TW201828214A - Business handling method and device in which a fast risk recognition operation is carried out first and then a deep risk recognition operation is conducted - Google Patents

Business handling method and device in which a fast risk recognition operation is carried out first and then a deep risk recognition operation is conducted Download PDF

Info

Publication number
TW201828214A
TW201828214A TW106102239A TW106102239A TW201828214A TW 201828214 A TW201828214 A TW 201828214A TW 106102239 A TW106102239 A TW 106102239A TW 106102239 A TW106102239 A TW 106102239A TW 201828214 A TW201828214 A TW 201828214A
Authority
TW
Taiwan
Prior art keywords
risk
risk identification
identification
user
processing request
Prior art date
Application number
TW106102239A
Other languages
Chinese (zh)
Other versions
TWI668657B (en
Inventor
沈濤
雷鑫
孫宏發
黃海
Original Assignee
阿里巴巴集團服務有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 阿里巴巴集團服務有限公司 filed Critical 阿里巴巴集團服務有限公司
Priority to TW106102239A priority Critical patent/TWI668657B/en
Publication of TW201828214A publication Critical patent/TW201828214A/en
Application granted granted Critical
Publication of TWI668657B publication Critical patent/TWI668657B/en

Links

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application relates to the technical field of Internet, and more particularly to a business handling method and device for saving the consumption of system resources and improving the performance of risk recognition. Embodiments of the application provide a risk recognition method that comprises: conducting fast risk recognition for a business handling request based on a recognition algorithm of a fast risk recognition level; in case that it is not possible to determine the business handling request is a secure request or a risky request after the fast risk recognition, conducting deep risk recognition for the business handling request based on a recognition algorithm of a deep risk recognition level, wherein the amount of data used in the deep risk recognition is greater than the amount of data used in the fast risk recognition and the time period used in conducting the deep risk recognition is longer than the time period used in conducting the fast risk recognition; and processing the business handling request according to the result of the deep risk recognition.

Description

業務處理方法及裝置  Business processing method and device  

本申請關於互聯網技術領域,尤其關於一種業務處理方法及裝置。 This application relates to the field of Internet technologies, and in particular, to a service processing method and apparatus.

隨著互聯網資訊技術的發展,透過互聯網為使用者提供業務服務變得越來越普遍,業務服務的場景也越來越多。網路業務服務在為使用者帶來便利的同時,也帶來了一定的風險。為了保證網路業務服務的順利進行,需要設置風險監控系統來對使用者的業務處理請求進行風險識別。 With the development of Internet information technology, it is becoming more and more common to provide business services to users through the Internet, and there are more and more business service scenarios. While the network business service brings convenience to users, it also brings certain risks. In order to ensure the smooth running of the network service, it is necessary to set up a risk monitoring system to identify the user's business processing request.

隨著風險監控系統需要監控風險的業務場景越來越多、風險形勢越來越複雜,對各種風險的監控力度以及監控時效性要求也越來越高,用於進行風險識別的規則模型越來越多,計算複雜度越來越高。這些都導致風險監控系統對系統資源的消耗以及分析耗時顯著增加。 As the risk monitoring system needs to monitor the risk of more and more business scenarios and the risk situation becomes more and more complex, the monitoring of various risks and the timeliness of monitoring are becoming more and more high. The rule model for risk identification is coming. The more the calculation, the higher the complexity. These have led to a significant increase in the consumption of system resources by the risk monitoring system and the time taken for analysis.

可見,目前需要提供一個更合理的風險監控方式來提高風險分析性能,及節省系統資源消耗。 It can be seen that there is a need to provide a more reasonable risk monitoring method to improve risk analysis performance and save system resource consumption.

本申請實施例提供一種業務處理方法及裝置,用以節省系統資源消耗、提高風險識別性能。 The embodiment of the present application provides a service processing method and device, which are used to save system resource consumption and improve risk identification performance.

本申請實施例提供的一種業務處理方法包括:在接收到用戶的業務處理請求後,基於快速風險識別層的識別演算法,對所述業務處理請求進行快速風險識別;若在進行快速風險識別後,無法確定所述業務處理請求是否存在風險,則基於深度風險識別層的識別演算法,對所述業務處理請求進行深度風險識別;其中,進行深度風險識別所使用的資料量大於進行快速風險識別所使用的資料量,且進行深度風險識別所使用的識別時長大於進行快速風險識別所使用的識別時長;根據進行深度風險識別的結果,處理所述業務處理請求。 A service processing method provided by the embodiment of the present application includes: after receiving a service processing request of a user, performing fast risk identification on the service processing request based on a fast risk identification layer identification algorithm; if performing fast risk identification If the service processing request cannot be determined to be risky, the deep risk identification is performed on the service processing request based on the recognition algorithm of the deep risk identification layer; wherein the amount of data used for deep risk identification is greater than the rapid risk identification The amount of data used, and the recognition duration used for depth risk identification is greater than the recognition duration used for rapid risk identification; the business processing request is processed according to the result of performing the depth risk identification.

可選地,基於快速風險識別層的識別演算法,對所述業務處理請求進行快速風險識別,包括:基於所述業務處理請求中攜帶的使用者資料,判斷所述使用者資料是否屬於預先儲存的可信用戶名單或風險用戶名單中的使用者資料;若所述使用者資料為可信用戶名單中的使用者資料,則確定所述業務處理請求為安全請求,若所述使用者資料為風險用戶名單中的使用者資料,則確定所述業務處理請求為風險請求。 Optionally, performing fast risk identification on the service processing request based on the fast algorithm of the fast risk identification layer, including: determining, according to user data carried in the service processing request, whether the user data belongs to pre-storage The user data in the trusted user list or the risk user list; if the user data is the user data in the trusted user list, determining that the service processing request is a security request, if the user data is The user data in the risk user list determines that the service processing request is a risk request.

可選地,若所述使用者資料既不屬於預先儲存的可信用戶名單中的使用者資料,也不屬於預先儲存的風險用戶名單中的使用者資料,則基於快速風險識別層的識別演算法,對所述業務處理請求進行快速風險識別,還包括:基於所述業務處理請求中攜帶的使用者資料、所述使用者的歷史行為資料、以及用於進行使用者行為資料比對的規則模型,判斷所述業務處理請求所指示的用戶當前操作行為與所述用戶的歷史習慣性操作行為是否匹配;若匹配,則確定所述業務處理請求為安全請求,若不匹配,則確定所述業務處理請求為風險請求。 Optionally, if the user data does not belong to the user data in the pre-stored trusted user list, and does not belong to the user data in the pre-stored risk user list, the recognition algorithm based on the fast risk identification layer The method, the fast risk identification of the service processing request, further includes: based on the user data carried in the service processing request, the historical behavior data of the user, and a rule for comparing user behavior data a model, determining whether the current operation behavior of the user indicated by the service processing request matches the historical habitual operation behavior of the user; if the matching, determining that the service processing request is a security request, if not, determining the The business processing request is a risk request.

可選地,基於深度風險識別層的識別演算法,對所述業務處理請求進行深度風險識別,包括:根據所述業務處理請求的業務處理類型,從預設的多種風險主題中選擇至少一種風險主題;在選擇的每種風險主題下,基於所述業務處理請求對應的業務場景資訊,選擇用於進行第二層級風險識別的規則模型;基於選擇的規則模型,對所述業務處理請求進行深度風險識別。 Optionally, performing the deep risk identification on the service processing request according to the recognition algorithm of the depth risk identification layer, including: selecting at least one risk from the preset multiple risk topics according to the service processing type of the service processing request a topic; selecting, according to the business scenario information corresponding to the service processing request, a rule model for performing second-level risk identification; and performing depth on the service processing request based on the selected rule model Risk Identification.

