US20130262297A1 - Systems and methods for graduated suspicious activity detection - Google Patents
Systems and methods for graduated suspicious activity detection Download PDFInfo
- Publication number
- US20130262297A1 US20130262297A1 US13/791,238 US201313791238A US2013262297A1 US 20130262297 A1 US20130262297 A1 US 20130262297A1 US 201313791238 A US201313791238 A US 201313791238A US 2013262297 A1 US2013262297 A1 US 2013262297A1
- Authority
- US
- United States
- Prior art keywords
- affinity
- tier
- root node
- transaction
- computer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4016—Transaction verification involving fraud or risk level assessment in transaction processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/10—Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/403—Solvency checks
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
Definitions
- This invention is related to the field of electronic financial transaction, and in particular to electronic value or money transfers. More specifically, the invention is related to systems and methods to evaluate such transactions for suspicious activities.
- Such transactions may include, for example, ACH transactions, credit card transactions, wire transfers, bank account transfers, and the like.
- Such transactions may be performed in a variety of ways, including, for example, by using the Internet, by using a phone to contact a service representative or an IVR system, by an in-person visit to a financial institution or money transfer location, and the like.
- a sender may visit a money transfer location and fill out a money transfer application.
- This application may request the sender's name, the name of the recipient and the amount of money to be transferred.
- This information is transmitted to a central database, and the money to be transferred is collected from the sender.
- the recipient When ready to receive the money, the recipient may proceed to a pick-up location and provide the proper identification.
- the database is accessed to confirm the recipient and the determine the amount of money to be paid to the recipient. After payment, the date and time of payment may also be transmitted to the database.
- this invention is related to ways to monitor and evaluate transfers for value and other financial transactions in an attempt to detect potentially suspicious activities.
- the present invention includes a variety of embodiments of both systems and methods for evaluating value transfers for suspect activities, such as terrorist activities, money laundering, and the like.
- methods are provided for graduating a defined affinity between two or more transactions to increasing levels of scrutiny.
- reports can be generated indicating suspicious activity and/or interdiction procedures can be implemented to reduce the occurrence of the detected suspicious activity.
- An embodiment of a system in accordance with the present invention includes a money transfer system associated with a fraud processing server.
- the fraud processing server is capable of accessing money transfer records associated with the money transfer system and evaluating the records in accordance with various methods disclosed herein.
- One embodiment of the present invention provides a method for graduated evaluation of value transfer transactions.
- the method includes receiving a number of transaction packages that are associated with respective value transfers. Root node affinities are formed for each of the transaction packages. The root node affinities are compared one with another, and where matches are detected, the matching root node affinities are formed into a tier one affinity. The tier one affinity, as well as some root node affinities are compared with other tier one affinities. Where a match is detected, the matched tier one affinities, or tier one affinity and root node affinity are combined to create a common tier one affinity. Where a trigger level is reached, a tier one affinity is converted to a tier two affinity.
- a report can be generated indicating suspicious behavior associated with the tier two affinity.
- the tier two affinity is subsequently compared to tier one affinities and/or root node affinities. Where additional matches occur such as, for example, three additional matches, an interdiction can be initiated. Further, a periodic report can be generated indicating any matches occurring in relation to the tier two affinity.
- Some embodiments of the present invention provide systems for evaluating value transfers.
- Such systems include a fraud processing computer associated with a computer readable medium.
- a computer readable medium can be a hard disk drive, a server database, a floppy disk, and/or the like.
- the computer readable medium comprises computer instructions executable by the fraud processing computer to receive a plurality of transaction packages, and to form a plurality of root node affinities associated with the respective transaction packages.
- the instructions are further executable to compare the plurality of root node affinities with a tier one affinity, and to assimilate at least one of the root node affinities into the tier one affinity based on the comparison.
- at least some of the root node affinities are compared with other root node affinities, and based on the comparison, a tier one affinity is formed from two or more of the compared root node affinities.
- the computer instructions are further executable to receive a trigger level that can be, for example, an affinity intensity, an event count, and/or an event occurrence.
- a trigger may occur where the affinity intensity exceeds a defined threshold.
- a trigger may occur upon the presence of a prescribed event such as, for example, a transaction exceeding ten thousand dollars.
- a trigger may occur when a defined number of events have been found such as, for example, when seven matches are found to a given tier one affinity.
- a tier one affinity can be converted to a tier two affinity.
- the tier two affinity is locked so that it will not age out of the system, but rather will remain in the system until explicitly removed.
- a report indicating behavior associated with the tier two affinity can be generated.
- other tier one affinities are compared to the tier two affinity, and based on the comparison, interdiction procedures can be initiated, and/or a periodic report can be generated.
- the tier one affinity can be assimilated with the tier two affinity.
- one or more root node affinities are compared with the tier two affinity, and based on the comparison, interdiction procedures can be initiated, and/or a periodic report can be generated. Further, where a root node affinity matches the tier two affinity, the root node affinity can be assimilated with the tier two affinity.
- the transaction packages are comprised of a combination of real time information and on-demand information, while in other cases, the transaction packages are comprised of either real time information or on-demand information.
- the methods can include assembling the real time information and the on-demand information into the appropriate transaction packages. Further, in some cases, a gross sort is performed on a plurality of transaction packages to eliminate a number of the transaction packages that are unlikely to indicate suspicious activity, or which may only indicate activity at a low level.
- the methods include receiving a transaction package, and forming a root node affinity associated with the transaction package.
- the root node affinity can then be compared to other root node affinities, tier one affinities, and/or tier two affinities.
- the root node affinity is compared to a tier one affinity, and where a match occurs, the root node affinity is assimilated with the tier one affinity.
- the tier one affinity can be converted to a tier two affinity based in part on the comparison with the root node affinity.
- a report can be generated when the conversion to the tier two affinity occurs.
- FIG. 1 illustrates a money transfer system capable of evaluation using systems and methods in accordance with the present invention
- FIG. 2 illustrates a fraud watch system associated with the money transfer system of FIG. 1 in accordance with an embodiment of the present invention
- FIGS. 3 a - 3 d are flow diagrams illustrating a method in accordance with embodiments of the present invention.
- FIG. 4 is a graphic depiction of affinity formation and graduation as described in relation to the flow diagram of FIG. 3 ;
- FIG. 5 illustrates various exemplary transaction packages
- FIG. 6 illustrates the various exemplary transaction packages of FIG. 5 after a gross sort in accordance with some embodiments of the present invention
- FIG. 7 illustrates various root node affinities derived from the exemplary transaction packages of FIG. 6 in accordance with some embodiments of the present invention
- FIG. 8 illustrates a tier one affinity formed in accordance with embodiments of the present invention from two of the root node affinities of FIG. 7 ;
- FIGS. 9 and 10 illustrate various previously formed tier one affinities in accordance with embodiments of the present invention.
- FIGS. 11 and 12 illustrate affinities formed after application of the method of FIG. 3 in accordance with some embodiments of the present invention.
- the present invention relates to methods and systems for evaluating electronic value transfers for suspect activities, such as terrorist activities, money laundering, and the like.
- the electronic transfers evaluated may take a variety of forms.
- such electronic transfers may take the form of traditional money transfers where the money to be transferred is presented at a first money transfer location and is electronically “wired” to a second money transfer location where the transferred money is paid to the recipient.
- Such money transfer services are provided by a number of companies, such as WESTERN UNIONTM.
- Other types of electronic transfers may include wire transfers from one financial institution to one or more other financial institutions, electronic ACH transfers, electronic transfers over networks, such as the Internet (including those described in copending U.S. application Ser. No.
- the present invention may be used to evaluate other types of value transfers as well.
- the invention may be used with value transfers, such as those involving phone minutes, loyalty program points and/or awards, frequent flier miles, stored value accounts, and the like.
- the term money transfer is defined to include any transfer of value between entities.
- Such a money transfer can include a transfer of value between an entity and itself, or between an entity and one or more separate entities.
- a money transfer can include a transfer of value between a first person and a second person, between a person and a corporation, between a first corporation and a second corporation, and/or between a corporation and itself.
- Such money transfers can include providing value and/or information such as, cash, checks, stored value cards, credit cards, debit cards, cash cards, a bank account number, a frequent flyer account number, a cellular telephone account number, and the like.
- some embodiments of the present invention include electronically accessible records relating to money transfers. These records are searched according to specified criteria to determine if any transactions are potentially suspect. If so, these records are flagged and may be separately stored for further evaluation. For example, in the money transfer world, certain dollar value transactions need to be reported to the U.S. Government. The historical records may be searched for dollar ranges just below this limit to determine if multiple transactions are made by the same person or received by the same person within a specified time in order to avoid being reported to the U.S. Government.
- Various criteria can be defined to evaluate a money transfer system in accordance with the present invention including certain transfer amount limits, transactions between particular known entities, transactions associated with messages that are to be translated to particular languages, and/or transactions where the value converted to a particular form, such as, a particular foreign currency.
- the systems and methods of the present invention are capable of looking at both sides of a transaction, or only the sender or receiver side.
- Other embodiments provide for checking a combination of transactions to detect suspicious behavior.
- elements of the list can be purged based on either time, known information, or a combination thereof. Further, elements of the list can be locked such that they are not susceptible to any purging processes.
- the systems and methods of the present invention can be tailored to a particular money transfer system such that the overall impact of any monitoring on the transfer system is reduced.
- such systems and methods can run either in real time or in a batched mode during off-peak time for the evaluated money transfer system.
- an intelligent, iterative approach is applied to identify factors related to suspicious behavior. Such an approach can avoid a static situation that, when known to criminal elements, is easily avoided.
- the present invention provides and/or utilizes various equipment and techniques in relation to evaluating money transfers.
- the present invention permits some form of value, such as cash, to be received and then electronically transferred to another location where it is available for pickup or further processing in the same or an alternate form.
- a money transfer mechanism is utilized to effectuate and/or evaluate a money transfer.
- FIG. 1 illustrates an exemplary money transfer system 100 . While FIG. 1 illustrates an exemplary money transfer mechanism, one of ordinary skill in the art will recognize other money transfer mechanisms to which the present invention may be applied or used in conjunction with.
- money transfer system 100 is comprised of an interface system 125 , an automatic teller system (“ATM”) system 145 , a deposit maintenance network 150 , a credit maintenance network 160 and a central exchange 170 .
- Interface system 125 is communicably coupled to ATM system 145 via an ATM network 140 , deposit maintenance network 150 and credit maintenance network 160 .
- ATM automatic teller system
- interface system 125 unifies a variety of transfer systems while supporting a variety of mechanisms for introducing and receiving information to and/or from money transfer system 100 .
- Interface system 125 comprises a transaction center 130 and one or more terminals 110 in communication via a transaction network 120 .
- Transaction network 120 can be any communication network capable of transmitting and receiving information in relation to a transfer of value from one entity to another.
- transaction network 120 can comprise a TCP/IP compliant virtual private network (VPN), the Internet, a local area network (LAN), a wide area network (WAN), a telephone network, a cellular telephone network, an optical network, a wireless network, or any other similar communication network.
- VPN virtual private network
- LAN local area network
- WAN wide area network
- telephone network a cellular telephone network
- optical network a wireless network
- Terminals 110 can be any terminal or location where value is accepted and/or provided in relation to money transfers across money transfer system 100 .
- terminal 110 is a convenience store where a clerk can receive value from a sender and initiate transfer of the value to a receiver via money transfer system 100 . In such cases, the clerk can typically also provide transferred value to a receiver.
- terminal 110 is an automated system for receiving value from a sender for transfer via money transfer system 100 and/or for providing value to a receiver that was transferred via money transfer system 100 .
- terminal 110 can include a variety of interfaces.
- terminal 110 can include a mechanism for receiving cash, credit cards, checks, debit cards, stored value cards and smart cards. Such terminals may also be used at the payout end to print a check or money order, or to credit a cash card or stored value card. Examples of such terminals are described in copending U.S. application Ser. No. 09/634,901, entitled “Point Of Sale Payment System,” filed Aug. 9, 2000 by Randy J. Templeton et al., which is a nonprovisional of U.S. Prov. Appl. No. 60/147,899, entitled “Integrated Point Of Sale Device,” filed Aug. 9, 1999 by Randy Templeton et al, the complete disclosures of which are herein incorporated by reference for all purposes.
- terminal 110 is a personal computer operated by a sender of value.
