KR20230134775A - Method for detecting financial fraud and banking server performing the same - Google Patents

Abstract

The present invention discloses a method for detecting financial fraud and a financial server that executes the same. The financial fraud detection method includes the steps of classifying transfer details corresponding to a predetermined type of company name among account transfer details stored in a financial server to create a fraud-related transfer DB, including the transfer details constituting the fraud-related transfer DB. Deriving corporate accounts and creating an illegal financial company network based on the connectivity between each corporate account, determining whether the receiving account of the transfer details included in the fraud-related transfer DB is included in the illegal financial company network determining whether the transfer details for the receiving account meet preset conditions; if the receiving account is included in the illegal financial company network and satisfies the preset conditions, the receiving account It includes the step of setting up an illegal financial corporate account, and when a transfer request for the illegal financial corporate account is received, providing a notification to the sender who requested the transfer request.

Description

Method for detecting financial fraud and banking server performing the same}

The present invention relates to a method for detecting financial fraud and a financial server that executes the same. Specifically, the present invention relates to a method of analyzing account transfer details to identify illegal financial corporate accounts and providing notifications to users who have requested a transfer to the identified illegal financial corporate account.

The content described in this section simply provides background information for this embodiment and does not constitute prior art.

Recently, as the use of internet banking services has increased in Korea, the number of fraud cases using various methods using internet banking transfers is rapidly increasing.

For example, fraud organizations recruit transfer workers through part-time job sites using “high-profit at-home part-time jobs” as bait and use them for fraudulent activities. Specifically, when a victim purchases a product, the fraud organization carries out a fraudulent transaction by depositing the amount into the transfer Alba's account, receiving the money back from the transfer Alba, and then not delivering the product to the victim.

In addition, there are frequent cases where funds stolen through telecommunication financial fraud such as voice phishing and fraud in interpersonal transactions such as second-hand transactions are transferred to an account in the name of a specific corporation such as a limited company, and many of these limited companies are illegal on the Internet. There are many cases of gambling sites.

In cases of fraud using internet banking transfers, such as in the case of telecommunication financial fraud, there are cases in which the person suffers damage without his/her knowledge, but the money lost on an illegal gambling site is acquired in an inappropriate manner through fraudulent transactions such as second-hand transactions, and is then reused. There are cases where a serious vicious cycle occurs that causes people to waste their money on gambling.

Although the number of victims and damages from these fraudulent activities is increasing, under the current law, financial transfer fraud is treated as a transaction between individuals and is not treated as 'telecommunication financial fraud', and is detected using the Fraud Detection System (FDS). Because it is difficult to do, it is difficult to actively deal with fraudulent activities.

Therefore, there was a need for a method to analyze the recipient's transfer details and fraud report details when transferring money due to transactions between individuals, and to provide notifications including a warning to the sender if the account is suspected of being used for fraud. .

The purpose of the present invention is to extract transfer details containing fraud-related keywords from account transfer details, identify high-risk recipients by assigning a risk score to the recipient of the transfer details, and provide an alarm to the sender who transfers to the high-risk recipient. The goal is to provide a method for detecting financial fraud.

In addition, the purpose of the present invention is to receive the victim's fraud report details, extract the related transfer details, assign a risk score to the recipient, identify high-risk recipients, and provide an alarm to the sender who transfers to the high-risk recipient. It provides a method for detecting financial fraud.

In addition, the purpose of the present invention is to calculate the transfer risk for the recipient using a deep learning module based on the recipient's customer information and transfer transmission and reception data, and use this to assign a risk score to the recipient to identify high-risk recipients, The goal is to provide a financial fraud detection method that can provide alerts to senders who transfer money to high-risk recipients.

In addition, the purpose of the present invention is to create a fraud-related transfer DB and an illegal financial company network based on fraud-related transfer details, use this to identify illegal financial corporate accounts, and proceed with account transfers to the identified illegal financial corporate accounts. The goal is to provide a financial fraud detection method that can provide an alarm to the sender.

The objects of the present invention are not limited to the objects mentioned above, and other objects and advantages of the present invention that are not mentioned can be understood by the following description and will be more clearly understood by the examples of the present invention. Additionally, it will be readily apparent that the objects and advantages of the present invention can be realized by the means and combinations thereof indicated in the patent claims.

The financial fraud detection method according to an embodiment of the present invention includes the steps of classifying transfer details corresponding to a predetermined type of company name among account transfer details stored in a financial server to create a fraud-related transfer DB, and creating a fraud-related transfer DB. Deriving corporate accounts included in the transfer details and creating an illegal financial company network based on the connectivity between each of the corporate accounts, the receiving account of the transfer details included in the fraud-related transfer DB is determining whether the receiving account is included in the network of the illegal financial company, determining whether the transfer details for the receiving account meet preset conditions, determining whether the receiving account is included in the illegal financial company network and satisfying the preset conditions. In this case, setting the receiving account as an illegal finance corporate account, and when a transfer request for the illegal finance corporate account is received, providing a notification to the sender who requested the transfer request.

In addition, the step of creating the fraud-related transfer DB includes classifying transfer details transferred to a fraudulent account among the account transfer details stored in the financial server, and determining the type of fraud for the classified transfer details. , determining whether the summary or recipient of the classified transfer details is a business name of the predetermined type, and if the classified transfer details include the business name of the predetermined type, classifying the transfer details into the fraud type and It may include the step of generating the fraud-related transfer DB by storing it together.

In addition, the fraud type is the first type corresponding to the transfer details transferred by the first recipient reported with a preset fraud-related keyword or a preset amount, and the second recipient who is the owner of the receiving account to which the first recipient transferred Includes at least two of the second type, which corresponds to the transfer details of a customer who has been a victim of financial fraud, the third type, which corresponds to the transfer details of a customer who has been a victim of financial fraud, and the fourth type, which corresponds to the transfer details of a customer included in the restricted transaction list. can do.

In addition, in the step of classifying the transfer details, if the risk score allocated to the first recipient in proportion to the number of reported times is greater than a predetermined standard, the transfer details transferred by the first recipient are classified into the first type. And, the risk score of the second recipient is calculated in conjunction with the risk score of the first recipient, and if the calculated risk score is greater than a predetermined standard value, the transfer details transferred by the second recipient are sent to the second type. It may include those classified as.

In addition, in the step of classifying the transfer details, the first recipient is selected based on the risk calculated using a pre-learned deep learning module, and the transfer details transferred by the selected first recipient are classified into the first type. It may include classification.

In addition, the step of creating the illegal financial company network includes the step of creating a list of customers who have transferred to the receiving account of the transfer details included in the fraud-related transfer DB, and the corporation to which a predetermined number of customers or more of the receiving account have transferred. It may include selecting a plurality of accounts, calculating connectivity between the plurality of corporate accounts, and creating the illegal financial company network based on the connectivity relationship between corporate accounts where the connectivity is greater than a predetermined standard. there is.

In addition, the step of calculating the connectivity includes deriving a first customer list that has transferred money to a first corporate account and a second customer list that has transferred money to a second corporate account, and dividing the first customer list and the second customer list. It may include calculating the number of common customers and deriving the connectivity using a ratio of the number of common customers and the number of customers to the union of the first customer list and the second customer list.

In addition, the step of setting the receiving account as an illegal finance corporate account includes generating a list of transfer details in which the amount has been transferred to the receiving account of the transfer details included in the fraud-related transfer DB, and the receiving account is the illegal finance account. A step of determining whether the account belongs to a company included in the company network, a step of counting the number of fraud types for a plurality of transfer details transferred to the receiving account, and if the number of fraud types is more than a predetermined standard number, It may include the step of determining the receiving account as the illegal financial corporate account.

In addition, in the step of setting the receiving account as an illegal financial corporate account, the transfer history list is generated based on the transfer details included in the fraud-related transfer DB for a predetermined unit period, and the standard number is 2 or more. It may include being set to .

In addition, the step of providing the notification includes providing the notification in a preliminary transfer step of checking the recipient's account information before performing an account transfer according to the transfer request, and the notification is provided in response to the transfer request. It may include providing a transfer warning pop-up indicating the possibility that the receiving account corresponds to the illegal financial corporate account, or providing information about the type of fraud in the transfer details related to the receiving account.

Meanwhile, the financial server according to an embodiment of the present invention includes a processor, a memory for loading a computer program executed by the processor, and storage for storing the computer program, wherein the computer program is stored in the storage. An operation to create a fraud-related transfer DB by classifying transfer details corresponding to a predetermined type of company name among account transfer details, deriving a plurality of corporate accounts included in the transfer details constituting the fraud-related transfer DB, and each An operation of creating an illegal financial company network based on the connectivity between the corporate accounts, an operation of determining whether the receiving account of the transfer details included in the fraud-related transfer DB is included in the illegal financial company network, and an operation of determining whether the receiving account of the transfer details included in the fraud-related transfer DB is included in the illegal financial company network, An operation to determine whether the transfer details meet preset conditions; if the receiving account is included in the illegal financial company network and satisfies the preset conditions, an operation to set the receiving account as an illegal finance corporate account; And when a transfer request to the illegal financial corporate account is detected, an operation of providing a notification to the sender who requested the transfer request.

The financial fraud detection method of the present invention can extract transfer details that contain fraud-related keywords or have been transferred with a preset amount, and assign a risk score to the recipient of the transfer details. Subsequently, when an attempt is made to send money to a recipient whose accumulated risk score exceeds the standard, a notification is provided to the sender informing him of the risk of the transfer, thereby preventing financial accidents and fraud damage in interpersonal transactions.

In addition, the financial fraud detection method of the present invention classifies the sender who sent money to a person classified as a high-risk recipient as a high-risk recipient as well, and provides a notification informing the sender of the transfer risk when attempting to send money to a person suspected of being a transfer part-timer. , it can reduce the possibility of becoming a victim due to fraudulent transactions using transfer part-time jobs.