可選地,所述方法還包括:基於全面風險識別層的識別演算法,對所述業務處理請求進行全面風險識別;其中,所述全面風險識別與所述快速風險識別和深度風險識別非同步執行,進行全面風險識別所使用的資料量大於進行快速風險識別及深度風險識 別所使用的資料量,且進行全面風險識別所使用的識別時長大於進行快速風險識別及深度風險識別所使用的識別時長;基於進行全面風險識別的結果,更新以下資訊中的一種或多種:預設的可信用戶名單;預設的風險用戶名單;所述使用者的歷史行為資料;預設的規則模型。 Optionally, the method further includes: performing comprehensive risk identification on the service processing request based on a comprehensive risk identification layer identification algorithm; wherein the comprehensive risk identification is asynchronous with the fast risk identification and depth risk identification Execution, the amount of data used for comprehensive risk identification is greater than the amount of data used for rapid risk identification and deep risk identification, and the identification time used for comprehensive risk identification is greater than the identification used for rapid risk identification and deep risk identification. Duration; based on the results of comprehensive risk identification, update one or more of the following information: a preset list of trusted users; a preset list of risk users; historical behavior data of the users; and a preset rule model.

本申請實施例提供一種業務處理裝置,包括:第一識別模組,用於在接收到用戶的業務處理請求後,基於快速風險識別層的識別演算法,對所述業務處理請求進行快速風險識別;第二識別模組,用於若在進行快速風險識別後,無法確定所述業務處理請求是否存在風險,則基於深度風險識別層的識別演算法,對所述業務處理請求進行深度風險識別;其中,進行深度風險識別所使用的資料量大於進行快速風險識別所使用的資料量,且進行深度風險識別所使用的識別時長大於進行快速風險識別所使用的識別時長;處理模組,用於根據進行深度風險識別的結果,處理所述業務處理請求。 The embodiment of the present application provides a service processing apparatus, including: a first identification module, configured to perform fast risk identification on the service processing request after receiving a service processing request of a user, based on a recognition algorithm of a fast risk identification layer a second identification module, configured to perform depth risk identification on the service processing request based on a recognition algorithm of the depth risk identification layer if the risk detection request cannot be determined after the rapid risk identification is performed; The amount of data used for deep risk identification is greater than the amount of data used for rapid risk identification, and the recognition time used for deep risk identification is greater than the recognition duration used for rapid risk identification; The business processing request is processed according to the result of performing the depth risk identification.

上述風險識別方法及裝置提供了一種對使用者的業務處理請求進行分層級風險識別的方案,在快速風險識別層,採用較少的資料及較短的識別時間進行識別,針對無 法確認是風險請求還是安全請求的業務處理請求,再採用較多的資料及較長的時間進行深度風險識別。由於對於較為明顯的風險請求或安全請求,可以在快速風險識別層中採用較少的資料快速識別出來,因此相比直接執行較複雜的風險識別演算法的方式,可以提高識別效率,節省系統資源消耗;另外,對於不容易識別的業務處理請求,再進行較複雜的深度風險識別,從而可以保證風險識別的準確性。 The above risk identification method and device provide a scheme for hierarchical risk identification of a user's business processing request. In the rapid risk identification layer, less data is used and a shorter recognition time is used for identification, and the risk request cannot be confirmed. It is also a business request for a secure request, and then uses more data and a longer time for deep risk identification. Since the more obvious risk request or security request can be quickly identified by using less data in the rapid risk identification layer, the recognition efficiency and the system resources can be improved compared with the direct implementation of the more complex risk identification algorithm. Consumption; In addition, for business processing requests that are not easily identifiable, more complex depth risk identification is performed, so that the accuracy of risk identification can be ensured.

另外,在本申請優選的實施方式中,進一步提供了基於全面風險識別層的識別演算法進行全面風險識別的方式,全面風險識別與快速風險識別和深度風險識別非同步進行,可以在優化整個風險識別演算法的同時,保證業務處理的順利進行。 In addition, in the preferred embodiment of the present application, a comprehensive risk identification method based on the comprehensive risk identification layer recognition algorithm is further provided, and the comprehensive risk identification, the rapid risk identification and the deep risk identification are performed asynchronously, and the entire risk can be optimized. While identifying the algorithm, the business process is guaranteed to proceed smoothly.

31‧‧‧第一識別模組 31‧‧‧First identification module

32‧‧‧第二識別模組 32‧‧‧Second identification module

33‧‧‧處理模組 33‧‧‧Processing module

34‧‧‧第三識別模組 34‧‧‧The third identification module

圖1為本申請實施例一提供的業務處理方法流程圖; 圖2為本申請實施例二提供的風險識別方法流程圖; 圖3為本申請實施例提供的風險識別裝置結構示意圖。 1 is a flowchart of a service processing method according to Embodiment 1 of the present application; FIG. 2 is a flowchart of a risk identification method according to Embodiment 2 of the present application; FIG. 3 is a schematic structural diagram of a risk identification apparatus according to an embodiment of the present application.

本申請實施例對用戶的業務處理請求進行分層級的風險識別,在快速風險識別層,採用較少的資料及較短的識別時間進行識別,針對無法確認是風險請求還是安全請求 的業務處理請求,再採用較多的資料及較長的時間進行深度風險識別。由於對於較為明顯的風險請求或安全請求,可以在快速風險識別層中採用較少的資料快速識別出來,相比直接執行較複雜的風險識別演算法的方式,可以提高識別效率,節省系統資源消耗,而對於不容易識別的業務處理請求,再進行較複雜的深度風險識別,可以提高風險識別的準確性。另外,在本申請優選的實施方式中,進一步提供了基於全面風險識別層的識別演算法進行全面風險識別的方式,全面風險識別與快速風險識別和深度風險識別非同步進行,可以在優化整個風險識別演算法的同時,保證業務處理的順利進行。 The embodiment of the present application performs hierarchical risk identification on a service processing request of a user, and uses a small data and a short recognition time for identification in a fast risk identification layer, and a service processing request for failing to confirm whether it is a risk request or a security request. , then use more data and longer time for deep risk identification. Because of the obvious risk request or security request, it can be quickly identified by using less data in the fast risk identification layer. Compared with the direct implementation of the more complex risk identification algorithm, the recognition efficiency can be improved and the system resource consumption can be saved. For more difficult to identify business processing requests, more complex depth risk identification can improve the accuracy of risk identification. In addition, in the preferred embodiment of the present application, a comprehensive risk identification method based on the comprehensive risk identification layer recognition algorithm is further provided, and the comprehensive risk identification, the rapid risk identification and the deep risk identification are performed asynchronously, and the entire risk can be optimized. While identifying the algorithm, the business process is guaranteed to proceed smoothly.

下面結合說明書附圖對本申請實施例作進一步詳細描述。 The embodiments of the present application are further described in detail below with reference to the accompanying drawings.

實施例一  Embodiment 1  

如圖1所示,為本申請實施例一提供的業務處理方法流程圖,包括以下步驟:S101:在接收到用戶的業務處理請求後,基於快速風險識別層的識別演算法,對所述業務處理請求進行快速風險識別。 As shown in FIG. 1 , a flowchart of a service processing method according to Embodiment 1 of the present application includes the following steps: S101: After receiving a service processing request of a user, performing a service based on a fast risk identification layer identification algorithm. Process requests for rapid risk identification.