- a terminal can be communicably coupled to transaction center 130 via the Internet.
- the terminal can further include a web browser capable of receiving commands for effectuating transfer of value via money transfer system 100 .
- Terminal identification information can be associated with each terminal 110 .
- identification information includes, but is not limited to, a physical location, a telephone number, an agent identification number, a terminal identification number, a security alert status, an indication of the type of terminal, a serial number of a CPU, an IP address, the name of a clerk, and the like.
- value can be transferred from any of a number of points.
- value can be transferred from terminal 110 to itself or any other terminal 110 , from any terminal 110 to a deposit account via deposit maintenance network 150 or credit maintenance network 160 , from any terminal 110 to any ATM 114 via ATM network 140 .
- Many other transfers to/from ATMs 114 , deposit accounts, terminals, and/or credit accounts can be accomplished using money transfer system 100 .
- a fraud watch system 210 is provided in communication with transaction center 130 of money transfer system 100 .
- transaction center 130 includes a network processor 132 to process data received and transmitted via transaction network 120 .
- Data to/from network processor 132 is available to a host 133 that may communicate with one or more of a value translator 135 , a transaction database 136 , a settlement engine 137 and a messaging engine 138 to perform functions associated with transferring value via money transfer system 100 .
- messaging engine may communicate with a message translator 139 .
- the received and/or provided by transaction center 130 may include information on the sender, information on the recipient, identification information associated with a terminal 110 , the type and amount of value transferred, a desired location to transfer the value, and the like.
- a value translator 135 may be used to change the type of value.
- value translator 135 may do a foreign currency conversion, or may transfer from one type of value to another, e.g. frequent flyer miles to United States' Dollars. All information that is processed may conveniently be stored in transaction database 136 .
- transaction database 136 comprises both real time transaction information and on-demand transaction information on the same physical hardware. In other cases, one-demand transaction information is maintained on separate hardware from real time transaction information. In yet other cases, transaction database 136 is actually two distinct databases—one for maintaining real time transaction information and the other for maintaining on-demand transaction information.
- Settlement engine 137 may be used to facilitate the crediting and debiting of various accounts during a transfer. For example, if a sender requests that funds from a credit card account be used in the transfer, settlement engine 137 is used to contact credit maintenance network 160 to charge the card and to manage the fees involved in the transaction. Such fees may be those charged by the credit organization as well as internal fees that are a part of the money transfer transaction. Settlement engine 137 may be used in a similar manner when crediting or debiting checking accounts, stored value accounts, customer loyalty points and the like.
- the sender may also wish to send a message with the value.
- a message may be a simple greeting, business or legal terms, and the like.
- Messaging engine 138 is employed to convert the message to the proper format depending on the type of output device that is to be used with receiving the money.
- the output device may be a printer that physically prints the message onto some type of media.
- the message may be temporarily displayed on a display screen, such as on a kiosk, ATM machine, point of sale device, an e-mail, a web page or the like.
- the sender or recipient may also indicate that the message needs to be translated to a different language.
- message translator 139 may be used to translate the message into the other language. This may be accomplished by simply doing a word look up for each corresponding word in the other language. More complex language translation capabilities may also be used.
- a switch 134 to the appropriate network as shown. This may be to ATM network 140 , deposit maintenance network 150 and/or credit maintenance network 160 to complete the transaction.
- Fraud watch system 210 includes a fraud processing server 220 and a watch database 230 .
- Fraud watch system 210 is associated with transaction system 130 in a manner that allows for access to transaction database 136 . Such association can be provided by direct wired communication between transaction database 136 and fraud processing server 220 , by direct or network communication between transaction center 130 and fraud processing server 220 , or by any other mechanism that provides fraud watch system 210 with access to transaction database 136 .
- fraud processing server 220 is communicably coupled to transaction network 120 and accesses transaction database 136 via network processor 132 and host 133 .
- fraud processing server 220 is directly coupled to host 133 and accesses transaction database 136 via host 133 . It will be recognized by one of ordinary skill in the art that a number of other mechanisms exist within the scope of the present invention for providing access by fraud processing server 220 to transaction database 136 .
- Fraud processing server 220 can be any microprocessor based device capable of retrieving data from transaction database 136 , searching and manipulating the data, maintaining a form of the data on watch database 230 , and providing access to data on database 230 . Such access to the data can include formatting the data and providing the data in an easily accessible form.
- fraud processing computer is a single computer, such as a personal computer or a database server.
- fraud processing server is a group of two or more computers.
- fraud processing computer can include a central computer associated with one or more peripheral computers.
- peripheral computers can be personal computers or portable devices, such as lap top computers and/or personal digital assistants.
- fraud processing server 220 includes a SQL server, while in other embodiments, it includes an ORACLE server.
- Fraud processing server 220 includes a computer readable medium capable of maintaining instructions executable to perform the functions associated with fraud processing server 220 .
- the computer readable medium can be any device or system capable of maintaining data in a form accessible to fraud processing computer 220 .
- the computer readable medium can be a hard disk drive either integral to fraud processing server 220 or external to the server.
- the computer readable medium can be a floppy disk or a CD-ROM apart from fraud processing server 220 and accessible by inserting into a drive (not shown) of fraud processing server 220 .
- the computer readable medium can be a RAM integral to fraud processing server 220 and/or a microprocessor (not shown) within the server.
- the computer readable medium can be a combination of the aforementioned alternatives, such as, a combination of a CD-ROM, a hard disk drive and RAM.
- a flow diagram 300 illustrates a method in accordance with the present invention for monitoring a variety of value transfers.
- real time transaction data is received from one or more transaction points (block 301 ).
- various transactions meeting certain thresholds are the subject of additional data gathering. This additional data can be obtained through a periodic request, and thus is referred to as on-demand transaction information.
- a sender may be asked for a social security number, a driver's license number, a passport number, a date of birth, and/or the like.
- the real time transaction information and on-demand transaction information is transferred from transaction database 136 (and/or another database) to fraud processing server 220 .
- the on-demand transaction information is received (block 302 ), matched to correlated real time transaction information, stripped of irrelevant fields, and assembled as transaction packages (block 303 ).
- the on-demand information is requested and received every thirty days, and thus the real time data is maintained for thirty days.
- the transaction packages can then be assembled.
- real time data that is not associated with on-demand data is deleted and not assembled as transaction packages.
- real time data that is not associated with on-demand data is assembled as transaction packages.
- a transaction package is an electronic file including a set of information detailing a transaction that has been performed in relation to a value transfer system.
- a transaction package can include the names of both the sender and recipient in the transaction, as well as identification and contact information for the sender and recipient, identification of agents involved in the transfer, the amount of the transfer, the type of value transferred, a transaction cost, and the like.
- Each of the transaction packages are assigned as an individual root node of the fraud monitoring system (block 315 ). In some cases, this includes assignment by fraud processing server 220 as a root node within fraud watch system 210 .
- a gross sort of the existing root nodes is to be performed (block 320 ). Where a gross sort is to be performed (block 320 ), the gross sort is performed (block 325 ) and the root nodes identified from the performed gross sort are deleted (block 330 ).
- a gross sort can be any preliminary sort directed at eliminating root nodes that are associated with transaction packages that for some reason are not thought to be suspicious. Thus, for example, a gross sort may be performed to identify all root nodes where the associated transaction was for less than five hundred U.S. Dollars. Upon identifying the root nodes with transactions less than five hundred dollars, those root nodes are deleted from fraud watch system 210 . Based on the disclosure provided herein, one of ordinary skill in the art will appreciate a number of gross sorts that can be preformed in accordance with the present invention.
- a root node affinity can be any collection of data points that includes one or more data points derived or selected from the root node transaction package to which the affinity is associated.
- a root node transaction package may include the name of the sender, the name of the recipient, and the number of the transfer agent.
- the root node affinity associated with the root node may include a combination of the sender name and the number of the transfer agent.
- affinities can be combined in which case, the resulting tier one or tier two affinity is a collection of data points from each of the combined affinities.
- defining an affinity can include standardizing one or more data points from a given transaction package. As just one example, this can include converting a transferred value to a common value, such as from Mexican Pesos to US Dollars.
- Each affinity associated with a root node is compared to other affinities within the root node (block 340 ). This process can continue until all of the root node affinities have been compared one with another (block 350 ). Where a match between root node affinities is detected (block 345 ), the matching root node affinities are assimilated with a combined affinity that is maintained as a tier one affinity (block 355 ).
- a tier one affinity is an affinity that is formed by assimilating two or more (tier one and/or root node) affinities into a single affinity.
- a match can be determined in a number of ways. For example, in one embodiment, a match occurs where three or more data points match across two affinities.
- an affinity match will be found.
- a match occurs where a single data point matches across two affinities.
- the telephone number for a recipient in one affinity matches the telephone number for a recipient in another affinity
- an affinity match may be found.
- a match is only found where two or more data points within the affinities match.
- a match would not be found where only an exact name match was found, however, a match would be found where a phonetic name match was found in addition to a match in the area code associated with a telephone number in two affinities.
- a match may include an exact match of one data point, and a partial match of another data point.
- a user interface is provided that allows a user to define the basis upon which a match will be considered to occur.
- the root node affinities that were the subject of the match are removed as individual affinities (block 360 ). Again, this process is continued until all of the root node affinities have been considered (block 350 ).
- the remaining root node affinities are compared to each of the tier one affinities (block 307 ). This process continues until all of the remaining root node affinities have been compared with the tier one affinities (block 317 ). Where a match of a root node affinity is found with a tier one affinity (block 312 ), the root node affinity is assimilated with the tier one affinity (block 322 ) and the matched root node affinity is deleted from the root node (block 327 ). As with the previously discussed match process, a number of basis can be considered to determine whether a match has occurred. Further, a user interface can be provided that allows a user to define the basis that result in a match.
- each of the tier one affinities are compared one with another (block 332 ). This process continues until all tier one affinities have been considered (block 347 ). Where a match is found between tier one affinities (block 337 ), the matching affinities are assimilated with a common tier one affinity, and the matched affinities are removed from the system (block 342 ). Again, as with the previously discussed match process, a number of basis can be considered to determine whether a match has occurred. Further, a user interface can be provided that allows a user to define the basis that result in a match.
- affinity intensity can be one or more numbers indicating the likelihood of suspicious behavior associated with a given affinity.
- an affinity intensity can be the total amount transferred in all transactions represented by the affinity multiplied by the number of matches found in the individual affinity data points.
- the sender's name matches three times within the affinity (total of three)
- the telephone number matches twice (total of two)
- the recipient's name matches twice (total of two)
- the affinity intensity may then be calculated to be twenty-thousand multiplied by eight (the total number of matched points). In some cases, different matches may be weighted differently in determining an affinity intensity.
- a match of recipient's names combined with agent identifications may be weighted by three hundred percent, a match of phone numbers weighted by two hundred percent, and a match of recipient's names or sender's names weighted by one hundred percent, and a match of a sender's name to a recipient's name weighted by seventy percent.
- These weightings can be multiplied by the respective matches to derive a score, or affinity intensity as previously described. This affinity calculation process is repeated until an affinity intensity is calculated for each of the tier one affinities (block 328 ).
- a trigger level is calculated for each of the tier one affinities (blocks 323 , 333 ).
- Such trigger levels can be calculated based on a number of different occurrences that are detected in relation to the respective tier one affinities.
- the trigger level can indicate: the number of transactions that are associated with the tier one affinity, the maximum amount transferred in relation to any individual within the affinity, an amount transferred in relation to an individual within the affinity within a given length of time, the maximum number of transactions associated with any individual within the affinity, the total amount of all transactions represented by the affinity, or a combination of the aforementioned.
- a trigger threshold may be set where an individual sends or receives transactions all of which are less than ten thousand dollars individually, but which aggregate to an amount that equals or exceeds fifteen thousand dollars. Such a trigger threshold may be limited to a particular window of time such as, for example, thirty days. Another example may be where an individual sends or receives transactions all of which are less than ten thousand dollars individually, but which aggregate to an amount that equals or exceeds ten thousand dollars in a seven day period. As yet another example, a trigger threshold may be set where an individual sends or receives more than five transactions in a thirty day period.
- Yet another example may be set where an individual is involved in two or more transactions between two thousand four hundred dollars and two thousand nine hundred ninety nine dollars, or some other defined limit.
