of mobile communications network operators 105 via the network API 90 in order to retrieve connection data such as data relating to the mobile communications network to which users' mobile communications devices are or have been connected and an identifier or location of a last cell of the user's home network to which the mobile communications devices were attached before a break in communication with the user's home network.
The user's home mobile communications network is a network operator (or MVNO) or provider with which the user 15 is associated, registered or contracted, i.e. is primarily responsible for providing the user 15 with mobile communications services and/or who the user pays for the mobile communications services.
When a transaction having merchant's terminal 30 location data indicating that the transaction is being or was carried out in a country other than a user's country of residence is received by the payment means provider 55, the fraud department of the payment means provider 55 issues a request to the fraud detection system 5 via the communications interface for a fraud risk indicator associated with that transaction. The fraud risk indicator provided by the fraud detection system 5 is usable in conjunction with the payment means provider's existing risk assessment functions in order to assess the risk of fraud due for example to a cloned or stolen payment means 20 being fraudulently used in a foreign country.
The request includes information identifying the location of the terminal 30 processing the transaction, and information identifying a mobile communications device 10 associated with the payment means 20 and/or user 15 involved in the transaction where this data is available to the payment means provider 55 and/or information identifying the payment means 20 and/or user 15 from which the fraud detection system can determine any mobile communication devices 10 associated with the transaction from pre-registered data stored in the reference data store 70. The request may comprise user 15 information, such as the user's home address. The user 15 information may also be determined by the fraud detection system 5 from pre-registered data stored in the reference data store 70. The request may also comprise a date and time of the transaction.
The network API 90 is in communication with servers 95 belonging to one or more mobile network operators 105 over secure communications channels 110, typically protected by encryption and firewalls at both the fraud detection system and the mobile network operator's servers 95.
The network API 90 is operable to obtain details of mobile communications networks to which mobile communications devices 10 associated with users 15 or payment means 20 currently are (or have recently been) connected from roaming records kept in databases of the mobile network operators 105.
It is common that the user 15 will have one or more mobile communications devices 10 such as a mobile phone or a communications enabled portable computing device such as a pda, laptop computer, tablet computer, netbook computer, smart-phone, or the like. When the user 15 travels to a foreign country, they generally take their mobile communications device 10 with them. If the user 15 is flying, the user 15 will power off their mobile communications device 10 before boarding the fight and power it back on again when arriving at their destination. The user's home mobile communications network operator or provider 105 keeps a record of the cell to which the mobile communications device 10 was connected before being powered off.
When the user 15 powers their mobile communications device 10 back on in the foreign country, the mobile communications device 10 will search for available host mobile communications networks. Once the mobile communications device 10 has determined an available host network, it sends a data message to the host network containing a user identification number, such as an international mobile subscriber identity (IMSI) and optionally, an equipment serial number, such as an international mobile equipment identity (IMEI) . The user identification number and any other associated or required data is relayed to a mobile switching centre (MSC) (not shown), of the host network. The mobile switching centre is arranged to determine from the mobile identification number that the mobile communications device 10 is not associated with its own network but is instead a roaming device. The mobile switching centre for the host network then determines which mobile communications network operator or provider is associated with that mobile communications device and transmits a roaming request to the system of the determined operator or provider.
Upon receiving the roaming request, the system of the user's mobile network operator accesses the user's information as stored in a Home Location Register (HLR) 100.
The IMSI and optionally the IMEI are compared to data stored in the HLR 100 and if the numbers are valid, the HLR 100 records the location of the mobile communications device 10 (i.e. connected to the host/roaming network) and returns a message to the host/roaming network containing any conditions of service, such as which calls and/or services can or cannot be provided.
Upon receipt of the return message from the user's mobile network operator, the host network instructs a Visitor Location Register (VLR), to store temporarily information about the roaming mobile communications device 10.