在具體實施過程中,可以首先基於預先儲存的可信用戶名單和風險用戶名單,對所述業務處理請求進行快速風險識別。這裡的可信用戶名單中可以包括使用者的可信互聯網協議(Internet Protocol,IP)位址、可信媒體接入控 制(Media Access Control,MAC)位址、可信終端位置等使用者資料;相應地,風險用戶名單中可以包括風險應用帳號、風險銀行卡號、風險IP位址等使用者資料。若業務處理請求中的使用者資料既不屬於可信用戶名單中的使用者資料,也不屬於風險用戶名單中的使用者資料,則可以繼續基於所述業務處理請求中攜帶的使用者資料和所述使用者的歷史行為資料,透過進行使用者行為資料比對對所述業務處理請求進行快速風險識別,若能夠透過用戶行為資料比對確認所述業務處理請求是安全請求還是風險請求,則基於快速風險識別的結果,處理所述業務處理請求,否則進入S102。 In a specific implementation process, the service processing request may be quickly identified based on a pre-stored list of trusted users and a list of risk users. The trusted user list herein may include user data such as a trusted Internet Protocol (IP) address, a trusted media access control (MAC) address, and a trusted terminal location. Correspondingly, the risk user list may include user data such as a risk application account number, a risk bank card number, and a risk IP address. If the user data in the service processing request belongs to neither the user data in the trusted user list nor the user data in the risk user list, the user data carried in the service processing request may continue to be used. The historical behavior data of the user performs fast risk identification on the service processing request by performing user behavior data comparison, and if the user behavior data comparison can confirm whether the business processing request is a security request or a risk request, The service processing request is processed based on the result of the rapid risk identification, otherwise the process proceeds to S102.

比如,首先查看發起業務處理請求的用戶當前使用的IP位址是否是該用戶(這裡可以採用帳號來標識使用者)之前經常使用的可信IP位址,如果是,則認為當前的業務處理請求無風險。如果不是,則查看該IP位址是否是風險IP位址,如果是,則說明當前的業務處理請求存在風險。如果不是,則可以基於預設的用於進行用戶行為資料比對的規則模型,透過比對使用者當前操作行為和歷史習慣性操作行為的差異來確定當前操作是否存在風險,比如,在該規則模型中,可以判斷使用者本次操作時間是否在用戶歷史習慣操作時間段內、使用者本次交易物品類型與使用者歷史交易興趣的匹配情況,使用者輸入密碼的敲鍵盤速度與使用者歷史習慣的匹配情況等。這裡,用戶的歷史習慣性操作行為可以是指在使用者的安全歷史操作記 錄中出現的次數在設定閾值以上的操作行為。如果規則模型的判斷結果為使用者本次操作行為與歷史習慣性操作行為的差異過大,則認為當前業務處理請求存在風險,如果差異很小,則認為當前業務處理請求是安全的。如果差異介於存在風險和不存在風險所分別對應的差異之間,則無法確認當前的業務處理請求是安全請求還是風險請求,此時,進入深度風險識別。 For example, first check whether the IP address currently used by the user initiating the service processing request is a trusted IP address that is frequently used by the user (where the account can be used to identify the user), and if so, the current service processing request is considered. no risk. If not, it is checked whether the IP address is a risk IP address, and if so, the current business processing request is at risk. If not, the current operation may be determined to be risky based on a preset rule model for performing user behavior data comparison, for example, by comparing the difference between the current operation behavior of the user and the historical habitual operation behavior, for example, in the rule. In the model, it can be determined whether the user's current operation time is within the user's historical custom operation time period, the user's current transaction item type matches the user's historical transaction interest, and the user inputs the password's keyboard speed and user history. Habitual matching situation, etc. Here, the user's historical habitual operation behavior may refer to an operation behavior in which the number of occurrences in the user's security history operation record is above a set threshold. If the judgment result of the rule model is that the difference between the user's current operation behavior and the historical habitual operation behavior is too large, the current business processing request is considered to be risky, and if the difference is small, the current business processing request is considered to be safe. If the difference is between the difference between the existing risk and the non-existent risk, it is impossible to confirm whether the current business processing request is a security request or a risk request. At this time, the deep risk identification is entered.

根據統計,在所有使用者操作行為中,至少有80%的操作行為可以透過快速風險識別層獲得風險識別結果。由於快速風險識別層所需要的資料量及計算量都是很少的,消耗的系統計算資源和儲存資源也較少,因此可以極大提升風險分析性能,減少無謂的資源消耗。 According to statistics, at least 80% of all user behaviors can obtain risk identification results through the rapid risk identification layer. Since the amount of data and the amount of calculation required by the rapid risk identification layer are small, the system computing resources and storage resources are also consumed, so that the risk analysis performance can be greatly improved and the unnecessary resource consumption can be reduced.

S102:若在進行快速風險識別後,無法確定所述業務處理請求是安全請求還是風險請求,則基於深度風險識別層的識別演算法,對所述業務處理請求進行深度風險識別;其中,進行深度風險識別所使用的資料量大於進行快速風險識別所使用的資料量,且進行深度風險識別所使用的識別時長大於進行快速風險識別所使用的識別時長。 S102: If, after the fast risk identification is performed, the service processing request cannot be determined to be a security request or a risk request, the depth risk identification layer-based recognition algorithm performs depth risk identification on the service processing request; wherein, the depth is performed. The amount of data used for risk identification is greater than the amount of data used for rapid risk identification, and the length of identification used for deep risk identification is greater than the length of identification used for rapid risk identification.

相比快速風險識別,在深度風險識別進行更精細化的風險分析,為了匹配到更精細化的規則模型,深度風險識別所採用的資料量較多,比如,使用的資料包括業務處理類型資訊(比如轉帳、支付、發紅包等業務處理類型)、業務場景資訊(比如即時到帳、擔保交易等交易類型資訊,再比如餘額支付、快捷支付、網銀支付等支付管道資 訊,再比如實物交易、虛擬交易等物流類型資訊,自營、外部商戶等交易來源資訊)等。 Compared with rapid risk identification, a more refined risk analysis in deep risk identification, in order to match a more refined rule model, deep risk identification uses more data, for example, the information used includes business processing type information ( Such as transfer, payment, red envelopes and other business processing types), business scenario information (such as instant arrival, secured transactions and other transaction type information, such as balance payment, fast payment, online banking payment and other payment pipeline information, such as physical transactions, virtual Logistics type information such as transactions, self-operated, external merchants and other transaction source information).

具體地,可以執行以下步驟:步驟一:根據所述業務處理請求的業務處理類型,從預設的多種風險主題中選擇至少一種風險主題。 Specifically, the following steps may be performed: Step 1: Select at least one risk theme from preset multiple risk topics according to the service processing type of the service processing request.

這裡,風險主題包括比如盜帳戶風險(盜用應用註冊帳戶)、盜卡風險(盜用銀行卡)、詐欺風險(比如修改他人銀行卡密碼)等。比如,當業務處理類型為支付時,涉及的風險可能包括盜帳戶風險、盜卡風險、詐欺風險,因此當處理支付類業務時,可以自動選擇盜帳戶風險、盜卡風險、詐欺風險三種風險主題。再比如,當業務處理類型為轉帳時,可以自動選擇盜帳戶風險、盜卡風險兩種風險主題。 Here, risk topics include, for example, stolen account risk (theft of application registration accounts), stolen card risk (theft of bank cards), fraud risk (such as modifying other bank card passwords). For example, when the type of business processing is payment, the risks involved may include the risk of stolen accounts, the risk of stolen cards, and the risk of fraud. Therefore, when dealing with payment services, three risk themes of stolen account risk, stolen card risk, and fraud risk can be automatically selected. . For another example, when the business processing type is transfer, two risk themes of stolen account risk and stolen card risk can be automatically selected.