- Yet another trigger threshold may be set where an individual sends or receives a single transaction of between two thousand nine hundred and ninety dollars and two thousand nine hundred and ninety nine dollars, or some other determined range. Based on the disclosure provided herein, one of ordinary skill in the art will recognize a number of trigger thresholds that can be set. Affinity thresholds can be set where an affinity intensity exceeds a predetermined level such as, for example, fifty thousand.
- This comparison process is repeated for each of the tier one affinities (block 348 ).
- the tier one affinity is forwarded to a human operator for consideration of any suspicious activity indicated via the tier one affinity (block 353 ).
- the human operator identifies suspicious behavior associated with the affinity (block 358 )
- the tier one affinity can be assigned tier two status and a suspicious behavior report automatically generated and provided to the government (block 363 ).
- the human operator processes (blocks 353 , 358 ) are not performed, but rather the tier one affinity is automatically assigned tier two status and a suspicious behavior report generated and provided to the government (block 363 ) based on exceeding the defined event or affinity trigger level.
- Tier two affinities can be locked into the system such that they are not aged out of the system as discussed below.
- each of the tier one affinities and remaining root node affinities are compared to tier two affinities (block 314 ). This process can continue for all of the affinities (block 324 ). Where a match occurs (block 319 ), an interdiction process can be initiated to preclude individuals identified in the tier two affinity from using the monitored value transfer system (block 329 ). In addition, the matched affinity can be assimilated with the tier two affinity. In some cases, multiple matches to a tier two affinity are recorded before an interdiction process is initiated. Further, where a match occurs, the matching tier one affinity or root node affinity can be assimilated with the tier tow affinity.
- each of the remaining root node affinities can be aged (block 334 ).
- This aging process can result in the removal of a root node affinity from the system after a set period of time, such as thirty days, where it is not first matched to form a tier one affinity.
- each of the tier one affinities can be aged (block 339 ).
- tier one affinities that become inactive for an extended period such as ninety days from the last transaction represented in the affinity, can be removed from the system.
- reporting rules can be applied (block 344 ), and reports generated to the government (block 349 ). These reports can indicate additional activity flagged in relation to a tier two affinity. Thus, rather than reporting each occurrence of activity in relation to a tier two affinity, a single report can be generated indicating all suspicious behavior in relation to the tier two affinity. This provides an efficient means for investigating suspicious behavior, while avoiding the appearance of rampant illicit behavior as would be suggested through generation of a report for each flagged transaction.
- FIG. 4 a graphical representation 400 of the affinity progression described in relation to FIG. 3 is provided.
- Elements 401 , 402 , 403 respectively represent transaction packages A, B, C formed by combining on-demand information and related real time information as previously described, or including only real time information where no on-demand information is available.
- the outer dark rings 481 , 482 , 483 represent ancillary transaction information that is not used in any monitoring. This ancillary information can include, for example, transaction costs and is generally discarded.
- the cross-hatched inner areas 491 , 492 , 493 represent transaction information that is used in relation to the monitoring processes.
- the ancillary information 481 , 482 , 483 is stripped from the respective transaction packages 401 , 402 , 403 , and the usable transaction information 491 , 492 , 493 is formed into respective root node affinities 407 , 408 , 409 .
- These root node affinities 407 , 408 , 409 are then compared one to the other to determine if any matches exist. Where a match occurs, the matching root node affinities are assimilated with a tier one affinity. Such a match is depicted as tier one affinity 417 which is formed based on a match between root node affinities 407 , 408 .
- the remaining root node affinity 409 is compared against the previously formed tier one affinities 415 , 419 . Where a match is detected, the remaining root node affinity is assimilated with the matching tier one affinity. Such a match between root node affinity 409 and tier one affinity 419 is depicted as tier one affinity 437 . Then, each tier one affinity 415 , 417 , 437 is compared against each other. Where a match is detected, the matching tier one affinities are assimilated to form a common tier one affinity. Such a match between tier one affinity 415 and tier one affinity 417 is depicted as tier one affinity 435 .
- FIG. 5 depicts a set of transaction packages 501 , 502 , 503 , 504 formed from either real time information or a combination of real time and on-demand information.
- Each transaction package includes a number of data points.
- a variety of data points 511 - 528 can be provided in relation to the sender of the transaction
- a variety of data points 541 - 550 can be provided in relation to the receiver of the transaction
- one or more general data points 530 can be provided to describe the transaction.
- the sender data points can include, but are not limited to, the sender's last name 511 , the sender's middle name 512 , the sender's first name 513 , the sender's phone number 514 , the sender's address 515 , the sender's agent used to perform the transaction 517 , the type of agent 516 , the date sent 518 , the amount of value to be sent 519 , the type of value to be sent 520 , an account type used to provide the sent value 521 , an account number associated with the account type 522 , the sender's social security or other identification number 523 , the sender's date of birth 524 , the sender's identification type 525 , the issuer of the sender's identification 526 , the location of the issuer of the sender's identification, and the identification number from the sender's identification.
- the recipient's data points can include, but are not limited to, the recipient's last name 541 , the recipient's middle name 542 , the recipient's first name 543 , the recipient's phone number 544 , the recipient's address 545 , the recipient's agent used to perform the transaction 547 , the type of agent 546 , the date received 548 , the amount of value received 549 , and the type of value received 550 .
- the general data points can include information about the transaction including, for example, transaction costs 530 .
- FIG. 6 the process of gross sorting is depicted where transaction package 502 is eliminated from consideration.
- a gross sort can eliminate data that is unlikely to represent suspicious behavior, or is of such a low value that it is not desirable to use the data for monitoring purposes.
- the transaction package may be eliminated where the transaction value is below a set threshold.
- the two hundred dollar transaction of transaction package 502 may have been below a cutoff threshold, and thus transaction package 502 is removed from consideration.
- transaction package 502 may have been eliminated from consideration because it lacked on-demand information in the form of a sender's date of birth and social security number.
- the root node affinities 701 , 703 , 704 can be comprised of a subset of data points from respective transaction packages 501 , 503 , 504 , can be comprised of data points derived from respective transaction packages 501 , 503 , 504 , or can be comprised of a combination thereof
- the depicted exemplary root node affinities are comprised of a combination of data points directly from and others derived from respective transaction packages.
- root node affinities 701 , 703 , 704 include a last and first name data point 711 .
- This data point is a combination of the last name 511 and first name 513 data points from the respective transaction packages.
- data point 711 is expanded to include a number of aliases known to be used in relation to the first name. This can be done using alias determination software as is known in the art.
- root node affinity 701 includes three last name/first name data points 711 representing three different variations of the name “Samuel”.
- affinities 701 , 703 , 704 include a combination of last name, first name, and agent identification maintained as data point 713 . Where a match is found for this combination a strong affinity is indicated, and such a match can be used to create an increased affinity intensity as previously described. Similar data points 714 , 715 , 716 are formed using the recipient's information.
- affinities 701 , 703 , 704 include the sender's phone number 514 and the recipient's phone number 544 selected directly from respective transaction packages 501 , 503 , 504 .
- the address information from transaction packages 501 , 503 , 504 can be used to generalize the sender's and recipient's location. This can be generalized to, for example, a region, city, state, country, zip code, or the like. This generalized location is maintained as data points 717 , 718 in the respective affinities 701 , 703 , 704 .
- the senders account number 522 and date of birth 524 are included in the respective affinities.
- a combination of the ID type, issuer and number is also included as data point 719 .
- the amount transferred is converted to a common value and maintained as data point 720 .
- This common value can be the transferred value converted to a common currency type such as U.S. Dollars.
- U.S. Dollars a common currency type
- the transferred value is in Brazilian Reales
- the amount it converted to U.S. Dollars using recent conversion tables and the converted amount is maintained as common value 720 .
- root node affinity A 703 and root node affinity B 704 include a match, and are thus assimilated with a common tier one affinity 800 depicted in FIG. 8 .
- a number of matches occur. These matches include a match of the sender's name, and the agent identification used by the sender.
- Created tier one affinity 800 thus includes all data points included in the underlying root node affinities 703 , 704 . Each of these data points can then be compared with other root node affinities, tier one affinities, and tier two affinities to determine matches. The larger an affinity grows, the more likely is it to be involved in matches because of the increase in data points maintained in the affinity.
- FIGS. 9 and 10 depict previously formed tier one affinities 900 and 1000 , respectively.
- Tier one affinity 900 matches tier one affinity 800 , and the two are assimilated to form a new tier one affinity 1100 as depicted in FIG. 11 .
- the match can be for example, the name and location of the recipient (Benjamin Thomas) of data set 704 matches that of the sender of data set 910 .
- the root node affinity 701 matches the previously formed tier one affinity 1000 , and the two are assimilated to form a new tier one affinity 1200 as depicted in FIG. 12 .
- the match that caused the formation of tier one affinity 1200 is the common recipient (Leonard Jackson) and common agent number.
Landscapes
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Finance (AREA)
- General Physics & Mathematics (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Economics (AREA)
- Development Economics (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Systems and methods for evaluating electronic value transfers. Various of the methods include graduating a defined affinity between transactions to increasing levels of scrutiny. At an increased level of scrutiny, reports can be generated indicating suspicious activity and/or interdiction procedures can be implemented to reduce the occurrence of the detected suspicious activity. Various of the systems are tailored to implement the aforementioned methods.
Description
- The present application is a divisional of, and claims priority to, U.S. patent application Ser. No. 10/434,409, entitled “Systems and Methods for Graduated Suspicious Activity Detection”, and filed by Degen et al. on May 7, 2003, which is a Continuation-in-Part of U.S. patent application Ser. No. 10/091,000, entitled “Money Transfer Evaluation Systems and Methods”, and filed by Degen et al. on Mar. 4, 2002. The aforementioned patent application is assigned to an entity common herewith, and is incorporated herein by reference for all purposes.
- This invention is related to the field of electronic financial transaction, and in particular to electronic value or money transfers. More specifically, the invention is related to systems and methods to evaluate such transactions for suspicious activities.
- Electronic transactions play an important role in today's economy. Such transactions may include, for example, ACH transactions, credit card transactions, wire transfers, bank account transfers, and the like. Such transactions may be performed in a variety of ways, including, for example, by using the Internet, by using a phone to contact a service representative or an IVR system, by an in-person visit to a financial institution or money transfer location, and the like. For example, to perform a money transfer transaction a sender may visit a money transfer location and fill out a money transfer application. This application may request the sender's name, the name of the recipient and the amount of money to be transferred. This information is transmitted to a central database, and the money to be transferred is collected from the sender. When ready to receive the money, the recipient may proceed to a pick-up location and provide the proper identification. The database is accessed to confirm the recipient and the determine the amount of money to be paid to the recipient. After payment, the date and time of payment may also be transmitted to the database.
- Unfortunately, it has been reported that some have attempted to abuse such money transfer systems including those associated with organized crime, drug dealers, terrorist organizations and the like. Various procedures exist to curb such abuses. For example, the United States' government has passed laws that encourage reporting of certain suspicious monetary transfer activities. See e.g., 18 U.S.C. §1956-57. However, these laws include specific reporting requirements that are well known by criminal elements, and thus easily avoided by manipulating money transfer activities to avoid detection. Recent events and the increased need for public safety have suggested a need to implement heightened monitoring of suspicious activities involving electronic financial transactions.
- Hence, among other things, this invention is related to ways to monitor and evaluate transfers for value and other financial transactions in an attempt to detect potentially suspicious activities.
- The present invention includes a variety of embodiments of both systems and methods for evaluating value transfers for suspect activities, such as terrorist activities, money laundering, and the like. In various of the embodiments, methods are provided for graduating a defined affinity between two or more transactions to increasing levels of scrutiny. At an increased level of scrutiny, reports can be generated indicating suspicious activity and/or interdiction procedures can be implemented to reduce the occurrence of the detected suspicious activity. An embodiment of a system in accordance with the present invention includes a money transfer system associated with a fraud processing server. The fraud processing server is capable of accessing money transfer records associated with the money transfer system and evaluating the records in accordance with various methods disclosed herein.