In addition, the financial fraud detection method of the present invention classifies high-risk recipients by accumulating risk scores based on fraud report details received from external servers and remittance terminals, thereby increasing classification accuracy for high-risk recipients.

In addition, the financial fraud detection method of the present invention can classify high-risk recipients by calculating the recipient's transfer risk through a deep learning module learned in advance using the recipient's customer information and transfer transmission and reception data for a certain period of time. Subsequently, by providing a notification to the sender when attempting to send money to a high-risk recipient, the possibility of a financial accident occurring can be reduced.

In addition, the financial fraud detection method of the present invention creates a fraud-related transfer database and an illegal financial company network based on fraud-related transfer details, and uses this to identify illegal financial corporate accounts, thereby identifying illegal financial company accounts such as illegal gambling sites. can be identified. Through this, the present invention provides a notification to the sender when an attempt is made to send money to an illegal financial corporate account owned by an illegal financial company, thereby preventing or minimizing the sender's involvement in fraud or illegal gambling.

In addition, the financial fraud detection method of the present invention can accurately identify illegal financial corporate accounts by analyzing the transfer details of users who use illegal financial companies that operate illegal sites while continuously changing company names. Additionally, the present invention can reduce the possibility of a financial accident occurring by providing a notification to the sender who attempts to transfer money to the corresponding illegal financial corporate account.

In addition to the above-described content, specific effects of the present invention are described below while explaining specific details for carrying out the invention.

1 is a diagram briefly explaining a financial fraud detection system according to an embodiment of the present invention.
Figure 2 is a flowchart for explaining a method for detecting financial fraud according to an embodiment of the present invention.
Figures 3 and 4 are flowcharts illustrating some examples of a method for extracting fraud report transfer details according to an embodiment of the present invention.
Figure 5 is a diagram for explaining an example of a method for detecting financial fraud according to an embodiment of the present invention.
Figure 6 is a flowchart illustrating a method for detecting financial fraud according to another embodiment of the present invention.
Figure 7 is a diagram for explaining an example of a method for detecting financial fraud according to another embodiment of the present invention.
Figure 8 is a diagram for explaining a method for detecting financial fraud according to another embodiment of the present invention.
Figure 9 is a block diagram schematically illustrating a deep learning module used in a financial fraud detection method according to another embodiment of the present invention.
FIG. 10 is a diagram showing the configuration of the deep learning module of FIG. 9.
Figure 11 is a diagram for explaining an example of a method for detecting financial fraud according to another embodiment of the present invention.
Figure 12 is a block diagram schematically illustrating the flow of a method for detecting financial fraud through identification of illegal financial corporate accounts according to another embodiment of the present invention.
FIG. 13 is a flowchart for explaining the operation of each step of the financial fraud detection method of FIG. 12.
FIG. 14 is a flowchart for explaining the specific operation of step S610 of FIG. 13.
Figures 15 and 16 are diagrams for explaining the types of fraudulent account transfer details shown in Figure 14.
FIG. 17 is a flowchart for explaining the specific operation of step S620 of FIG. 13.
FIG. 18 is a diagram illustrating a method for creating the illegal financial company network of FIG. 17.
FIG. 19 is a flowchart for explaining specific operations of steps S630 and S640 of FIG. 13.
Figure 20 is a diagram for explaining an example of a method for detecting financial fraud according to another embodiment of the present invention.
Figure 21 is a diagram showing the prediction effect of a financial fraud detection method according to some embodiments of the present invention.
FIG. 22 is a diagram illustrating the hardware configuration of a financial server that performs a financial fraud prevention method according to some embodiments of the present invention.

Terms or words used in this specification and patent claims should not be construed as limited to their general or dictionary meaning. According to the principle that the inventor can define terms or word concepts in order to explain his or her invention in the best way, it should be interpreted with a meaning and concept consistent with the technical idea of the present invention. In addition, the embodiments described in this specification and the configurations shown in the drawings are only one embodiment of the present invention and do not completely represent the technical idea of the present invention, so they cannot be replaced at the time of filing the present application. It should be understood that there may be various equivalents, variations, and applicable examples.

Terms such as first, second, A, and B used in the present specification and claims may be used to describe various components, but the components should not be limited by the terms. The above terms are used only for the purpose of distinguishing one component from another. For example, a first component may be named a second component, and similarly, the second component may also be named a first component without departing from the scope of the present invention. The term 'and/or' includes any of a plurality of related stated items or a combination of a plurality of related stated items.

The terms used in the specification and claims are merely used to describe specific embodiments and are not intended to limit the invention. Singular expressions include plural expressions unless the context clearly dictates otherwise. In this application, terms such as "include" or "have" should be understood as not precluding the existence or addition possibility of features, numbers, steps, operations, components, parts, or combinations thereof described in the specification. .

Unless otherwise defined, all terms used herein, including technical or scientific terms, have the same meaning as generally understood by a person of ordinary skill in the technical field to which the present invention pertains.

Terms defined in commonly used dictionaries should be interpreted as having a meaning consistent with the meaning in the context of the related technology, and unless explicitly defined in the present application, should not be interpreted in an ideal or excessively formal sense. No.

Additionally, each configuration, process, process, or method included in each embodiment of the present invention may be shared within the scope of not being technically contradictory to each other.

Below, we will look in detail at the financial fraud detection system and method of performing this, which classifies high-risk recipients using account transfer details and provides notifications (hereinafter referred to as warning notifications) informing the sender of the risk of the transfer to the sender who requested the transfer to the high-risk recipient. see.

1 is a diagram briefly explaining a financial fraud detection system according to an embodiment of the present invention.

Referring to FIG. 1, a financial fraud detection system according to an embodiment of the present invention includes a financial server 100 and a remittance terminal 200.

The financial server 100 according to an embodiment of the present invention classifies high-risk recipients using account transfer details. Next, the financial server 100 provides a warning notification to the remitter terminal 200 if the recipient of the transfer request received from the remitter terminal 200 is a high-risk recipient. The remittance terminal 200 displays the warning notification received from the financial server 100 on the screen.

Specifically, the financial server 100 may extract fraud report transfer details from account transfer details between users. Here, the fraud report transfer details include transfer details that contain preset fraud-related keywords or are transferred with a preset amount.

Subsequently, the financial server 100 may classify some of the plurality of recipients as high-risk recipients based on the fraud report transfer details. Subsequently, when the remitter terminal 200 requests a transfer to a high-risk recipient, the financial server 100 may provide a warning notification through a terminal application installed on the remitter terminal 200.

At this time, the financial server 100 and the remittance terminal 200 may be implemented as a server-client system. Specifically, the remitter terminal 200 may provide financial information or notifications provided from the financial server 100 to the user through a terminal application installed on the remitter terminal 200.

Here, the terminal application may be a dedicated application for providing financial information or notifications, or a web browsing application for providing through a web page. Here, the dedicated application for providing financial information or notifications may be an application built into the remitter's terminal 200 or an application downloaded from an application distribution server and installed on the remitter's terminal 200.

Hereinafter, for convenience of explanation, an example will be given where the remitter terminal 200 displays a notification provided from the financial server 100 on the screen using a pre-installed terminal application (hereinafter referred to as application).

The remittance terminal 200 refers to a communication terminal capable of operating a terminal application in a wired or wireless communication environment. The remittance terminal 200 may be a user's portable terminal. In FIG. 1, the remittance terminal 200 is shown as a smart phone, a type of portable terminal, but the present invention is not limited thereto, and can be applied without limitation to any device capable of mounting a terminal application as described above. . For example, the remittance terminal 200 may include various types of electronic devices, such as a personal computer (PC), laptop, tablet, mobile phone, smartphone, or wearable device (eg, watch-type terminal).

In addition, although only one remittance terminal 200 is shown in the drawing, the present invention is not limited thereto, and the financial server 100 may operate in conjunction with a plurality of remittance terminals 200.

Additionally, the remitter terminal 200 has an input unit that receives user input, a display unit that displays visual information, a communication unit that transmits and receives signals to and from the outside, and processes data and controls each unit inside the remitter terminal 200. It may include a control unit that controls data transmission/reception between units. Hereinafter, the commands that the control unit executes within the remitter terminal 200 according to the user's command are collectively referred to as those performed by the remitter terminal 200.

Meanwhile, the communication network 300 serves to connect the financial server 100 and the remittance terminal 200. In other words, the communication network 300 refers to a communication network that provides a connection path so that the remittance terminals 200 can transmit and receive data after connecting to the financial server 100. The communication network 300 is, for example, a wired network such as LANs (Local Area Networks), WANs (Wide Area Networks), MANs (Metropolitan Area Networks), and ISDNs (Integrated Service Digital Networks), or wireless LANs, CDMA, Bluetooth, satellite communication, etc. may cover wireless networks, but the scope of the present invention is not limited thereto.

In an embodiment of the present invention, the financial server 100 may extract the fraud report transfer details from the account transfer details performed by a plurality of remitter terminals 200. Subsequently, the financial server 100 can classify high-risk recipients by assigning a risk score to the recipient using the extracted fraud report transfer details. Subsequently, when a transfer request for a high-risk recipient is received from the remitter terminal 200, the financial server 100 sends a notification (or pop-up) related to a transfer warning, additional authentication, or transfer impossibility through the terminal application of the remitter terminal 200. It can be provided through .

At this time, the operation of classifying high-risk recipients in the financial server 100 is performed in advance based on account transfer details received from users, or when receiving a transfer request from the sender terminal 200, the recipient for the transfer request is identified. It can be performed as a target. In other words, the financial server 100 analyzes all account transfer details received from users and classifies high-risk recipients in advance, or checks whether the recipient of the transfer request is a high-risk recipient whenever a transfer request is made from the sender terminal 200. You can judge whether or not.

Hereinafter, for convenience of explanation, when a transfer request is made from the remittance terminal 200, determination of whether the recipient is a high-risk recipient will be described as an example.

For example, when the financial server 100 of the present invention receives a transfer request for the first account of the first recipient from the remittance terminal 100, the financial server 100 receives the account transfer details of the first account. can do. At this time, the account transfer details may include information such as the transfer amount and transfer requirements.

Next, the financial server 100 extracts, from the account transfer details of the first account, a preset fraud-related keyword or a fraud report transfer details transferred with a preset amount. If there is a corresponding transfer history, the financial server 100 assigns a risk score to the first recipient of the first account. At this time, the financial server 100 may assign a risk score in proportion to the number of transfers in the fraud report transfer details. However, this corresponds to one example, and the present invention is not limited thereto.

As another example, the financial server 100 of the present invention determines whether the first beneficiary of the first account is included in the fraud report details received in advance. If there is a fraud report report related to the first recipient, the financial server 100 assigns a risk score to the first recipient of the first account. At this time, the financial server 100 may assign a risk score in proportion to the number of reported fraud transfer details. However, this corresponds to one example, and the present invention is not limited thereto.

As another example, the financial server 100 of the present invention uses a deep learning module learned in advance based on the first recipient's customer information in response to the sender's transfer request and transfer transmission/reception data for a predetermined period to send the first recipient to the first recipient. The transfer risk can be calculated. Subsequently, the financial server 100 may assign a risk score to the first recipient if the calculated transfer risk is higher than a predetermined standard value. At this time, the financial server 100 may allocate different risk scores depending on the range to which the transfer risk belongs. However, this corresponds to one example, and the present invention is not limited thereto.

Subsequently, when the accumulated risk score of the first recipient exceeds the standard value, the financial server 100 may classify the first recipient as a high-risk first recipient. Subsequently, when the remitter terminal 100 performs a transfer request to the first recipient, the financial server 100 may provide the remitter terminal 200 with a transfer warning, additional authentication, or a notification informing of the transfer impossibility.

Meanwhile, the financial server 100 may assign a risk score to the second recipient based on the transfer details of the first recipient. At this time, the second recipient is the account holder of the second account that has details of receiving money from the first recipient.

Subsequently, if the accumulated risk score of the second recipient exceeds the standard value, the financial server 100 may classify the second recipient as a high-risk recipient. Subsequently, when the remitter terminal 100 performs a transfer request to the second recipient, the financial server 100 may provide a transfer warning, additional authentication, or a notification notifying the transfer impossibility to the remitter terminal 200.

Below, a financial fraud detection method according to some embodiments of the present invention will be described in detail.

Figure 2 is a flowchart for explaining a method for detecting financial fraud according to an embodiment of the present invention.

Referring to FIG. 2, in the financial fraud detection method according to an embodiment of the present invention, the financial server 100 extracts fraud report transfer details including fraud-related keywords from account transfer details (S110). At this time, the account transfer details may include a plurality of transfer details stored in advance in the financial server 100 or received in real time.

At this time, the financial server 100 may extract the account transfer details including a transfer summary including a specific preset keyword from the account transfer details as the fraud report transfer details. For example, certain keywords may include scam, part-time, used, impersonation, cannon, damaging, or illegal. Additionally, specific keywords may be set in advance by the administrator of the financial fraud detection system or the remittance sender.

Additionally, the financial server 100 may extract account transfer details transferred with a preset amount from account transfer details as fraud report transfer details. For example, the preset amount may be set to '1 won', and the account transfer details transferred for 1 won may be extracted as fraud report transfer details.

Next, the financial server 100 assigns a risk score to the recipient (hereinafter referred to as the first recipient) of the fraud report transfer details (S120). At this time, the financial server 100 may assign a risk score proportional to the number of extracted fraud report transfer details to the first recipient.

Next, the financial server 100 assigns a risk score to the second recipient who received the transfer from the first recipient based on the first recipient's transfer information (S130). Likewise, the financial server 100 may assign a risk score proportional to the number of times remittances have been received from the first recipient to the second recipient. At this time, the second recipient may be assigned risk scores accumulated by a plurality of first remittance senders to whom risk scores have been assigned.

Next, the financial server 100 determines whether the recipient's accumulated risk score exceeds a preset standard (S140). At this time, the recipient may include the above-described first recipient and second recipient. The preset reference value may be set in advance by the manager of the financial fraud detection system.

Subsequently, if the accumulated risk score exceeds a preset standard value, the financial server 100 classifies the recipient as a high-risk recipient (S150).

Additionally, when the second recipient is classified as a high-risk recipient, the financial server 100 may also classify the first recipient, who has a history of sending money to the second recipient, as a high-risk recipient. However, this corresponds to one embodiment of the present invention, and the present invention is not limited thereto.

Next, when a transfer request occurs for a pre-classified high-risk recipient as the recipient, the financial server 100 provides a notification to the remitter terminal 200 that transmitted the transfer request (S160).

At this time, the financial server 100 may provide a notification in the preliminary transfer stage of checking the recipient's account information before performing an account transfer according to the transfer request.

Additionally, in the step of providing the above-mentioned notification, the financial server 100 provides a transfer warning pop-up informing that the recipient is the high-risk recipient, provides an authentication pop-up that performs additional authentication for the account transfer, or provides an authentication pop-up that performs additional authentication for the account transfer to the recipient. A pop-up showing that the transfer is not possible may be provided.

Figures 3 and 4 are flowcharts illustrating some examples of a method for extracting fraud report transfer details according to an embodiment of the present invention. Here, Figure 3 is a flowchart for explaining a method of extracting fraud report transfer details using fraud-related keywords from account transfer details. Figure 4 is a flow chart to explain a method of extracting fraud report transfer details using a preset amount transfer among account transfer details.

Referring to FIG. 3, the financial server 100 analyzes the transfer description included in the account transfer details (S211). At this time, the financial server 100 may analyze the transfer details of account transfer details for a predetermined period.

Next, the financial server 100 determines whether the transfer brief includes a specific keyword (S215). At this time, specific keywords may include fraud, damage, impersonation, cannon, or illegality. Additionally, specific keywords may be set by the financial fraud detection system or the remittance sender.

Additionally, prior to step S215, the financial server 100 may perform a step of extracting a specific keyword by applying a predetermined processing rule to the transfer request. For example, the financial server 100 can extract only pure Korean characters by removing numbers, English letters, special characters, or spaces from among the characters written in the transfer summary. This is to intentionally include cases where numbers, English letters, special characters, or spaces are added to the characters written in the transfer summary, in order to avoid filtering out fraudulent transfer activities by specific preset keywords.

Next, if a transfer summary containing a specific keyword exists, the financial server 100 classifies the transfer details of the transfer summary containing the specific keyword as fraud report transfer details (S219).

Meanwhile, referring to FIG. 4, the financial server 100 analyzes the transfer amount in the account transfer details (S313).

Next, the financial server 100 determines whether to transfer the preset amount (S315). For example, the preset amount may be set to '1 won', and the account transfer details transferred for 1 won may be extracted as fraud report transfer details. At this time, the preset amount may be set by a financial fraud detection system or the sender.

Next, if there is a transfer history in which the preset amount is transferred, the financial server 100 classifies the transfer history in which the preset amount is transferred as a fraud report transfer history (S319).

3 and 4, the financial server 100 assigns a risk score to the recipient based on the classified fraud report transfer details (S120 in FIG. 2). Since the content below step S120 is the same as the content described above with reference to FIG. 2, description of overlapping content will be omitted here.

Figure 5 is a diagram for explaining an example of a method for detecting financial fraud according to an embodiment of the present invention. Here, <a1> in FIG. 5 is a diagram showing the account transfer relationship between the sender and recipient, and <a2> is a diagram showing a notification provided to the sender who requested a transfer to a high-risk recipient.

Referring to FIG. 5, the financial server 100 can analyze account transfer details regarding account transfers between users. At this time, the financial server 100 may analyze account transfer details for a preset period (eg, one month).

The financial server 100 may distinguish a remitter group (G1), a first recipient group (G2), and a second recipient group (G3) based on account transfer details.

At this time, the remitter group (G1) refers to the remitters (a1 to a6) who sent money to the first recipient group (G2), and the first recipient group (G2) refers to the remitters who sent money to the second recipient group (G3). It may refer to the remitter (b1 to b6).

The financial server 100 may analyze the first account transfer details (T10), which are account transfer details between the sender group (G1) and the first recipient group (G2), and extract the fraud report transfer details. At this time, the financial server 100 may extract fraud-reported transfer details using fraud-related keywords included in the transfer summary or a preset amount.

The financial server 100 may extract the fraud report transfer details including the predetermined word from the first account transfer details T10. That is, the financial server 100 may extract a transfer detail that includes at least one fraud-related keyword in the summary of the transfer details from the first account transfer details (T10) as a fraud report transfer details.

For example, the financial server 100 may extract transfer details (T11, T12, T15, T19) that include fraud-related keywords 'fraud' or 'impersonation' in the summary of the transfer details as fraud report transfer details. . Additionally, the financial server 100 may extract transfer details (T14, T16) that include the fraud-related keyword 'illegal' in the summary as fraud report transfer details.

Meanwhile, the financial server 100 may extract the transfer details transferred with a preset amount from the account transfer details as the fraud report transfer details.

For example, the financial server 100 may set the standard amount for extracting fraud report transfer details to '1 won'. At this time, the financial server 100 may extract the transfer details with a transfer amount of 1 won from the first account transfer details (T10) as the fraud report transfer details.

Subsequently, the financial server 100 may assign a risk score (FS) proportional to the number of fraud-reported transfer details to the recipient of the fraud-reported transfer details extracted from the first account transfer details (T10). At this time, the risk score (FS) can be assigned 1 point per fraud report transfer history.

For example, the first recipient (b1) may be the recipient of the transfer details (T11) and transfer details (T14) extracted from the fraud report transfer details. The financial server 100 may assign a risk score (FS) of 2 points for 2 cases, which is the number of transfer details reported as fraud, to the first recipient (b1).

Likewise, the financial server 100 allocates a risk score (FS) of 1 to the first recipient (b2) based on the transfer details (T12), and the first recipient who is the recipient of the transfer details (T15) and transfer details (T16). A risk score (FS) of 2 can be assigned to the recipient (b3). Additionally, a risk score (FS) of 2 can be assigned to the first recipient (b5) who received the transfer details (T17) and the transfer details (T19).

Next, the financial server 100 may analyze the second account transfer details (T20), which are account transfer details between the first recipient group (G2) and the second recipient group (G3).

The financial server 100 uses the analyzed second account transfer details (T20) to set a risk score (FS) for the second recipient who received the money transferred from the first recipient who has a risk score (FS) that is greater than or equal to the first preset standard value. ) can be assigned.

For example, the financial server 100 may assign a risk score (FS) to a second recipient who has received money transferred from a first recipient whose amount is higher than a preset first standard (eg, a risk score of 2 points).

That is, in Figure 5, the second recipient (c1) who received the transfer from the three first recipients (b1, b3, b5) with a risk score (FS) of 2 or more has accumulated a risk score (FS) of 3 points, and the risk score (FS) is 2 points or more. The second recipient (c2) who receives money from the two first recipients (b1, b5) with a score (FS) of 2 or more accumulates a risk score (FS) of 2, and a risk score (FS) of 2 points. The second recipient (c3) who receives money transferred from the first recipient (b5) can accumulate a risk score (FS) of 1 point.

However, this is only an example, and in another embodiment of the present invention, the first preset reference value may be a risk score (FS) of 1, and in this case, the risk score (FS) of the second recipient is the risk score ( It can be the sum of the number of transfers received from all primary recipients holding FS).

Subsequently, the financial server 100 may determine whether the accumulated risk score (FS) of the first payee or the second payee is greater than or equal to a preset second standard value.

For example, the second reference value may be 2 points. In this case, the financial server 100 may classify the first payee (b1, b3, b5) and the second payee (c1, c2) with an accumulated risk score (FS) of 2 or more as high-risk payees.

Subsequently, when a transfer request occurs to the first recipient (b1, b3, b5) or the second recipient (c1, c2), which is a high-risk recipient, the financial server 100 sends the transfer request to the sender (a1, a2, A warning notification can be provided to a3, a4, a6) or the first recipient terminal (b1, b3, b4, b5).

At this time, the warning notification may include a transfer warning pop-up that informs the recipient that the recipient of the transfer request is a high-risk recipient, an additional authentication pop-up that performs additional authentication for the account transfer, or a transfer impossible pop-up that informs the recipient that the account transfer is impossible.

Additionally, the financial server 100 may also classify a first recipient who has a history of sending money to a second recipient classified as a high-risk recipient as a high-risk recipient.

For example, the financial server 100 may classify the first recipient (b4), who has transfer details for the second recipient (c1), as a high-risk recipient. Subsequently, when a transfer request (T18) occurs for the first recipient (b4) classified as a high-risk recipient, the financial server 100 displays a pop-up (PU) indicating a warning notification on the terminal 200 of the sender (a5). It can be displayed.

In other words, the financial fraud detection method according to this embodiment extracts transfer details that contain fraud-related keywords or are transferred with a preset amount, assigns a risk score to the recipient of the transfer details, and the accumulated risk score exceeds the standard value. When attempting to send money to a recipient, you can prevent financial accidents and fraud damage in interpersonal transactions by providing a notification informing the sender of the risk of the transfer.

In addition, the financial fraud detection method of the present invention classifies the sender who sent money to a person classified as a high-risk recipient as a high-risk recipient as well, and provides a notification informing the sender of the transfer risk when attempting to send money to a person suspected of being a transfer part-timer. , it can reduce the possibility of becoming a victim due to fraudulent transactions using transfer part-time jobs.

Figure 6 is a flowchart illustrating a method for detecting financial fraud according to another embodiment of the present invention. Hereinafter, content that overlaps with the content of an embodiment of the present invention described above will be omitted.

Referring to FIG. 6, in the financial fraud detection method according to another embodiment of the present invention, the financial server 100 extracts the fraud report transfer details related to the fraud report details from the account transfer details (S410). At this time, the fraud report details may be entered through the remittance terminal or received from an external server.

Specifically, the fraud report details may include the name of the recipient of the account transfer and the recipient's account number. The financial server 100 may compare the name and account number of the account transfer recipient included in the fraud report details with the account transfer details stored in the financial server 100.

If, among the account transfer details, there is a recipient whose name and/or account number is the same as the account transfer recipient included in the fraud report details, the financial server 100 may extract the transfer details for the relevant recipient as the fraud report transfer details. there is.

Next, the financial server 100 assigns a risk score to the first recipient of the extracted fraud report transfer details (S420). At this time, the financial server 100 may assign a risk score proportional to the number of fraud-reported transfer details to the first recipient.

Next, the financial server 100 assigns a risk score to the second recipient who received the transfer from the first recipient based on the first recipient's transfer information (S430).

At this time, the financial server 100 may assign a risk score to the second recipient based on the number of people of the first recipient who sent money to the second recipient or the number of remittances made by the first recipient.

Next, the financial server 100 determines whether the recipient's accumulated risk score exceeds a preset standard (S440).

Subsequently, if the recipient's accumulated risk score exceeds a preset standard, the financial server 100 classifies the recipient as a high-risk recipient (S450).

Next, when a transfer request for a high-risk recipient occurs, the financial server 100 provides a notification to the terminal of the sender who transmitted the transfer request (S460). At this time, the financial server 100 may display a notification, such as a transfer warning pop-up, an additional authentication pop-up, or a transfer impossible pop-up, on the remitter's terminal.

Figure 7 is a diagram for explaining an example of a method for detecting financial fraud according to another embodiment of the present invention. Here, <b1> in FIG. 7 is a diagram showing the account transfer relationship between the sender and recipient, and <b2> is a diagram showing a notification provided to the sender who requested a transfer to a high-risk recipient. Below, the description will focus on the differences, excluding overlapping content.

Referring to FIG. 7, the financial server 100 may receive account transfer details stored in the financial server 100. At this time, the financial server 100 may distinguish the remitter group (G1), the first recipient group (G2), and the second recipient group (G3) based on the account transfer details.

Subsequently, the financial server 100 may receive fraud report details for the first beneficiary group (G2). Here, the fraud report details can be entered through the remittance sender's terminal 200 or received through an external server.

Subsequently, the financial server 100 can extract the fraud report details for the first recipient included in the first recipient group (G2) using the name of the recipient of the account transfer and the recipient's account number among the received fraud report details. there is.

For example, if the recipient's name and account number in the fraud report details are the same as the name and account number of the first payee of the first payee group (G2), the financial server 100 detects the fraud report details as fraud of the first payee. It can be extracted from the reported transfer details. However, the present invention is not limited thereto.

For example, the financial server 100 may extract three fraud report transfer details for the first recipient (b1), and two fraud reports each for the first recipient (b2) and first recipient (b5). Transfer details can be extracted. Additionally, one fraud report transfer details can be extracted for the first recipient (b3).

Subsequently, the financial server 100 may assign a risk score (FS) proportional to the number of transfer details reported as fraud. That is, the financial server 100 allocates a risk score (FS) of 3 to the first payee (b1), and assigns a risk score (FS) of 2 to the first payee (b2) and the first payee (b5). And, 1 risk score (FS) can be assigned to the first recipient (b3).

Subsequently, the financial server 100 uses the second account transfer details (T40) to set a risk score (FS) for the second recipient who has transferred money from the first recipient who has a risk score (FS) that is higher than the first preset standard value. ) can be assigned.

For example, the financial server 100 may assign a risk score (FS) to a second recipient who has received money transferred from a first recipient whose amount is higher than a preset first standard (eg, a risk score of 2 points). That is, in Figure 7, the second recipient (c1), who received the transfer from the three first recipients (b1, b2, b5) with a risk score (FS) of 2 or more, accumulates a risk score (FS) of 3 points, and the risk score (FS) of 3 points is accumulated. The second recipient (c2) who receives money from the two first recipients (b2, b5) with a score (FS) of 2 or more accumulates a risk score (FS) of 2, and a risk score (FS) of 2 points. The second recipient (c3) who receives money transferred from the first recipient (b2) can accumulate a risk score (FS) of 1 point.

Subsequently, the financial server 100 may determine whether the accumulated risk score (FS) of the first payee or the second payee is greater than or equal to a preset second standard value.

For example, the second reference value may be 2 points. In this case, the financial server 100 may classify the first payee (b1, b2, b5) and the second payee (c1, c2) with an accumulated risk score (FS) of 2 or more as high-risk payees.

Subsequently, when a transfer request occurs to the first recipient (b1, b2, b5) or the second recipient (c1, c2), which is a high-risk recipient, the financial server 100 sends the transfer request to the sender (a1, a2, a6) or a warning notification can be provided to the first recipient terminal (b1, b2, b3, b4, b5).

At this time, the warning notification may include a transfer warning pop-up that informs the recipient that the recipient of the transfer request is a high-risk recipient, an additional authentication pop-up that performs additional authentication for the account transfer, or a transfer impossible pop-up that informs the recipient that the account transfer is impossible.

Additionally, the financial server 100 may also classify a first recipient who has a history of sending money to a second recipient classified as a high-risk recipient as a high-risk recipient.

For example, the financial server 100 may classify the first recipient (b4), who has transfer details for the second recipient (c1), as a high-risk recipient. Subsequently, when a transfer request (T33) occurs for the first recipient (b4) classified as a high-risk recipient, the financial server 100 displays a pop-up (PU) indicating a warning notification on the terminal 200 of the sender (a5). It can be displayed.

In other words, the financial fraud detection method of the present invention can increase classification accuracy for high-risk recipients by accumulating risk scores based on fraud report details received from external servers and remittance terminals to classify high-risk recipients.

Hereinafter, a method for detecting financial fraud using deep learning according to further embodiments of the present invention will be described with reference to FIGS. 8 to 11. Likewise, parts that overlap with the above description should be simplified or omitted.

Figure 8 is a diagram for explaining a method for detecting financial fraud according to another embodiment of the present invention.

Referring to FIG. 8, in the financial fraud detection method according to another embodiment of the present invention, the financial server 100 calculates the transfer risk for the first recipient using a deep learning module (S510).

Specifically, the financial server 100 may calculate the transfer risk of the first recipient based on the first recipient's customer information in response to the sender's transfer request and transfer transmission/reception data for a predetermined period.

Next, the financial server 100 determines whether the transfer risk of the first recipient exceeds a predetermined standard value (S520). At this time, the standard value may be set by the manager of the financial fraud detection system.

If the transfer risk of the first recipient exceeds a predetermined standard value, the financial server 100 assigns a risk score to the first recipient (S530).

For example, if the transfer risk of the first recipient exceeds 80%, the financial server 100 may assign a risk score (FS) of 3 to the first recipient. If the transfer risk of the first recipient is 60% to 80%, the financial server 100 may assign a risk score (FS) of 2 to the first recipient.

Next, the financial server 100 assigns a risk score to the second recipient who received the transfer from the first recipient based on the first recipient's transfer information (S540).

Next, the financial server 100 determines whether the recipient's accumulated risk score exceeds a preset standard (S550).

If the recipient's accumulated risk score exceeds a preset standard, the financial server 100 classifies the recipient as a high-risk recipient (S560).

Next, the financial server 100 provides a notification to the transfer requester when a transfer request for a high-risk recipient occurs (S570).

Figure 9 is a block diagram schematically illustrating a deep learning module used in a financial fraud detection method according to another embodiment of the present invention.

Specifically, referring to FIG. 9, the deep learning module (DL) can receive customer information and/or transfer transmission/reception data and output the recipient's transfer risk as output. Here, customer information may include the user's age and gender. In addition, transfer transmission/reception data may include the number of transfers transmitted, the total amount of transfers transmitted, the number of transfers received, the total amount of transfers received, and the number of abnormal transaction detections (e.g., login or password error, etc.) for a predetermined period. .

At this time, the deep learning module (DL) can store data in memory based on parameters for customer information and transfer transmission and reception data, or classify similar data according to categories. However, the customer information and transfer transmission/reception data used to output the transfer risk are only examples of input parameters, and the input data applied to the deep learning module (DL) can be added or changed and used in various ways.

However, for convenience of explanation, hereinafter, customer information and transfer transmission/reception data are accepted at the input end of the deep learning module (DL), and the transfer risk is derived as an output.

Next, the deep learning module (DL) can derive the transfer risk required for the financial fraud detection method using an artificial neural network learned based on big data.

Additionally, the deep learning module (DL) can perform artificial neural network learning using mapping data for separate parameters derived based on input data. The deep learning module (DL) can perform machine learning on parameters input as learning factors. At this time, data used for machine learning and result data may be stored in the memory of the financial server 100.

To explain in more detail, Deep Learning technology, a type of Machine Learning, learns at a deep level in multiple stages based on data.

Deep learning refers to a set of machine learning algorithms that extract key data from a plurality of data at increasing levels.

The deep learning module (DL) can use various known deep learning structures. For example, a deep learning module (DL) may use structures such as Convolutional Neural Network (CNN), Recurrent Neural Network (RNN), Deep Belief Network (DBN), and Graph Neural Network (GNN).

Specifically, CNN (Convolutional Neural Network) is a human brain function created based on the assumption that when a person recognizes an object, he or she extracts the basic features of the object and then performs complex calculations in the brain to recognize the object based on the results. It is a model that is copied.

RNN (Recurrent Neural Network) is widely used in natural language processing, and is an effective structure for processing time-series data that changes over time. It can build an artificial neural network structure by stacking layers at every moment.

DBN (Deep Belief Network) is a deep learning structure composed of multiple layers of RBM (Restricted Boltzman Machine), a deep learning technique. If a certain number of layers are reached by repeating Restricted Boltzman Machine (RBM) learning, a Deep Belief Network (DBN) with the corresponding number of layers can be constructed.

GNN (Graphic Neural Network) refers to an artificial neural network structure implemented by deriving similarities and feature points between modeling data using modeling data modeled based on data mapped between specific parameters. .

Meanwhile, artificial neural network learning of the deep learning module (DL) can be accomplished by adjusting the weight of the connection line between nodes (adjusting the bias value if necessary) so that the desired output is produced for a given input. Additionally, artificial neural networks can continuously update weight values through learning. Additionally, methods such as back propagation can be used to learn artificial neural networks.

Meanwhile, an artificial neural network previously trained through machine learning may be installed in the memory of the financial server 100.

The deep learning module (DL) can perform machine learning-based improvement process recommendation operations using modeling data for derived parameters as input data. At this time, both semi-supervised learning and supervised learning can be used as machine learning methods for artificial neural networks. Additionally, the deep learning module (DL) can be controlled to automatically update the artificial neural network structure to output the transfer risk after learning according to the settings.

Additionally, although not clearly shown in the drawing, in another embodiment of the present invention, the operation of the deep learning module (DL) may be performed in the financial server 100 or a separate cloud server (not shown). Below, we will look at the configuration of the deep learning module (DL) according to the embodiment of the present invention described above.

FIG. 10 is a diagram showing the configuration of the deep learning module of FIG. 9.

Referring to Figure 10, the deep learning module (DL) has an input layer (input) with customer information and transfer transmission and reception data as input nodes, an output layer (Output) with the transfer risk of the recipient as an output node, and an input layer. It includes M hidden layers placed between the and output layers.

Here, weights may be set on the edges connecting the nodes of each layer. The presence or absence of these weights or edges can be added, removed, or updated during the learning process. Therefore, through the learning process, the weights of nodes and edges arranged between k input nodes and i output nodes can be updated.

Before the deep learning module (DL) performs learning, all nodes and edges can be set to initial values. However, when information is input cumulatively, the weights of nodes and edges change, and in this process, the parameters input as learning factors (i.e., customer information and transfer transmission/reception data) and the values assigned to the output node (i.e., transfer risk) can be matched.

Additionally, when using a cloud server (not shown), the deep learning module (DL) can receive and process a large number of parameters. Therefore, the deep learning module (DL) can perform learning based on massive data.

In addition, the weights of nodes and edges between the input nodes and output nodes constituting the deep learning module (DL) may be updated by the learning process of the deep learning module (DL). In addition, of course, the parameters output from the deep learning module (DL) can be further expanded to various data in addition to transfer risk.

Figure 11 is a diagram for explaining an example of a method for detecting financial fraud according to another embodiment of the present invention. Here, <c1> in FIG. 11 is a diagram showing the account transfer relationship between the sender and recipient, and <c2> is a diagram showing a notification provided to the sender who requested a transfer to a high-risk recipient. Below, the description will focus on the differences, excluding overlapping content.

Referring to Figures 9 and 11, when a transfer request is received from a sender, the financial server 100 may derive customer information of the first recipient for the transfer request account and transfer transmission/reception data for a predetermined period. .

At this time, customer information may include the customer's age, gender, and recipient. Additionally, the transfer transmission/reception data may include the number of transfer transmissions, the total amount of transfers transmitted, the number of transfers received, the total amount of transfers received, and the number of abnormal transaction detections for a predetermined period (for example, 2 weeks).

Subsequently, the financial server 100 can calculate the transfer risk of the first recipient using a deep learning module (DL) learned in advance based on the first recipient's customer information and transfer transmission and reception data.

For example, when the financial server 100 receives a transfer request for the first recipient (b1), the financial server 100 may receive customer information and transfer transmission/reception data of the first recipient (b1).

Next, the deep learning module (DL) outputs the transfer risk of the first recipient (b1) to the sender based on the customer information and transfer transmission/reception data of the first recipient (b1). For example, the deep learning module (DL) can output a transfer risk of 90% for the first payee (b1), 85% for the first payee (b2), and 75% for the first payee (b5). there is.

At this time, the transfer transmission/reception data may include a transfer summary containing preset fraud-related keywords. The deep learning module (DL) can be trained in advance to output a higher transfer risk as the number of fraud-related keywords included in the transfer transmission/reception data increases.

Subsequently, the financial server 100 may assign a risk score (FS) to the first recipient based on the transfer risk output from the deep learning module (DL). For example, the first recipient (b1, b2) is assigned a risk score (FS) of 3 because the transfer risk is over 80%, and the first recipient (b5) is assigned a risk score (FS) of 2 because the transfer risk is between 60% and 80%. A risk score (FS) of points may be assigned.

Subsequently, the financial server 100 uses the second account transfer details (T60) to set a risk score (FS) for the second recipient who has transferred money from the first recipient who has a risk score (FS) that is higher than the first preset standard value. ) can be assigned. For example, the financial server 100 may assign a risk score (FS) to a second recipient who has received money transferred from a first recipient whose amount is higher than a preset first standard (eg, a risk score of 2 points). That is, in Figure 11, the second recipient (c1) who received the transfer from the three first recipients (b1, b2, b5) with a risk score (FS) of 2 or more has accumulated a risk score (FS) of 3 points, and the risk score (FS) is 2 points or more. The second recipient (c2) who receives money from the two first recipients (b2, b5) with a score (FS) of 2 or more accumulates a risk score (FS) of 2, and a risk score (FS) of 2 points. The second recipient (c3) who receives money transferred from the first recipient (b2) can accumulate a risk score (FS) of 1 point.

Subsequently, the financial server 100 may determine whether the accumulated risk score (FS) of the first payee or the second payee is greater than or equal to a preset second standard value.

For example, the second reference value may be 2 points. In this case, the financial server 100 may classify the first payee (b1, b2, b5) and the second payee (c1, c2) with an accumulated risk score (FS) of 2 or more as high-risk payees.

Subsequently, when a transfer request occurs to the first recipient (b1, b2, b5) or the second recipient (c1, c2), which is a high-risk recipient, the financial server 100 sends the transfer request to the sender (a1, a2, a6) or a warning notification can be provided to the first recipient terminal (b1, b2, b3, b4, b5).

At this time, the warning notification may include a transfer warning pop-up that informs the recipient that the recipient of the transfer request is a high-risk recipient, an additional authentication pop-up that performs additional authentication for the account transfer, or a transfer impossible pop-up that informs the recipient that the account transfer is impossible.

Additionally, the financial server 100 may also classify a first recipient who has a history of sending money to a second recipient classified as a high-risk recipient as a high-risk recipient.

For example, the financial server 100 may classify the first recipient (b4), who has transfer details for the second recipient (c1), as a high-risk recipient. Subsequently, when a transfer request (T53) occurs for the first recipient (b4) classified as a high-risk recipient, the financial server 100 displays a pop-up (PU) indicating a warning notification on the terminal 200 of the sender (a5). It can be displayed.

Through this, the financial fraud detection method of the present invention calculates the recipient's transfer risk through a deep learning module learned in advance using the recipient's customer information and transfer transmission and reception data for a certain period of time, thereby classifying high-risk recipients. . Subsequently, by providing a notification to the sender when attempting to send money to a high-risk recipient, the possibility of a financial accident occurring can be reduced.

Additionally, although not clearly shown in the drawing, the financial server 100 uses a first method using the above-described preset fraud-related keywords and transfer details of a preset amount, a second method using market price report details, and a deep learning module. The risk score (FS) can be accumulated by using two or more of the third methods simultaneously.

Subsequently, the financial server 100 classifies high-risk recipients based on the risk score (FS) accumulated through the above method, and when there is a transfer request to send money to a high-risk recipient, it can provide a notification to the sender about the transfer request. there is.

Through this, the financial fraud detection method of the present invention can increase classification accuracy for high-risk recipients and significantly reduce the possibility of financial accidents occurring.

Below, a financial financial according to another embodiment of the present invention that can identify illegal financial corporate accounts by analyzing fraud-related transfer details and provide a notification including a warning to the sender who requested a transfer to the identified illegal financial corporate account. Let us explain in detail how to detect fraud.

Figure 12 is a block diagram schematically illustrating the flow of a method for detecting financial fraud through identification of illegal financial corporate accounts according to another embodiment of the present invention. FIG. 13 is a flowchart for explaining the operation of each step of the financial fraud detection method of FIG. 12. Hereinafter, for convenience of explanation, the financial fraud detection method will be described using the financial server 100 as an example.

Referring to Figures 12 and 13, the financial fraud detection method according to another embodiment of the present invention first classifies the transfer details corresponding to the name of a predetermined type of company among the account transfer details pre-stored in the financial server 100. A fraud-related transfer DB (10) is created (S10, S610). A specific method of creating the fraud-related transfer DB 10 will be described later with reference to FIGS. 14 to 16.

Next, the financial server 100 derives a plurality of corporate accounts included in the transfer details constituting the fraud-related transfer DB and creates an illegal financial company network 20 based on the connectivity between each corporate account (S20, S620). The specific method of creating the illegal financial company network 20 will be described later with reference to FIGS. 17 and 18.

Next, the financial server 100 identifies illegal financial corporate accounts using the fraud-related transfer DB 10 and the illegal financial company network 20 (S30).

Specifically, the financial server 100 determines whether the receiving account or corporate account (or a company related to the receiving account) of the transfer details included in the fraud-related transfer DB 10 is included in the illegal financial company network 20. Judge (S630).

Next, the financial server 100 determines whether the transfer details for the receiving account or corporate account satisfying step S630 meet preset conditions (S640). Through steps S630 and S640, the financial server 100 can identify an illegal financial corporate account. The specific method for identifying illegal financial corporate accounts will be supplemented and explained with reference to FIG. 19.

Subsequently, when a transfer request for a receiving account identified as an illegal financial corporate account is received (or detected), the financial server 100 provides a notification informing the sender of the transfer risk that requested the transfer request (S40, S650 ). At this time, the notification may be provided on the screen of the remitter's terminal 100, and may be provided in the preliminary transfer stage of checking the recipient's account information before performing an account transfer according to the transfer request. Additionally, the notification may include a cautionary statement indicating the possibility that the receiving account may be an illegal financial corporate account.

Below, we will look at a method of creating a fraud-related transfer DB in a financial fraud detection method according to another embodiment of the present invention.

FIG. 14 is a flowchart for explaining the specific operation of step S610 of FIG. 13. Figures 15 and 16 are diagrams for explaining the types of fraudulent account transfer details shown in Figure 14.

Referring to FIG. 14, the financial server 100 classifies the transfer details transferred to a fraud account (or an account related to fraud) among the pre-stored account transfer details (S611). For example, transfer details classified in step S611 include transfer details of customers monitored for illegal financial activities, transfer details of customers reported as fraudulent accounts, transfer details of customers who have been victims of financial fraud, and those listed on the transaction restriction list. It may include the customer's transfer details and the details of transfers transferred to the accounts of customers who have been victims of telecommunications financial fraud. However, this is only an example and the present invention is not limited thereto.

Next, the financial server 100 determines the type of fraud for the classified transfer details (S613). Here, fraud types can be classified by predetermined criteria. For example, fraud types can be classified into the types shown in [Table 1].

Fraud type scam content Type 1 (f1) Transfer details reported by the primary recipient with preset fraud-related keywords or preset amount Type 2 (f2) Details of transfers made by the second beneficiary, the owner of the receiving account transferred by the first beneficiary, a high-risk beneficiary Type 3 (f3) Transfer details made by customers who have been victims of financial fraud Type 4 (f4) Transfer details of customers included in the restricted transaction list Type 5 (f5) Customer transfer details reported for other reasons

Specifically, referring to <d1> in FIG. 15, a transfer that includes fraud-related keywords (e.g., fraud, impersonation, illegal, etc.) in the summary or the transfer amount is a predetermined amount (e.g., 1 won) The transfer details (i.e., T20) transferred by the first recipient (G2) of the details may correspond to the first type (f1). At this time, as described above with reference to FIGS. 4 and 5, the risk score of the first recipient (G2) may be calculated in proportion to the number of reported times. At this time, if the risk score assigned to the first recipient (G2) is greater than a predetermined standard value, the first recipient (G2) may be classified as a high-risk recipient.

Meanwhile, referring to <d1> in FIG. 15, the transfer details (i.e., T30) transferred by the second recipient (G3), who is the owner of the receiving account to which the first recipient (G2), classified as a high-risk recipient, transferred It may correspond to type (f2). Likewise, as described above with reference to FIGS. 4 and 5, the risk score of the second payee (G3) is calculated in conjunction with the risk score of the first payee (G2). At this time, if the calculated risk score is greater than a predetermined standard value, the second recipient (G3) may be classified as a high-risk recipient.

As another example, referring to <d2> in FIGS. 6, 7, and 16, the first recipient (G21) may be classified as a high-risk recipient based on the fraud report details received in advance. At this time, the transfer details (i.e., T40) transferred by the first recipient (G21) may be classified as the first type (f1).

As another example, referring to <d3> in FIGS. 8 to 11 and FIG. 16, the first recipient (G22) can be classified as a high-risk recipient based on the risk calculated using a pre-trained deep learning module. At this time, the transfer details (i.e., T60) transferred by the first recipient (G22) may be classified as the first type (f1).

However, the present invention is not limited to the above-described content, and high-risk recipients are selected in combination with various risk score calculation methods, and fraud types can be classified based on this.

Meanwhile, transfer details made by customers who have been victims of financial fraud are classified as type 3 (f3). Here, customers who are victims of financial fraud may include customers whose accounts have been used as cannon accounts.

Additionally, the customer's transfer details included in the restricted transaction list may be classified as the fourth type (f4). At this time, the transaction restriction list may include customers who failed to monitor ID cards, customers suspected of identity theft, and customers registered as those involved in illegal finance.

In addition, customer transfer details reported for various other reasons can be classified as type 5 (f5).

However, the classification of fraud types of the present invention is not limited to the above-described content, and of course can be used with various and detailed modifications depending on the embodiment.

Next, the financial server 100 determines whether the summary or recipient of the classified transfer details is the name of a business of the predetermined type (S615). Here, a predetermined type of business name means that the transfer summary or the recipient's name includes keywords indicating the business (e.g., Limited Company, Ltd., Co., Ltd., Co., Ltd., etc.).

Next, when the classified transfer details include a company name of a predetermined type, the financial server 100 stores the transfer details together with the fraud type to create a fraud-related transfer DB (S617). At this time, the fraud-related transfer DB is in the form of a record containing the following items: customer number, fraud type, transfer date, transfer time, summary, recipient name, transfer amount, and receiving account number (hereinafter referred to as receiving account). You can save the details.

Of course, the fraud-related transfer DB may be operated in the form of a database inside the financial server 100, or may be separately stored on another external server and operated by exchanging data with the financial server 100.

Below, we will look at a method of creating an illegal financial company network in a financial fraud detection method according to another embodiment of the present invention.