步驟二:在選擇的每種風險主題下,基於所述業務處理請求對應的業務場景資訊,選擇用於進行深度風險識別的規則模型。 Step 2: Select a rule model for performing deep risk identification based on the service scenario information corresponding to the service processing request under each selected risk topic.

這裡,不同的業務場景所對應的用於進行深度風險識別的規則模型是不同的;在不同的風險主題下,即使同樣的業務場景所對應的用於進行深度風險識別的規則模型也有可能是不同的。比如,即時到帳和擔保交易(比如貨到付款)的風險性是不同的,因此所對應的用於進行深度風險識別的規則模型是不同的,餘額支付和快捷支付所對應的用於進行深度風險識別的規則模型也是不同的;在盜帳戶風險和盜卡風險中,同樣是擔保交易,其所對應的用於 進行深度風險識別的規則模型也是不同的。 Here, the rule models for deep risk identification corresponding to different business scenarios are different; under different risk topics, even the rule models for deep risk identification corresponding to the same business scenario may be different. of. For example, the risk of instant arrival and secured transactions (such as cash on delivery) is different, so the corresponding rule model for deep risk identification is different, and the balance payment and quick payment are used for depth. The rule model for risk identification is also different; in the case of stolen account risk and stolen card risk, it is also a secured transaction, and the corresponding rule model for deep risk identification is also different.

步驟三:基於選擇的規則模型,對所述業務處理請求進行深度風險識別。 Step 3: Perform deep risk identification on the service processing request based on the selected rule model.

這裡,進行深度風險識別時匹配選擇的規則模型的資料,可以包括使用者是否異地操作的資訊、商戶營業狀態資訊等多種線上已有的資訊。 Here, the data of the matching rule model when performing the deep risk identification may include information such as whether the user operates in a different place, the business status information of the merchant, and the like.

該步驟中,針對選擇的每一種風險主題,選擇用於進行深度風險識別的規則模型。若選擇的風險主題有多個,則分別針對每一種風險主題進行深度風險識別,若在任意一個風險主題下的風險識別結果為當前的業務處理請求為風險請求,則認為當前的業務處理請求為風險請求。 In this step, a rule model for performing deep risk identification is selected for each risk topic selected. If there are multiple risk topics selected, the deep risk identification is performed for each risk topic separately. If the risk identification result under any one of the risk topics is that the current business processing request is a risk request, the current business processing request is considered as Risk request.

S103:根據進行深度風險識別的結果,處理所述業務處理請求。 S103: Process the service processing request according to the result of performing the depth risk identification.

深度風險識別可以利用快速風險識別節省的系統資源進行更精細的資料計算,獲得更準確的風險識別結果。由於深度風險識別只需針對快速風險識別無法確定識別結果的業務處理請求進行風險識別,因此,可以在保證節省系統資源的前提下,減少風險漏過機率。 Deep risk identification can use the system resources saved by rapid risk identification to perform more detailed data calculation and obtain more accurate risk identification results. Since the deep risk identification only needs to identify the risk of the business processing request that cannot identify the recognition result by the rapid risk identification, the risk leakage probability can be reduced under the premise of ensuring the saving of system resources.

實施例二  Embodiment 2  

在本申請實施例二中,為了進一步提高風險識別的準確率,設計了全面風險識別層,該風險識別過程與快速風險識別和深度風險識別非同步進行,也即不影響業務處理進程。全面風險識別的結果可以用於優化執行快速風險識 別和深度風險識別的使用者資料及規則模型。 In the second embodiment of the present application, in order to further improve the accuracy of risk identification, a comprehensive risk identification layer is designed, which is performed asynchronously with rapid risk identification and deep risk identification, that is, does not affect the business processing process. The results of comprehensive risk identification can be used to optimize user data and rule models for performing rapid risk identification and deep risk identification.

如圖2所示,為本申請實施例二提供的風險識別方法流程圖,包括:S201:業務伺服器在接收到用戶的業務處理請求後,基於可信用戶名單/風險用戶名單/用戶行為資料比對,對所述業務處理請求進行快速風險識別。若該步驟能夠確定所述業務處理請求是安全請求或風險請求,則進入S202,否則進入S203。 As shown in FIG. 2, a flowchart of a risk identification method provided in Embodiment 2 of the present application includes: S201: After receiving a service processing request of a user, the service server is based on a trusted user list/risk user list/user behavior data. The comparison performs fast risk identification on the service processing request. If the step can determine that the service processing request is a security request or a risk request, go to S202, otherwise go to S203.

在具體實施中,首先基於所述業務處理請求中攜帶的使用者資料,判斷所述使用者資料是否屬於預先儲存的可信用戶名單或風險用戶名單中的使用者資料;若所述使用者資料為可信用戶名單中的使用者資料,則確定所述業務處理請求為安全請求,若所述使用者資料為風險用戶名單中的使用者資料,則確定所述業務處理請求為風險請求。若所述使用者資料既不屬於預先儲存的可信用戶名單中的使用者資料,也不屬於預先儲存的風險用戶名單中的使用者資料,則基於所述業務處理請求中攜帶的使用者資料、所述使用者的歷史行為資料、以及用於進行使用者行為資料比對的規則模型,判斷所述業務處理請求所指示的用戶當前操作行為與所述用戶的歷史習慣性操作行為是否匹配,若匹配,則確定所述業務處理請求為安全請求,若不匹配,則確定所述業務處理請求為風險請求。這裡,所述用戶的歷史習慣性操作行為可以是指在使用者的安全歷史操作記錄中出現的次數在設定閾值以上的操作行為。 In a specific implementation, first determining, according to the user data carried in the service processing request, whether the user data belongs to a pre-stored trusted user list or a user data in a risk user list; And determining, by the user data in the trusted user list, the service processing request is a security request, and if the user data is the user data in the risk user list, determining that the service processing request is a risk request. If the user data does not belong to the user data in the pre-stored trusted user list, and does not belong to the user data in the pre-stored risk user list, based on the user data carried in the service processing request And determining, by the user, historical behavior data, and a rule model for performing user behavior data comparison, determining whether the current operation behavior of the user indicated by the service processing request matches the historical habitual operation behavior of the user, If yes, the service processing request is determined to be a security request, and if not, the service processing request is determined to be a risk request. Here, the historical habitual operation behavior of the user may refer to an operation behavior in which the number of occurrences in the user's security history operation record is above a set threshold.

S202:根據進行快速風險識別的結果,處理所述業務處理請求。 S202: Process the service processing request according to the result of performing fast risk identification.

在具體實施中,若確定所述業務處理請求是安全請求,則回應所述業務處理請求,為使用者提供業務服務,若確定所述業務處理請求是風險請求,則可以拒絕所述業務處理請求。 In a specific implementation, if it is determined that the service processing request is a security request, responding to the service processing request, providing a service service for the user, and if the service processing request is determined to be a risk request, the service processing request may be rejected. .

S203:若在進行快速風險識別後,無法確定所述業務處理請求是安全請求還是風險請求,則根據所述業務處理請求的業務處理類型,從預設的多種風險主題中選擇至少一種風險主題,在選擇的每種風險主題下,基於所述業務處理請求對應的業務場景資訊,選擇用於進行深度風險識別的規則模型,基於選擇的規則模型,對所述業務處理請求進行深度風險識別。 S203: If, after the fast risk identification is performed, the service processing request cannot be determined to be a security request or a risk request, selecting at least one risk theme from the preset multiple risk topics according to the service processing type of the service processing request, And selecting, according to the business scenario information corresponding to the service processing request, a rule model for performing deep risk identification, and performing deep risk identification on the service processing request based on the selected rule model.