- One embodiment of the present invention provides a method for graduated evaluation of value transfer transactions. The method includes receiving a number of transaction packages that are associated with respective value transfers. Root node affinities are formed for each of the transaction packages. The root node affinities are compared one with another, and where matches are detected, the matching root node affinities are formed into a tier one affinity. The tier one affinity, as well as some root node affinities are compared with other tier one affinities. Where a match is detected, the matched tier one affinities, or tier one affinity and root node affinity are combined to create a common tier one affinity. Where a trigger level is reached, a tier one affinity is converted to a tier two affinity. At this point, a report can be generated indicating suspicious behavior associated with the tier two affinity. The tier two affinity is subsequently compared to tier one affinities and/or root node affinities. Where additional matches occur such as, for example, three additional matches, an interdiction can be initiated. Further, a periodic report can be generated indicating any matches occurring in relation to the tier two affinity.
- Some embodiments of the present invention provide systems for evaluating value transfers. Such systems include a fraud processing computer associated with a computer readable medium. Such a computer readable medium can be a hard disk drive, a server database, a floppy disk, and/or the like. The computer readable medium comprises computer instructions executable by the fraud processing computer to receive a plurality of transaction packages, and to form a plurality of root node affinities associated with the respective transaction packages. The instructions are further executable to compare the plurality of root node affinities with a tier one affinity, and to assimilate at least one of the root node affinities into the tier one affinity based on the comparison. In particular cases, at least some of the root node affinities are compared with other root node affinities, and based on the comparison, a tier one affinity is formed from two or more of the compared root node affinities.
- In various cases, the computer instructions are further executable to receive a trigger level that can be, for example, an affinity intensity, an event count, and/or an event occurrence. Thus for example, where an affinity intensity is used, a trigger may occur where the affinity intensity exceeds a defined threshold. Alternatively, where an event occurrence is used, a trigger may occur upon the presence of a prescribed event such as, for example, a transaction exceeding ten thousand dollars. As yet another alternative, where an event count is used, a trigger may occur when a defined number of events have been found such as, for example, when seven matches are found to a given tier one affinity.
- Where a trigger occurs, a tier one affinity can be converted to a tier two affinity. In some cases, the tier two affinity is locked so that it will not age out of the system, but rather will remain in the system until explicitly removed. Further, upon conversion to a tier two affinity, a report indicating behavior associated with the tier two affinity can be generated. In some manifestations of the embodiment, other tier one affinities are compared to the tier two affinity, and based on the comparison, interdiction procedures can be initiated, and/or a periodic report can be generated. Further, where a tier one affinity matches the tier two affinity, the tier one affinity can be assimilated with the tier two affinity. In yet other cases, one or more root node affinities are compared with the tier two affinity, and based on the comparison, interdiction procedures can be initiated, and/or a periodic report can be generated. Further, where a root node affinity matches the tier two affinity, the root node affinity can be assimilated with the tier two affinity.
- In some cases, the transaction packages are comprised of a combination of real time information and on-demand information, while in other cases, the transaction packages are comprised of either real time information or on-demand information. The methods can include assembling the real time information and the on-demand information into the appropriate transaction packages. Further, in some cases, a gross sort is performed on a plurality of transaction packages to eliminate a number of the transaction packages that are unlikely to indicate suspicious activity, or which may only indicate activity at a low level.
- Other embodiments of the present invention provide methods for progressive value transfer evaluation. The methods include receiving a transaction package, and forming a root node affinity associated with the transaction package. The root node affinity can then be compared to other root node affinities, tier one affinities, and/or tier two affinities. In some cases, the root node affinity is compared to a tier one affinity, and where a match occurs, the root node affinity is assimilated with the tier one affinity. The tier one affinity can be converted to a tier two affinity based in part on the comparison with the root node affinity. A report can be generated when the conversion to the tier two affinity occurs.
- The summary provides only a general outline of the embodiments according to the present invention. Many other objects, features and advantages of the present invention will become more fully apparent from the following detailed description, the appended claims and the accompanying drawings.
- A further understanding of the nature and advantages of the present invention may be realized by reference to the figures which are described in remaining portions of the specification. In the figures, like reference numerals are used throughout several figures to refer to similar components. In some instances, a sub-label consisting of a lower case letter is associated with a reference numeral to denote one of multiple similar components. When reference is made to a reference numeral without specification to an existing sub-label, it is intended to refer to all such multiple similar components.
-
FIG. 1 illustrates a money transfer system capable of evaluation using systems and methods in accordance with the present invention; -
FIG. 2 illustrates a fraud watch system associated with the money transfer system ofFIG. 1 in accordance with an embodiment of the present invention; -
FIGS. 3 a-3 d are flow diagrams illustrating a method in accordance with embodiments of the present invention; -
FIG. 4 is a graphic depiction of affinity formation and graduation as described in relation to the flow diagram ofFIG. 3 ; -
FIG. 5 illustrates various exemplary transaction packages; -
FIG. 6 illustrates the various exemplary transaction packages ofFIG. 5 after a gross sort in accordance with some embodiments of the present invention; -
FIG. 7 illustrates various root node affinities derived from the exemplary transaction packages ofFIG. 6 in accordance with some embodiments of the present invention; -
FIG. 8 illustrates a tier one affinity formed in accordance with embodiments of the present invention from two of the root node affinities ofFIG. 7 ; -
FIGS. 9 and 10 illustrate various previously formed tier one affinities in accordance with embodiments of the present invention; and -
FIGS. 11 and 12 illustrate affinities formed after application of the method ofFIG. 3 in accordance with some embodiments of the present invention. - The present invention relates to methods and systems for evaluating electronic value transfers for suspect activities, such as terrorist activities, money laundering, and the like. The electronic transfers evaluated may take a variety of forms. For example, such electronic transfers may take the form of traditional money transfers where the money to be transferred is presented at a first money transfer location and is electronically “wired” to a second money transfer location where the transferred money is paid to the recipient. Such money transfer services are provided by a number of companies, such as WESTERN UNION™. Other types of electronic transfers may include wire transfers from one financial institution to one or more other financial institutions, electronic ACH transfers, electronic transfers over networks, such as the Internet (including those described in copending U.S. application Ser. No. 10/040,568, entitled “Systems and Methods of Introducing and Receiving Information Across a Computer Network” and filed Jan. 4, 2002, which is incorporated herein by reference for all purposes; Ser. No. 10/037827, entitled “Methods for Receiving Electronically Transferred Funds Using an Automated Teller Machine” and filed Jan. 3, 2002, which is incorporated herein by reference for all purposes; Ser. No. 09/991497, entitled “Online Funds Transfer Method” and filed Nov. 15, 2001 on a date prior hereto, which is incorporated herein by reference for all purposes.
- Further, although the invention may find its greatest use in relation to cash transfers, the present invention may be used to evaluate other types of value transfers as well. For example, the invention may be used with value transfers, such as those involving phone minutes, loyalty program points and/or awards, frequent flier miles, stored value accounts, and the like. Thus, for purposes of this document, the term money transfer is defined to include any transfer of value between entities. Such a money transfer can include a transfer of value between an entity and itself, or between an entity and one or more separate entities. For example, a money transfer can include a transfer of value between a first person and a second person, between a person and a corporation, between a first corporation and a second corporation, and/or between a corporation and itself. Such money transfers can include providing value and/or information such as, cash, checks, stored value cards, credit cards, debit cards, cash cards, a bank account number, a frequent flyer account number, a cellular telephone account number, and the like.
- To monitor potentially suspicious activities, some embodiments of the present invention include electronically accessible records relating to money transfers. These records are searched according to specified criteria to determine if any transactions are potentially suspect. If so, these records are flagged and may be separately stored for further evaluation. For example, in the money transfer world, certain dollar value transactions need to be reported to the U.S. Government. The historical records may be searched for dollar ranges just below this limit to determine if multiple transactions are made by the same person or received by the same person within a specified time in order to avoid being reported to the U.S. Government.
- Various criteria can be defined to evaluate a money transfer system in accordance with the present invention including certain transfer amount limits, transactions between particular known entities, transactions associated with messages that are to be translated to particular languages, and/or transactions where the value converted to a particular form, such as, a particular foreign currency.
- The systems and methods of the present invention are capable of looking at both sides of a transaction, or only the sender or receiver side. Other embodiments provide for checking a combination of transactions to detect suspicious behavior. In some embodiments, elements of the list can be purged based on either time, known information, or a combination thereof. Further, elements of the list can be locked such that they are not susceptible to any purging processes.
- As with the monitoring system disclosed in the previously incorporated U.S. patent application Ser. No. 10/091,000, entitled “Money Transfer Evaluation Systems & Methods”, the systems and methods of the present invention can be tailored to a particular money transfer system such that the overall impact of any monitoring on the transfer system is reduced. Thus, for example, such systems and methods can run either in real time or in a batched mode during off-peak time for the evaluated money transfer system. In some embodiments of the present invention, an intelligent, iterative approach is applied to identify factors related to suspicious behavior. Such an approach can avoid a static situation that, when known to criminal elements, is easily avoided.
- The present invention provides and/or utilizes various equipment and techniques in relation to evaluating money transfers. The present invention permits some form of value, such as cash, to be received and then electronically transferred to another location where it is available for pickup or further processing in the same or an alternate form. In some embodiments, a money transfer mechanism is utilized to effectuate and/or evaluate a money transfer.
FIG. 1 illustrates an exemplarymoney transfer system 100. WhileFIG. 1 illustrates an exemplary money transfer mechanism, one of ordinary skill in the art will recognize other money transfer mechanisms to which the present invention may be applied or used in conjunction with. - Referring to
FIG. 1 ,money transfer system 100 is comprised of aninterface system 125, an automatic teller system (“ATM”)system 145, adeposit maintenance network 150, acredit maintenance network 160 and acentral exchange 170.Interface system 125 is communicably coupled toATM system 145 via anATM network 140,deposit maintenance network 150 andcredit maintenance network 160. In general,interface system 125 unifies a variety of transfer systems while supporting a variety of mechanisms for introducing and receiving information to and/or frommoney transfer system 100. -
Interface system 125 comprises atransaction center 130 and one ormore terminals 110 in communication via atransaction network 120.Transaction network 120 can be any communication network capable of transmitting and receiving information in relation to a transfer of value from one entity to another. For example,transaction network 120 can comprise a TCP/IP compliant virtual private network (VPN), the Internet, a local area network (LAN), a wide area network (WAN), a telephone network, a cellular telephone network, an optical network, a wireless network, or any other similar communication network. In particular embodiments,transaction network 120 provides message based communications betweenterminals 110 andtransaction center 130. -
Terminals 110 can be any terminal or location where value is accepted and/or provided in relation to money transfers acrossmoney transfer system 100. Thus, in some instances, terminal 110 is a convenience store where a clerk can receive value from a sender and initiate transfer of the value to a receiver viamoney transfer system 100. In such cases, the clerk can typically also provide transferred value to a receiver. - In other instances, terminal 110 is an automated system for receiving value from a sender for transfer via
money transfer system 100 and/or for providing value to a receiver that was transferred viamoney transfer system 100. To accommodate various different payment instruments and types, terminal 110 can include a variety of interfaces. For example, terminal 110 can include a mechanism for receiving cash, credit cards, checks, debit cards, stored value cards and smart cards. Such terminals may also be used at the payout end to print a check or money order, or to credit a cash card or stored value card. Examples of such terminals are described in copending U.S. application Ser. No. 09/634,901, entitled “Point Of Sale Payment System,” filed Aug. 9, 2000 by Randy J. Templeton et al., which is a nonprovisional of U.S. Prov. Appl. No. 60/147,899, entitled “Integrated Point Of Sale Device,” filed Aug. 9, 1999 by Randy Templeton et al, the complete disclosures of which are herein incorporated by reference for all purposes. - In yet other instances, terminal 110 is a personal computer operated by a sender of value. Such a terminal can be communicably coupled to
transaction center 130 via the Internet. The terminal can further include a web browser capable of receiving commands for effectuating transfer of value viamoney transfer system 100. - Terminal identification information can be associated with each terminal 110. Such identification information includes, but is not limited to, a physical location, a telephone number, an agent identification number, a terminal identification number, a security alert status, an indication of the type of terminal, a serial number of a CPU, an IP address, the name of a clerk, and the like.