Although the above process is described in terms of flying, i.e. where a user 15 turns their mobile communications device 10 off, an analogous process is used for journeys in which the user's mobile communications device 10 can be left on, such as ferries, trains, or car journeys. In this case, once the mobile communications device 10 moves out of range of all base stations belonging to their own mobile network operator, the mobile network operator stores a record of the base station that the user's mobile communication device 10 last used for access to the user's home mobile communications network. The user 15 will also then reconnect as a roaming user with a host network when the user's mobile communications device 10 comes within range of a base station belonging to the host mobile network.
In order to generate the fraud risk indicator, the fraud detection system 5 is arranged to determine the country in which a user 15 is located, or has recently been located, by interfacing with network components, such as the HLR 100, MSC or VLR of mobile phone operators 105 in order to determine if the mobile communications device 10 is roaming, i.e. it is connected to a host MSC or VLR or other indicative network component other than those belonging to the user's home mobile communications network operator. If the fraud detection system 5 determines that the user's mobile communications device 10 is roaming, the fraud detection system 5 is configured to determine if the host MSC or VLR is foreign and the country associated with it.
Information identifying the last cell belonging to the mobile network to which the user's mobile communication device was connected before leaving the user's home country and/or connecting to a host/roaming network in a foreign country is also obtained.
It will be appreciated that each mobile network operator 105 may have a large number of users and as such store a vast amount of device related data in their databases. In order to minimise the amount of data transmitted and disruption to the mobile network operator's systems, the network API 90 may be configured to extract the required data as delta data, i.e. only data relating to mobile communications devices 10 that have connected to a MSC/VLR since the last download of data from the mobile network operator 105 to the fraud detection system 5. In this way, only the data that has changed is obtained, which reduces the communications bandwidth required to download the data and disruption to the mobile network operator's systems.
The connection data extractor 80 is configured to obtain the delta data from the mobile network operators 105 periodically, for example once an hour. In this way, the communications bandwidth required and disruption to mobile network operator's systems are further minimised.
Furthermore, by selecting a period between data downloads to the fraud detection system 5 from the mobile network from the mobile network operator's systems that is appropriate for the country in which the user resides, minimal reduction in accuracy of the system can be obtained. For example, for users 15 residing in the UK, even if the users 15 were to fly to a relatively close country, the time taken from when the users 15 left the terminal shopping area and boarded the plane until clearing customs at the destination would likely be close to or over an hour. Therefore, by only updating the data held by the fraud detection system 5 on an hourly basis, the data would likely still reflect that the user is not in the UK with reasonable accuracy, as the user's mobile communications device 10 would be indicated as not being connected to the user's UK mobile communications network.
Alternatively or additionally, the payment means provider 55 may request a real time determination of fraud risk. In this case, the fraud detection system 5 is operable to bypass the scheduled data extractor 80 and directly obtain the network connection information for the associated mobile communications device 10 directly via the API 90.
Once the scheduled connection data extractor 80 has obtained the delta data relating to the network to which the user's mobile communication devices 10 are connected, the data is stored in the fraud detection system 5 and processed to provide location information for mobile communications devices for use by the fraud detection server, as shown in Figures 2 and 3.
The fraud detection system 5 is operable to determine a composite fraud risk indicator reflecting one or more fraud risk analyses 205 to 250 based on parameters associated with the user's mobile communications device. The fraud risk indicator, in an optional embodiment of the invention, comprises a binary number, with each digit of the binary number representing a result of a different analysis based on parameters relating to the user's mobile communications device 10 that are determined by the fraud detection system 5. The fraud risk indicator may be used by the payment means provider 55 to determine the likelihood of fraud. By providing a composite indicator of fraud risk, no single mobile communications device related fraud risk analysis would lead to a transaction being classified as fraudulent.
This helps prevent a wrong indication of fraud being given.
Upon receipt of the request from the fraud department of a payment means provider 55, the fraud detection system 5 is arranged to determine the location of the mobile communications device 10 and a home address associated with the user 15 or payment means 20 involved in the transaction.
An indicator of the mobile communications device 10 and/or the home address may be comprised in the request from the payment means provider 35 or instead a user or payment means identifier such as a user name or account number or id code may be provided in the request and used by the fraud detection system 5 to determine any associated mobile communications devices 10 and home addresses using pre-registered information in the reference data store 70.