S204:根據進行深度風險識別的結果,處理所述業務處理請求。 S204: Process the service processing request according to the result of performing the depth risk identification.

這裡,快速風險識別和深度風險識別都是線上執行的識別過程,若沒有在快速風險識別層確認所述業務處理請求是安全請求還是風險請求,一定會在深度風險識別層確認所述業務處理請求是安全請求還是風險請求,以便於基於識別結果處理所述業務處理請求。但是,出於回應時間的考慮,用於進行快速風險識別和深度風險識別的資料基本都是線上已有的,仍然會存在漏過風險的情況。比如,如果可信用戶名單出現異常,將會造成針對後續大量業務處理請求,執行快速風險識別的識別結果出現錯誤。為了 進行更全面的風險挖掘,本申請實施例非同步執行全面風險識別,該全面風險識別可以在處理完所述業務處理請求之後執行,也可以在處理所述業務處理請求的過程中執行,總之,不會影響所述業務處理請求的執行過程。 Here, the rapid risk identification and the deep risk identification are both online recognition processes. If the fast risk identification layer does not confirm that the service processing request is a security request or a risk request, the service processing request is confirmed at the deep risk identification layer. Whether it is a security request or a risk request, in order to process the business processing request based on the recognition result. However, due to the response time, the data used for rapid risk identification and deep risk identification are basically online, and there will still be risks. For example, if the list of trusted users is abnormal, it will cause errors in the recognition result of performing rapid risk identification for subsequent large number of business processing requests. In order to perform more comprehensive risk mining, the embodiment of the present application performs comprehensive risk identification asynchronously, and the comprehensive risk identification may be performed after the processing of the service processing request is completed, or may be performed in the process of processing the service processing request. , does not affect the execution process of the business processing request.

S205:基於全面風險識別層的識別演算法,對所述業務處理請求進行全面風險識別;其中,所述全面風險識別與所述快速風險識別和深度風險識別非同步執行,進行全面風險識別所使用的資料量大於進行快速風險識別及深度風險識別所使用的資料量,且進行全面風險識別所使用的識別時長大於進行快速風險識別及深度風險識別所使用的識別時長。 S205: Perform comprehensive risk identification on the service processing request based on a comprehensive risk identification layer identification algorithm, where the comprehensive risk identification is performed asynchronously with the rapid risk identification and depth risk identification, and is used for comprehensive risk identification. The amount of data is greater than the amount of data used for rapid risk identification and deep risk identification, and the length of identification used for comprehensive risk identification is greater than the length of recognition used for rapid risk identification and deep risk identification.

在進行全面風險識別時,可以透過向其它業務伺服器獲取使用者在其它服務網站的一些資料,計算和挖掘更豐富的資料特徵。全面風險識別相比快速風險識別和深度風險識別,進行風險計算及分析更全面和複雜,耗時也更長。 In the case of comprehensive risk identification, it is possible to calculate and mine richer data features by obtaining some data of users on other service websites from other service servers. Comprehensive risk identification Compared to rapid risk identification and deep risk identification, risk calculation and analysis is more comprehensive and complex, and takes longer.

舉例說明,進行全面風險識別的過程可以為:向其它業務伺服器獲取使用者在其它服務網站的使用者資料,並計算使用者關係網路資料、使用者累計行為資料等;基於獲取的使用者在其它服務網站的使用者資料、計算的使用者關係網路資料、使用者累計行為資料、以及進行快速風險識別和深度風險識別時使用的使用者資料等,進行全面風險識別;這裡,全面風險識別的演算法具體可以與深度風險識 別的演算法相同,區別在於使用的使用者資料不同。所述從其它業務伺服器獲取的使用者資料可以包括使用者在外部服務網站的交易和支付資訊、指示使用者在外部服務網站是否有異常操作的資訊等,使用者關係網絡資料包括指示使用者是否與其它用戶有直接關係往來或間接關係往來的資料,使用者累計行為資料可以包括使用者在最近設定時長內對同一IP地址的登錄次數、在設定時間長度內的異地支付總金額等。 For example, the process of comprehensive risk identification may be: obtaining user data of users on other service websites from other service servers, and calculating user relationship network data, user cumulative behavior data, etc.; Comprehensive risk identification for user data on other service websites, calculated user relationship network data, user cumulative behavior data, and user data used for rapid risk identification and deep risk identification; here, comprehensive risk The algorithm for recognition can be the same as the algorithm for deep risk identification, with the difference that the user data used is different. The user data obtained from other service servers may include transaction and payment information of the user on the external service website, information indicating whether the user has abnormal operation on the external service website, and the user relationship network information includes the indication user. Whether the data has direct or indirect relationship with other users, the user cumulative behavior data may include the number of logins of the same IP address by the user within the set time period, and the total amount of off-site payment within the set time length.

S206:基於進行全面風險識別的結果,更新以下資訊中的一種或多種:預設的可信用戶名單;預設的風險用戶名單;所述使用者的歷史行為資料;預設的規則模型。 S206: Update one or more of the following information based on the result of performing comprehensive risk identification: a preset trusted user list; a preset risk user list; the user's historical behavior data; and a preset rule model.

這裡,全面風險識別的結果可用於優化進行快速風險識別和深度風險識別的使用者資料及規則模型。比如,當針對某個業務處理請求,進行全面風險識別的結果是該業務處理請求為風險請求,可以提取該業務處理請求涉及的應用帳號,將其列入風險用戶名單中;再比如,針對對應的IP位址被列入風險用戶名單中的某個業務處理請求,若全面風險識別的結果是該業務處理請求為安全請求,則將該IP位址從風險用戶名單中剔除;再比如,可以將統計的使用者累計行為資料列入使用者的歷史行為資料中;再比如,若基於多個業務處理請求,統計出原來的用於進行用戶行為資料比對的規則模型輸出的識別結果,和/或用於進行深度風險識別的規則模型所輸出的識別結果,與進行全面風險識別的結果匹配性較差,則可以基於全面風 險識別的結果,對上述規則模型進行優化,以使其更匹配全面風險識別的結果。 Here, the results of comprehensive risk identification can be used to optimize user data and rule models for rapid risk identification and deep risk identification. For example, when processing a request for a certain service, the result of comprehensive risk identification is that the service processing request is a risk request, and the application account involved in the service processing request may be extracted and listed in the risk user list; for example, for the corresponding The IP address is included in a service processing request in the risk user list. If the result of the comprehensive risk identification is that the service processing request is a security request, the IP address is removed from the risk user list; for example, The statistical user cumulative behavior data is included in the user's historical behavior data; for example, if based on a plurality of business processing requests, the original recognition result of the rule model output for comparing the user behavior data is calculated, and / If the recognition result output by the rule model for deep risk identification is poorly matched with the result of comprehensive risk identification, the above rule model can be optimized based on the result of comprehensive risk identification to make it more comprehensive. The result of risk identification.

基於同一發明構思,本申請實施例中還提供了一種與風險識別方法對應的風險識別裝置,由於該裝置解決問題的原理與本申請實施例風險識別方法相似,因此該裝置的實施可以參見方法的實施,重複之處不再贅述。 Based on the same inventive concept, the risk identification device corresponding to the risk identification method is also provided in the embodiment of the present application. Since the principle of solving the problem is similar to the risk identification method in the embodiment of the present application, the implementation of the device can refer to the method. Implementation, repetition will not be repeated.