- Using
money transfer system 100, value can be transferred from any of a number of points. For example, value can be transferred fromterminal 110 to itself or anyother terminal 110, from any terminal 110 to a deposit account viadeposit maintenance network 150 orcredit maintenance network 160, from any terminal 110 to anyATM 114 viaATM network 140. Many other transfers to/fromATMs 114, deposit accounts, terminals, and/or credit accounts can be accomplished usingmoney transfer system 100. - Referring to
FIG. 2 , in accordance with some embodiments of the present invention, afraud watch system 210 is provided in communication withtransaction center 130 ofmoney transfer system 100. As illustrated,transaction center 130 includes anetwork processor 132 to process data received and transmitted viatransaction network 120. Data to/fromnetwork processor 132 is available to ahost 133 that may communicate with one or more of avalue translator 135, atransaction database 136, asettlement engine 137 and amessaging engine 138 to perform functions associated with transferring value viamoney transfer system 100. In turn, messaging engine may communicate with amessage translator 139. The received and/or provided bytransaction center 130 may include information on the sender, information on the recipient, identification information associated with a terminal 110, the type and amount of value transferred, a desired location to transfer the value, and the like. In some cases, avalue translator 135 may be used to change the type of value. For example,value translator 135 may do a foreign currency conversion, or may transfer from one type of value to another, e.g. frequent flyer miles to United States' Dollars. All information that is processed may conveniently be stored intransaction database 136. In some cases,transaction database 136 comprises both real time transaction information and on-demand transaction information on the same physical hardware. In other cases, one-demand transaction information is maintained on separate hardware from real time transaction information. In yet other cases,transaction database 136 is actually two distinct databases—one for maintaining real time transaction information and the other for maintaining on-demand transaction information. -
Settlement engine 137 may be used to facilitate the crediting and debiting of various accounts during a transfer. For example, if a sender requests that funds from a credit card account be used in the transfer,settlement engine 137 is used to contactcredit maintenance network 160 to charge the card and to manage the fees involved in the transaction. Such fees may be those charged by the credit organization as well as internal fees that are a part of the money transfer transaction.Settlement engine 137 may be used in a similar manner when crediting or debiting checking accounts, stored value accounts, customer loyalty points and the like. - In some cases, the sender may also wish to send a message with the value. Such a message may be a simple greeting, business or legal terms, and the like.
Messaging engine 138 is employed to convert the message to the proper format depending on the type of output device that is to be used with receiving the money. For example, the output device may be a printer that physically prints the message onto some type of media. Alternatively, the message may be temporarily displayed on a display screen, such as on a kiosk, ATM machine, point of sale device, an e-mail, a web page or the like. The sender or recipient may also indicate that the message needs to be translated to a different language. In such cases,message translator 139 may be used to translate the message into the other language. This may be accomplished by simply doing a word look up for each corresponding word in the other language. More complex language translation capabilities may also be used. - Once a value transfer is properly processed, data indicating the transfer is sent by a
switch 134 to the appropriate network as shown. This may be toATM network 140,deposit maintenance network 150 and/orcredit maintenance network 160 to complete the transaction. -
Fraud watch system 210 includes afraud processing server 220 and awatch database 230.Fraud watch system 210 is associated withtransaction system 130 in a manner that allows for access totransaction database 136. Such association can be provided by direct wired communication betweentransaction database 136 andfraud processing server 220, by direct or network communication betweentransaction center 130 andfraud processing server 220, or by any other mechanism that providesfraud watch system 210 with access totransaction database 136. In one particular embodiment,fraud processing server 220 is communicably coupled totransaction network 120 and accessestransaction database 136 vianetwork processor 132 andhost 133. In another embodiment,fraud processing server 220 is directly coupled to host 133 and accessestransaction database 136 viahost 133. It will be recognized by one of ordinary skill in the art that a number of other mechanisms exist within the scope of the present invention for providing access byfraud processing server 220 totransaction database 136. -
Fraud processing server 220 can be any microprocessor based device capable of retrieving data fromtransaction database 136, searching and manipulating the data, maintaining a form of the data onwatch database 230, and providing access to data ondatabase 230. Such access to the data can include formatting the data and providing the data in an easily accessible form. In some embodiments, fraud processing computer is a single computer, such as a personal computer or a database server. In other embodiments, fraud processing server is a group of two or more computers. In such embodiments, fraud processing computer can include a central computer associated with one or more peripheral computers. Such peripheral computers can be personal computers or portable devices, such as lap top computers and/or personal digital assistants. In a particular embodiment,fraud processing server 220 includes a SQL server, while in other embodiments, it includes an ORACLE server. -
Fraud processing server 220 includes a computer readable medium capable of maintaining instructions executable to perform the functions associated withfraud processing server 220. The computer readable medium can be any device or system capable of maintaining data in a form accessible tofraud processing computer 220. For example, the computer readable medium can be a hard disk drive either integral tofraud processing server 220 or external to the server. Alternatively, the computer readable medium can be a floppy disk or a CD-ROM apart fromfraud processing server 220 and accessible by inserting into a drive (not shown) offraud processing server 220. In yet other alternatives, the computer readable medium can be a RAM integral tofraud processing server 220 and/or a microprocessor (not shown) within the server. One of ordinary skill in the art will recognize many other possibilities for implementing the computer readable medium. For example, the computer readable medium can be a combination of the aforementioned alternatives, such as, a combination of a CD-ROM, a hard disk drive and RAM. - Turning now to
FIGS. 3 a through 3 d, a flow diagram 300 illustrates a method in accordance with the present invention for monitoring a variety of value transfers. Following flow diagram 300 ofFIG. 3 a, real time transaction data is received from one or more transaction points (block 301). In addition, various transactions meeting certain thresholds are the subject of additional data gathering. This additional data can be obtained through a periodic request, and thus is referred to as on-demand transaction information. As just some examples, where a transfer exceeds a one thousand dollar threshold, a sender may be asked for a social security number, a driver's license number, a passport number, a date of birth, and/or the like. This data may not be gathered in other situations where the transfer does not exceed the threshold, and the data may not be included in the real time data. In some cases, the real time transaction information and on-demand transaction information is transferred from transaction database 136 (and/or another database) tofraud processing server 220. The on-demand transaction information is received (block 302), matched to correlated real time transaction information, stripped of irrelevant fields, and assembled as transaction packages (block 303). In some cases, the on-demand information is requested and received every thirty days, and thus the real time data is maintained for thirty days. Upon receiving the on-demand data, the transaction packages can then be assembled. In some cases, real time data that is not associated with on-demand data is deleted and not assembled as transaction packages. In other cases, real time data that is not associated with on-demand data is assembled as transaction packages. - Turning to
FIG. 3 b, the transaction packages can be transferred to a root database (block 305). A transaction package is an electronic file including a set of information detailing a transaction that has been performed in relation to a value transfer system. As just one example, a transaction package can include the names of both the sender and recipient in the transaction, as well as identification and contact information for the sender and recipient, identification of agents involved in the transfer, the amount of the transfer, the type of value transferred, a transaction cost, and the like. Each of the transaction packages are assigned as an individual root node of the fraud monitoring system (block 315). In some cases, this includes assignment byfraud processing server 220 as a root node withinfraud watch system 210. - It is next determined if a gross sort of the existing root nodes is to be performed (block 320). Where a gross sort is to be performed (block 320), the gross sort is performed (block 325) and the root nodes identified from the performed gross sort are deleted (block 330). A gross sort can be any preliminary sort directed at eliminating root nodes that are associated with transaction packages that for some reason are not thought to be suspicious. Thus, for example, a gross sort may be performed to identify all root nodes where the associated transaction was for less than five hundred U.S. Dollars. Upon identifying the root nodes with transactions less than five hundred dollars, those root nodes are deleted from
fraud watch system 210. Based on the disclosure provided herein, one of ordinary skill in the art will appreciate a number of gross sorts that can be preformed in accordance with the present invention. - Either where no gross sort is to be performed (block 320), or where the gross sort has been completed (
blocks 325, 330), an affinity is created for each remaining root node (block 335). As used herein, a root node affinity can be any collection of data points that includes one or more data points derived or selected from the root node transaction package to which the affinity is associated. Thus, as just one example, a root node transaction package may include the name of the sender, the name of the recipient, and the number of the transfer agent. In such a case, the root node affinity associated with the root node may include a combination of the sender name and the number of the transfer agent. Based on the disclosure provided herein, one of ordinary skill in the art will recognize a number of different data elements and combinations thereof that can form a root node affinity. Further, in some cases, affinities can be combined in which case, the resulting tier one or tier two affinity is a collection of data points from each of the combined affinities. Further, defining an affinity can include standardizing one or more data points from a given transaction package. As just one example, this can include converting a transferred value to a common value, such as from Mexican Pesos to US Dollars. - Each affinity associated with a root node is compared to other affinities within the root node (block 340). This process can continue until all of the root node affinities have been compared one with another (block 350). Where a match between root node affinities is detected (block 345), the matching root node affinities are assimilated with a combined affinity that is maintained as a tier one affinity (block 355). As used herein, a tier one affinity is an affinity that is formed by assimilating two or more (tier one and/or root node) affinities into a single affinity. A match can be determined in a number of ways. For example, in one embodiment, a match occurs where three or more data points match across two affinities. Thus, for example, where the sender name and the receiver name match in two affinities, the sender locations match across two affinities, and the phone number matches across two affinities, an affinity match will be found. Alternatively, in other embodiments, a match occurs where a single data point matches across two affinities. Thus, for example, where the telephone number for a recipient in one affinity matches the telephone number for a recipient in another affinity, an affinity match may be found. In one particular embodiment, a match is only found where two or more data points within the affinities match. Thus, for example, an a match would not be found where only an exact name match was found, however, a match would be found where a phonetic name match was found in addition to a match in the area code associated with a telephone number in two affinities. In some cases, a match may include an exact match of one data point, and a partial match of another data point. Based on the disclosure provided herein, one of ordinary skill in the art will recognize a number of basis upon which an affinity match may be defined to occur. In particular embodiments of the present invention, a user interface is provided that allows a user to define the basis upon which a match will be considered to occur. Once the matching affinities are assimilated with a common affinity, the root node affinities that were the subject of the match are removed as individual affinities (block 360). Again, this process is continued until all of the root node affinities have been considered (block 350).
- The remaining root node affinities are compared to each of the tier one affinities (block 307). This process continues until all of the remaining root node affinities have been compared with the tier one affinities (block 317). Where a match of a root node affinity is found with a tier one affinity (block 312), the root node affinity is assimilated with the tier one affinity (block 322) and the matched root node affinity is deleted from the root node (block 327). As with the previously discussed match process, a number of basis can be considered to determine whether a match has occurred. Further, a user interface can be provided that allows a user to define the basis that result in a match.
- Next, each of the tier one affinities are compared one with another (block 332). This process continues until all tier one affinities have been considered (block 347). Where a match is found between tier one affinities (block 337), the matching affinities are assimilated with a common tier one affinity, and the matched affinities are removed from the system (block 342). Again, as with the previously discussed match process, a number of basis can be considered to determine whether a match has occurred. Further, a user interface can be provided that allows a user to define the basis that result in a match.