Optionally, the required data may be obtained from an external database, for example a database associated with the payment means provider 55.
The fraud detectori system 5 is operable to look up network connection information for the associated mobile communications device 10 as stored in the reference data store 70 and/or retrieved from mobile network operators 105.
The fraud detection server 65 determines if the mobile communications device 10 is attached to any mobile communications network or has been attached within a predetermined time period 205.
The fraud detection system 5 is operable to determine a last network access cell of the user's own mobile communications network (i.e. the user's "home" network or the network with which they are associated, registered or contracted) that was accessed or attached to by the mobile communications device 10 prior to departure (i.e. being removed from the user's mobile communications network) . The fraud detection server 65 is configured to compare the last network access cell to a list of designated departure cells stored in the reference data store 70. The departure cells are cells of the user's home mobile communications network associated with a departure point from a particular country, for example, a cell covering an airport, a ferry terminal, an international train station, a tunnel entrance or the like. If the last network access cell is a cell designated by the system as a departure cell then there is an increased chance that the user is abroad and that transactions occurring abroad may be genuine. As such, the fraud detection server updates the fraud risk indicator to reflect this.
If the last access cell is not a departure cell, the fraud detection server is operable to compare the last network access cell to a list of peripheral departure cells stored on the reference data store 70. The peripheral departure cells are cells of the user's home mobile communications network that cover areas that are adjacent to or associated with a departure cell. In this way, situations in which the user does not directly and cleanly leave a departure point are still determined and considered by the fraud detection system 5.
For example, as illustrated in Figure 4, if a passenger on a plane leaves their mobile communications device 10 powered on during the flighty the last network access cell would may be a peripheral departure cell 430 near the airport 420 that was accessed before the plane climbed to a height greater than the maximum range for mobile communications device to be able to communicate with the cells of the mobile communication network, which may not necessarily be a cell 425 covering the terminal 420 itself.
Another example, as illustrated in Figure 5, is a ferry 505 leaving a ferry terminal 510 and taking an initial route along the coast. In this case, the last network access point may be a cell 515 near the ferry terminal rather than the cell 520 covering the actual ferry terminal 510 itself.
If the last network attach to the user's home network is to a peripheral departure cell, then there is an increased chance that the user is away from the country and that the overseas transaction may be genuine. In this case, the fraud detection server 65 updates the fraud risk indicator to reflect this.
If the last network access cell is either a departure cell 420 or a peripheral departure cell, then the fraud detection system 5 compares the country in which the transaction is conducted with a list of destinations that are served from the determined departure cell 420 associated with the last network access 225. The list of destinations may be stored on the reference data store 70 and/or be obtained from one or more external databases. If the country in which the transaction is being conducted is served by direct transport links from the departure poirit associated with the last network access cell, then there is an increased probability that the transaction may be genuine and the fraud detection server 65 is configured to update the fraud risk indicator accordingly.
In an alternative or additional embodiment, the fraud detection system 5 is configured to determine a minimum travel time between the departure cell 420 or peripheral cell and the country or location of the transaction. Such a minimum travel time can be determined, for example, using route planning functionality as is known in the art. If the minimum travel time is greater than the time between the last home network access and the time that the transaction is/was conducted, then there is an increased risk that the transaction may be fraudulent and the fraud detection server updates the fraud risk indicator to reflect this.
The fraud detection system 5 is configured to check historical data associated with the user 15 recorded in the reference data store 70 to determine if the user 15 has previously legitimately travelled to the country in which the transaction is or has been carried out or covered by the mobile communications network on which the user is roaming 230. The fraud detection system 5 is also configured to check if the user has indicated that he intends to travel to the country, wherein the indication may have been relayed from the payment means provider 55 to the fraud detection system 5 along with the request. If the user 15 has legitimately travelled to the country in the past or has indicated that they intend to travel to the country, then there is a reduced risk of fraud and the fraud detection server 65 updates the fraud risk indicator to reflect this.
The fraud detection system 5 is operable to determine if a cell of the user's home mobile communications network to which the user's mobile communications device 10 last attached corresponds to a cell covering the home address of the user 15. In particular, a determination is made if the user 15 lives in a departure cell or a peripheral cell 235, 240. In this case, it is possible that the user 15 has simply left their mobile communications device 10 at home when travelling abroad. Alternatively, a transaction may be carried out abroad whilst the user 15 is at home. The fraud detection server 65 is configured to update the fraud risk indicator accordingly to reflect this, thereby minimising the likelihood of a false indication of a fraud risk being provided.
The fraud detection system 5 is configured to access a database 115 of lost or stolen phones and check if the IMEI of the mobile communications device 10 is recorded as lost or stolen 245. This may be achieved by periodically downloading a copy of a lost/stolen device register 115, such as the equipment identity register (FIR) to a mirror database 85 of the fraud detection system 5 or by accessing the lost/stolen device register 115 directly. A lost or stolen mobile communications device 10 may mean that a correlation of the mobile communication devices 10 location and transaction location may not give a reliable indication of fraud risk. Furthermore, if the mobile communications device 10 has been lost or stolen, then there is a chance that the payment means 20 was lost or stolen with it, which may lead to an increased fraud risk. Therefore, if the fraud detection system 5 determines that the mobile communications device 10 is contained on a lost/stolen register 85, 115, then it updates the fraud risk indicator to reflect these risks.
If the mobile communications device 10 is determined to be included on a lost stolen device register 85,115, the fraud detection system 5 is configured to determine if the mobile communications device 10 was lost or stolen within a pre-determiried time limit 250. such as 48hrs. In this case, the payment means 20 and the mobile communications device 10 may have been stolen together and there is an increased risk of them being used fraudulently. However, if the mobile communications device 10 was lost or stolen longer ago than the predetermined time limit, then there is an increased chance that the mobile communications device 10 is no longer associated to the customer, invalidating the risk evaluation. The fraud detection server 65 is configured to update the fraud risk indicator according to the outcome of this determination.
The fraud detection system 5 is configured to provide the determined fraud risk indicator to the payment means provider 55 so that it can be analysed to assess a magnitude of a fraud risk. The magnitude of the fraud risk can be compared with various thresholds 255 to assign an easy and quick to understand indicator 260 of the severity of the fraud risk, such as "red" for severe, "amber" for moderate, "green" for low and "ultra green" for a minimal risk.
A skilled person will appreciate that variations of the disclosed arrangements are possible without departing from the scope of the invention. For example, whilst in the process described herein, various fraud risk analyses based on factors associated with the user's mobile communications device 10 are determined and a composite of the various analyses is determined, in the form of a fraud risk indicator, it will be appreciated that some but not all of these analyses may be determined and assessed, or additional analyses may be used and/or the analyses may be performed in a different order. Furthermore, although a fraud detection system 5 described herein is separate from the systems of mobile network operators 105 or payment means providers 55, it will be appreciated that in optional embodiments, the fraud detection system 5 may be incorporated within the systems of a mobile network operator 105 and/or a payment means provider 55. Furthermore, although the fraud detection system 5 is described as comprising a plurality of components, such as a fraud detection server 65, at least one reference data store 70, a communications interface 75 to systems belonging to at least one payment means provider 55, a scheduled connection data extractor 80, a data store for storing lost and/or stolen mobile communications device data, and a network application program interface (API) 90, it will be appreciated that one or more of these components may be physically and/or logically separate or integrated. Each component may comprise a plurality of components, which may be linked. Furthermore, it will be appreciated that each component of the fraud detection system may be implemented using any choice or combination of hardware and/or software components available to a person skilled in the art, including the possibility of bespoke hardware and/or software. Although the determination of geographical location described above comprises determining a country covered by a mobile communications network, it will be appreciated that mobile communications networks are not necessarily arranged on a country by country basis. For example, in larger countries, mobile communications networks may be provided that cover parts of a country such as regions, cities, towns, time-zones or the like. As such, it will be appreciated that the invention is not necessarily limited to a determination of country but may also be applicable to other geographical areas. Furthermore, it will be appreciated that the payment means provider may simply be a payment processor and is not necessarily an issuer of payment means.