如圖3所示,為本申請實施例提供的風險識別裝置結構示意圖,包括:第一識別模組31,用於在接收到用戶的業務處理請求後,基於快速風險識別層的識別演算法,對所述業務處理請求進行快速風險識別;第二識別模組32,用於若在進行快速風險識別後,無法確定所述業務處理請求是否存在風險,則基於深度風險識別層的識別演算法,對所述業務處理請求進行深度風險識別;其中,進行深度風險識別所使用的資料量大於進行快速風險識別所使用的資料量,且進行深度風險識別所使用的識別時長大於進行快速風險識別所使用的識別時長;處理模組33,用於根據進行深度風險識別的結果,處理所述業務處理請求。 As shown in FIG. 3 , a schematic diagram of a structure of a risk identification apparatus provided by an embodiment of the present application includes: a first identification module 31, configured to perform a recognition algorithm based on a fast risk identification layer after receiving a service processing request of a user, Performing fast risk identification on the service processing request; the second identification module 32 is configured to: if the service processing request cannot be determined to be risky after performing rapid risk identification, the recognition algorithm based on the depth risk identification layer, Performing deep risk identification on the service processing request; wherein the amount of data used for deep risk identification is greater than the amount of data used for rapid risk identification, and the identification time used for deep risk identification is greater than that for performing rapid risk identification The recognition duration used; the processing module 33 is configured to process the service processing request according to the result of performing the depth risk identification.

可選地,所述第一識別模組31具體用於:基於所述業務處理請求中攜帶的使用者資料,判斷所述使用者資料是否屬於預先儲存的可信用戶名單或風險用戶名單中的使用者資料;若所述使用者資料為可信用戶名 單中的使用者資料,則確定所述業務處理請求為安全請求,若所述使用者資料為風險用戶名單中的使用者資料,則確定所述業務處理請求為風險請求。 Optionally, the first identification module 31 is configured to: determine, according to user data carried in the service processing request, whether the user data belongs to a pre-stored trusted user list or a risk user list. User data; if the user data is user data in the trusted user list, determining that the service processing request is a security request, and if the user data is user data in the risk user list, determining The service processing request is a risk request.

可選地,所述第一識別模組31具體用於:若所述使用者資料既不屬於預先儲存的可信用戶名單中的使用者資料,也不屬於預先儲存的風險用戶名單中的使用者資料,則基於所述業務處理請求中攜帶的使用者資料、所述使用者的歷史行為資料、以及用於進行使用者行為資料比對的規則模型,判斷所述業務處理請求所指示的用戶當前操作行為與所述用戶的歷史習慣性操作行為是否匹配;若匹配,則確定所述業務處理請求為安全請求,若不匹配,則確定所述業務處理請求為風險請求。 Optionally, the first identification module 31 is specifically configured to: if the user data does not belong to the user data in the pre-stored trusted user list, and is not used in the pre-stored risk user list. And determining, according to the user data carried in the service processing request, the historical behavior data of the user, and a rule model for performing user behavior data comparison, determining the user indicated by the service processing request Whether the current operation behavior matches the historical habitual operation behavior of the user; if it matches, the service processing request is determined to be a security request, and if not, the service processing request is determined to be a risk request.

可選地,所述第二識別模組32具體用於:根據所述業務處理請求的業務處理類型,從預設的多種風險主題中選擇至少一種風險主題;在選擇的每種風險主題下,基於所述業務處理請求對應的業務場景資訊,選擇用於進行深度風險識別的規則模型;基於選擇的規則模型,對所述業務處理請求進行深度風險識別。 Optionally, the second identification module 32 is configured to: select at least one risk theme from a preset plurality of risk topics according to the service processing type of the service processing request; and under each selected risk topic, And selecting, according to the service scenario information corresponding to the service processing request, a rule model for performing deep risk identification; and performing deep risk identification on the service processing request based on the selected rule model.

可選地,所述裝置還包括:第三識別模組34,用於基於全面風險識別層的識別演算法,對所述業務處理請求進行全面風險識別;其中,所述全面風險識別與所述快速風險識別和深度風險識別非同步執行,進行全面風險識別所使用的資料量大於進行快速風險識別及深度風險識別所使用的資料量,且進行全面 風險識別所使用的識別時長大於進行快速風險識別及深度風險識別所使用的識別時長;基於進行全面風險識別的結果,更新以下資訊中的一種或多種:預設的可信用戶名單;預設的風險用戶名單;所述使用者的歷史行為資料;預設的規則模型。 Optionally, the device further includes: a third identification module 34, configured to perform comprehensive risk identification on the service processing request based on a recognition algorithm of the comprehensive risk identification layer; wherein the comprehensive risk identification and the Rapid risk identification and deep risk identification are performed asynchronously. The amount of data used for comprehensive risk identification is greater than the amount of data used for rapid risk identification and deep risk identification, and the identification time used for comprehensive risk identification is greater than the rapid risk. Identification time used for identification and depth risk identification; based on the results of comprehensive risk identification, update one or more of the following information: a preset list of trusted users; a list of preset risk users; the history of the users Behavioral data; a preset rule model.

本領域內的技術人員應明白,本申請的實施例可提供為方法、系統、或電腦程式產品。因此,本申請可採用完全硬體實施例、完全軟體實施例、或結合軟體和硬體方面的實施例的形式。而且,本申請可採用在一個或多個其中包含有電腦可用程式碼的電腦可用儲存媒體(包括但不限於磁碟記憶體、CD-ROM、光學記憶體等)上實施的電腦程式產品的形式。 Those skilled in the art will appreciate that embodiments of the present application can be provided as a method, system, or computer program product. Thus, the present application can take the form of a fully hardware embodiment, a fully software embodiment, or an embodiment combining the software and hardware. Moreover, the present application can take the form of a computer program product implemented on one or more computer usable storage media (including but not limited to disk memory, CD-ROM, optical memory, etc.) containing computer usable code therein. .

本申請是參照根據本申請實施例的方法、裝置(系統)、和電腦程式產品的流程圖和/或方框圖來描述的。應理解可由電腦程式指令實現流程圖和/或方框圖中的每一流程和/或方框、以及流程圖和/或方框圖中的流程和/或方框的結合。可提供這些電腦程式指令到通用電腦、專用電腦、嵌入式處理機或其他可程式設計資料處理設備的處理器以產生一個機器,使得透過電腦或其他可程式設計資料處理設備的處理器執行的指令產生用於實現在流程圖一個流程或多個流程和/或方框圖一個方框或多個方框 中指定的功能的裝置。 The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (system), and computer program products according to embodiments of the present application. It will be understood that each flow and/or block of the flowchart illustrations and/or FIG. These computer program instructions can be provided to a processor of a general purpose computer, a special purpose computer, an embedded processor or other programmable data processing device to produce a machine that executes instructions executed by a processor of a computer or other programmable data processing device Means are provided for implementing the functions specified in one or more of the flow or in one or more blocks of the flow chart.

這些電腦程式指令也可儲存在能引導電腦或其他可程式設計資料處理設備以特定方式工作的電腦可讀記憶體中,使得儲存在該電腦可讀記憶體中的指令產生包括指令裝置的製造品,該指令裝置實現在流程圖一個流程或多個流程和/或方框圖一個方框或多個方框中指定的功能。 The computer program instructions can also be stored in a computer readable memory that can boot a computer or other programmable data processing device to operate in a particular manner, such that instructions stored in the computer readable memory produce an article of manufacture including the instruction device. The instruction means implements the functions specified in one or more blocks of the flow or in a flow or block diagram of the flowchart.

這些電腦程式指令也可裝載到電腦或其他可程式設計資料處理設備上,使得在電腦或其他可程式設計設備上執行一系列操作步驟以產生電腦實現的處理,從而在電腦或其他可程式設計設備上執行的指令提供用於實現在流程圖一個流程或多個流程和/或方框圖一個方框或多個方框中指定的功能的步驟。 These computer program instructions can also be loaded onto a computer or other programmable data processing device to perform a series of operational steps on a computer or other programmable device to produce computer-implemented processing on a computer or other programmable device. The instructions executed above provide steps for implementing the functions specified in one or more blocks of the flowchart or in a block or blocks of the flowchart.

儘管已描述了本申請的優選實施例,但本領域內的技術人員一旦得知了基本創造性概念,則可對這些實施例作出另外的變更和修改。所以,所附申請專利範圍意欲解釋為包括優選實施例以及落入本申請範圍的所有變更和修改。 While the preferred embodiment of the present application has been described, it will be apparent that those skilled in the art can make further changes and modifications to the embodiments. Therefore, the scope of the appended claims is intended to be construed as a

顯然,本領域的技術人員可以對本申請進行各種改動和變型而不脫離本申請的精神和範圍。這樣,倘若本申請的這些修改和變型屬於本申請之申請專利範圍及其等同技術的範圍之內,則本申請也意圖包含這些改動和變型在內。 It will be apparent to those skilled in the art that various modifications and changes can be made in the present application without departing from the spirit and scope of the application. Thus, it is intended that the present invention cover the modifications and variations of the present invention.

Claims (10)

一種業務處理方法,其特徵在於,該方法包括:在接收到用戶的業務處理請求後,基於快速風險識別層的識別演算法,對該業務處理請求進行快速風險識別;若在進行快速風險識別後,無法確定該業務處理請求是安全請求還是風險請求,則基於深度風險識別層的識別演算法,對該業務處理請求進行深度風險識別;其中,進行深度風險識別所使用的資料量大於進行快速風險識別所使用的資料量,且進行深度風險識別所使用的識別時長大於進行快速風險識別所使用的識別時長;根據進行深度風險識別的結果,處理該業務處理請求。  A service processing method, comprising: after receiving a service processing request of a user, performing a rapid risk identification on the service processing request based on a recognition algorithm of a fast risk identification layer; if performing fast risk identification If it is not determined whether the service processing request is a security request or a risk request, the deep risk identification is performed on the service processing request based on the identification algorithm of the deep risk identification layer; wherein the amount of data used for deep risk identification is greater than the rapid risk The amount of data used is identified, and the recognition duration used for depth risk identification is greater than the recognition duration used for rapid risk identification; the business processing request is processed according to the result of performing the depth risk identification.   如申請專利範圍第1項所述的方法,其中,基於快速風險識別層的識別演算法,對該業務處理請求進行快速風險識別,包括:基於該業務處理請求中攜帶的使用者資料,判斷該使用者資料是否屬於預先儲存的可信用戶名單或風險用戶名單中的使用者資料;若該使用者資料為可信用戶名單中的使用者資料,則確定該業務處理請求為安全請求,若該使用者資料為風險用戶名單中的使用者資料,則確定該業務處理請求為風險請求。  The method of claim 1, wherein the rapid risk identification layer based algorithm performs fast risk identification on the service processing request, including: determining the user data based on the service processing request Whether the user data belongs to the pre-stored trusted user list or the user data in the risk user list; if the user data is the user data in the trusted user list, it is determined that the service processing request is a security request, if The user data is the user data in the risk user list, and the service processing request is determined to be a risk request.   如申請專利範圍第2項所述的方法,其中,若該使用者資料既不屬於預先儲存的可信用戶名單中的使用者 資料,也不屬於預先儲存的風險用戶名單中的使用者資料,則基於快速風險識別層的識別演算法,對該業務處理請求進行快速風險識別,還包括:基於該業務處理請求中攜帶的使用者資料、該使用者的歷史行為資料、以及用於進行使用者行為資料比對的規則模型,判斷該業務處理請求所指示的用戶當前操作行為與該用戶的歷史習慣性操作行為是否匹配;若匹配,則確定該業務處理請求為安全請求,若不匹配,則確定該業務處理請求為風險請求。  The method of claim 2, wherein if the user data does not belong to the user data in the pre-stored trusted user list, and does not belong to the user data in the pre-stored risk user list, And the fast risk identification is performed on the service processing request, and the method further includes: based on the user data carried in the service processing request, the historical behavior data of the user, and used to perform the user The behavioral data comparison rule model determines whether the current operation behavior of the user indicated by the service processing request matches the historical habitual operation behavior of the user; if it matches, the service processing request is determined to be a security request, if not, then Determine that the business processing request is a risk request.   如申請專利範圍第1項所述的方法,其中,基於深度風險識別層的識別演算法,對該業務處理請求進行深度風險識別,包括:根據該業務處理請求的業務處理類型,從預設的多種風險主題中選擇至少一種風險主題;在選擇的每種風險主題下,基於該業務處理請求對應的業務場景資訊,選擇用於進行深度風險識別的規則模型;基於選擇的規則模型,對該業務處理請求進行深度風險識別。  The method of claim 1, wherein the deep risk identification is performed on the service processing request based on the identification algorithm of the deep risk identification layer, including: according to the service processing type of the service processing request, from the preset Selecting at least one risk theme among the plurality of risk topics; selecting, according to the business scenario information corresponding to the business processing request, a rule model for performing deep risk identification; and selecting the rule based on the selected rule model Process requests for deep risk identification.   如申請專利範圍第1至4項任一項所述的方法,其中,該方法還包括:基於全面風險識別層的識別演算法,對該業務處理請求進行全面風險識別;其中,該全面風險識別與該快速風險識別和深度風險識別非同步執行,進行全面風險識別所 使用的資料量大於進行快速風險識別及深度風險識別所使用的資料量,且進行全面風險識別所使用的識別時長大於進行快速風險識別及深度風險識別所使用的識別時長;基於進行全面風險識別的結果,更新以下資訊中的一種或多種:預設的可信用戶名單;預設的風險用戶名單;該使用者的歷史行為資料;預設的規則模型。  The method of any one of claims 1 to 4, wherein the method further comprises: performing comprehensive risk identification on the service processing request based on a comprehensive algorithm of the risk identification layer; wherein the comprehensive risk identification In parallel with the rapid risk identification and deep risk identification, the amount of data used for comprehensive risk identification is greater than the amount of data used for rapid risk identification and deep risk identification, and the identification time used for comprehensive risk identification is greater than that performed. Identification time used for rapid risk identification and deep risk identification; based on the results of comprehensive risk identification, update one or more of the following information: a preset list of trusted users; a list of preset risk users; Historical behavior data; a preset rule model.   一種業務處理裝置,其特徵在於,該裝置包括:第一識別模組,用於在接收到用戶的業務處理請求後,基於快速風險識別層的識別演算法,對該業務處理請求進行快速風險識別;第二識別模組,用於若在進行快速風險識別後,無法確定該業務處理請求是否存在風險,則基於深度風險識別層的識別演算法,對該業務處理請求進行深度風險識別;其中,進行深度風險識別所使用的資料量大於進行快速風險識別所使用的資料量,且進行深度風險識別所使用的識別時長大於進行快速風險識別所使用的識別時長;處理模組,用於根據進行深度風險識別的結果,處理該業務處理請求。  A service processing device, comprising: a first identification module, configured to perform fast risk identification on the service processing request after receiving a service processing request of the user, based on a recognition algorithm of a fast risk identification layer a second identification module, configured to perform a deep risk identification on the service processing request based on a recognition algorithm of the depth risk identification layer if the risk detection request cannot be determined after the rapid risk identification is performed; The amount of data used for deep risk identification is greater than the amount of data used for rapid risk identification, and the recognition time used for deep risk identification is greater than the recognition duration used for rapid risk identification; the processing module is used to The result of the deep risk identification is processed to process the business processing request.   如申請專利範圍第6項所述的裝置,其中,該第一識別模組具體用於:基於該業務處理請求中攜帶的使用者資料,判斷該使 用者資料是否屬於預先儲存的可信用戶名單或風險用戶名單中的使用者資料;若該使用者資料為可信用戶名單中的使用者資料,則確定該業務處理請求為安全請求,若該使用者資料為風險用戶名單中的使用者資料,則確定該業務處理請求為風險請求。  The device of claim 6, wherein the first identification module is configured to: determine, according to the user data carried in the service processing request, whether the user data belongs to a pre-stored trusted user list. Or the user data in the risk user list; if the user data is the user data in the trusted user list, determining that the business processing request is a security request, and if the user data is the user data in the risk user list And determine that the business processing request is a risk request.   如申請專利範圍第7項所述的裝置,其中,該第一識別模組具體用於:若所述使用者資料既不屬於預先儲存的可信用戶名單中的使用者資料,也不屬於預先儲存的風險用戶名單中的使用者資料,則基於該業務處理請求中攜帶的使用者資料、該使用者的歷史行為資料、以及用於進行使用者行為資料比對的規則模型,判斷該業務處理請求所指示的用戶當前操作行為與該用戶的歷史習慣性操作行為是否匹配;若匹配,則確定該業務處理請求為安全請求,若不匹配,則確定該業務處理請求為風險請求。  The device of claim 7, wherein the first identification module is specifically configured to: if the user data does not belong to the user data in the pre-stored trusted user list, and does not belong to the prior The user data in the stored risk user list is determined based on the user data carried in the business processing request, the historical behavior data of the user, and a rule model for comparing user behavior data. Whether the current operation behavior of the user indicated by the request matches the historical habitual operation behavior of the user; if it matches, the service processing request is determined to be a security request, and if not, the service processing request is determined to be a risk request.   如申請專利範圍第6項所述的裝置,其中,該第二識別模組具體用於:根據該業務處理請求的業務處理類型,從預設的多種風險主題中選擇至少一種風險主題;在選擇的每種風險主題下,基於該業務處理請求對應的業務場景資訊,選擇用於進行深度風險識別的規則模型;基於選擇的規則模型,對該業務處理請求進行深度風險識別。  The device of claim 6, wherein the second identification module is configured to: select at least one risk theme from a preset plurality of risk topics according to a service processing type of the service processing request; Under each risk topic, based on the business scenario information corresponding to the service processing request, a rule model for performing deep risk identification is selected; and based on the selected rule model, the business process request is subjected to deep risk identification.   如申請專利範圍第6項所述的裝置,其中,該裝置還包括: 第三識別模組,用於基於全面風險識別層的識別演算法,對該業務處理請求進行全面風險識別;其中,該全面風險識別與該快速風險識別和深度風險識別非同步執行,進行全面風險識別所使用的資料量大於進行快速風險識別及深度風險識別所使用的資料量,且進行全面風險識別所使用的識別時長大於進行快速風險識別及深度風險識別所使用的識別時長;更新模組,用於基於進行全面風險識別的結果,更新以下資訊中的一種或多種:預設的可信用戶名單;預設的風險用戶名單;該使用者的歷史行為資料;預設的規則模型。  The device of claim 6, wherein the device further comprises: a third identification module, configured to perform comprehensive risk identification on the service processing request based on a comprehensive algorithm of the risk identification layer; wherein Comprehensive risk identification and non-synchronous execution of the rapid risk identification and deep risk identification. The amount of data used for comprehensive risk identification is greater than the amount of data used for rapid risk identification and deep risk identification, and the identification used for comprehensive risk identification. The length of time is greater than the recognition duration used for rapid risk identification and deep risk identification; the update module is used to update one or more of the following information based on the results of comprehensive risk identification: a preset list of trusted users; List of risk users; historical behavior data of the user; preset rule model.  
TW106102239A 2017-01-20 2017-01-20 Business processing method and device TWI668657B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW106102239A TWI668657B (en) 2017-01-20 2017-01-20 Business processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW106102239A TWI668657B (en) 2017-01-20 2017-01-20 Business processing method and device

Publications (2)

Publication Number Publication Date
TW201828214A true TW201828214A (en) 2018-08-01
TWI668657B TWI668657B (en) 2019-08-11

Family

ID=63960193

Family Applications (1)

Application Number Title Priority Date Filing Date
TW106102239A TWI668657B (en) 2017-01-20 2017-01-20 Business processing method and device

Country Status (1)

Country Link
TW (1) TWI668657B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110969430A (en) * 2019-10-24 2020-04-07 深圳追一科技有限公司 Method and device for identifying suspicious user, computer equipment and storage medium
TWI778271B (en) * 2019-06-24 2022-09-21 玉山商業銀行股份有限公司 Method for electronic trading examination and system for electronic trading

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW200921542A (en) * 2007-11-08 2009-05-16 Syscom Comp Engineering Co Security management and detection systems and methods for financial transactions
US9223985B2 (en) * 2013-10-09 2015-12-29 Sap Se Risk assessment of changing computer system within a landscape
CN110084007B (en) * 2014-10-13 2023-11-28 创新先进技术有限公司 Method, device and terminal for constructing risk control model

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI778271B (en) * 2019-06-24 2022-09-21 玉山商業銀行股份有限公司 Method for electronic trading examination and system for electronic trading
CN110969430A (en) * 2019-10-24 2020-04-07 深圳追一科技有限公司 Method and device for identifying suspicious user, computer equipment and storage medium
CN110969430B (en) * 2019-10-24 2023-11-24 深圳追一科技有限公司 Suspicious user identification method, suspicious user identification device, computer equipment and storage medium

Also Published As

Publication number Publication date
TWI668657B (en) 2019-08-11

Similar Documents

Publication Publication Date Title
WO2017076176A1 (en) Service processing method and apparatus
US11151573B2 (en) Intelligent chargeback processing platform
US11954689B2 (en) Updating a machine learning fraud model based on third party transaction information
US11915282B2 (en) Preemptive transaction analysis
US11205180B2 (en) Fraud detection based on an analysis of messages in a messaging account
US11049103B2 (en) Designation of a trusted user
US11605088B2 (en) Systems and methods for providing concurrent data loading and rules execution in risk evaluations
TWI701932B (en) Identity authentication method, server and client equipment
US11580549B2 (en) Transaction tracking and fraud detection using voice and/or video data
US11899770B2 (en) Verification method and apparatus, and computer readable storage medium
TWI668657B (en) Business processing method and device
WO2020038099A1 (en) Subscription risk quantization method, withholding risk quantization method, apparatuses and devices
US20180365687A1 (en) Fraud detection
US9438626B1 (en) Risk scoring for internet protocol networks
US20210165907A1 (en) Systems and methods for intelligent and quick masking
US20220366513A1 (en) Method and apparatus for check fraud detection through check image analysis
US10009330B1 (en) Method, apparatus and article of manufacture for fast tracking authentication