FIG. 17 is a flowchart for explaining the specific operation of step S620 of FIG. 13. FIG. 18 is a diagram illustrating a method for creating the illegal financial company network of FIG. 17. Here, the illegal financial company network is created to reflect the characteristics that the members of the customer group that transfer money to the illegal site's corporate account are similar, and even if the address of the illegal site changes from time to time, the members who actually use it remain similar. In other words, the illegal financial company network refers to a network that includes the similarity of common members created to show connectivity between corporate accounts of illegal sites.

Referring to FIG. 17, the financial server 100 creates a list of customers who have transferred money to a receiving account whose transfer details are included in the fraud-related transfer DB (S621). At this time, the financial server 100 compiles data based on each receiving account and generates a list of customers who have transferred money to the corresponding receiving account.

Next, the financial server 100 selects a plurality of corporate accounts from among the receiving accounts to which a predetermined number of customers or more have transferred money (S623). For example, the financial server 100 may select only corporate accounts to which five or more customers have transferred money to a receiving account in the name of a specific recipient, and exclude corporate accounts to which less than five customers have transferred money.

Next, the financial server 100 calculates the connectivity between the plurality of corporate accounts (S625). Here, the connectivity between multiple corporate accounts can be calculated using the Jaccard Index.

Specifically, the Jacquard index is a method of calculating the similarity of common membership (co-membership) between the first corporate account and the second corporate account, and can be derived by [Equation 1] below.

[Equation 1]

Jaccard Index = | A ∩ B | / | A ∪ B |

Here, A refers to the first customer list transferred to the first corporate account, and B refers to the second customer list transferred to the second corporate account. Also, | A ∩ B | means the common number of customers in the first customer list and the second customer list, | A ∪ B | means the number of customers for the union of the first customer list and the second customer list.

Therefore, the Jaccard Index represents the ratio of the number of common customers between the first corporate account and the second corporate account and the number of customers to the union of the first customer list and the second customer list.

For example, <e1> in FIG. 18 shows a Venn diagram (BD) for calculating the Jacquard index. Here, the number of common customers of the first corporate account (AC1) and the second corporate account (AC2) is 3 (a1 to a3), and the customer list of the first corporate account (AC1) and the second corporate account (AC2) Since the number of customers for the union of is 5 (a1 to a5), the connectivity of the first corporate account (AC1) and the second corporate account (AC2) is 3/5 = 0.6.

In addition, the number of common customers of the second corporate account (AC2) and the third corporate account (AC3) is 2 (a4, a5), and the number of customers in the customer list of the second corporate account (AC2) and the third corporate account (AC3) is 2 (a4, a5). Since the number of customers for the union is 9 (a1 to a9), the connectivity of the second corporate account (AC2) and the third corporate account (AC3) is 2/9 = 0.22.

In addition, the number of common customers of the third corporate account (AC3) and the fourth corporate account (AC4) is 1 person (a9), and in the union of the customer lists of the third corporate account (AC3) and the fourth corporate account (AC4) Since the number of customers is 10 (a4 to a13), the connectivity of the third corporate account (AC3) and the fourth corporate account (AC4) is 1/10 = 0.10.

Next, the financial server 100 creates an illegal financial company network based on the connection relationship between corporate accounts whose calculated connectivity is greater than a predetermined standard (S627). For example, the financial server 100 maintains only connections with a connectivity (i.e., Jaccard index) of 0.2 or more, the standard value, and excludes connection relationships between corporate accounts that are less than the standard value of 0.2, thereby creating a network of illegal financial companies. .

For example, referring to <e2> in FIG. 18, the financial server 100 has a connection relationship between a first corporate account (AC1) and a second corporate account (AC2) with a connectivity greater than 0.2, and a connection relationship between the second corporate account (AC1) and the second corporate account (AC2). An illegal financial company network (ACN) can be created based on the connection between AC2) and the third corporate account (AC3). At this time, the financial server 100 may create an illegal financial company network (ACN), excluding the connections between the third corporate account (AC3) and the fourth corporate account (AC4) whose connectivity is less than 0.2. However, these are only a few examples of the present invention and the present invention is not limited thereto.

Below, we will look at how to identify illegal financial corporate accounts using the fraud-related transfer DB and illegal financial company network created in the above-described manner.

FIG. 19 is a flowchart for explaining specific operations of steps S630 and S640 of FIG. 13. Figure 20 is a diagram for explaining an example of a method for detecting financial fraud according to another embodiment of the present invention.

Referring to FIG. 19, the financial server 100 creates a list of customers who have transferred money to the receiving account of the transfer details included in the fraud-related transfer DB (S631). At this time, the customer list can be created based on transfer details loaded into the fraud-related transfer DB for a predetermined period (T).

Next, the financial server 100 determines whether the receiving account of the transfer details included in the fraud-related transfer DB is a corporate account of a company included in the illegal financial company network (S633). In other words, the financial server 100 determines whether or not it is an illegal financial corporate account by using only the transfer details related to the illegal financial company network among the transfer details loaded in the fraud-related transfer DB.

Next, the financial server 100 counts the number of fraud types for the plurality of transfer details transferred to the receiving account (S641) and determines whether the calculated number of fraud types is greater than the predetermined standard number (m). (S643).

In other words, it counts how many types of fraud the multiple transfer details related to the receiving account are related to. For example, if the transfer details related to the receiving account include transfer details of the first type (f1) and transfer details of the second type (f2), the receiving account will be related to a total of two types of fraud.

Next, the financial server 100 determines that the receiving account is an illegal financial corporate account when the number of fraud types is greater than a predetermined standard number (S645). For example, when the predetermined standard number is two, the financial server 100 may determine that receivable accounts related to two or more types of fraud are illegal financial corporate accounts.

As a specific example, referring to <f1> in FIG. 20, the financial server 100 receives a transfer request for the receiving account of the recipient (B) from the sender (A).

Next, referring to <f2> in FIG. 20, the financial server 100 determines whether the recipient's (B) account has transfer records of N or more types of fraud during a predetermined period (i.e., T period). judge.

At this time, the financial server 100 determines whether the receiving account is included in the transfer details pre-stored in the fraud-related transfer DB and whether it corresponds to the receiving account of a company included in the illegal financial company network. For example, the 'limited company thieves', the recipient (B), may be related to transfer details pre-stored in the fraud-related transfer database and may also correspond to a company included in the illegal financial company network.

If the recipient's (B) receiving account is 1) included in the transfer details stored in the fraud-related transfer DB, 2) corresponds to the receiving account of a company included in the illegal financial company network, and 3) within a predetermined period for the receiving account If the number of fraud types in the transfer history for (T days) is N or more, the financial server 100 determines the recipient's (B) receiving account to be an illegal financial corporate account, and the sender (A) who requested a transfer to the illegal financial corporate account ) provides a notification (<f3> in Figure 20).

At this time, the notification may be provided at the preliminary transfer stage of checking the account information of the recipient (B) before performing an account transfer according to the transfer request.

In addition, the notification provides a transfer warning pop-up (PU) indicating the possibility that the receiving account of the transfer request corresponds to the illegal financial corporate account, or provides information about the type of fraud in the transfer details related to the receiving account (e.g., It may include providing the account transfer details (corresponding to the first type (f1) and second type (f2) fraud types). However, these are only a few examples of notifications of the present invention, and the present invention is not limited thereto.

Through this, the financial fraud detection method of the present invention can accurately identify illegal financial corporate accounts by analyzing the transfer details of users who use illegal financial companies that operate illegal sites while continuously changing company names. Additionally, the present invention can reduce the possibility of a financial accident occurring by providing a notification to the sender who attempts to transfer money to the corresponding illegal financial corporate account.

In addition, the financial fraud detection method of the present invention creates a fraud-related transfer database and an illegal financial company network based on fraud-related transfer details, and uses this to identify illegal financial corporate accounts, thereby identifying illegal financial company accounts such as illegal gambling sites. can be identified. Through this, the present invention provides a notification to the sender when an attempt is made to send money to an illegal financial corporate account owned by an illegal financial company, thereby preventing or minimizing the sender's involvement in fraud or illegal gambling.

Below, the expected effects of the financial fraud detection method according to some embodiments of the present invention will be described.

Figure 21 is a diagram showing the prediction effect of a financial fraud detection method according to some embodiments of the present invention. Here, <g1> in FIG. 21 is a graph showing the change in the number of transfers sent and received by high-risk recipients predicted after introducing the financial fraud detection method, and <g2> is the change in the number of transfers sent and received by high-risk recipients predicted after introducing the financial fraud detection method. This is a graph showing changes in the total amount of transfers sent and received.

Referring to <g1> in FIG. 21, the horizontal axis of <g1> represents the number of days elapsed from the first implementation date of the financial fraud detection method, and the vertical axis represents the number of transfers.

It can be seen that the number of transfers received and sent by high-risk recipients gradually increases until the date of implementation of the financial fraud detection method. Next, it can be seen that after the financial fraud detection method was implemented, the number of transfers received and sent by high-risk recipients decreased sharply.

Referring to <g2> in FIG. 21, the horizontal axis of <g2> represents the number of days elapsed from the first implementation date of the financial fraud detection method, and the vertical axis represents the transfer amount.

It can be seen that the received and transmitted amounts of high-risk recipients also gradually increase before the implementation date of the financial fraud detection method. Next, it can be seen that after the financial fraud detection method was implemented, the received and transmitted amounts of high-risk recipients decreased sharply.

When analyzing based on such statistical data, the financial fraud detection method according to some embodiments of the present invention provides a notification informing the sender of the transfer risk when attempting to transfer money to a high-risk recipient whose accumulated risk score exceeds the standard value. By doing so, financial accidents can be prevented and fraud damage in interpersonal transactions can be prevented.

FIG. 22 is a diagram illustrating the hardware configuration of a financial server that performs a financial fraud prevention method according to some embodiments of the present invention.

