KR102178253B1 - Fraud management system and method - Google Patents

Abstract

The present invention relates to a computer-implemented fraud method and system that manages fraud screening in response to a requested transaction. The fraud management system checks the effectiveness of the fraud screening strategy and predicts the effectiveness of the new fraud screening strategy based on the total cost of fraud. Such calculations are easily provided as transactions are divided into groups, and the total cost of fraud is calculated for a representative element of the group, and may not be calculated for each transaction within the group. Further, if fraud screening is based on rules that apply acceptance flows to predetermined conditions, fraud management can select the best acceptance flows for the predetermined conditions by minimizing the total cost of fraud. Finally, fraud management can also flag rules that are inefficient due to indicators associated with the total cost of fraud to highlight rules for which predetermined conditions should be changed.

Description

Fraud management system and method {FRAUD MANAGEMENT SYSTEM AND METHOD}

Cross-reference to related applications

This application relates to a joint pending application No. 13/786,497 entitled "Fraud Decision Processing System and Method", the entire contents of which are incorporated by reference.

Technical field

The present invention relates to a method and system for performing fraud screening for any type of transaction request.

The merchant needs to reduce the number of fraudulent transactions, as the merchant is responsible for reimbursing the actual credit card holder for the amount of the fraudulent transaction when fraud occurs. Thus, the payment system performs fraud screening to reduce fraud. The amount of the transaction, the location of the sale, the IP address of the requesting device (for online payments), whether the credit card is on the black list, and even the same credit card number, email or name (speed Check), based on transaction information, such as data on repeated transactions, fraud screening service providers can deny the requested transaction, allow the requested transaction, or direct the requester to a manual review. have. For manual review, the system waits for additional information.

In the example of purchasing an air ticket, the transaction information may further include an origin, a destination, and a time before departure.

Typically the rules of fraud screening systems are adjusted based on heterogeneous data, in particular, such as the rate of false negatives, false positives and manual reviews. Here, the applicant proposes a method of evaluating the effectiveness of a fraud screening strategy a posteriori and a priori based on the estimated total cost of fraud, and recommendations on how to adjust this strategy. ).

The total cost of fraud is the cost of false positives (which may include ticket reimbursement and chargeback processing), the cost of false positives (which may include lost sales), and other fraud-related expenses (objectionable). Including the cost of challenge processing and fraud screening engines and even merchant fees). Currently, the total cost of fraud includes uncertainty and is difficult to assess.

In general, methods and systems are provided for computer-implemented fraud management systems. The fraud management system can monitor the effectiveness of a given fraud screening strategy, predict the effectiveness of new fraud screening strategies, compare these strategies, identify the least efficient rules of fraud screening strategies, and perform associated operations. By completing, you can provide these results to user requests with minimal response time. The user may choose to directly apply the recommended fraud screening strategy and/or redefine the rules flagged by the system to the least effective. This is particularly related to large merchants sending a significant number of resources dedicated to fraud management, and to the travel industry, where large amounts are involved.

The system may limit the total cost of fraudulent action based on user input and historical data. Based on this measure, the system can monitor the effectiveness of the existing fraud management strategy and predict the effectiveness of the new fraud management strategy by identifying the minimum efficiency rules of the fraud management strategy.

The system will provide a process that minimizes response time by pre-sorting transactions into groups, minimizing the total cost of fraud calculations, and sampling fraud screening requests to improve computation speed while maintaining precision. I can. For this purpose, the fraud management system can generate an estimated total cost of a fraud calculation engine, which can process according to the current state of knowledge and uncertainty based on historical data and user input.

As a feature, to ensure minimum response time to user requests, the total cost of fraud may not be calculated for each of the requested transactions. Requested transactions may be grouped into multiple groups of requested transactions, and the total cost of fraud may be calculated for one of the groups of requested transactions. Requested transactions can be grouped based on transaction information. The transaction information may include the value of the requested transaction and/or the requested transaction date. If the user request is to monitor the performance of the old strategy, then the requested transaction is based on the following criteria: the number of fraud screenings performed, the number of payment method authentications performed, whether an objection by manual review has been carried out, the request It can be grouped based on one of a date, a range of ticket amounts, and whether the requested transaction is allowed. If the user request is to predict the performance of the new strategy, then the requested transaction can be further grouped according to the acceptance flow being tested. As another feature, if the user request is to predict the performance of a new strategy, there may be sampling fraud screening. Eventually all fraud screening may be performed, but at a given point in time, the fraud screening performed may be divided into groups according to size.

As another feature, a computer-implemented fraud management system can determine an optimal acceptance flow for a set of transactions that verify specific conditions. Thus, the system can change the fraud screening rule by changing the acceptance flow corresponding to this rule. The acceptance flow may include one of the following: accepting the requested transaction, rejecting the requested transaction, and challenging the requested transaction. The acceptance flow may further include performing payment order authentication before making a final decision.