- Turning to
FIG. 3 c, it is determined whether a an event trigger level or an affinity intensity trigger level is to be used to identify reporting (block 313). Where an affinity intensity is to be used (block 313), an affinity intensity for the tier one affinities is calculated (block 318). As used herein, affinity intensity can be one or more numbers indicating the likelihood of suspicious behavior associated with a given affinity. As just one example, an affinity intensity can be the total amount transferred in all transactions represented by the affinity multiplied by the number of matches found in the individual affinity data points. Thus, for example, where the total amount transferred is twenty-thousand, and the sender's name matches three times within the affinity (total of three), the telephone number matches twice (total of two), the recipient's name matches twice (total of two), and there is one match to the combination of recipients name and agent number (total of one). The affinity intensity may then be calculated to be twenty-thousand multiplied by eight (the total number of matched points). In some cases, different matches may be weighted differently in determining an affinity intensity. For example, a match of recipient's names combined with agent identifications may be weighted by three hundred percent, a match of phone numbers weighted by two hundred percent, and a match of recipient's names or sender's names weighted by one hundred percent, and a match of a sender's name to a recipient's name weighted by seventy percent. These weightings can be multiplied by the respective matches to derive a score, or affinity intensity as previously described. This affinity calculation process is repeated until an affinity intensity is calculated for each of the tier one affinities (block 328). - Alternatively, where an event trigger level is to be used (block 313), a trigger level is calculated for each of the tier one affinities (
blocks 323, 333). Such trigger levels can be calculated based on a number of different occurrences that are detected in relation to the respective tier one affinities. For example, the trigger level can indicate: the number of transactions that are associated with the tier one affinity, the maximum amount transferred in relation to any individual within the affinity, an amount transferred in relation to an individual within the affinity within a given length of time, the maximum number of transactions associated with any individual within the affinity, the total amount of all transactions represented by the affinity, or a combination of the aforementioned. Based on the disclosure provided herein, one of ordinary skill in the art will appreciate a myriad of trigger levels that can be calculated. - The calculated affinity intensities or event trigger levels are then compared to threshold levels (block 338). These threshold levels can be defined by a user via a user interface. As just one example, a trigger threshold may be set where an individual sends or receives transactions all of which are less than ten thousand dollars individually, but which aggregate to an amount that equals or exceeds fifteen thousand dollars. Such a trigger threshold may be limited to a particular window of time such as, for example, thirty days. Another example may be where an individual sends or receives transactions all of which are less than ten thousand dollars individually, but which aggregate to an amount that equals or exceeds ten thousand dollars in a seven day period. As yet another example, a trigger threshold may be set where an individual sends or receives more than five transactions in a thirty day period. Yet another example may be set where an individual is involved in two or more transactions between two thousand four hundred dollars and two thousand nine hundred ninety nine dollars, or some other defined limit. Yet another trigger threshold may be set where an individual sends or receives a single transaction of between two thousand nine hundred and ninety dollars and two thousand nine hundred and ninety nine dollars, or some other determined range. Based on the disclosure provided herein, one of ordinary skill in the art will recognize a number of trigger thresholds that can be set. Affinity thresholds can be set where an affinity intensity exceeds a predetermined level such as, for example, fifty thousand.
- This comparison process is repeated for each of the tier one affinities (block 348). Where a threshold is met (block 343), the tier one affinity is forwarded to a human operator for consideration of any suspicious activity indicated via the tier one affinity (block 353). Where the human operator identifies suspicious behavior associated with the affinity (block 358), the tier one affinity can be assigned tier two status and a suspicious behavior report automatically generated and provided to the government (block 363). In some cases, the human operator processes (
blocks 353, 358) are not performed, but rather the tier one affinity is automatically assigned tier two status and a suspicious behavior report generated and provided to the government (block 363) based on exceeding the defined event or affinity trigger level. Tier two affinities can be locked into the system such that they are not aged out of the system as discussed below. - Turning now to
FIG. 3 d, each of the tier one affinities and remaining root node affinities are compared to tier two affinities (block 314). This process can continue for all of the affinities (block 324). Where a match occurs (block 319), an interdiction process can be initiated to preclude individuals identified in the tier two affinity from using the monitored value transfer system (block 329). In addition, the matched affinity can be assimilated with the tier two affinity. In some cases, multiple matches to a tier two affinity are recorded before an interdiction process is initiated. Further, where a match occurs, the matching tier one affinity or root node affinity can be assimilated with the tier tow affinity. - In addition, each of the remaining root node affinities can be aged (block 334). This aging process can result in the removal of a root node affinity from the system after a set period of time, such as thirty days, where it is not first matched to form a tier one affinity. In addition, each of the tier one affinities can be aged (block 339). Thus, tier one affinities that become inactive for an extended period such as ninety days from the last transaction represented in the affinity, can be removed from the system.
- Periodically, reporting rules can be applied (block 344), and reports generated to the government (block 349). These reports can indicate additional activity flagged in relation to a tier two affinity. Thus, rather than reporting each occurrence of activity in relation to a tier two affinity, a single report can be generated indicating all suspicious behavior in relation to the tier two affinity. This provides an efficient means for investigating suspicious behavior, while avoiding the appearance of rampant illicit behavior as would be suggested through generation of a report for each flagged transaction.
- Turning to
FIG. 4 , agraphical representation 400 of the affinity progression described in relation toFIG. 3 is provided.Elements dark rings inner areas - As depicted, the
ancillary information respective transaction packages usable transaction information root node affinities root node affinities affinity 417 which is formed based on a match betweenroot node affinities root node affinity 409 is compared against the previously formed tier oneaffinities root node affinity 409 and tier oneaffinity 419 is depicted as tier oneaffinity 437. Then, each tier oneaffinity affinity 415 and tier oneaffinity 417 is depicted as tier oneaffinity 435. - Turning now to
FIGS. 5 through 12 , an exemplary data set is used to illustrate the creation and progression of affinities.FIG. 5 depicts a set oftransaction packages general data points 530 can be provided to describe the transaction. The sender data points can include, but are not limited to, the sender'slast name 511, the sender'smiddle name 512, the sender'sfirst name 513, the sender'sphone number 514, the sender'saddress 515, the sender's agent used to perform thetransaction 517, the type ofagent 516, the date sent 518, the amount of value to be sent 519, the type of value to be sent 520, an account type used to provide the sentvalue 521, an account number associated with theaccount type 522, the sender's social security orother identification number 523, the sender's date ofbirth 524, the sender'sidentification type 525, the issuer of the sender'sidentification 526, the location of the issuer of the sender's identification, and the identification number from the sender's identification. The recipient's data points can include, but are not limited to, the recipient'slast name 541, the recipient'smiddle name 542, the recipient'sfirst name 543, the recipient'sphone number 544, the recipient'saddress 545, the recipient's agent used to perform thetransaction 547, the type ofagent 546, the date received 548, the amount of value received 549, and the type of value received 550. The general data points can include information about the transaction including, for example, transaction costs 530. - Turning to
FIG. 6 the process of gross sorting is depicted wheretransaction package 502 is eliminated from consideration. As previously discussed, a gross sort can eliminate data that is unlikely to represent suspicious behavior, or is of such a low value that it is not desirable to use the data for monitoring purposes. Thus, for example, the transaction package may be eliminated where the transaction value is below a set threshold. The two hundred dollar transaction oftransaction package 502 may have been below a cutoff threshold, and thustransaction package 502 is removed from consideration. Further,transaction package 502 may have been eliminated from consideration because it lacked on-demand information in the form of a sender's date of birth and social security number. - After the gross sort is performed, the remaining transaction package information is used to form root node affinities as depicted in
FIG. 7 . Theroot node affinities respective transaction packages respective transaction packages - As depicted,
root node affinities name data point 711. This data point is a combination of thelast name 511 andfirst name 513 data points from the respective transaction packages. Further,data point 711 is expanded to include a number of aliases known to be used in relation to the first name. This can be done using alias determination software as is known in the art. Thus, as an example,root node affinity 701 includes three last name/first name data points 711 representing three different variations of the name “Samuel”. In addition, the last name/first name combination is reformed into a phonetic spelling with a truncated first name making matching the name less susceptible to misses where the name is misspelled, or spelled in different ways. This phonetic spelling is maintained asdata point 712. This phonetic spelling can be obtained using techniques known to those of skill in the art such as, for example, using phonetic generation software. In addition,affinities data point 713. Where a match is found for this combination a strong affinity is indicated, and such a match can be used to create an increased affinity intensity as previously described.Similar data points - In addition,
affinities phone number 514 and the recipient'sphone number 544 selected directly fromrespective transaction packages transaction packages data points respective affinities number 522 and date ofbirth 524, where available, are included in the respective affinities. A combination of the ID type, issuer and number is also included asdata point 719. The amount transferred is converted to a common value and maintained asdata point 720. This common value can be the transferred value converted to a common currency type such as U.S. Dollars. Thus, for example, where the transferred value is in Brazilian Reales, the amount it converted to U.S. Dollars using recent conversion tables, and the converted amount is maintained ascommon value 720. - As previously discussed in relation to
FIG. 4 , rootnode affinity A 703 and rootnode affinity B 704 include a match, and are thus assimilated with a common tier oneaffinity 800 depicted inFIG. 8 . As depicted, a number of matches occur. These matches include a match of the sender's name, and the agent identification used by the sender. Created tier oneaffinity 800 thus includes all data points included in the underlyingroot node affinities -
FIGS. 9 and 10 depict previously formed tier oneaffinities affinity 900 matches tier oneaffinity 800, and the two are assimilated to form a new tier oneaffinity 1100 as depicted inFIG. 11 . The match can be for example, the name and location of the recipient (Benjamin Thomas) of data set 704 matches that of the sender ofdata set 910. Similarly, theroot node affinity 701 matches the previously formed tier oneaffinity 1000, and the two are assimilated to form a new tier oneaffinity 1200 as depicted inFIG. 12 . As depicted, the match that caused the formation of tier oneaffinity 1200 is the common recipient (Leonard Jackson) and common agent number. - The invention has now been described in detail for purposes of clarity and understanding. However, it will be appreciated that certain changes and modifications may be practiced within the scope of the appended claims. For example, other criteria may be used for identifying relationships between reference designators and money transfer records. Additionally, other criteria may be used for analyzing a money transfer database using the reference designators. Thus, although the invention is described with reference to specific embodiments and figures thereof, the embodiments and figures are merely illustrative, and not limiting of the invention. Rather, the scope of the invention is to be determined solely by the appended claims.
Claims (20)
1. A system for evaluating value transfers, the system comprising:
a fraud processing computer; and
a computer readable medium associated with the fraud processing computer, wherein the computer readable medium comprises computer instructions executable by the fraud processing computer to:
receive a plurality of transaction packages;
form a plurality of root node affinities associated with respective transaction packages;
compare the plurality of root node affinities with a tier one affinity; and
assimilate at least one of the root node affinities with the tier one affinity based on the comparison.
2. The system of claim 1 , wherein the tier one affinity is a first tier one affinity, and wherein the computer instructions are further executable by the fraud processing computer to:
compare one of the plurality of root node affinities with another of the root node affinities; and
based on the comparison, form a second tier one affinity from compared root node affinities.
3. The system of claim 1 , wherein the computer instructions are further executable by the fraud processing computer to:
receive a trigger level.
4. The system of claim 3 , wherein the trigger level is selected from a group consisting of: an affinity intensity, an event count, and an event occurrence.
5. The system of claim 3 , wherein the trigger level is seven matches to a given tier one affinity.
6. The system of claim 3 , wherein the computer instructions are further executable by the fraud processing computer to:
convert the tier one affinity to a tier two affinity based at least in part on satisfying the trigger level;
locking the tier two affinity; and
generating a report indicating suspicious activity associated with the tier two affinity.
7. The system of claim 6 , wherein the tier one affinity is a first tier one affinity, and wherein the computer instructions are further executable by the fraud processing computer to:
compare a second tier one affinity to the tier two affinity; and
based at least in part on the comparison, initiate interdiction procedures in relation to the tier two affinity.
8. The system of claim 7 , wherein the computer instructions are further executable by the fraud processing computer to:
assimilate the second tier one affinity into the tier two affinity based at least in part on the comparison.
9. The system of claim 6 , wherein the computer instructions are further executable by the fraud processing computer to:
compare one of the plurality of root node affinities to the tier two affinity; and
based at least in part on the comparison, initiate interdiction procedures in relation to the tier two affinity.
10. The system of claim 9 , wherein the computer instructions are further executable by the fraud processing computer to:
assimilate one of the plurality of root node affinities compared with the tier two affinity based at least in part on the comparison.
11. The system of claim 1 , wherein the computer instructions are further executable by the fraud processing computer to:
receive real time transaction information;
request on-demand transaction information;
receive on-demand transaction information; and
assemble the real time transaction information and the on-demand transaction information to create the plurality of transaction packages.
12. The system of claim 1 , wherein the plurality of transaction packages are comprised of information selected from a group consisting of: real time transaction information, on-demand transaction information, and a combination of real time transaction information and on-demand transaction information.
13. The system of claim 11 , wherein the computer instructions are further executable by the fraud processing computer to:
perform a gross sort on the plurality of transaction packages, wherein at least one of the plurality of transaction packages is eliminated from consideration.
14. The system of claim 6 , wherein the tier one affinity is a first tier one affinity, and wherein the computer instructions are further executable by the fraud processing computer to:
compare a second tier one affinity to an affinity selected from a group consisting of: a third tier one affinity and a root node affinity; and
generate a report reflecting the comparison at a defined period.