Claims (41)

  1. CLPJMS1. A fraud detection system for use in determining a fraud risk associated with a transaction involving at least one payment means associated with a user and the user is associated with at least one mobile communications device, wherein the fraud detection system is adapted to determine a mobile communications network to which the at least one mobile communications device associated with the user is or has been connected; the fraud detection system is adapted to determine a geographical area covered by the mobile communications network to which the mobile communications device is or has been connected; and wherein the fraud detection system is adapted to compare the determined geographical area with a location of the transaction, the results of the comparison being usable to determine a fraud risk associated with the transaction.
  2. 2. A fraud detection system as claimed in claim 1, wherein the fraud detection system comprises a server, and at least one interface and further comprises and/or is adapted to access at least one data storage system.
  3. 3. A fraud detection system as claimed in claim 1 or claim 2, wherein the fraud detection system comprises an interface to one or more mobile network operator's cellular network components for directly or indirectly retrieving connection data for the at least one mobile communications device, the network connection data indicating, or being usable to determine, the mobile communications network to which the mobile communications device is or has been connected.
  4. 4. A fraud detection system as claimed in claim 3, wherein the interface to one or more mobile network operator's cellular network components comprises an interface with a Home Location Registry (HLR), a Virtual Location Registry (VLR), an Intelligent Network (IN), a Mobile Switching Centre (MSC) and/or Network Application Programme Interfaces (API) of a mobile network operator's cellular network.
  5. 5. A fraud detection system as claimed in any of the preceding claims, wherein the fraud detection system comprises an interface configured to receive transaction data from a transaction processing system, wherein the fraud detection system is configured to use transaction data or data derived from it in order to determine the location of the transaction.
  6. 6. A fraud detection system as claimed in any of the preceding claims, wherein the fraud detection system is arranged to determine if the mobile communication device is or has been connected to a mobile communications network other than the mobile communications network of the user's associated, registered or contracted mobile communications network operator.
  7. 7. A fraud detection system according to any of the preceding claims, wherein the fraud detection system is adapted to determine if the mobile communications network to which the mobile communications device is or has been connected is associated with a geographical area other than a geographical area of residence of the user or a geographical area covered by or associated with the mobile communication network of the user's associated, registered or contracted mobile communications network operator.
  8. 8. A fraud detection system according to any of the preceding claims, wherein the fraud detection system is adapted to determine a mobile telephony network cell associated with a network-attach to a mobile communications network before the transaction is carried out or authorised to be carried out. 0)20 (\J
  9. 9. A fraud detection system according to claim 8, wherein the fraud detection system is adapted to determine a mobile te]ephony network cell associated with a last network-attach to the mobile communications network to which the user is associated, registered or contracted before the transaction is carried out or authorised to be carried out.
  10. 10. A fraud detection system according to claim 8 or claim 9, wherein the data storage system is configured to store a list of departure cells, a departure cell comprising a cell of a mobile communications network covering a departure point from a geographical area.
  11. 11. A fraud detection system according to claim 10, wherein the fraud detection system is configured to compare the location of a cell associated with a network-attach to the mobile communications provider's network before the transaction is carried out or is authorised to be carried out with the list of departure cells.
  12. 12. A fraud detection system according to any of claims 8 to 11, wherein the reference data storage system is configured to store a list of peripheral departure cells, wherein a peripheral departure cell comprises a cell of a mobile communications network adjacent to a departure cell and/or associated with a departure point.
  13. 13. A fraud detection system according to claim 12, wherein the fraud detection system is configured to compare the location of the cell associated with a network-attach to the mobile communications provider's network before the transaction is carried out or authorised with the list of peripheral departure cells.
  14. 14. A fraud detection system according to any of claims 10 to 13, wherein the fraud detection system is configured to determine or access a list of destinations associated with and/or travelable from a departure cell or peripheral departure cell and compare the location of the transaction to the list of destinations associated with or travelable from the departure and/or peripheral cell.
  15. 15. A fraud detection system according to claim 14, wherein the fraud detection system is configured to determine a time elapsed between the network attach associated with the departure cell and/or peripheral departure cell and a time associated with the payment card transaction and determine if a minimum travel time to the destination from the departure cell and/or peripheral departure cell associated with the last attach and/or network connection data, is greater and/or less than the minimum travel time.
  16. 16. A fraud detection system according to any of the preceding claims, wherein the fraud detection system is configured to access at least one address associated with the user and/or mobile communications device, determine a geographical area covered by a cell to which the mobile communications device is or has been connected, and determine if at least one address of the user is within the geographical area covered by the cell to which the mobile communications device is or has been connected.
  17. 17. A fraud detectori system accordThg to any of the preceding claims, wherein the mobile communications device comprises a location determination device.
  18. 18. A fraud detection system according to claim 17, wherein the location determination device comprises a GPS device, a GSM enabled device, a UMIS or mobile broadband data card, a laptop, tablet computer, net-book or workstation comprising an internal or external communications means.
  19. 19. A fraud detection system according to claim 17 or claim 18, wherein the fraud detection device is adapted to determine the location of the mobile communications device using its location determination device via a location determination system of the mobile communications network operator.
  20. 20. A fraud detection system according to any of the preceding claims, wherein the fraud detection system comprises an interface to a database of lost and/or stolen mobile communications devices and is configured to determine an identifier associated with the mobile communications device associated with the user, wherein the fraud detection system is configured to access the database of]ost and/or sto]en mobile communications devices and determine if the identifier associated with the mobile communications device is included on the list of lost and/or stolen devices.
  21. 21. A fraud detection system according to claim 20 wherein the fraud detection system is configured to determine if the identifier associated with the mobile communications device has been entered on the database of lost and/or stolen mobile communications devices within a predetermined period.
  22. 22. A fraud detection system according to any of the preceding claims, wherein the fraud detection system is configured to store and/or access a list of geographical locations to which the user has previously travelled and/or has advised of regular or impending travel and determine if the geographical location associated with the mobile communications network to which the user is or has been connected matches a geographical location to which the user has previously travelled or has advised of regular or impending travel.
  23. 23. A method of operating a fraud detection system for use in determining a fraud risk associated with a transaction involving at least one payment means associated with a user and the user is associated C_ 20 with at least one mobile communications device, the method comprising: determining a mobile communications network to which the at least one mobile communications device associated with the user or payment means is or has been connected, determining a geographical area covered by the mobile communications network to which the mobile communications device is or has been connected, and comparing the determined geographical area with a location of the transaction, the results of the comparison being usable to determine a fraud risk associated with the transaction.
  24. 24. A method according to claim 23, comprising communicating with one or more mobile network operator's cellular network components in order to retrieve network connection data for at least one mobile communications device, the network connection data indicating a mobile communications network to which the mobile communications device is or has been connected.
  25. 25. A fraud detection system for use in determining a fraud risk associated with a transaction involving at least one payment means associated with a user and the user is associated with at least one mobile communications device, wherein the fraud detection system is adapted to determine a cell of a mobile communications network associated with an attach by the mobile communications device to the mobile communications network, wherein the cell associated with the 20 attach and the location data associated with the transaction are useable to determine a fraud risk.
  26. 26. A fraud detection system as claimed in claim 25, wherein the cell is a cell of the mobile communications network associated with a last attach by the mobile communications device to a mobile communications network with which the user is registered, associated or contracted.
  27. 27. A fraud detection system according to claim 25 or claim 26, wherein the fraud detection system comprises an interface for receiving location data associated with a transaction and an interface with one or more mobile communications network operator's cellular network components, wherein the system is adapted to directly or indirectly determine the cell of the mobile communications network associated with the attach by the mobile communications device to the mobile communications network.
  28. 28. A fraud detection system according to any of claims 25 to 27, wherein the fraud detection system comprises, and/or is configured to access, a database of transit cells that are associated with and/or cover arrival and/or departure points for arriving in or departing a geographical area associated with or covered by the mobile communications network operator.
  29. 29. A fraud detection system according to claim 28, wherein the fraud detection system comprises, and/or is configured to access, a database of peripheral departure cells that are adjacent transit cells and/or associated with departure points.
  30. 30. A fraud detection system according to claim 28 or claim 29, wherein the fraud detection system is configured to compare the cell associated with a last network attach with the list of transit cells and/or peripheral cells.
  31. 31. A fraud detection system according to any of claims 28 to 30, wherein the fraud detection system comprises and/or is adapted to access a database of destinations linked to, or travelable from, the transit cells and/or departure points and compare the location data associated with the transaction with the destinations linked to or travelable from the geographical area covered by the cell associated with the last attach.
  32. 32. A fraud detection system according to claim 31, wherein the fraud detection system is adapted to determine a time associated with the last attach, determine a minimum transit time from a geographical area covered by the transit or peripheral cell associated with the last network attach to the location associated with the transaction and compare the minimum transit time with the time since the last attach.
  33. 33. A method of operating a fraud detection system for use in determining a fraud risk associated with a transaction involving at least one payment means associated with a user and the user is associated C_ 20 with at least one mobile communications device, the method comprising: determining a cell associated with an attach by the mobile communications device to the mobile communications network; and wherein the cell associated with the network attach and the location data associated with the transaction are useable to determine a fraud risk.
  34. 34. A method according to claim 33, wherein the attach is a last attach to a mobile communications network with which the user is registered, associated and/or contracted before the transaction.
  35. 35. A fraud detection system for use in determining a fraud risk associated with a transaction involving at least one payment means associated with a user and the user is associated with at least one mobile communications device, wherein the fraud detection system is configured to access a database of lost and/or stolen mobile communications devices and determine if the at least one mobile communications device is listed in the database of lost and/or stolen mobile communications devices, wherein the results of the determination are usable to determine a fraud risk associated with the transaction.
  36. 36. A fraud detection system according to claim 35, wherein the fraud detection system is adapted to determine an identifier associated with the mobile communications device; the database comprises identifiers of mobile communications devices that have been reported lost and/or stolen; and wherein the fraud detection system is adapted to determine a fraud risk by comparing the identifier of the associated mobile communications device with the identifiers in the database of lost and/or stolen mobile communications devices.
  37. 37. A fraud detection system according to claim 35 or claim 36, whereTh the unique identifier comprises an international mobile equipment identifier (IMEI) and/or the database comprises an equipment identity register (FIR)
  38. 38. A method of operating a fraud detection system for use in determining a fraud risk associated with a transaction involving at least one payment means associated with a user, the method comprising: determining a mobile communications device associated with the user; accessing a database of lost and/or stolen mobile communications devices; and determining whether the mobile communications device associated with the user is comprised in the database of lost and/or stolen mobile communications devices; wherein the result of the determination is usable to determine a fraud risk associated with the transaction.
  39. 39. A fraud detection system for use with at least one mobile communications device, the mobile communications device comprising location determination means, the fraud detection system being configured to retrieve a location identifier determined by the location determination means of the mobile communications device, and compare the location identifier with a location of a transaction with which the mobile communications device is associated, the results of the determination being usable to determine a fraud risk.
  40. 40. A fraud detection system as claimed in claim 39, wherein the location determination means comprises a GPS device, a GSM enabled device, a UMIS data card, a laptop, tablet computer, net-book or workstation comprising an internal or external communications means.
  41. 41. A fraud detection system according to claim 39 or claim 40, wherein the location of the mobile communications device is identifiable using its location determination means via a location determination system of the mobile communications network operator and the fraud detection system is adapted to retrieve the location identifier from a mobile communications network operator, and/or from a unique reference provided by the device. C') a) (\J
GB1005240A 2010-03-29 2010-03-29 Fraud detection system for determining fraud risk associated with a transaction Withdrawn GB2479131A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB1005240A GB2479131A (en) 2010-03-29 2010-03-29 Fraud detection system for determining fraud risk associated with a transaction

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB1005240A GB2479131A (en) 2010-03-29 2010-03-29 Fraud detection system for determining fraud risk associated with a transaction

Publications (2)

Publication Number Publication Date
GB201005240D0 GB201005240D0 (en) 2010-05-12
GB2479131A true GB2479131A (en) 2011-10-05

Family

ID=42228511

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1005240A Withdrawn GB2479131A (en) 2010-03-29 2010-03-29 Fraud detection system for determining fraud risk associated with a transaction

Country Status (1)

Country Link
GB (1) GB2479131A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2500212A (en) * 2012-03-13 2013-09-18 Validsoft Uk Ltd Method for location based authentication of transaction
WO2015193629A1 (en) * 2014-06-18 2015-12-23 Validsoft Uk Limited Detecting porting or redirection of a mobile telephone number
US11606694B2 (en) 2020-10-08 2023-03-14 Surendra Goel System that provides cybersecurity in a home or office by interacting with internet of things devices and other devices

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002052879A1 (en) * 2000-12-22 2002-07-04 Payment Security Sweden Ab A method of increasing security in respect of payments made with credit cards and cash cards
US20060237531A1 (en) * 2005-04-26 2006-10-26 Jacob Heffez Method and system for monitoring electronic purchases and cash-withdrawals
US20070174082A1 (en) * 2005-12-12 2007-07-26 Sapphire Mobile Systems, Inc. Payment authorization using location data
US20080227471A1 (en) * 2007-03-16 2008-09-18 Ajay Dankar Method for tracking credit card fraud
WO2010011594A1 (en) * 2008-07-22 2010-01-28 Bank Of America Corporation Location-based authentication of mobile device transactions
WO2010086608A2 (en) * 2009-01-28 2010-08-05 Validsoft (Uk) Limited Card false-positive prevention
GB2469025A (en) * 2009-03-30 2010-10-06 X122 Company Verification of a payment card transaction

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002052879A1 (en) * 2000-12-22 2002-07-04 Payment Security Sweden Ab A method of increasing security in respect of payments made with credit cards and cash cards
US20060237531A1 (en) * 2005-04-26 2006-10-26 Jacob Heffez Method and system for monitoring electronic purchases and cash-withdrawals
US20070174082A1 (en) * 2005-12-12 2007-07-26 Sapphire Mobile Systems, Inc. Payment authorization using location data
US20080227471A1 (en) * 2007-03-16 2008-09-18 Ajay Dankar Method for tracking credit card fraud
WO2010011594A1 (en) * 2008-07-22 2010-01-28 Bank Of America Corporation Location-based authentication of mobile device transactions
WO2010086608A2 (en) * 2009-01-28 2010-08-05 Validsoft (Uk) Limited Card false-positive prevention
GB2469025A (en) * 2009-03-30 2010-10-06 X122 Company Verification of a payment card transaction

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2500212A (en) * 2012-03-13 2013-09-18 Validsoft Uk Ltd Method for location based authentication of transaction
WO2015193629A1 (en) * 2014-06-18 2015-12-23 Validsoft Uk Limited Detecting porting or redirection of a mobile telephone number
US11606694B2 (en) 2020-10-08 2023-03-14 Surendra Goel System that provides cybersecurity in a home or office by interacting with internet of things devices and other devices

Also Published As

Publication number Publication date
GB201005240D0 (en) 2010-05-12

Similar Documents

Publication Publication Date Title
US10645072B2 (en) Method and system for validating transactions
US11449850B2 (en) Card false-positive prevention
US9727867B2 (en) Method for detecting misuse of identity in electronic transactions
US7832636B2 (en) Method and system for authenticating use of item
RU2695413C2 (en) Biometric solution, providing possibility of payment for passage and access to system in high-speed mode
CN100401326C (en) Method and module for blocking respectively unblocking of money accounts
EP2076889B1 (en) Mobile transit fare payment
US11308477B2 (en) Method of reducing fraud in on-line transactions
US20070174082A1 (en) Payment authorization using location data
US8118223B2 (en) Smart sign mobile transit fare payment
EP1469368B1 (en) Security method and system with cross-checking based on geographic location data
US20120052881A1 (en) Method and system for monitoring electronic purchases and cash-withdrawals
US20040073519A1 (en) Method of increasing security in respect of payments made with credit cards and cash cards
US20130030964A1 (en) Location-based payer charging system
EP3335198A1 (en) Mobile wireless payment and access
US20130030934A1 (en) System and method for credit card transaction approval based on mobile subscriber terminal location
US20100145868A1 (en) Location based fraud reduction system and method
US20150142623A1 (en) System and method for identity protection using mobile device signaling network derived location pattern recognition
WO2013136066A1 (en) Method for authenticating a transaction
WO2011066327A1 (en) Mobile wireless payment and access
WO2011006142A1 (en) Id application for nfc-enabled mobile device
AU2010271242A1 (en) Transit account management with mobile device messaging
EP2710825A2 (en) Methods, systems, and computer-readable storage media for managing risk using location, mobile, and user participating - based identity verification
JP2005539301A (en) Computer-aided vehicle reservation system and method for computer-aided vehicle reservation system
GB2479131A (en) Fraud detection system for determining fraud risk associated with a transaction

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)