This summary is provided to introduce concepts to be described later in a simplified form in the detailed description below. This summary is not intended to identify key features or key features of the claimed subject matter, nor is it intended to assist in determining the scope of the claimed subject matter. The content of one or more embodiments is presented by the detailed description below and the accompanying drawings. Other objects, features, and advantages of the present invention will be more easily understood by considering the following detailed description of the present invention together with the accompanying drawings and claims.

In the following, specific embodiments of the present invention will be described in detail with reference to a plurality of drawings, without limitation, in which the same reference numerals denote the same elements in the drawings.
1 is a diagram showing a fraud management system implemented by a computer.
2 is a diagram showing a flow diagram of the operation of a requested transaction using fraud screening and payment means authentication.
Fig. 3 is a flow chart of a process of calculating a probability based on historical data, storing this probability in a database, and dynamically updating this probability.

A detailed description of the system and method according to a preferred embodiment of the present invention is described below.

This embodiment may take the form of a hardware embodiment, a software embodiment, or an embodiment combining software and hardware. In one embodiment, a computer-implemented fraud management system may take the form of a computer-program product comprising computer-usable instructions embodied in one or more computer-readable media.

The various fraud management systems and methods described herein may be implemented in part or in whole using computer-based systems and methods. Additionally, computer-based systems and methods augment or improve the functions described herein, increase the speed at which the functions can be performed, and provide additional features as part of or in addition to what is described herein. Can be used to Various computer-based systems, methods, and contents implementing them according to the described technology will be described below.

1 shows an embodiment of a fraud management system. The system may calculate, store, and update the total cost of the fraud database, and may apply fraud management rules and flows based in part on the total cost of the fraud database.

Referring to the fraud management system implemented by the computer of FIG. 1, the server 100, the client device and the processor 110, which may be the terminal 200, may include a general-purpose computer, and an operating system (eg, DOS , Windows 2000™, Windows XP™, Windows NT™, OS/2, UNIX or Linux), and an internal or external memory for storing data and programs such as one or more application programs. Examples of application programs include computer programs that implement the techniques described herein for lyric and multimedia customization, e.g., authoring applications that can generate documents or other electronic content. (Eg, a word processing program, a database program, a spreadsheet program, or a graphics program); Client applications (e.g., Internet service provider (ISP) clients, email clients, or instant messaging (IM) clients) that can communicate with other computer users, access multiple computer resources, and view, create, or manipulate electronic content. ; And a browser application (eg, Microsoft's Internet Explorer) capable of rendering standard Internet content and other content formatted according to a standard protocol such as HTTP (Hypertext Transfer Protocol). One or more computer programs may be installed in an internal or external storage medium of a general-purpose computer. Alternatively, in another embodiment, the application program may be stored on or executed by one or more device(s) external to a general purpose computer.

Further, client devices, which may be terminal 200, include desktop computers, servers, laptop computers or other mobile computing devices, network-powered cellular phones (with or without media capture/playback capabilities), wireless email clients or web It may be or include other clients, machines, or devices that perform several tasks including browsing, searching, e-mail (e-mail) and other tasks, applications, and functions.

A general purpose computer may include a central processing unit (CPU) that executes an instruction in response to a command and a communication device that transmits and receives data. An example of a communication device is a modem. Other examples include transceivers, communication cards, satellite dishes, antennas, network adapters, or some other mechanism capable of sending and receiving data over a communication link via a wired or wireless data path.

General purpose computers may also include input/output interfaces that allow wired or wireless connections to various peripheral devices. Examples of peripheral devices include, but are not limited to, a mouse, a mobile phone, a personal digital assistant (PDA), a keyboard, a display monitor with or without a touch screen input, and an audio dimension input device. In yet another implementation, the peripheral device may include the functionality of a general purpose computer. For example, a mobile phone or PDA may contain computing and networking capabilities and functionality as a general purpose computer by accessing a network and communicating with other computer systems. Examples of networks such as network 300 include the Internet, World Wide Web, WAN, LAN, analog or digital wired and wireless telephone networks (e.g., public switched telephone networks (PSTNs), integrated services digital Network (ISDN) and Digital Subscriber Line (xDSL), radio, television, cable or satellite systems, and other delivery mechanisms that carry data A communication link is a communication path that can communicate over one or more networks. It may include.

In one implementation, the processor-based system of a general purpose computer may include main memory, preferably random access memory (RAM), and may also include a second memory, which may be a computer-readable medium 120. . The second memory may be, for example, a hard disk drive or a removable storage drive, for example a floppy disk drive, a magnetic tape drive, an optical disk drive (Blu-Ray, DVD, CD drive), magnetic tape, paper tape, punched It may include storage drives representing cards, standalone RAM disks, Iomega Zip drives, and so on. Removable storage drives can be read from or written to a removable storage medium. Removable storage media are floppy disks, magnetic tapes, optical disks (Blu-Ray disks, DVDs, CDs) and memory cards (CompactFlash cards, secure digital cards, memory sticks) that can be removed from the storage drive used to perform read and write operations. ), a paper data storage medium (punched card, punched tape), and the like. As will be appreciated, removable storage media may include computer software or data.

In an alternative embodiment, the second memory may include other similar means for loading a computer program or other instructions into the computer system. Such means may include, for example, removable storage units and interfaces. Examples of these means include program cartridges and cartridge interfaces (e.g. those found in video game devices), removable memory chips (e.g. EPROM or PROM) and associated sockets and software and data from a removable storage unit to a computer system. Other removable storage units and interfaces that can be delivered to the device may be included.

Referring to FIG. 1, the network 300 (also 310 and 320) may further include a communication interface capable of transferring software and data between the terminal 200, the server 100, and other components shown in the system. . The components of the system may also be independent components capable of communicating with each other through the network 300 with a centralized server 100 and/or a client device. Examples of communication interfaces may include modems, network interfaces (eg, Ethernet cards), communication ports, and PCMCIA slots and cards. The software and data conveyed through the communication interface may be in the form of signals, which may be electronic, electromagnetic, optical, or other signals that may be received by the communication interface. These signals may be provided to a communication interface through a channel capable of carrying the signal, and may be implemented using a wireless medium, wired or cable, optical fiber or other communication medium. Some examples of channels may include telephone lines, cellular phone links, RF links, network interfaces, and other suitable communication channels.

In this document, the terms "computer program medium" and "computer readable medium" are generally used to refer to a medium such as a removable storage device, a disk installable in a disk drive, and a signal on a channel. These computer program products can provide software or program instructions to the computer system.

Computer-readable media includes volatile and nonvolatile media, removable and non-removable media, and contemplates media readable by databases, switches, and various other network devices. Network switches, routers and related components are conventional in nature, as are the means of communicating with them. By way of example and not limitation, computer-readable media includes computer-storage media and communication media.

Computer-storage media or machine-readable media include media implemented by any method or technology for storing information. Examples of stored information include computer-usable instructions, data structures, program modules, and other data representations. Computer-storage media include RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, DVD, holographic media or other optical disc storage media, magnetic cassettes, magnetic tapes, magnetic disk storage media and other magnetic storage devices. It may include, but is not limited to these. These memory components can store data momentarily, temporarily or permanently.

Communication media generally store computer-usable instructions-including data structures and program modules-in a modulated data signal. The term "modulated data signal" refers to a signal that is propagated by including one or more characteristics set or changed to encode information. An exemplary modulated data signal includes a carrier wave or other transport mechanism. Communication media includes any information-carrying media. By way of example and not limitation, communication media includes wired media, such as wired networks or direct-wired connections and wireless media, such as acoustic, infrared, radio, microwave, spread-spectrum and other wireless media technologies. Combinations of the above media are also included within the scope of computer-readable media.

The computer program may be associated with the application and may be stored in the main memory or the second memory. Such computer programs can also be received via a communication interface. Such computer programs, when executed, enable the computer system to perform features as described herein. In particular, a computer program, when executed, enables a processor to perform the techniques described herein. Thus, such a computer program can represent a controller of a computer system.

In one embodiment in which the elements are implemented using software, the software may be stored in or transmitted through a computer program product, for example, to a computer system using a removable storage drive, a hard drive, or a communication interface. Can be loaded. When executed by a processor, control logic (software) may cause the processor to perform the functions of the techniques described herein.

In another embodiment, the elements may be implemented in essentially hardware using, for example, a hardware component, for example a PAL (Programmable Array Logic) device, an application specific integrated circuit (ASIC) or other suitable hardware component. . Implementing a hardware state machine to perform the functions described herein will be apparent to one of ordinary skill in the art(s). In still other embodiments, the elements may be injected using a combination of hardware and software.

Referring to Fig. 1, the computer-based method may be accessed or implemented over the world wide web by accessing through a web page, in the method described herein. Thus, a web page can be identified by a Universal Resource Locator (URL). The URL can refer to the server and a specific file or page on the server. In this embodiment, it is understood that the client computer system, which may be the client device 106, interacts with the browser and may select a specific URL that may cause the browser to send a URL or page request to the server identified in the URL. . In general, the server may retrieve the requested page in response to this request and send this page data back to the requesting client computer system, which may be the client device 106 (client/server interaction is the hypertext transfer protocol). Or it can be done generally according to HTTP). The selected page can be displayed to the user on the client's display screening. The client may cause the server containing the computer program to launch the application, for example, performing the analysis according to the described technique. In yet another implementation, the server can download an application to run on the client and perform analysis according to the described techniques.

Referring to FIG. 1, a payment server 100 that may include a fraud management engine may include a processor 110 and a real computer-readable medium 120, for example a disk drive or a flash memory system. . The computer-readable medium 120 stores programming that causes the processor and payment server 100 to perform the functions described below. The server 100 communicates with the terminal 200 through a network 300, for example. The network 300 may be, for example, the Internet. Network 300 may also be a dedicated or local network. By the operation of the processor 110 and the computer-readable medium 120, the payment server 100 receives a transaction request (eg, purchase of an air ticket) and transaction information from the terminal 200 through the network 300 do. The terminal 200 may be, for example, a merchant terminal (eg, an airline sales terminal) or a merchant's server.

The payment server 100 (including the fraud management engine) may communicate with the fraud screening service provider server 400 via, for example, a network 310. The network 310 may be, for example, an Internet-only network or a local network. Upon receiving the transaction request, the payment server 100 performs fraud by communicating with the fraud screening service provider 400 via the network 310, by the operation of the processor 110 and the computer-readable medium 120. Perform screening. The payment server 100 may perform fraud screening by transmitting the requested transaction and transaction information to the fraud screening service provider server 400, and receive a result of fraud screening from the fraud screening service provider server 400. . In another embodiment, the payment server 100 includes a fraud screening engine and performs fraud management.

The fraud screening service provider server 400 transmits the fraud screening result to the payment server 100 again. Based on this result, the payment server may issue a decision to the terminal 200 to allow the requested transaction, reject the requested transaction, or request more information. In the case of collecting more information through manual review, the payment server 100 waits for additional information from the terminal 200.

에 의해 개발되고 MasterCard

에 의해 채용된 3-D Secure

인증 프로토콜이다. 일 구현에서, 패스워드는 인증을 위해 유저에 제공된다. 이런 유형의 인증의 하나의 추가된 특징은 사기 비용이 전이(shift)된다는 것이다. 결제 수단이 3-D Secure

인증 프로그램에 등록(enrolled)되고 이 인증이 수행될 때, 총 사기 비용은 이 수단의 발행 은행(issuing bank)으로 전이된다. 따라서, 상인은 기꺼이 3-D Secure

인증을 사용한다. Another type of information collection is authentication of payment methods such as credit or debit cards. An example of such certification is Visa

Developed by MasterCard

3-D Secure adopted by

It is an authentication protocol. In one implementation, the password is provided to the user for authentication. One added feature of this type of authentication is that the cost of fraud is shifted. Payment method is 3-D Secure

When enrolled in an authentication program and this authentication is performed, the total cost of fraud is transferred to the issuing bank of this means. Therefore, the merchant is willing to 3-D Secure

Use authentication.

인증 프로그램에서, 인증 서비스 제공자 서버(600)는 결제 수단(예를 들어 신용 카드)의 발행 은행(issuing bank)이거나 또는 이 발행 은행(issuing bank)에 의해 약정된 서비스 제공자일 수 있다. 네트워크(320)는, 예를 들어, 인터넷, 전용 또는 로컬 네트워크일 수 있다. The system may include a terminal 200 that communicates with an authentication service provider server 600 via a network 320. 3-D Secure

In the authentication program, the authentication service provider server 600 may be an issuing bank of a payment method (eg, a credit card) or a service provider contracted by this issuing bank. Network 320 may be, for example, the Internet, a dedicated or local network.

)을 사용하여 요청된 거래가 동작하는 흐름도(flow)를 나타낸다. 도면부호 700으로 표시된 단계에서, 시스템은 최초의 사기 스크리닝(fraud screengin)을 수행할 수 있다. 가능한 동작 응답 흐름(즉, 정렬된 단계)은 거래를 허용하는 단계(710), 거래를 거부하는 단계(720), 3DS 인증을 수행하는 단계(730) 및 수동 리뷰를 수행하는 단계(725)를 포함한다. 사기 스크리닝은 예측될 수 있고 또는 시스템은 임의의 지불 거절 정보가 수신되기 전에 거래가 수용되었는지 또는 거부되었는지 여부에 기초하여 디폴트로 개연성을 추정할 수 있다. Figure 2 shows fraud screening and payment method authentication (e.g., 3D-Secure

) To show the flow of the requested transaction. In the step indicated by reference numeral 700, the system may perform an initial fraud screengin. Possible action response flows (i.e., ordered steps) include: accepting the transaction 710, rejecting the transaction 720, performing 3DS authentication 730, and performing manual review 725. Include. Fraud screening can be predicted or the system can estimate the probability by default based on whether the transaction has been accepted or rejected before any chargeback information is received.

As a result of the manual review, the system may make a decision to accept (740) the transaction or reject (750) the transaction.

As a result of 3DS authentication 730, the system may make a decision to allow the transaction 740, reject the transaction 750, or perform a manual review 755. This manual review 755 may result in allowing 770 the transaction or rejecting 780 the transaction.

The server 100 further includes a fraud management engine that generates, stores and updates the total cost of the fraud database and uses the calculated total fraud cost to improve fraud screening efficiency. The database may be stored on a computer-readable medium 120.

Fraud screening needs to minimize negative errors (failing to detect fraudulent transaction requests) and false positives (misidentifying legitimate transaction requests as fraudulent transactions). However, it is difficult to balance the two without knowing the economic impact in terms of cost.

The total cost of fraud is a unique criterion for performing this balancing, and may include the following variables:

· Fraud reimbursement cost: The cost for the merchant to reimburse the transaction authorized by fraud as a transaction that the merchant is responsible for. In the example of purchasing an air ticket, the fraud reimbursement cost is the ticket value.

Refusal Fee: When a chargeback is received, the merchant may spend some time processing and inquiring about it. This time can be converted into human labor costs. Furthermore, the merchant may be penalized by his bank for each chargeback received, as the received chargeback causes the bank to perform additional manual work.

· Complaint Cost: The cost of performing additional checks by manual review.

Lost sale: The total sales margin that was not made due to the likelihood that a customer who was rejected due to an incorrectly rejected non-fraudulent transaction would not buy the ticket again.

비용: 3D-Secure

(예를 들어, 결제 수단 인증)을 수행하는 비용. ·3D-Secure

Cost: 3D-Secure

The cost of performing (e.g. payment method authentication).

· Fraud Screening Cost: The cost of performing fraud screening.

One way to calculate the total cost of fraud is by scenario. Examples of scenarios include possible responses and factors in fraud management of the requested transaction. For example, the scenario is whether the merchant is responsible for fraud (2 probabilities), whether payment method verification has been performed (2 probabilities), how many fraud screenings have been performed (3 probabilities), and manual review. It may include whether it was performed (two probabilities), whether the transaction was accepted or rejected at the end (two probabilities), and whether the requested transaction was fraudulent (two probabilities). Thus, there are 2x2x3x2x2x2, that is, 96 scenarios.

The system can calculate the total cost of transaction fraud for which the total cost of fraud can be determined.

To obtain the total cost of fraud, the probability of a scenario can be calculated, and the sum of the cost of fraud for each scenario can be associated with this probability.

The expected total cost of fraud can be generated by multiplying the sum of probability across all scenarios by the associated total cost of fraud.

The table below represents the scenario as an entry of the total cost of the fraud database (Scenario 1):

For each scenario, the total cost of fraud can be calculated by summing the individual cost components (eg, those indicated above). In the case of the scenario shown above, there may be no fraudulent reimbursement, no chargeback fee, no 3DS fee, plus the manual review fee plus one fraud screening per transaction fee. In this situation, certain scenarios are known, and the system can reliably calculate the total cost of fraud.

However, it is often the case that we do not know the scenario we are in and the system can handle with the associated uncertainty. Consider the following example, a fraud screening performed by a merchant who is responsible for the payment, performs a manual review, and finally decides to accept the payment. If the analysis was performed after two weeks and no chargeback was received, it is still unknown whether the payment was fraudulent. This example is summarized as a mix of scenario 1 with a certain probability (probability that payment is not fraudulent) and scenario 2 with the rest of the probability.

The table below represents scenario 2:

Thus, the total fraud cost corresponding to this example can be calculated by weighting the total fraud cost corresponding to scenarios 1 and 2 having the correct probability. These probabilities need to be estimated.

For the sake of estimation, the initial probability of fraud needs to be assessed (the probability of fraud immediately following an acceptance decision). There are two ways to have this initial probability of fraud. This is the output of a fraud screening engine (the fraud screening engine may be a prediction engine), otherwise it can be inferred from the statistics. In fact, the probability of fraud may be based on historical data stored in the total cost of a fraud database corresponding to an acceptance response (eg accepted payments have an average fraud probability of 0.5%). Moreover, this probability is dynamically updated. Certain events, such as chargebacks, trigger an update by updating the probability of fraud to one. Conversely, if a chargeback has not yet been received for several weeks, the probability of fraud slowly converges to zero from the initial value. 3 is a flow chart of the process. At the step indicated by reference numeral 800, the fraud management server calculates the probability and updates the total cost of the fraud database. In a step indicated by reference numeral 810, the fraud management server applies the data to the total cost of the fraud database for fraud management. At a step indicated by reference numeral 820, at a specific point in time, the system may evaluate whether a chargeback has occurred, and the chargeback triggers an update of the database at the stage indicated by 800 to calculate the probability of fraud.

Moreover, in the case of predicting the effectiveness of the fraudulent strategy to be tested, the additional components in the table may be indeterminate. In fact, consider the above example, one fraud screening performed by a merchant who is responsible for payments, performs manual reviews, and decides to accept payments. If the user wants to predict the efficiency of the strategy applied to this payment, and after performing 3DS, accepts the payment if 3DS=OK and rejects the payment if 3DS=KO, the "final acceptance state" is also probable or probabilistic. However, this is because we do not know in advance what the 3DS results will be. To reconcile these additional uncertainties, some assumptions are made at each fraud screening or information gathering step (positive and negative errors in 3DS, manual review and fraud screening process; and the probability of manual reviews given as fraud, manual reviews not given as fraud). ) Can be performed on the performance of.

In one embodiment, the computational cost is not performed for all transactions. For each scenario, transactions are grouped, and computational costs are performed for this group. For example, transactions can be divided into groups on the transaction value. Using the example of an air ticket, a group can include ticket deals of up to $50, $50 to $100, $100 to $150, and so on. For each group's scenario, the total cost of fraud can be calculated by calculating the total cost of fraud for one element of the group and multiplying it by the number of elements in the group.

Using this grouping, the time required for the total cost of fraud calculation is reduced as it is not performed for each and every transaction.

The fraud management system may further provide optimization of response time as the response time of fraud screening may be further reduced using grouping of transactions. For example, fraud screening is not performed for each and every transaction. By sampling, fraud screening is performed for a certain number of transactions in a group in proportion to the size of the group, and not all transactions. The results of the sample fraud screening are used as representative values for the group.

One way to do fraud management is by using rules. The rule is, for example, a predetermined condition and an acceptance flow when this predetermined criterion is satisfied (i.e., if the rule is satisfied, the corresponding step is performed). The table below shows some examples of fraud control rules in the context of purchasing air tickets:

Moreover, the efficiency of each rule can be calculated using the total cost of fraud calculations. One such calculation is known as the key performance indicator (KPI) shown below using the example of an air ticket:

As shown, the percentage of the total cost of fraudulent costs summed for all tickets for which the rule was applied is calculated for the sum of the ticket values and subtracted from the average gross margin percentage. This KPI represents the expected net gross margin from the ruled transaction by subtracting the percentage of all fraud-related costs from the average gross margin. Higher KPIs indicate more efficient rules.

인증일 수 있다. 모든 수용 흐름에 대해 KPI를 계산하여 가장 효율적인 규칙을 생성할 수 있다. Moreover, for each predetermined condition, the KPI can be calculated for each receiving flow to determine the best flow and improve the rules. For example, for pre-determined conditions, acceptance flows are accepted, rejected, manual reviewed and 3D-Secure

It can be authentication. KPIs can be calculated for all acceptance flows to generate the most efficient rules.

Although specific embodiments of the present invention have been shown and described in detail herein, it is understood that various changes and modifications may be made to the present invention without departing from the scope and spirit of the present invention. The embodiments described herein are intended to illustrate rather than limit the invention in all respects. Alternative embodiments will be apparent to those of ordinary skill in the art to which the present invention pertains without departing from the scope of the present invention.

In summary, the present invention may have the following features:

1. As a computer-implemented fraud management system,

A server communicating with the terminal;

Computer readable media; And

Includes a calculation engine;

The computer-implemented fraud screening system,

Receive multiple transaction requests,

Apply acceptance flow for each transaction;

And the calculation engine monitors the effectiveness of the fraud screening system applied by calculating the estimated total fraud cost for all transactions.

2. According to claim 1, wherein the total cost of fraud is the following: if it is fraudulent, the cost of reimbursing the transaction; if it is fraudulent; , Computer-implemented fraud management system, characterized in that calculated based on at least one of the cost of performing the probability that the transaction is fraudulent.

3. The computer-implemented fraud management system of claim 1, wherein the total cost of fraud is not calculated for each requested transaction.

4. The method of clause 3, wherein the requested transaction is grouped into a plurality of groups of requested transactions;

And the total cost of fraud is calculated for one of the groups of requested transactions.

5. The computer-implemented fraud management system of claim 4, wherein the requested transactions are grouped based on transaction information.

6. The computer-implemented fraud management system of claim 5, wherein the transaction information includes the requested transaction value and/or the requested transaction date.

7. According to claim 5, wherein the requested transaction is one of the following criteria: the number of fraud screenings performed, the number of payment method authentications, whether manual review has been performed, and/or whether the requested transaction is finally allowed. Computer-implemented fraud management system, characterized in that further grouped based on.

8. As a computer-implemented fraud management system,

A server communicating with the terminal;

Computer readable media; And

Includes a calculation engine;

The computer-implemented fraud screening system,

Receive multiple transaction requests,

Apply acceptance flow for each transaction;

The calculation engine,

Simulate new fraud screening for specific transactions,

A computer-implemented fraud management system, characterized by predicting the effectiveness of a new fraud screening system by calculating the expected total fraud cost for all transactions.

9. The method of claim 8, wherein the total cost of fraud is the following: if fraudulent, the transaction is reimbursed, if fraudulent, the transaction's chargeback cost, manual review cost, sales loss cost, payment authentication and/or fraud screening, A computer-implemented fraud management system, characterized in that it is calculated based on at least one of the likelihood that a transaction is fraudulent, a false positive of any authentication or manual review process used in a new fraud screening strategy, and a cost of performing negative errors.

10. The computer-implemented fraud management system of clause 8, wherein the total cost of fraud is not calculated for each of the requested transactions.

11. The method of claim 10, wherein the requested transactions are grouped into a plurality of groups of requested transactions;

And the total cost of fraud is calculated for one of the groups of requested transactions.

12. The computer-implemented fraud management system of claim 11, wherein the requested transactions are grouped based on transaction information.

l3. The computer-implemented fraud management system of claim 12, wherein the transaction information includes a value of the requested transaction and/or a date of the requested transaction.

14. The method of claim 12, wherein the requested transaction is based on one of the following criteria: the number of fraud screenings performed, the number of payment method authentications, whether a manual review has been performed, and/or whether the requested transaction is finally allowed. Computer-implemented fraud management system, characterized in that further grouped on the basis of.

15. The computer-implemented fraud management system of claim 14, wherein the requested transactions are sub-grouped based on a new strategy acceptance flow for the transaction and criteria forming a group.

16. The method of clause 15, wherein the total number of fraud screenings for the new strategy is fixed and less than the total number of transactions, and fraud screening sampling allocates this number across the elements of the subgroup in proportion to the size of the subgroup. Computer-implemented fraud management system, characterized in that performed by doing.

17. As a computer-implemented fraud management system,

A server communicating with the terminal; And

Including computer-readable media;

The computer-implemented fraud screening system,

Contains a pre-determined set of conditions that are mutually exclusive and collectively exhaustive (MECE);

Receive multiple transaction requests;

And determining an acceptance rule for the predetermined condition using the total cost of the fraud database of the received transaction.

18. The method of 17, wherein the flow of response is to: accept the requested transaction; Rejecting the requested transaction; And filing an objection to the requested transaction.

19. The computer-implemented fraud management system of claim 17, wherein the response flow includes performing payment method authentication.

20. The computer-implemented fraud management system of claim 17, wherein the system changes a rule for a subsequently requested transaction based on a result of applying the rule.

21. The method of clause 17, wherein the total cost of fraud includes the following: cost of reimbursing fraudulent transactions, chargeback cost of fraudulent transactions, objection cost, loss of sale, cost of performing payment authentication and/or fraud screening. Computer-implemented fraud management method, characterized in that calculated based on at least one of the costs to perform.

22. The computer-implemented fraud management method of clause 17, wherein the total cost of fraud is not calculated for each requested transaction.

23. The system of 17, wherein the requested transaction is grouped into a plurality of groups of requested transactions;

And the total cost of fraud is calculated for one of the groups of requested transactions.

24. The computer-implemented fraud management method of clause 17, wherein the requested transactions are grouped based on transaction information.

25. The computer-implemented fraud management method of claim 17, wherein the transaction information includes a value of the requested transaction and/or a date of the requested transaction.

26. The method of clause 17, wherein the requested transaction is based on one of the following criteria: the number of fraud screenings, the number of payment method authentications, whether an objection has been carried out by manual review, and/or whether the requested transaction is permitted. Computer-implemented fraud management method, characterized in that the group is further grouped.

27. The computer-implemented fraud management system of clause 17, wherein the requested transactions are subgrouped based on criteria for forming a group and a new strategy acceptance flow for the transaction.

28. The method of clause 17, wherein the total number of fraud screenings for the new strategy is fixed and less than the total number of transactions, and fraud screening sampling allocates this number across the elements of the subgroup in proportion to the size of the subgroup. Computer-implemented fraud management system, characterized in that carried out by.

29. As a computer-implemented fraud management method,

Evaluating a fraud screening rule having a predetermined condition and a corresponding acceptance flow;

Receiving a plurality of transaction requests; And

And ranking rules according to an efficiency classification based on total cost of fraud.

30. The method of item 29, wherein the total cost of fraud is the following: cost of reimbursing fraudulent transactions, chargeback cost of fraudulent transaction, objection cost, loss of sales, cost of performing payment authentication and/or fraud screening. Computer-implemented fraud management method, characterized in that calculated based on at least one of the costs.

31. The computer-implemented fraud management method of clause 29, wherein the total cost of fraud is not calculated for each of the requested transactions.

32. The method of 29, wherein the requested transactions are grouped into a plurality of groups of requested transactions;

And the total cost of fraud is calculated for one of the groups of requested transactions.

33. The computer-implemented fraud management method of claim 29, wherein the requested transactions are grouped based on transaction information.

34. The computer-implemented fraud management method of claim 29, wherein the transaction information includes a value of the requested transaction and/or a date of the requested transaction.

35. The claim 29, wherein the requested transaction is based on one of the following criteria: the number of fraud screenings, the number of payment method authentications, whether an objection was carried out by manual review, and/or whether the requested transaction was allowed. Computer-implemented fraud management method, characterized in that the group is further grouped.

36. The computer-implemented fraud management method of clause 29, wherein the rule efficiency criterion is based on a total fraud cost, the ticket value, and a total transaction margin to which the rule applies.

37. As a computer-implemented fraud management system,

Receiving a plurality of transaction requests;

Applying an acceptance flow to each transaction; And

A computer-implemented fraud management system comprising the operation of monitoring the effectiveness of a fraud screening system applied through a computational engine by calculating the estimated total fraud cost for all transactions.

38. As a computer-implemented fraud management system,

Receiving a plurality of transaction requests;

Applying an acceptance flow to each transaction; And

The action of simulating new fraud screening for a specific transaction,

A computer-implemented fraud management system comprising the operation of predicting the efficiency of a new fraud screening system through a calculation engine by calculating the expected total fraud cost for all transactions.

39. As a computer-implemented fraud management system,

Evaluating a predetermined condition without redundancy and no omissions;

Receiving a plurality of transaction requests; And

And determining an acceptance rule for the predetermined condition using the total cost of the fraud database of the received transaction.

From the foregoing, it can be seen that the present invention is configured to achieve the above and all objectives, along with other advantages apparent and inherent to the system and method. It is understood that the specified features and sub-combinations may be used, and may be used without reference to other features and sub-combinations. This is considered to be within the scope of the appended claims.