Referring to FIG. 21, a financial server 100 that performs a financial fraud prevention method according to some embodiments of the present invention may be implemented as an electronic device 1000. The electronic device 1000 may include a processor 1010, an input/output device 1020 (I/O), a memory 1030, an interface 1040, a storage 1050, and a bus 1060. there is. The processor 1010, input/output device 1020, memory 1030, interface 1040, and/or storage 1050 may be coupled to each other through a bus 1060. The bus 1060 corresponds to a path along which data moves.

Specifically, the processor 1010 includes a Central Processing Unit (CPU), Micro Processor Unit (MPU), Micro Controller Unit (MCU), Graphic Processing Unit (GPU), microprocessor, digital signal processor, microcontroller, and application processor (AP). , application processor) and logic elements capable of performing similar functions.

The input/output device 1020 may include at least one of a keypad, a keyboard, a touch screen, and a display device.

The memory 1030 may load data and/or programs. At this time, the memory 1030 is an operating memory for improving the operation of the processor 1010, and may include high-speed DRAM and/or SRAM. The memory 1030 may be one or more volatile memory devices, such as Double Data Rate Static DRAM (DDR SDRAM), Single Data Rate SDRAM (SDR SDRAM), and/or Electrical Erasable Programmable ROM (EEPROM), or flash memory. It may include one or more non-volatile memory devices.

The interface 1040 may perform a function of transmitting data to or receiving data from a communication network. Interface 1040 may be wired or wireless. For example, the interface 1040 may include an antenna or a wired or wireless transceiver.

The storage 1050 may store and store data and/or programs. Storage 1050 may include one or more non-volatile memory devices, such as a solid state drive (SSD), a hard drive, or flash memory. In the present invention, the storage 1050 can store a computer program consisting of instructions for performing a method of preventing financial fraud.

The user terminal 200 may be a personal digital assistant (PDA), a portable computer, a web tablet, a wireless phone, a mobile phone, or a digital music player. It can be applied to music players, memory cards, or any electronic product that can transmit and/or receive information in a wireless environment.

Alternatively, the financial server 100 and the user terminal 200 according to embodiments of the present invention may each be a system formed by connecting a plurality of electronic devices 1000 to each other through a network. In this case, each module or combination of modules may be implemented as the electronic device 1000. However, this embodiment is not limited to this.

Additionally, the financial server 100 is a workstation, a data center, an internet data center (IDC), a direct attached storage (DAS) system, a storage area network (SAN) system, and a network attached storage (NAS). ) system and a RAID (redundant array of inexpensive disks, or redundant array of independent disks) system, but the present embodiment is not limited thereto.

Additionally, the financial server 100 may transmit data through a network using the user terminal 200. Networks may include networks based on wired Internet technology, wireless Internet technology, and short-distance communication technology. Wired Internet technology may include, for example, at least one of a local area network (LAN) and a wide area network (WAN).

Wireless Internet technologies include, for example, Wireless LAN (WLAN), DMNA (Digital Living Network Alliance), Wibro (Wireless Broadband), Wimax (World Interoperability for Microwave Access: Wimax), and HSDPA (High Speed Downlink Packet). Access), HSUPA (High Speed Uplink Packet Access), IEEE 802.16, Long Term Evolution (LTE), LTE-A (Long Term Evolution-Advanced), Wireless Mobile Broadband Service (WMBS) and 5G NR (New Radio) technology. However, this embodiment is not limited to this.

Short-range communication technologies include, for example, Bluetooth, Radio Frequency Identification (RFID), Infrared Data Association (IrDA), Ultra-Wideband (UWB), ZigBee, and Near Field Communication. At least one of NFC), Ultrasound Communication (USC), Visible Light Communication (VLC), Wi-Fi, Wi-Fi Direct, and 5G NR (New Radio) may include. However, this embodiment is not limited to this.

The financial server 100 that communicates through a network can comply with technical standards and standard communication methods for mobile communication. For example, standard communication methods include GSM (Global System for Mobile communication), CDMA (Code Division Multi Access), CDMA2000 (Code Division Multi Access 2000), and EV-DO (Enhanced Voice-Data Optimized or Enhanced Voice-Data Only). , at least one of Wideband CDMA (WCDMA), High Speed Downlink Packet Access (HSDPA), High Speed Uplink Packet Access (HSUPA), Long Term Evolution (LTE), Long Term Evolution-Advanced (LTEA), and 5G New Radio (NR) may include. However, this embodiment is not limited to this.

The above description is merely an illustrative explanation of the technical idea of the present embodiment, and those skilled in the art will be able to make various modifications and variations without departing from the essential characteristics of the present embodiment. Accordingly, the present embodiments are not intended to limit the technical idea of the present embodiment, but rather to explain it, and the scope of the technical idea of the present embodiment is not limited by these examples. The scope of protection of this embodiment should be interpreted in accordance with the claims below, and all technical ideas within the equivalent scope should be interpreted as being included in the scope of rights of this embodiment.

Claims (11)

In a financial fraud detection method performed on a financial server,
Creating a fraud-related transfer DB by classifying transfer details corresponding to a predetermined type of company name among the account transfer details stored in the financial server;
Deriving corporate accounts included in the transfer details constituting the fraud-related transfer DB and creating an illegal financial company network based on the connectivity between each of the corporate accounts;
determining whether the receiving account of the transfer details included in the fraud-related transfer DB is included in the illegal financial company network;
determining whether the transfer details for the receiving account meet preset conditions;
If the receiving account is included in the illegal financial company network and satisfies the preset conditions, setting the receiving account as an illegal financial corporate account; and
When a transfer request for the illegal financial corporate account is received, including providing a notification to the sender who requested the transfer request.
How to detect financial fraud.
According to claim 1,
The step of creating the fraud-related transfer DB is,
Among the account transfer details stored in the financial server, classifying transfer details transferred to fraudulent accounts;
A step of determining the type of fraud for the classified transfer details,
determining whether the summary or recipient of the classified transfer details is a business name of the predetermined type;
When the classified transfer details include the company name of the predetermined type, a financial fraud detection method comprising the step of storing the transfer details together with the fraud type to create the fraud-related transfer DB.
According to clause 2,
The above fraud types are:
The first type corresponding to the transfer details of the transfer made by the first recipient reported with a preset fraud-related keyword or a preset amount,
A second type corresponding to the transfer details transferred by the second recipient, who is the owner of the receiving account to which the first recipient transferred,
The third type corresponds to the transfer details made by customers who have been victims of financial fraud, and
A method of detecting financial fraud that includes at least two of the fourth types corresponding to the transfer details of customers included in the transaction restriction list.
According to clause 3,
The step of classifying the transfer details is:
If the risk score allocated to the first recipient in proportion to the number of reported times is greater than a predetermined standard, the transfer details transferred by the first recipient are classified as the first type,
The risk score of the second recipient is calculated in conjunction with the risk score of the first recipient, and if the calculated risk score is greater than a predetermined standard value, the transfer details transferred by the second recipient are classified as the second type. Methods for detecting financial fraud, including:
According to clause 3,
The step of classifying the transfer details is:
A financial fraud detection method comprising selecting the first recipient based on a risk calculated using a pre-trained deep learning module and classifying the transfer details transferred by the selected first recipient into the first type.
According to claim 1,
The step of creating the illegal financial company network is,
Creating a list of customers who have transferred money to a receiving account whose transfer details are included in the fraud-related transfer DB;
A step of selecting a plurality of corporate accounts from among the receiving accounts to which a predetermined number of customers have transferred money;
Calculating connectivity between the plurality of corporate accounts;
A financial fraud detection method comprising the step of creating the illegal financial company network based on a connection relationship between corporate accounts where the connection is greater than a predetermined standard.
According to clause 6,
The step of calculating the connectivity is,
Deriving a list of first customers who transferred money to the first corporate account and a list of second customers who transferred money to the second corporate account,
Calculate the common number of customers between the first customer list and the second customer list,
A financial fraud detection method comprising deriving the connectivity using a ratio of the number of common customers to the union of the first customer list and the second customer list.
According to claim 1,
The step of setting the receiving account as an illegal financial corporate account is,
Generating a list of transfer details in which money was transferred to the receiving account of the transfer details included in the fraud-related transfer DB;
determining whether the receiving account is an account of a company included in the illegal financial company network;
Counting the number of fraud types for a plurality of transfer details transferred to the receiving account;
A financial fraud detection method comprising the step of determining the receiving account as the illegal financial corporate account when the number of fraud types is greater than a predetermined standard number.
According to clause 8,
In the step of setting the receiving account as an illegal financial corporate account,
The transfer history list is generated based on the transfer details included in the fraud-related transfer DB for a predetermined unit period,
A method for detecting financial fraud, wherein the reference number is set to 2 or more.
According to claim 1,
The step of providing the notification is,
Before performing an account transfer according to the transfer request, providing the notification to the sender's terminal in a preliminary transfer step of checking the recipient's account information,
The above notification is,
Provide a transfer warning pop-up indicating the possibility that the receiving account of the transfer request corresponds to the illegal financial corporate account, or
A method for detecting financial fraud, including providing information on the type of fraud in transfer details related to the receiving account.
processor;
a memory that loads a computer program executed by the processor; and
Including storage for storing the computer program,
The computer program is,
An operation to create a fraud-related transfer DB by classifying transfer details corresponding to a predetermined type of company name among the account transfer details stored in the storage;
An operation of deriving corporate accounts included in the transfer details constituting the fraud-related transfer DB and creating an illegal financial company network based on the connectivity between each of the corporate accounts;
An operation of determining whether the receiving account of the transfer details included in the fraud-related transfer DB is included in the illegal financial company network;
An operation of determining whether transfer details for the receiving account meet preset conditions;
If the receiving account is included in the illegal financial company network and satisfies the preset conditions, setting the receiving account as an illegal financial corporate account; and
When a transfer request for the illegal financial corporate account is detected, an operation that includes providing a notification to the sender who requested the transfer request
Financial server.

Images