15. A method for evaluating value transfers, the method comprising:
receiving, by a computer system, a plurality of transaction packages;
forming, by the computer system, a plurality of root node affinities associated with respective transaction packages;
comparing, by the computer system, the plurality of root node affinities with a tier one affinity; and
assimilating, by the computer system, at least one of the root node affinities with the tier one affinity based on the comparison.
16. The method for evaluating value transfers of claim 15 , the method further comprising:
comparing one of the plurality of root node affinities with another of the root node affinities; and
based on the comparison, forming a second tier one affinity from compared root node affinities.
17. The method for evaluating value transfers of claim 15 , further comprising:
receiving, by the computer system, a trigger level.
18. The method for evaluating value transfers of claim 17 , further comprising:
converting the tier one affinity to a tier two affinity based at least in part on satisfying the trigger level;
locking the tier two affinity; and
generating a report indicating suspicious activity associated with the tier two affinity.
19. A computer program product residing on a processor-readable storage medium for evaluating value transfers, the computer program product comprising processor-readable instructions configured to cause one or more processors to:
receive a plurality of transaction packages;
form a plurality of root node affinities associated with respective transaction packages;
compare the plurality of root node affinities with a tier one affinity; and
assimilate at least one of the root node affinities with the tier one affinity based on the comparison.
20. The computer program product of claim 19 , wherein the processor-readable instructions are further configured to cause the one or more processors to:
receive a trigger level;
convert the tier one affinity to a tier two affinity based at least in part on satisfying the trigger level;
lock the tier two affinity; and
generate a report indicating suspicious activity associated with the tier two affinity.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/791,238 US20130262297A1 (en) | 2002-03-04 | 2013-03-08 | Systems and methods for graduated suspicious activity detection |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/091,000 US8412633B2 (en) | 2002-03-04 | 2002-03-04 | Money transfer evaluation systems and methods |
US10/434,409 US8417600B2 (en) | 2002-03-04 | 2003-05-07 | Systems and methods for graduated suspicious activity detection |
US13/791,238 US20130262297A1 (en) | 2002-03-04 | 2013-03-08 | Systems and methods for graduated suspicious activity detection |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/434,409 Division US8417600B2 (en) | 2002-03-04 | 2003-05-07 | Systems and methods for graduated suspicious activity detection |
Publications (1)
Publication Number | Publication Date |
---|---|
US20130262297A1 true US20130262297A1 (en) | 2013-10-03 |
Family
ID=27804085
Family Applications (4)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/091,000 Active 2029-03-18 US8412633B2 (en) | 2001-09-07 | 2002-03-04 | Money transfer evaluation systems and methods |
US10/434,409 Active 2029-03-15 US8417600B2 (en) | 2002-03-04 | 2003-05-07 | Systems and methods for graduated suspicious activity detection |
US11/535,362 Abandoned US20070073617A1 (en) | 2002-03-04 | 2006-09-26 | System and method for evaluation of money transfer patterns |
US13/791,238 Abandoned US20130262297A1 (en) | 2002-03-04 | 2013-03-08 | Systems and methods for graduated suspicious activity detection |
Family Applications Before (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/091,000 Active 2029-03-18 US8412633B2 (en) | 2001-09-07 | 2002-03-04 | Money transfer evaluation systems and methods |
US10/434,409 Active 2029-03-15 US8417600B2 (en) | 2002-03-04 | 2003-05-07 | Systems and methods for graduated suspicious activity detection |
US11/535,362 Abandoned US20070073617A1 (en) | 2002-03-04 | 2006-09-26 | System and method for evaluation of money transfer patterns |
Country Status (3)
Country | Link |
---|---|
US (4) | US8412633B2 (en) |
AU (1) | AU2003223235A1 (en) |
WO (1) | WO2003077181A1 (en) |
Families Citing this family (84)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7376587B1 (en) | 2000-07-11 | 2008-05-20 | Western Union Financial Services, Inc. | Method for enabling transfer of funds through a computer network |
CA2416130A1 (en) | 2000-07-11 | 2002-01-17 | First Data Corporation | Wide area network person-to-person payment |
US7266533B2 (en) | 2000-12-15 | 2007-09-04 | The Western Union Company | Electronic gift greeting |
US8140415B2 (en) | 2001-03-20 | 2012-03-20 | Goldman Sachs & Co. | Automated global risk management |
US8209246B2 (en) | 2001-03-20 | 2012-06-26 | Goldman, Sachs & Co. | Proprietary risk management clearinghouse |
US8121937B2 (en) | 2001-03-20 | 2012-02-21 | Goldman Sachs & Co. | Gaming industry risk management clearinghouse |
US9853759B1 (en) | 2001-03-31 | 2017-12-26 | First Data Corporation | Staged transaction system for mobile commerce |
US7117183B2 (en) | 2001-03-31 | 2006-10-03 | First Data Coroporation | Airline ticket payment and reservation system and methods |
US8150763B2 (en) | 2001-03-31 | 2012-04-03 | The Western Union Company | Systems and methods for staging transactions, payments and collections |
US7107249B2 (en) | 2001-03-31 | 2006-09-12 | First Data Corporation | Electronic identifier payment systems and methods |
US7184989B2 (en) | 2001-03-31 | 2007-02-27 | First Data Corporation | Staged transactions systems and methods |
US8412633B2 (en) * | 2002-03-04 | 2013-04-02 | The Western Union Company | Money transfer evaluation systems and methods |
US8374962B2 (en) | 2001-10-26 | 2013-02-12 | First Data Corporation | Stored value payouts |
US8244632B2 (en) | 2001-10-26 | 2012-08-14 | First Data Corporation | Automated transfer with stored value |
US20040128240A1 (en) * | 2002-10-07 | 2004-07-01 | Yusin Wendy E. | Method and system for managing financial transactions |
US7330835B2 (en) * | 2002-10-31 | 2008-02-12 | Federal Reserve Bank Of Minneapolis | Method and system for tracking and reporting automated clearing house transaction status |
US7792716B2 (en) * | 2002-10-31 | 2010-09-07 | Federal Reserve Bank Of Atlanta | Searching for and identifying automated clearing house transactions by transaction type |
US8032452B2 (en) | 2002-11-06 | 2011-10-04 | The Western Union Company | Multiple-entity transaction systems and methods |
US8156040B2 (en) * | 2003-07-03 | 2012-04-10 | Federal Reserve Bank Of Minneapolis | Method and system for conducting international electronic financial transactions |
US8417636B2 (en) * | 2003-09-30 | 2013-04-09 | Federal Reserve Bank Of Atlanta | Approving ACH operator processing of ACH payments based on an originating depository financial institution's approved originator list |
US8543477B2 (en) * | 2003-09-30 | 2013-09-24 | Federal Reserve Bank Of Atlanta | Value tracking and reporting of automated clearing house transactions |
US20050222929A1 (en) * | 2004-04-06 | 2005-10-06 | Pricewaterhousecoopers Llp | Systems and methods for investigation of financial reporting information |
US20050222928A1 (en) * | 2004-04-06 | 2005-10-06 | Pricewaterhousecoopers Llp | Systems and methods for investigation of financial reporting information |
US8510300B2 (en) | 2004-07-02 | 2013-08-13 | Goldman, Sachs & Co. | Systems and methods for managing information associated with legal, compliance and regulatory risk |
US8442953B2 (en) | 2004-07-02 | 2013-05-14 | Goldman, Sachs & Co. | Method, system, apparatus, program code and means for determining a redundancy of information |
US8996481B2 (en) | 2004-07-02 | 2015-03-31 | Goldman, Sach & Co. | Method, system, apparatus, program code and means for identifying and extracting information |
US8762191B2 (en) | 2004-07-02 | 2014-06-24 | Goldman, Sachs & Co. | Systems, methods, apparatus, and schema for storing, managing and retrieving information |
US7881996B1 (en) | 2004-08-03 | 2011-02-01 | Federal Reserve Bank Of Atlanta | Method and system for screening financial transactions |
US20060047593A1 (en) * | 2004-09-01 | 2006-03-02 | Ubs Financial Services Inc. | Method and system for funds management |
US7580886B1 (en) | 2004-09-15 | 2009-08-25 | Federal Reserve Bank Of Atlanta | Managing foreign payments in an international ACH |
US8152054B2 (en) | 2004-10-19 | 2012-04-10 | The Western Union Company | Money transfer systems and methods |
US7392940B2 (en) | 2005-05-18 | 2008-07-01 | The Western Union Company | In-lane money transfer systems and methods |
US8672220B2 (en) | 2005-09-30 | 2014-03-18 | The Western Union Company | Money transfer system and method |
US20070138267A1 (en) * | 2005-12-21 | 2007-06-21 | Singer-Harter Debra L | Public terminal-based translator |
US7891561B2 (en) * | 2006-02-16 | 2011-02-22 | First Data Corporation | Cash redemption of gift cards systems and methods |
US7669758B2 (en) | 2006-04-04 | 2010-03-02 | American Express Travel Related Services Company, Inc. | Obtaining transaction accounts using identification cards |
EP2090016A4 (en) * | 2006-11-14 | 2011-01-05 | Sgl Network Inc | Systems and methods for a transaction vetting service |
US7933835B2 (en) | 2007-01-17 | 2011-04-26 | The Western Union Company | Secure money transfer systems and methods using biometric keys associated therewith |
US8818904B2 (en) | 2007-01-17 | 2014-08-26 | The Western Union Company | Generation systems and methods for transaction identifiers having biometric keys associated therewith |
US20080243705A1 (en) * | 2007-03-28 | 2008-10-02 | The Western Union Company | Third-Party Gift Registry And Payment System |
US8504473B2 (en) | 2007-03-28 | 2013-08-06 | The Western Union Company | Money transfer system and messaging system |
US7783571B2 (en) | 2007-05-31 | 2010-08-24 | First Data Corporation | ATM system for receiving cash deposits from non-networked clients |
US7620596B2 (en) | 2007-06-01 | 2009-11-17 | The Western Union Company | Systems and methods for evaluating financial transaction risk |
US8613044B2 (en) * | 2007-06-22 | 2013-12-17 | 4Dk Technologies, Inc. | Delegating or transferring of access to resources between multiple devices |
US8504450B2 (en) * | 2007-08-31 | 2013-08-06 | Ebay Inc. | Mobile remittances/payments |
US8019679B2 (en) * | 2007-10-18 | 2011-09-13 | Moneygram International, Inc. | Global compliance processing system for a money transfer system |
US8694424B2 (en) | 2007-12-18 | 2014-04-08 | Federal Reserve Bank Of Atlanta | System and method for managing foreign payments using separate messaging and settlement mechanisms |
US20090234764A1 (en) * | 2008-03-14 | 2009-09-17 | Mark Friesen | Systems and methods for biometric authentication of monetary fund transfer |
WO2009114020A1 (en) * | 2008-03-14 | 2009-09-17 | Sgl Network, Inc. | Systems and methods for biometric authentication of monetary fund transfer |
US20090281946A1 (en) | 2008-05-12 | 2009-11-12 | Davis Peter A | ACH Payment Processing |
US20090287599A1 (en) * | 2008-05-15 | 2009-11-19 | Bank Of America Corporation | Monetary Transfer Approval Via Mobile Device |
US20090327143A1 (en) * | 2008-06-27 | 2009-12-31 | Fernando Morales | Method and apparatus to send cash to any person in the world |
US8489476B1 (en) | 2008-06-30 | 2013-07-16 | United States Automobile Association (USAA) | Data manager for suspicious activity monitor |
US8600881B2 (en) * | 2008-11-13 | 2013-12-03 | Visa International Service Association | System and method for uniquely identifying point of sale devices in an open payment network |
US20100169137A1 (en) * | 2008-12-31 | 2010-07-01 | Ebay Inc. | Methods and systems to analyze data using a graph |
US8473352B2 (en) * | 2009-03-24 | 2013-06-25 | The Western Union Company | Consumer due diligence for money transfer systems and methods |
EP2449518A1 (en) * | 2009-06-30 | 2012-05-09 | ABN AMRO Bank N.V. | Processing coded data |