Claims (15)

As a fraud management system,
A server communicating with the terminal; And
A computer storage medium comprising a plurality of instructions, wherein when the plurality of instructions are executed by the server, the server:
Receive a plurality of transaction requests;
Classifying the transaction requests into a plurality of groups;
Select several transaction requests from each group to define a sample of the group containing fewer transaction requests than all transaction requests in the group;
For each transaction request in each sample:
Determining which of the plurality of rules is satisfied by the transaction request;
Selecting an acceptance flow from a plurality of acceptance flows based on a rule satisfied by the transaction request;
Calculating a total fraudulent cost for the transaction request by applying the selected acceptance flow to the transaction request;
Store the total cost of fraud in a total cost of a fraud database;
Determine a total fraud cost for each group based on the total fraud cost calculated for a transaction request in the sample of the group and stored in the total cost of the fraud database;
For each rule based on the total cost of fraud stored in the total cost of the fraud database, a key performance indicator and a value of transactions associated with the transaction request to which the rule is applied are calculated, thereby allowing the efficiency of the fraud management system to be monitored. , Fraud management system. The method of claim 1,
The total cost of fraud includes individual cost elements, and the individual cost elements are, in the case of fraudulent, transaction request reimbursement cost, in case of fraudulent, transaction request refusal cost, manual review cost, sales loss cost, payment authentication. Fraud management system comprising at least one of the cost of doing, and the cost of fraud screening, or the probability that the transaction request is fraudulent. The method of claim 1,
Wherein each sample consists of one of transaction requests from a corresponding group of transaction requests. The method of claim 3,
Wherein the transaction requests are grouped based on transaction information. The method of claim 4,
The transaction information includes at least one of a value of a transaction request or a date of a transaction request. The method of claim 4,
The requested transactions are,
The number of fraud screenings performed, the number of payment method authentications, whether a manual review was performed, or whether the transaction request was finally allowed.
Grouped based on one of the fraud management systems. The method of claim 1,
The above command is:
From a plurality of scenarios, identify one or more scenarios applicable to the acceptance flow applied to the transaction request,
For each of the one or more scenarios, summing a plurality of individual cost elements for the scenario to generate a fraudulent cost of the scenario,
For each of the one or more scenarios, multiplying the fraudulent cost of the scenario by a probability that the transaction request is in the scenario generating a weighted fraudulent cost for the scenario,
By summing the weighted fraud cost of the one or more scenarios to generate a total fraud cost for the transaction request,
Causing the server to calculate the total cost of fraud of each transaction request in each sample. As a way to manage fraud,
Receiving a plurality of transaction requests at a server of the fraud management system;
Classifying, by the server, the transaction requests into a plurality of groups;
Selecting, by the server, several transaction requests from each group to define a sample of the group containing fewer than all transaction requests in the group;
For each transaction request in each sample:
Determining, by the server, which of the plurality of rules is satisfied by the transaction request;
Selecting, by the server, an acceptance flow from a plurality of acceptance flows based on a rule satisfied by the transaction request;
Calculating, by the server, a total fraudulent cost for the transaction request by applying the selected acceptance flow to the transaction request;
Storing, by the server, the total cost of fraud in a total cost of a fraud database,
Determining, by the server, a total fraud cost for each group based on the total fraud cost calculated for a transaction request in the sample of the group and stored in the total cost of the fraud database; And
By the server, by calculating a key performance indicator for each rule based on the total cost of fraud stored in the total cost of the fraud database and a value of transactions associated with the transaction request to which the rule is applied And monitoring efficiency. The method of claim 8,
The total cost of fraud includes individual cost elements, and the individual cost elements are, in the case of fraudulent, transaction request reimbursement cost, in case of fraudulent, transaction request refusal cost, manual review cost, sales loss cost, payment authentication. And the cost of fraud screening, and at least one of the probability that the transaction is fraudulent. The method of claim 8,
Wherein the transaction requests are grouped based on transaction information. The method of claim 10,
Wherein each sample consists of one of transaction requests from a corresponding group of transaction requests. The method of claim 11,
The transaction information includes at least one of a value of a transaction request or a date of a transaction request. The method of claim 11,
The requested transactions are,
The number of fraud screenings performed, the number of payment method authentications, whether a manual review was performed, or whether the transaction request was finally allowed.
Grouped based on one of the fraud management methods. The method of claim 8,
The step of calculating the total cost of fraud includes, for each transaction request in each sample:
Identifying, from a plurality of scenarios, one or more scenarios applicable to the acceptance flow applied to the transaction request;
For each of the one or more scenarios, summing a plurality of individual cost elements for the scenario to generate a fraudulent cost of the scenario;
For each of the one or more scenarios, multiplying the fraud cost of the scenario by a probability that the transaction request is in the scenario generating a weighted fraud cost for the scenario; And
Summing the weighted fraud cost of the one or more scenarios to generate a total fraud cost for the transaction request. delete

Images