WO2011025689A1 (en) * | 2009-08-25 | 2011-03-03 | Bank Of America Corporation | Integrated fraud platform |
US9224146B2 (en) | 2009-09-30 | 2015-12-29 | The Toronto Dominion Bank | Apparatus and method for point of sale terminal fraud detection |
US20110196790A1 (en) * | 2010-02-05 | 2011-08-11 | Milne Benjamin P | Transaction processing system |
US8510188B2 (en) * | 2010-07-28 | 2013-08-13 | The Western Union Company | Receiver driven money transfer alert system |
US10453122B2 (en) | 2010-08-18 | 2019-10-22 | The Western Union Company | Systems and methods for assessing fraud risk |
US8700510B2 (en) | 2011-02-11 | 2014-04-15 | Federal Reserve Bank Of Atlanta | Redirecting or returning international credit transfers |
US20120226579A1 (en) * | 2011-03-01 | 2012-09-06 | Ha Vida | Fraud detection based on social data |
US8924287B1 (en) * | 2011-08-18 | 2014-12-30 | Sprint Communications Company L.P. | System and methods for mobile electronic funds transfers |
US10402795B2 (en) | 2012-01-05 | 2019-09-03 | Moneygram International, Inc. | Prefunding for money transfer send transactions |
US8762266B2 (en) * | 2012-05-08 | 2014-06-24 | Vantiv, Llc | Systems and methods for performing funds freeze and/or funds seizure with respect to prepaid payment cards |
US9014662B1 (en) | 2012-06-25 | 2015-04-21 | Sprint Communications Company L.P. | Pre-paid phone cash wallet |
US8657688B1 (en) | 2012-11-26 | 2014-02-25 | Moneygram International, Inc. | Promotion generation engine for a money transfer system |
US10755245B2 (en) | 2013-02-25 | 2020-08-25 | Moneygram International, Inc. | Money transfer system having location based language and dynamic receipt capabilities |
US10192204B2 (en) | 2013-08-01 | 2019-01-29 | Moneygram International, Inc. | System and method for staging money transfers between users having profiles |
US11574368B1 (en) | 2014-10-06 | 2023-02-07 | State Farm Mutual Automobile Insurance Company | Risk mitigation for affinity groupings |
US20210358045A1 (en) | 2014-10-06 | 2021-11-18 | State Farm Mutual Automobile Insurance Company | Medical diagnostic-initiated insurance offering |
US10664920B1 (en) * | 2014-10-06 | 2020-05-26 | State Farm Mutual Automobile Insurance Company | Blockchain systems and methods for providing insurance coverage to affinity groups |
US10616411B1 (en) | 2017-08-21 | 2020-04-07 | Wells Fargo Bank, N.A. | System and method for intelligent call interception and fraud detecting audio assistant |
US20190122226A1 (en) * | 2017-10-20 | 2019-04-25 | International Business Machines Corporation | Suspicious activity report smart validation |
JP7070272B2 (en) * | 2018-09-19 | 2022-05-18 | 富士通株式会社 | Transaction management device, transaction management method and transaction management program |
EP3629551B1 (en) | 2018-09-28 | 2022-08-31 | IPCO 2012 Limited | An apparatus, computer program and method for real time tracing of transactions through a distributed network |
US11276064B2 (en) | 2018-11-26 | 2022-03-15 | Bank Of America Corporation | Active malfeasance examination and detection based on dynamic graph network flow analysis |
US11102092B2 (en) * | 2018-11-26 | 2021-08-24 | Bank Of America Corporation | Pattern-based examination and detection of malfeasance through dynamic graph network flow analysis |
US20220012697A1 (en) * | 2020-07-07 | 2022-01-13 | Up N' Go | Intermediary advanced payment processes |
US12069535B2 (en) | 2022-02-09 | 2024-08-20 | Bank Of America Corporation | Intelligent precursory systematized authentication |
US11900227B1 (en) | 2022-07-25 | 2024-02-13 | Gravystack, Inc. | Apparatus for producing a financial target strategy and a method for its use |
US20240161116A1 (en) * | 2022-11-15 | 2024-05-16 | U.S. Bank | Systems and methods for real-time identification of an anomaly of a block of a blockchain |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4317957A (en) * | 1980-03-10 | 1982-03-02 | Marvin Sendrow | System for authenticating users and devices in on-line transaction networks |
US6208720B1 (en) * | 1998-04-23 | 2001-03-27 | Mci Communications Corporation | System, method and computer program product for a dynamic rules-based threshold engine |
US6212266B1 (en) * | 1996-03-29 | 2001-04-03 | British Telecommunications Public Limited Company | Fraud prevention in a telecommunications network |
US6373932B2 (en) * | 1999-05-03 | 2002-04-16 | Hewlett-Packard Company | Configuration tracking system |
US6516056B1 (en) * | 2000-01-07 | 2003-02-04 | Vesta Corporation | Fraud prevention system and method |
US20030135457A1 (en) * | 2002-09-06 | 2003-07-17 | Stewart Whitney Hilton | Method and apparatus for providing online financial account services |
Family Cites Families (32)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US50880A (en) * | 1865-11-07 | Improvement in pitman-connections for harvesters | ||
US2003A (en) * | 1841-03-12 | Improvement in horizontal windivhlls | ||
WO1989000584A1 (en) * | 1987-07-10 | 1989-01-26 | Quantum Chemical Corporation | Propylene polymerization catalyst and method |
US5557518A (en) | 1994-04-28 | 1996-09-17 | Citibank, N.A. | Trusted agents for open electronic commerce |
US5892900A (en) * | 1996-08-30 | 1999-04-06 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US6601048B1 (en) * | 1997-09-12 | 2003-07-29 | Mci Communications Corporation | System and method for detecting and managing fraud |
US5761650A (en) * | 1995-12-29 | 1998-06-02 | Csg Systems, Inc. | Billing system and method |
US5790645A (en) * | 1996-08-01 | 1998-08-04 | Nynex Science & Technology, Inc. | Automatic design of fraud detection systems |
US5963647A (en) * | 1997-02-14 | 1999-10-05 | Citicorp Development Center, Inc. | Method and system for transferring funds from an account to an individual |
US5949044A (en) * | 1997-06-13 | 1999-09-07 | Walker Asset Management Limited Partnership | Method and apparatus for funds and credit line transfers |
JPH1166193A (en) | 1997-08-14 | 1999-03-09 | Hitachi Ltd | Method and device for managing electronic money and storage medium where electronic money managing program is stored |
US6095413A (en) * | 1997-11-17 | 2000-08-01 | Automated Transaction Corporation | System and method for enhanced fraud detection in automated electronic credit card processing |
US6567814B1 (en) * | 1998-08-26 | 2003-05-20 | Thinkanalytics Ltd | Method and apparatus for knowledge discovery in databases |
US6254000B1 (en) | 1998-11-13 | 2001-07-03 | First Data Corporation | System and method for providing a card transaction authorization fraud warning |
US6424706B1 (en) * | 1999-03-31 | 2002-07-23 | Imagine Networks, Llc | Method and system for transferring telecommunication-time units among accounts and exchanging same for goods or services |
US6526389B1 (en) * | 1999-04-20 | 2003-02-25 | Amdocs Software Systems Limited | Telecommunications system for generating a three-level customer behavior profile and for detecting deviation from the profile to identify fraud |
US6418436B1 (en) * | 1999-12-20 | 2002-07-09 | First Data Corporation | Scoring methodology for purchasing card fraud detection |
US7870065B2 (en) * | 2000-01-05 | 2011-01-11 | Uniteller Financial Services, Inc. | Money-transfer techniques |
US6917940B1 (en) * | 2000-03-10 | 2005-07-12 | Hewlett-Packard Development Company, L.P. | Olap-based customer behavior profiling method and system |
US6678666B1 (en) * | 2000-06-05 | 2004-01-13 | Van W. Boulware | Method of conducting anti-fraud electronic bank security transactions having price-date-time variables and calculating apparatus thereof |
US6736314B2 (en) * | 2000-06-09 | 2004-05-18 | Telecom Usa | Methods and systems for transferring funds |
GB0029229D0 (en) * | 2000-11-30 | 2001-01-17 | Unisys Corp | Counter measures for irregularities in financial transactions |
US6651055B1 (en) * | 2001-03-01 | 2003-11-18 | Lawson Software, Inc. | OLAP query generation engine |
US20020138417A1 (en) * | 2001-03-20 | 2002-09-26 | David Lawrence | Risk management clearinghouse |
US7386510B2 (en) * | 2001-09-07 | 2008-06-10 | First Data Corporation | System and method for detecting fraudulent calls |
US8412633B2 (en) * | 2002-03-04 | 2013-04-02 | The Western Union Company | Money transfer evaluation systems and methods |
US7313545B2 (en) * | 2001-09-07 | 2007-12-25 | First Data Corporation | System and method for detecting fraudulent calls |
US9076134B2 (en) * | 2001-10-15 | 2015-07-07 | Chequepoint Franchise Corporation | Computerized money transfer system and method |
CA2364142A1 (en) * | 2001-11-30 | 2003-05-30 | Ibm Canada Limited-Ibm Canada Limitee | Authorizing multiple categories of card based financial transactions |
US20040117316A1 (en) * | 2002-09-13 | 2004-06-17 | Gillum Alben Joseph | Method for detecting suspicious transactions |
US7590658B2 (en) * | 2004-09-30 | 2009-09-15 | Deloitte Development Llc | System, software and method for examining a database in a forensic accounting environment |
US7797320B2 (en) * | 2005-03-15 | 2010-09-14 | Hyperion Solutions Corporation | Dimensionality reduction |
-
2002
- 2002-03-04 US US10/091,000 patent/US8412633B2/en active Active
-
2003
- 2003-02-21 WO PCT/US2003/007274 patent/WO2003077181A1/en not_active Application Discontinuation
- 2003-02-21 AU AU2003223235A patent/AU2003223235A1/en not_active Abandoned
- 2003-05-07 US US10/434,409 patent/US8417600B2/en active Active
-
2006
- 2006-09-26 US US11/535,362 patent/US20070073617A1/en not_active Abandoned
-
2013
- 2013-03-08 US US13/791,238 patent/US20130262297A1/en not_active Abandoned
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4317957A (en) * | 1980-03-10 | 1982-03-02 | Marvin Sendrow | System for authenticating users and devices in on-line transaction networks |
US6212266B1 (en) * | 1996-03-29 | 2001-04-03 | British Telecommunications Public Limited Company | Fraud prevention in a telecommunications network |
US6208720B1 (en) * | 1998-04-23 | 2001-03-27 | Mci Communications Corporation | System, method and computer program product for a dynamic rules-based threshold engine |
US6373932B2 (en) * | 1999-05-03 | 2002-04-16 | Hewlett-Packard Company | Configuration tracking system |
US6516056B1 (en) * | 2000-01-07 | 2003-02-04 | Vesta Corporation | Fraud prevention system and method |
US20030135457A1 (en) * | 2002-09-06 | 2003-07-17 | Stewart Whitney Hilton | Method and apparatus for providing online financial account services |
Non-Patent Citations (1)
Title |
---|
White; How Computers Work; 7th Edition (Year: 2004) * |
Also Published As
Publication number | Publication date |
---|---|
AU2003223235A1 (en) | 2003-09-22 |
US20070073617A1 (en) | 2007-03-29 |
WO2003077181A1 (en) | 2003-09-18 |
US8417600B2 (en) | 2013-04-09 |
US20030220878A1 (en) | 2003-11-27 |
US20030167237A1 (en) | 2003-09-04 |
US8412633B2 (en) | 2013-04-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8417600B2 (en) | Systems and methods for graduated suspicious activity detection | |
US20230177635A1 (en) | System, Method and Computer Program Product for Assessing Risk of Identity Theft | |
US11205160B2 (en) | Electronic payment and authentication system with debit and identification data verification and electronic check capabilities | |
US7313545B2 (en) | System and method for detecting fraudulent calls | |
US8296232B2 (en) | Systems and methods for screening payment transactions | |
US7620592B2 (en) | Tiered processing method and system for identifying and mitigating merchant risk | |
CA2615683C (en) | Identification and risk evaluation | |
US8170953B1 (en) | Systems and method for screening payment transactions | |
US20160292692A1 (en) | Apparatus including data bearing medium for reducing fraud in payment transactions using a black list | |
US8433647B1 (en) | Method and system for processing electronic checks | |
US20060282270A1 (en) | Identity verification noise filter systems and methods | |
AU2016201497A1 (en) | Method and system for identity theft prevention, detection and victim assistance |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: FINAL REJECTION MAILED |
|
STCV | Information on status: appeal procedure |
Free format text: NOTICE OF APPEAL FILED |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |