US20230044595A1 - Data-Driven Machine-Learning Theft Detection - Google Patents
Data-Driven Machine-Learning Theft Detection Download PDFInfo
- Publication number
- US20230044595A1 US20230044595A1 US17/966,358 US202217966358A US2023044595A1 US 20230044595 A1 US20230044595 A1 US 20230044595A1 US 202217966358 A US202217966358 A US 202217966358A US 2023044595 A1 US2023044595 A1 US 2023044595A1
- Authority
- US
- United States
- Prior art keywords
- transaction
- theft
- current
- terminal
- prediction value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000010801 machine learning Methods 0.000 title claims abstract description 43
- 238000001514 detection method Methods 0.000 title description 13
- 238000000034 method Methods 0.000 claims description 37
- 238000012545 processing Methods 0.000 claims description 31
- 238000012552 review Methods 0.000 claims description 17
- 238000012549 training Methods 0.000 claims description 10
- 238000004458 analytical method Methods 0.000 claims description 3
- 230000000977 initiatory effect Effects 0.000 claims 1
- 238000012795 verification Methods 0.000 abstract 1
- 235000009508 confectionery Nutrition 0.000 description 12
- 235000015055 Talinum crassifolium Nutrition 0.000 description 8
- 244000010375 Talinum crassifolium Species 0.000 description 8
- 238000010586 diagram Methods 0.000 description 8
- 230000000694 effects Effects 0.000 description 3
- 238000012550 audit Methods 0.000 description 2
- 238000011156 evaluation Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000010191 image analysis Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 239000004570 mortar (masonry) Substances 0.000 description 1
- 230000002250 progressing effect Effects 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4016—Transaction verification involving fraud or risk level assessment in transaction processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/20—Point-of-sale [POS] network systems
- G06Q20/203—Inventory monitoring
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/20—Point-of-sale [POS] network systems
- G06Q20/206—Point-of-sale [POS] network systems comprising security or operator identification provisions, e.g. password entry
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/20—Point-of-sale [POS] network systems
- G06Q20/208—Input by product or record sensing, e.g. weighing or scanner processing
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07G—REGISTERING THE RECEIPT OF CASH, VALUABLES, OR TOKENS
- G07G1/00—Cash registers
- G07G1/0036—Checkout procedures
- G07G1/0045—Checkout procedures with a code reader for reading of an identifying code of the article to be registered, e.g. barcode reader or radio-frequency identity [RFID] reader
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07G—REGISTERING THE RECEIPT OF CASH, VALUABLES, OR TOKENS
- G07G1/00—Cash registers
- G07G1/0036—Checkout procedures
- G07G1/0045—Checkout procedures with a code reader for reading of an identifying code of the article to be registered, e.g. barcode reader or radio-frequency identity [RFID] reader
- G07G1/0054—Checkout procedures with a code reader for reading of an identifying code of the article to be registered, e.g. barcode reader or radio-frequency identity [RFID] reader with control of supplementary check-parameters, e.g. weight or number of articles
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07G—REGISTERING THE RECEIPT OF CASH, VALUABLES, OR TOKENS
- G07G3/00—Alarm indicators, e.g. bells
- G07G3/003—Anti-theft control
Definitions
- Retailers are continuously attempting to improve security in an ongoing effort to reduce in-store theft, which remains a major concern in the industry.
- retailers In addition to consumer theft, retailers must deal with employee theft.
- employee theft is a larger problem in the industry than is consumer theft. This is because employees know the retailer's internal procedures and the location of security resources, such that detection becomes more difficult to detect for knowledgeable employees.
- Sweet hearting One area where substantial sums of money are lost each year, is cashier theft, which is often referred to as “sweet hearting.”
- Sweet hearing is the unauthorized giving away of merchandise without charge to a customer that is a friend, family member, or fellow employee of the cashier by fake scan or intentional incorrect ring-up of merchandise during the checkout process.
- Sweet hearting is the most common type of cashier fraud and it is the largest contributor to retail losses in the industry.
- the only way to detect sweet hearting is for the theft to be witnessed in person or for the theft to be captured on a video feed of the cashier's area.
- Real-time evaluation of video is difficult because of the amount of image processing which must occur.
- most video feeds are not evaluated at all due to the vast amount of effort that it takes for evaluation.
- not all stores are equipped with the proper video equipment and/or many stores lack the requisite computing hardware and software to perform automated image analysis. Some retailers manually review video feeds of past transactions in an effort to detect sweet hearting. Video storage may also be problematic for some smaller retailers.
- a method for data-driven machine learning theft detection is presented. Specifically, and in one aspect, item details for items of a transaction are received as input during processing of the transaction at a transaction terminal. A theft prediction value is produced as output based on the item details.
- FIG. 1 is a diagram of a system for data-driven machine learning theft detection, according to an example embodiment.
- FIG. 2 is a diagram of a method for data-driven machine learning theft detection, according to an example embodiment.
- FIG. 3 is a diagram of another method data-driven machine learning theft detection, according to an example embodiment.
- FIG. 4 is a diagram of another system for data-driven machine learning theft detection, according to an example embodiment.
- FIG. 1 is a diagram of a system 100 for data-driven machine learning theft detection, according to an example embodiment. It is to be noted that the components are shown schematically in greatly simplified form, with only those components relevant to understanding of the embodiments being illustrated.
- the system 100 provides a mechanism by which a machine-learning algorithm can be trained with transaction item information (basket data) for purposes of predicting whether a transaction is likely to have engaged in theft by incorrectly entering item information or failing to properly scan an item of the transaction. That is, the machine-learning algorithm is data-driven based on the actual items scanned for a transaction and predicts when an item was not scanned. This can be done without video analysis of the transaction but can also be used in cooperating with video-based transaction analysis.
- the system 100 includes, an enterprise data store 110 , an online enterprise store interface 120 , a plurality of transaction terminals 130 , user devices 140 , a plurality of customer service terminals 150 , a machine-learning trainer 160 , a machine-learning sweetheart predictor (herein after just “predictor”) 170 , and a reporter/notifier 180 .
- an enterprise data store 110 an online enterprise store interface 120 , a plurality of transaction terminals 130 , user devices 140 , a plurality of customer service terminals 150 , a machine-learning trainer 160 , a machine-learning sweetheart predictor (herein after just “predictor”) 170 , and a reporter/notifier 180 .
- predictor machine-learning sweetheart predictor
- the trainer 160 , the predictor 170 , and the reporter/notifier 180 are executable instructions that reside in a non-transitory computer-readable storage medium.
- the executable instructions are executed by one or more hardware processors of computing devices. This causes the processed to perform the processing discussed herein and below for 160 - 180 .
- the online enterprise store interface 120 , the transaction terminals 130 , user devices 140 , and customer service terminals 150 comprise a plurality of hardware devices that execute software as services provided throughout the enterprise over one or more networks (wired, wireless, and/or a combination of wired and wireless).
- the enterprise data store 110 captures data gathered throughout the enterprise by the services.
- One type of data housed in the data store 110 includes transaction data for transactions conducted on the transaction terminals.
- the transaction data includes sale price, item detail, transaction date, transaction time of day, transaction day of week, store identifiers for stores associated with each transaction, transaction terminal identifiers, and the like.
- the data store 110 also includes item inventory, item description, item store location, item shelf location within the store, product categories, product catalogue, etc.
- the data store 110 may also include a variety of other data such as customer item returns, customer visits to service terminals 150 , customer visits to online stores of the enterprise, customer visits to brick-and-mortar stores of the enterprise, customer account details, holiday dates, weather in a particular location on a particular date, sporting event on a given date, any catastrophic newsworthy events observed for a given date.
- the enterprise data 110 includes historical transaction data for the enterprise that spans one to several years' worth of transaction data.
- the trainer 160 is used to train the predictor 170 against a configurable amount of transaction data (this can range from a few months of historical transaction data for a large retailer or a few years of transaction data for a small retailer). Historical transactions that were known to have had sweet hearting theft are pre-identified in the training transaction data.
- the items for each of the training transactions include product catalogue classifications.
- the basket data for each transaction (the items and their product catalogue classifications) are passed as parameters or factors to the predictor 170 along with an indication as to whether a given transaction was known to have been associated with sweet hearting theft or known to not have been associated with theft. Other factors and parameters for each training transaction are also provided by the trainer 160 to the predictor 170 .
- Some of these factors/parameters can include: total number of items in a given transaction, total number of voids for the given transaction, fraction of distinct items present in the given transaction, total transaction dollar value for the given transaction, distinct scan interval, Point-Of-Sale (POS— a type of transaction terminal 130 operated by a cashier) identifier/number, type of POS (transaction terminal 130 ), average voided item price for the given transaction, total number of items having more than 1 (number of quantity items), transaction time for the given transaction, item price variance, and transaction duration. It is to be noted that other factors/parameters may be used as well.
- the basket data is a reliable factor in predicting sweet hearting by a cashier at a POS terminal.
- the terms “factors,” parameters,” and “features” may be used interchangeably and synonymously. These terms refer to the input data that is processed by the predictor 170 to make a prediction as to whether a given transaction will or will not have a sweet hearting theft.
- the input data is as described above as the parameters, the most significant of which is the basket data (items in a given transaction) along with each item's corresponding product catalogue classification for a given retailer.
- the predictor 170 is any regression-based algorithm that takes as input the features and the expected output during a training session with the trainer 180 .
- the predictor 170 derives an algorithm that weights each of the features and produces a numeric output on a scale of 0 to 1.0 is an indication that there is not believed to be any risk of sweet hearting with a given transaction, whereas as 1 is an indication that sweet hearing is more than likely present for the given transaction.
- the closer the numeric output of the predictor 170 is to 1 for a given transaction the more confidence that the predictor 170 has that the transaction is associated with sweet hearing theft.
- 80% of the initial training data (1-3 years' worth of transactions for a retailer) is used by the trainer 160 to train the predictor 170 , the remaining 20% of the training data is used to test the accuracy of the predictor 160 .
- the product catalogue is clustered to further reduce item classifications.
- Each item of a given transaction is assigned a produce catalogue classification and a cluster identification. This can be used to further reduce the number of unique product catalogue classifications in the product hierarchy of a give retailer (this also allows for convergence and building of a feasible module).
- the predictor 170 is released for production and integrated into the retailer's transaction processing. As a transaction is progressing the features are extracted and provided as input to the predictor 170 . The predictor 170 produces the numeric output, which can be integrated into the workflow of the retailer for a given transaction. The retailer can set a threshold (for example anything over 80% (0.8)) for comparison against the numeric output of the predictor 170 . When the threshold is met or exceed, the workflow may take exception processing to require a manager to finish the transaction at the transaction terminal or to audit the transaction.
- a threshold for example anything over 80% (0.8)
- the workflow may flag transactions throughout the data based on the threshold for manual review at the end of the day by the retailer.
- the retailer may then review video feeds of each of the flagged transactions to determine whether or not there was any sweet heart theft.
- the verified result can be flagged for the given transaction and used by the trainer 160 to retrain the predictor 170 . In this way, the predictor 170 can be continuously improved for accuracy and continuously retrained.
- the precision (of those flagged transactions the percentage that were actually involved in sweet heart theft) produced by the predictor 170 is continuously improved through ongoing training. Experimentation has shown that the precision of the predictor is 3-4 times better than video analytics in detecting sweet heart theft.
- the workflow of a retailer's transaction is modified to include the numeric output prediction produced by the predictor 170 along with existing transaction video analytics.
- the determinations made through video processing (image analysis) during the transaction can be used as additional training features when the trainer 160 trains the predictor 170 .
- This also provides for improved precision of the predictor 170 .
- the predictor 170 does not have to be reliant in any way on video analytics or image processing (as was discussed above).
- Integration of a given retailer's transaction workflow to include the prediction output numeric of the predictor 170 can be achieved through the reporter/notifier 180 .
- the reporter/notifier 180 compares the numeric prediction for a given transaction against a configured threshold value (as was discussed above) and when the threshold is met or exceeded, a message (or an Application Programming Interface (API) call) is made to either interrupt the workflow for manual transaction approval or to flag the given transaction for later (end-of-day) review.
- End-of-day review is just as beneficial to a retailer because a cashier that engages in sweet heart theft once is very likely to engage in that theft again, which means even if the theft is not caught while it was occurring, future thefts can be avoided.
- video review can confirm the theft, the retailer may be able to still recover the lost sales through the employee (such as through payroll deduction assuming local laws permit such deductions or through legal or regulatory actions initiated against the employee).
- the predictor 170 may be integrated into customer returns at customer service terminals 150 .
- the predictor 170 may be integrated into transactions where employees use mobile user-devices 140 to check out customers (such as by using mobile phones or tablet devices).
- the predictor 170 may be integrated into transactions where employees use a retailer's online interface 120 to check customers out through a browser-based interface.
- the trainer 160 , the predictor 170 , and the reporter/notifier 180 are provided from a cloud processing environment.
- transaction data associated with the enterprise is also maintained in the cloud processing environment.
- modules 160 - 180 are provided as Software-as-a-Service (SaaS) to a given enterprise on a subscription basis.
- SaaS Software-as-a-Service
- the transaction terminals 130 include: a Point-Of-Sale (POS) terminal, a Self-Service Terminal (SST) where a cashier is assisting a customer, and/or a kiosk where a cashier is assisting a customer.
- POS Point-Of-Sale
- SST Self-Service Terminal
- the user devices 140 include: a phone, a tablet, a laptop, and/or a wearable processing device.
- the customer service terminals 150 are desktops, tablets, phones, laptops, and/or transaction terminals 130 configured or being used for customer service operations at any given point in time.
- FIGS. 2 - 4 These and other embodiments are now discussed with reference to the FIGS. 2 - 4 .
- FIG. 2 is a diagram of a method 200 for data-driven machine learning theft detection, according to an example embodiment.
- the software module(s) that implements the method 200 is referred to as a “predictive-theft manager.”
- the predictive-theft manager is implemented as executable instructions programmed and residing within memory and/or a non-transitory computer-readable (processor-readable) storage medium and executed by one or more processors of a device.
- the processor(s) of the device that executes the predictive-theft manager are specifically configured and programmed to process the predictive-theft manager.
- the predictive-theft manager has access to one or more network connections during its processing.
- the network connections can be wired, wireless, or a combination of wired and wireless.
- the device that executes the predictive-theft manager is a server.
- the server is a cloud processing environment that comprises multiple servers cooperating with one another as a single server.
- the server is a Local Area Network (LAN) server.
- LAN Local Area Network
- the device that executes the predictive-theft manager is a network-edge device that is local or on an edge of a LAN of a retail store.
- the predictive-theft manager is all of or some combination of: 160 - 180 .
- the predictive-theft manager is provided as a SaaS to a plurality of enterprises, each enterprise having a subscription relevant to its customers and its provided transaction and customer data.
- the predictive-theft manager receives as input item details for a transaction that is being processed at a transaction terminal.
- the transaction terminal is being operated by a cashier.
- the transaction terminal is any of the transaction terminals 130 discussed above with the FIG. 1 .
- the predictive-theft manager receives a product category that is assigned to each item that is being scanned or entered during the transaction.
- the product categories are received as a portion of the input.
- the predictive-theft manager receives with each product category a cluster identifier that is assigned to that category.
- the categories are further assembled in clusters having assigned cluster identifiers.
- the predictive-theft manager receives transaction metrics for the transaction as another portion of the input. These transaction metrics were discussed above as the features, parameters, or factors.
- the predictive-theft manager produces as output a theft-prediction value based on the item details (basket of items included in the transaction).
- the predictive-theft manager applies weighting values to the items and transaction metrics for the transaction, and the predictive-theft manager calculates the theft-prediction value.
- the predictive-theft manager provides the item details and transaction metrics for the transaction to a trained-machine learning algorithm and receives back from the trained-machine learning algorithm the theft-prediction value.
- the trained-machine learning algorithm is the trained-machine learning algorithm 170 of the FIG. 1 .
- the predictive-theft manager compares the theft-prediction value against a threshold value and when the theft-prediction value meets or exceeds the threshold value, the predictive-theft manager alters a transaction workflow for the transaction.
- the predictive-theft manager interrupts completing of the transaction and requires an override in order for the transaction to complete at the transaction terminal. This embodiment allows for a manager to inspect the items of the transaction to ensure that no theft is in progress with the transaction.
- the predictive-theft manager flags the transaction as potential theft and links transaction video associated with the transaction for subsequent review and a subsequent determination as to whether the transaction had theft or did not have theft.
- the predictive-theft manager receives an indication after the subsequent review as to whether there was actual theft or no theft that took place with the transaction.
- the predictive-theft manager retains a machine-learning algorithm associated with the processing at 220 using the item details for the transaction, transaction metrics for the transaction, and the indication. In this way, the precision of the predictive-theft manager is continuously improving.
- FIG. 3 is a diagram of another method 300 for data-driven machine learning theft detection, according to an example embodiment.
- the software module(s) that implements the method 300 is referred to as a “sweet-hearting predictor.”
- the sweet-hearting predictor is implemented as executable instructions programmed and residing within memory and/or a non-transitory computer-readable (processor-readable) storage medium and executed by one or more processors of a device.
- the processors that execute the sweet-hearting predictor are specifically configured and programmed to process the sweet-hearting predictor.
- the sweet-hearting predictor has access to one or more network connections during its processing.
- the network connections can be wired, wireless, or a combination of wired and wireless.
- the device that executes the sweet-hearting predictor is a server.
- the server is a cloud processing environment that comprises multiple servers cooperating with one another as a single server.
- the server is a LAN server that is local to a retail store.
- the device that executes the sweet-hearting predictor is a network-edge device that is on the edge of a LAN for a retail store.
- the sweet-hearting predictor is all or some combination of: 160 , 170 , 180 , and/or the method 200 .
- the sweet-hearting predictor presents another and, in some ways, enhanced processing perspective to that which was described above with the FIG. 2 .
- the sweet-hearting predictor trains a machine-learning algorithm on basket data for items of transactions.
- the sweet-hearting predictor provides item categories, category cluster identifiers, and transaction details for each transaction as input to the machine-learning algorithm along with an expected results for each transaction.
- the sweet-hearting predictor produces a trained-machine learning algorithm.
- the sweet-hearting predictor integrates the trained-machine learning algorithm into a transaction workflow associated with processing subsequent transactions.
- the processing at 310 , 311 , 320 , and 321 is performed by the trainer 160 of the FIG. 1 .
- the sweet-hearting predictor provides the trained-machine learning algorithm with a given set of basket data for a given transaction that is being processed at a transaction terminal.
- the sweet-hearting predictor receives as output from the trained-machine learning algorithm a sweet-hearting prediction value as an indication as to whether a cashier associated with the given transaction is engaged in theft of not during the transaction by not properly scanning items (missing items by not scanning them or entering wrong details for items).
- the sweet-hearting predictor flags the given transaction as a flagged transaction when the sweet-hearting prediction value meets or exceeds a predefined threshold value.
- the sweet-hearting predictor retrains the trained-machine learning algorithm when an indication is received indicating whether the cashier was confirmed to have committed theft or was confirmed to have not engaged in any theft. That is, once a review is done the results of the review are fed back into the trained-machine learning algorithm to continuously train and improve the precision of the algorithm.
- the sweet-hearting predictor links the flagged transaction with video captured for the given transaction. This allows the transaction to be manually reviewed or reviewed through image processing to determine if the trained-machine learning algorithm had correctly predicted sweet-hearting by the cashier or not.
- the sweet-hearting predictor interrupts the given transaction and prevents the given transaction from concluding until an override is received, which confirms that an audit was conducted on the transaction.
- the sweet-hearting predictor generates a report associated with the cashier that includes the flagged transaction and additional flagged transactions for the cashier when a total number of flagged transactions exceeds a configured amount within a given period of time. That is, different reports can be generated to identify those cashiers considered most likely to be engaged in sweet-hearting activities during checkouts with different configurable criteria.
- FIG. 4 is a diagram of a system 400 for data-driven machine learning theft detection, according to an example embodiment.
- the system 400 includes a variety of hardware components and software components.
- the software components of the system 400 are programmed and reside within memory and/or a non-transitory computer-readable medium and execute on one or more processors of the system 400 .
- the system 400 communicates over one or more networks, which can be wired, wireless, or a combination of wired and wireless.
- system 400 implements, inter alia, the processing described above with the FIGS. 1 - 3 .
- the system 400 is the system 100 .
- the system 400 includes a processing device 401 , a trainer 402 , and a transaction theft manager 403 .
- the processing device 401 is a server.
- the server is a collection of servers that cooperate as a cloud processing environment.
- the processing device 401 is a network edge device.
- the trainer 402 is a set of executable instructions that is executed on one or more hardware processors of the processing device 401 from a non-transitory computer-readable storage medium or memory.
- the transaction theft manager 403 is also a set of executable instructions that is executed on one more hardware processors of the processing device 401 from a non-transitory computer-readable storage medium or memory.
- the trainer 402 when executed by the processor(s) of the device 401 , is configured to cause the processor to: 1) obtain basket data for historical transactions; 2) assign item categories to items in the basket data for each historical transaction; and 3) train the transaction theft manager 403 with indications assigned to each historical transaction that indicate whether there was theft or there was not theft along with the basket data and the categories for each historical transaction.
- the trainer 402 trains the transaction theft manager 403 to detect transaction theft based on the basket data and the item categories.
- the transaction theft manager 403 is a machine-learning algorithm that derives an algorithm based on the basket data, the item categories, and transaction details for the historical transactions.
- the trainer 402 is the trainer 160 .
- the transaction theft manager 403 when executed by the processor(s) of the device 401 , is configured to cause the processor to: receive real-time basket data for in-progress transactions along with assigned item categories; and produce theft prediction values for each in-progress transaction.
- the transaction theft manager 403 when executed by the processor(s) of the device 401 , is further configured to cause the processor to: interrupt any of the in-progress transactions based on the theft prediction values and/or link video associated with any of the in-progress transactions based on the theft prediction values.
- the device 401 is a cloud-based device that provides a user-facing interface to a user over a network to configure the trainer 402 and the transaction theft manager 403 for the given product catalogue at a given retail store and to supply or identify a transaction data store for obtaining the transaction data for that given retailer.
- modules are illustrated as separate modules, but may be implemented as homogenous code, as individual components, some, but not all of these modules may be combined, or the functions may be implemented in software structured in any other convenient manner.
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Finance (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Data Mining & Analysis (AREA)
- Medical Informatics (AREA)
- Mathematical Physics (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Artificial Intelligence (AREA)
- Evolutionary Computation (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Description
- This application is a continuation of U.S. patent application Ser. No. 16/555,775, filed Aug. 29, 2019, which application and publication is incorporated herein by reference in its entirety.
- Retailers are continuously attempting to improve security in an ongoing effort to reduce in-store theft, which remains a major concern in the industry. In addition to consumer theft, retailers must deal with employee theft. In fact, employee theft is a larger problem in the industry than is consumer theft. This is because employees know the retailer's internal procedures and the location of security resources, such that detection becomes more difficult to detect for knowledgeable employees.
- One area where substantial sums of money are lost each year, is cashier theft, which is often referred to as “sweet hearting.” Sweet hearing is the unauthorized giving away of merchandise without charge to a customer that is a friend, family member, or fellow employee of the cashier by fake scan or intentional incorrect ring-up of merchandise during the checkout process. Sweet hearting is the most common type of cashier fraud and it is the largest contributor to retail losses in the industry.
- Typically, the only way to detect sweet hearting is for the theft to be witnessed in person or for the theft to be captured on a video feed of the cashier's area. Real-time evaluation of video is difficult because of the amount of image processing which must occur. In fact, most video feeds are not evaluated at all due to the vast amount of effort that it takes for evaluation. Furthermore, not all stores are equipped with the proper video equipment and/or many stores lack the requisite computing hardware and software to perform automated image analysis. Some retailers manually review video feeds of past transactions in an effort to detect sweet hearting. Video storage may also be problematic for some smaller retailers.
- In various embodiments, methods and a system for data-driven machine learning theft detection are presented.
- According to an embodiment, a method for data-driven machine learning theft detection is presented. Specifically, and in one aspect, item details for items of a transaction are received as input during processing of the transaction at a transaction terminal. A theft prediction value is produced as output based on the item details.
-
FIG. 1 is a diagram of a system for data-driven machine learning theft detection, according to an example embodiment. -
FIG. 2 is a diagram of a method for data-driven machine learning theft detection, according to an example embodiment. -
FIG. 3 is a diagram of another method data-driven machine learning theft detection, according to an example embodiment. -
FIG. 4 is a diagram of another system for data-driven machine learning theft detection, according to an example embodiment. -
FIG. 1 is a diagram of asystem 100 for data-driven machine learning theft detection, according to an example embodiment. It is to be noted that the components are shown schematically in greatly simplified form, with only those components relevant to understanding of the embodiments being illustrated. - Furthermore, the various components (that are identified in the
FIG. 1 ) are illustrated and the arrangement of the components is presented for purposes of illustration only. It is to be noted that other arrangements with more or less components are possible without departing from the teachings of data-driven machine learning theft detection presented herein and below. - The
system 100 provides a mechanism by which a machine-learning algorithm can be trained with transaction item information (basket data) for purposes of predicting whether a transaction is likely to have engaged in theft by incorrectly entering item information or failing to properly scan an item of the transaction. That is, the machine-learning algorithm is data-driven based on the actual items scanned for a transaction and predicts when an item was not scanned. This can be done without video analysis of the transaction but can also be used in cooperating with video-based transaction analysis. - The
system 100 includes, anenterprise data store 110, an onlineenterprise store interface 120, a plurality oftransaction terminals 130, user devices 140, a plurality ofcustomer service terminals 150, a machine-learning trainer 160, a machine-learning sweetheart predictor (herein after just “predictor”) 170, and a reporter/notifier 180. - The
trainer 160, thepredictor 170, and the reporter/notifier 180 are executable instructions that reside in a non-transitory computer-readable storage medium. The executable instructions are executed by one or more hardware processors of computing devices. This causes the processed to perform the processing discussed herein and below for 160-180. - The online
enterprise store interface 120, thetransaction terminals 130, user devices 140, andcustomer service terminals 150 comprise a plurality of hardware devices that execute software as services provided throughout the enterprise over one or more networks (wired, wireless, and/or a combination of wired and wireless). - The
enterprise data store 110 captures data gathered throughout the enterprise by the services. One type of data housed in thedata store 110 includes transaction data for transactions conducted on the transaction terminals. The transaction data includes sale price, item detail, transaction date, transaction time of day, transaction day of week, store identifiers for stores associated with each transaction, transaction terminal identifiers, and the like. Thedata store 110 also includes item inventory, item description, item store location, item shelf location within the store, product categories, product catalogue, etc. Further, thedata store 110 may also include a variety of other data such as customer item returns, customer visits toservice terminals 150, customer visits to online stores of the enterprise, customer visits to brick-and-mortar stores of the enterprise, customer account details, holiday dates, weather in a particular location on a particular date, sporting event on a given date, any catastrophic newsworthy events observed for a given date. - The
enterprise data 110 includes historical transaction data for the enterprise that spans one to several years' worth of transaction data. - Initially, the
trainer 160 is used to train thepredictor 170 against a configurable amount of transaction data (this can range from a few months of historical transaction data for a large retailer or a few years of transaction data for a small retailer). Historical transactions that were known to have had sweet hearting theft are pre-identified in the training transaction data. The items for each of the training transactions include product catalogue classifications. The basket data for each transaction (the items and their product catalogue classifications) are passed as parameters or factors to thepredictor 170 along with an indication as to whether a given transaction was known to have been associated with sweet hearting theft or known to not have been associated with theft. Other factors and parameters for each training transaction are also provided by thetrainer 160 to thepredictor 170. Some of these factors/parameters can include: total number of items in a given transaction, total number of voids for the given transaction, fraction of distinct items present in the given transaction, total transaction dollar value for the given transaction, distinct scan interval, Point-Of-Sale (POS— a type oftransaction terminal 130 operated by a cashier) identifier/number, type of POS (transaction terminal 130), average voided item price for the given transaction, total number of items having more than 1 (number of quantity items), transaction time for the given transaction, item price variance, and transaction duration. It is to be noted that other factors/parameters may be used as well. - Through experimentation it was determined that there is a strong correlation between the basket of items and their corresponding product catalogue classifications and sweet heart theft. Thus, the basket data is a reliable factor in predicting sweet hearting by a cashier at a POS terminal.
- As used herein the terms “factors,” parameters,” and “features” may be used interchangeably and synonymously. These terms refer to the input data that is processed by the
predictor 170 to make a prediction as to whether a given transaction will or will not have a sweet hearting theft. The input data is as described above as the parameters, the most significant of which is the basket data (items in a given transaction) along with each item's corresponding product catalogue classification for a given retailer. - The
predictor 170 is any regression-based algorithm that takes as input the features and the expected output during a training session with thetrainer 180. Thepredictor 170 derives an algorithm that weights each of the features and produces a numeric output on a scale of 0 to 1.0 is an indication that there is not believed to be any risk of sweet hearting with a given transaction, whereas as 1 is an indication that sweet hearing is more than likely present for the given transaction. Thus, the closer the numeric output of thepredictor 170 is to 1 for a given transaction, the more confidence that thepredictor 170 has that the transaction is associated with sweet hearing theft. - In an embodiment, 80% of the initial training data (1-3 years' worth of transactions for a retailer) is used by the
trainer 160 to train thepredictor 170, the remaining 20% of the training data is used to test the accuracy of thepredictor 160. - In an embodiment, the product catalogue is clustered to further reduce item classifications. Each item of a given transaction is assigned a produce catalogue classification and a cluster identification. This can be used to further reduce the number of unique product catalogue classifications in the product hierarchy of a give retailer (this also allows for convergence and building of a feasible module).
- Once fully trained, the
predictor 170 is released for production and integrated into the retailer's transaction processing. As a transaction is progressing the features are extracted and provided as input to thepredictor 170. Thepredictor 170 produces the numeric output, which can be integrated into the workflow of the retailer for a given transaction. The retailer can set a threshold (for example anything over 80% (0.8)) for comparison against the numeric output of thepredictor 170. When the threshold is met or exceed, the workflow may take exception processing to require a manager to finish the transaction at the transaction terminal or to audit the transaction. - In an embodiment, the workflow may flag transactions throughout the data based on the threshold for manual review at the end of the day by the retailer. The retailer may then review video feeds of each of the flagged transactions to determine whether or not there was any sweet heart theft. When manual review or even real-time approval of a transaction shows that there was sweet heart activity or that there was not sweet heart activity, the verified result can be flagged for the given transaction and used by the
trainer 160 to retrain thepredictor 170. In this way, thepredictor 170 can be continuously improved for accuracy and continuously retrained. - The precision (of those flagged transactions the percentage that were actually involved in sweet heart theft) produced by the
predictor 170 is continuously improved through ongoing training. Experimentation has shown that the precision of the predictor is 3-4 times better than video analytics in detecting sweet heart theft. - In an embodiment, the workflow of a retailer's transaction is modified to include the numeric output prediction produced by the
predictor 170 along with existing transaction video analytics. In such situations, the determinations made through video processing (image analysis) during the transaction can be used as additional training features when thetrainer 160 trains thepredictor 170. This also provides for improved precision of thepredictor 170. Although, it is noted that thepredictor 170 does not have to be reliant in any way on video analytics or image processing (as was discussed above). - Integration of a given retailer's transaction workflow to include the prediction output numeric of the
predictor 170 can be achieved through the reporter/notifier 180. The reporter/notifier 180 compares the numeric prediction for a given transaction against a configured threshold value (as was discussed above) and when the threshold is met or exceeded, a message (or an Application Programming Interface (API) call) is made to either interrupt the workflow for manual transaction approval or to flag the given transaction for later (end-of-day) review. End-of-day review is just as beneficial to a retailer because a cashier that engages in sweet heart theft once is very likely to engage in that theft again, which means even if the theft is not caught while it was occurring, future thefts can be avoided. Still further, if video review can confirm the theft, the retailer may be able to still recover the lost sales through the employee (such as through payroll deduction assuming local laws permit such deductions or through legal or regulatory actions initiated against the employee). - In an embodiment, the
predictor 170 may be integrated into customer returns atcustomer service terminals 150. - In an embodiment, the
predictor 170 may be integrated into transactions where employees use mobile user-devices 140 to check out customers (such as by using mobile phones or tablet devices). - In an embodiment, the
predictor 170 may be integrated into transactions where employees use a retailer'sonline interface 120 to check customers out through a browser-based interface. - In an embodiment, the
trainer 160, thepredictor 170, and the reporter/notifier 180 are provided from a cloud processing environment. In an embodiment, transaction data associated with the enterprise is also maintained in the cloud processing environment. - In an embodiment, modules 160-180 are provided as Software-as-a-Service (SaaS) to a given enterprise on a subscription basis.
- In an embodiment, the
transaction terminals 130 include: a Point-Of-Sale (POS) terminal, a Self-Service Terminal (SST) where a cashier is assisting a customer, and/or a kiosk where a cashier is assisting a customer. - In an embodiment, the user devices 140 include: a phone, a tablet, a laptop, and/or a wearable processing device.
- In an embodiment, the
customer service terminals 150 are desktops, tablets, phones, laptops, and/ortransaction terminals 130 configured or being used for customer service operations at any given point in time. - These and other embodiments are now discussed with reference to the
FIGS. 2-4 . -
FIG. 2 is a diagram of amethod 200 for data-driven machine learning theft detection, according to an example embodiment. The software module(s) that implements themethod 200 is referred to as a “predictive-theft manager.” The predictive-theft manager is implemented as executable instructions programmed and residing within memory and/or a non-transitory computer-readable (processor-readable) storage medium and executed by one or more processors of a device. The processor(s) of the device that executes the predictive-theft manager are specifically configured and programmed to process the predictive-theft manager. The predictive-theft manager has access to one or more network connections during its processing. The network connections can be wired, wireless, or a combination of wired and wireless. - In an embodiment, the device that executes the predictive-theft manager is a server. In an embodiment, the server is a cloud processing environment that comprises multiple servers cooperating with one another as a single server. In an embodiment, the server is a Local Area Network (LAN) server.
- In an embodiment, the device that executes the predictive-theft manager is a network-edge device that is local or on an edge of a LAN of a retail store.
- In an embodiment, the predictive-theft manager is all of or some combination of: 160-180.
- In an embodiment, the predictive-theft manager is provided as a SaaS to a plurality of enterprises, each enterprise having a subscription relevant to its customers and its provided transaction and customer data.
- At 210, the predictive-theft manager receives as input item details for a transaction that is being processed at a transaction terminal. The transaction terminal is being operated by a cashier. In an embodiment, the transaction terminal is any of the
transaction terminals 130 discussed above with theFIG. 1 . - In an embodiment, at 211, the predictive-theft manager receives a product category that is assigned to each item that is being scanned or entered during the transaction. The product categories are received as a portion of the input.
- In an embodiment of 211 and at 212, the predictive-theft manager receives with each product category a cluster identifier that is assigned to that category. In other words, the categories are further assembled in clusters having assigned cluster identifiers.
- In an embodiment of 212 and at 213, the predictive-theft manager receives transaction metrics for the transaction as another portion of the input. These transaction metrics were discussed above as the features, parameters, or factors.
- At 220, the predictive-theft manager produces as output a theft-prediction value based on the item details (basket of items included in the transaction).
- In an embodiment, at 221, the predictive-theft manager applies weighting values to the items and transaction metrics for the transaction, and the predictive-theft manager calculates the theft-prediction value.
- In an embodiment, at 222, the predictive-theft manager provides the item details and transaction metrics for the transaction to a trained-machine learning algorithm and receives back from the trained-machine learning algorithm the theft-prediction value. In an embodiment, the trained-machine learning algorithm is the trained-
machine learning algorithm 170 of theFIG. 1 . - In an embodiment of 222 and at 223, the predictive-theft manager compares the theft-prediction value against a threshold value and when the theft-prediction value meets or exceeds the threshold value, the predictive-theft manager alters a transaction workflow for the transaction.
- In an embodiment of 223 and at 224, the predictive-theft manager interrupts completing of the transaction and requires an override in order for the transaction to complete at the transaction terminal. This embodiment allows for a manager to inspect the items of the transaction to ensure that no theft is in progress with the transaction.
- In an embodiment of 223 and at 225, the predictive-theft manager flags the transaction as potential theft and links transaction video associated with the transaction for subsequent review and a subsequent determination as to whether the transaction had theft or did not have theft.
- In an embodiment of 225 and at 226, the predictive-theft manager receives an indication after the subsequent review as to whether there was actual theft or no theft that took place with the transaction.
- In an embodiment of 226 and at 227, the predictive-theft manager retains a machine-learning algorithm associated with the processing at 220 using the item details for the transaction, transaction metrics for the transaction, and the indication. In this way, the precision of the predictive-theft manager is continuously improving.
-
FIG. 3 is a diagram of anothermethod 300 for data-driven machine learning theft detection, according to an example embodiment. The software module(s) that implements themethod 300 is referred to as a “sweet-hearting predictor.” The sweet-hearting predictor is implemented as executable instructions programmed and residing within memory and/or a non-transitory computer-readable (processor-readable) storage medium and executed by one or more processors of a device. The processors that execute the sweet-hearting predictor are specifically configured and programmed to process the sweet-hearting predictor. The sweet-hearting predictor has access to one or more network connections during its processing. The network connections can be wired, wireless, or a combination of wired and wireless. - In an embodiment, the device that executes the sweet-hearting predictor is a server. In an embodiment, the server is a cloud processing environment that comprises multiple servers cooperating with one another as a single server. In an embodiment, the server is a LAN server that is local to a retail store.
- In an embodiment, the device that executes the sweet-hearting predictor is a network-edge device that is on the edge of a LAN for a retail store.
- In an embodiment, the sweet-hearting predictor is all or some combination of: 160, 170, 180, and/or the
method 200. - The sweet-hearting predictor presents another and, in some ways, enhanced processing perspective to that which was described above with the
FIG. 2 . - At 310, the sweet-hearting predictor trains a machine-learning algorithm on basket data for items of transactions.
- In an embodiment, at 311, the sweet-hearting predictor provides item categories, category cluster identifiers, and transaction details for each transaction as input to the machine-learning algorithm along with an expected results for each transaction.
- At 320, the sweet-hearting predictor produces a trained-machine learning algorithm.
- In an embodiment, at 321, the sweet-hearting predictor integrates the trained-machine learning algorithm into a transaction workflow associated with processing subsequent transactions.
- In an embodiment, the processing at 310, 311, 320, and 321 is performed by the
trainer 160 of theFIG. 1 . - At 330, the sweet-hearting predictor provides the trained-machine learning algorithm with a given set of basket data for a given transaction that is being processed at a transaction terminal.
- At 340, the sweet-hearting predictor receives as output from the trained-machine learning algorithm a sweet-hearting prediction value as an indication as to whether a cashier associated with the given transaction is engaged in theft of not during the transaction by not properly scanning items (missing items by not scanning them or entering wrong details for items).
- At 350, the sweet-hearting predictor flags the given transaction as a flagged transaction when the sweet-hearting prediction value meets or exceeds a predefined threshold value.
- In an embodiment, at 360, the sweet-hearting predictor retrains the trained-machine learning algorithm when an indication is received indicating whether the cashier was confirmed to have committed theft or was confirmed to have not engaged in any theft. That is, once a review is done the results of the review are fed back into the trained-machine learning algorithm to continuously train and improve the precision of the algorithm.
- In an embodiment, at 370, the sweet-hearting predictor links the flagged transaction with video captured for the given transaction. This allows the transaction to be manually reviewed or reviewed through image processing to determine if the trained-machine learning algorithm had correctly predicted sweet-hearting by the cashier or not.
- In an embodiment, at 380, the sweet-hearting predictor interrupts the given transaction and prevents the given transaction from concluding until an override is received, which confirms that an audit was conducted on the transaction.
- In an embodiment, at 390, the sweet-hearting predictor generates a report associated with the cashier that includes the flagged transaction and additional flagged transactions for the cashier when a total number of flagged transactions exceeds a configured amount within a given period of time. That is, different reports can be generated to identify those cashiers considered most likely to be engaged in sweet-hearting activities during checkouts with different configurable criteria.
-
FIG. 4 is a diagram of asystem 400 for data-driven machine learning theft detection, according to an example embodiment. Thesystem 400 includes a variety of hardware components and software components. The software components of thesystem 400 are programmed and reside within memory and/or a non-transitory computer-readable medium and execute on one or more processors of thesystem 400. Thesystem 400 communicates over one or more networks, which can be wired, wireless, or a combination of wired and wireless. - In an embodiment, the
system 400 implements, inter alia, the processing described above with theFIGS. 1-3 . - The
system 400 is thesystem 100. - The
system 400 includes aprocessing device 401, atrainer 402, and atransaction theft manager 403. - In an embodiment, the
processing device 401 is a server. In an embodiment, the server is a collection of servers that cooperate as a cloud processing environment. - In an embodiment, the
processing device 401 is a network edge device. - The
trainer 402 is a set of executable instructions that is executed on one or more hardware processors of theprocessing device 401 from a non-transitory computer-readable storage medium or memory. - The
transaction theft manager 403 is also a set of executable instructions that is executed on one more hardware processors of theprocessing device 401 from a non-transitory computer-readable storage medium or memory. - The
trainer 402, when executed by the processor(s) of thedevice 401, is configured to cause the processor to: 1) obtain basket data for historical transactions; 2) assign item categories to items in the basket data for each historical transaction; and 3) train thetransaction theft manager 403 with indications assigned to each historical transaction that indicate whether there was theft or there was not theft along with the basket data and the categories for each historical transaction. - The
trainer 402 trains thetransaction theft manager 403 to detect transaction theft based on the basket data and the item categories. - The
transaction theft manager 403 is a machine-learning algorithm that derives an algorithm based on the basket data, the item categories, and transaction details for the historical transactions. - In an embodiment, the
trainer 402 is thetrainer 160. - The
transaction theft manager 403, when executed by the processor(s) of thedevice 401, is configured to cause the processor to: receive real-time basket data for in-progress transactions along with assigned item categories; and produce theft prediction values for each in-progress transaction. - In an embodiment, the
transaction theft manager 403, when executed by the processor(s) of thedevice 401, is further configured to cause the processor to: interrupt any of the in-progress transactions based on the theft prediction values and/or link video associated with any of the in-progress transactions based on the theft prediction values. - In an embodiment, the
device 401 is a cloud-based device that provides a user-facing interface to a user over a network to configure thetrainer 402 and thetransaction theft manager 403 for the given product catalogue at a given retail store and to supply or identify a transaction data store for obtaining the transaction data for that given retailer. - It should be appreciated that where software is described in a particular form (such as a component or module) this is merely to aid understanding and is not intended to limit how software that implements those functions may be architected or structured. For example, modules are illustrated as separate modules, but may be implemented as homogenous code, as individual components, some, but not all of these modules may be combined, or the functions may be implemented in software structured in any other convenient manner.
- Furthermore, although the software modules are illustrated as executing on one piece of hardware, the software may be distributed over multiple processors or in any other convenient manner.
- The above description is illustrative, and not restrictive. Many other embodiments will be apparent to those of skill in the art upon reviewing the above description. The scope of embodiments should therefore be determined with reference to the appended claims, along with the full scope of equivalents to which such claims are entitled.
- In the foregoing description of the embodiments, various features are grouped together in a single embodiment for the purpose of streamlining the disclosure. This method of disclosure is not to be interpreted as reflecting that the claimed embodiments have more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive subject matter lies in less than all features of a single disclosed embodiment. Thus, the following claims are hereby incorporated into the Description of the Embodiments, with each claim standing on its own as a separate exemplary embodiment.
Claims (21)
- 2. A method, comprising:assigning item classifications and cluster identifiers to each item in a basket of items being processed at a transaction terminal during a transaction;capturing metrics for the basket of items and transaction actions during the transaction;providing the item classifications, the customer identifiers, and the metrics to a machine-learning algorithm;receiving as output from the machine-learning algorithm a theft prediction value; andintegrating the theft prediction value into a transaction workflow associated with the transaction.
- 3. The method of
claim 2 , wherein integrating further includes causing the transaction workflow to perform exception processing when the theft prediction value is greater than a threshold value. - 4. The method of
claim 3 , wherein causing further includes causing an override to be required at the transaction terminal in order to complete transaction based on the exception processing. - 5. The method of
claim 2 , wherein capturing further includes identifying the transaction actions as operations performed at the transaction terminal by an operator of the terminal during the transaction. - 6. The method of
claim 5 , wherein identifying further includes identifying at least one metric as an operator identifier for the operator. - 6. The method of
claim 2 further comprising, linking video captured of the transaction to the theft prediction value and to the transaction. - 7. The method of
claim 2 further comprising, identifying an indication that no theft was present for the terminal when the theft prediction value exceed a threshold value for the transaction. - 8. The method of
claim 7 further comprising, initiating a training session with the machine-learning algorithm with the item classifications, the customer identifiers, and the metrics provided as input and with an expected output from the machine-learning algorithm being a new theft prediction value that falls below the threshold value. - 9. The method of
claim 2 , wherein integrating further includes interrupting the transaction workflow when the theft prediction value is greater than a threshold value. - 10. The method of
claim 9 , wherein interrupting further includes requesting manual review of the basket of items and transaction details of the transaction before the workflow is permitted to complete the transaction at the transaction terminal. - 11. The method of
claim 2 further comprising, retaining video captured for the transaction, item identifiers for the items of the transaction, transaction details for the transaction, the metrics, and the theft prediction value within a data store for subsequent review of the transaction. - 12. The method of
claim 2 further comprising, processing the method as a software-as-a-service to a transaction system associated with the transaction terminal. - 13. A method, comprising:training a machine-learning algorithm on transaction metrics, classifications, and cluster identifiers associated with baskets of items in transactions to produce theft prediction values for the transactions based on known fraudulent transactions associated with the transactions and known non-fraudulent transactions associated with the transactions;receiving a current basket of items for a current transaction;obtaining current item classifications for the current basket of items;assigning current cluster identifiers for the current basket of items;generating current transaction metrics for the current transaction;providing the current item classifications, the current cluster identifiers, and the current transaction metrics as input to the machine-learning algorithm;receiving a current theft prediction value as output from the machine-learning algorithm; andflagging the current transaction for review when the current theft prediction value exceeds a threshold value.
- 14. The method of
claim 13 further comprising, indexing and storing video associated with the current transaction, the current theft prediction value, current transaction details, and the current transaction metrics in data store for review and analysis after the transaction completes. - 15. The method of
claim 13 further comprising, continuously retraining the machine-learning algorithm based on actual theft detected in subsequent transaction and based on the corresponding theft prediction values provided by the machine-learning algorithm for the subsequent transactions. - 16. The method of
claim 13 further comprising, processing the method during a self-service transaction of a customer who is operating the transaction terminal. - 17. The method of
claim 13 further comprising, processing the method during a customer-assisted transaction where a cashier is operating the transaction terminal to process the transaction on behalf of a customer. - 18. The method of
claim 13 further comprising, generating a report associated with an operator of the transaction terminal, wherein the report comprises transaction identifiers for the transaction and for other transactions of the operator, and the report comprises the corresponding theft prediction values for each of the transactions. - 19. The method of
claim 13 , wherein flagging further includes interrupting the transaction before the transaction completes for immediate review based on the theft prediction value. - 20. A system, comprising:at least one server that comprises at least one processor;a transaction terminal;the at least one processor executes executable instructions that cause the at least one processor to perform operations that comprise:providing item details, transaction metrics, and operator information as input to a machine-learning algorithm for a transaction associated with a basket of items being processed on the transaction terminal by an operator;receiving a theft prediction value as output from machine-learning algorithm;determining whether to interrupt the transaction before the transaction completes on the transaction terminal based on the theft prediction value;determining whether to flag the transaction for review after the transaction completes on the transaction terminal based on the theft prediction value; anddetermining whether to let the transaction complete on the transaction terminal without flagging the transaction based on the theft prediction value.
- 21. The system of
claim 20 , wherein one of: 1) the transaction terminal is a self-service terminal and the operator is a customer performing a self-checkout, or 2) the transaction terminal is a point-of-sale terminal and the operator is a cashier performing a customer-assisted checkout on behalf of the customer.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US17/966,358 US20230044595A1 (en) | 2019-08-29 | 2022-10-14 | Data-Driven Machine-Learning Theft Detection |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/555,775 US11551227B2 (en) | 2019-08-29 | 2019-08-29 | Data-driven machine-learning theft detection |
US17/966,358 US20230044595A1 (en) | 2019-08-29 | 2022-10-14 | Data-Driven Machine-Learning Theft Detection |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/555,775 Continuation US11551227B2 (en) | 2019-08-29 | 2019-08-29 | Data-driven machine-learning theft detection |
Publications (1)
Publication Number | Publication Date |
---|---|
US20230044595A1 true US20230044595A1 (en) | 2023-02-09 |
Family
ID=74681228
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/555,775 Active 2041-03-06 US11551227B2 (en) | 2019-08-29 | 2019-08-29 | Data-driven machine-learning theft detection |
US17/966,358 Pending US20230044595A1 (en) | 2019-08-29 | 2022-10-14 | Data-Driven Machine-Learning Theft Detection |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/555,775 Active 2041-03-06 US11551227B2 (en) | 2019-08-29 | 2019-08-29 | Data-driven machine-learning theft detection |
Country Status (1)
Country | Link |
---|---|
US (2) | US11551227B2 (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2022139709A (en) * | 2021-03-12 | 2022-09-26 | 東芝テック株式会社 | Commodity registration device and program |
US20230005345A1 (en) * | 2021-07-02 | 2023-01-05 | Target Brands, Inc. | Generating watch lists for retail stores based on unstructured data and system-based inferences |
US20230095391A1 (en) * | 2021-09-28 | 2023-03-30 | Ncr Corporation | Self-service terminal (sst) management assistance |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090272801A1 (en) * | 2008-04-30 | 2009-11-05 | Connell Ii Jonathan H | Deterring checkout fraud |
US20120075450A1 (en) * | 2010-09-24 | 2012-03-29 | International Business Machines Corporation | Activity determination as function of transaction log |
US20200104851A1 (en) * | 2018-09-28 | 2020-04-02 | Accenture Global Solutions Limited | Target recognition and verification using image processing techniques and/or artifical intelligence |
Family Cites Families (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6496806B1 (en) * | 1999-12-16 | 2002-12-17 | Samsys Technologies Inc. | Method and system for tracking clustered items |
US8650079B2 (en) * | 2004-02-27 | 2014-02-11 | Accenture Global Services Limited | Promotion planning system |
US7516888B1 (en) * | 2004-06-21 | 2009-04-14 | Stoplift, Inc. | Method and apparatus for auditing transaction activity in retail and other environments using visual recognition |
US7631808B2 (en) * | 2004-06-21 | 2009-12-15 | Stoplift, Inc. | Method and apparatus for detecting suspicious activity using video analysis |
US8494909B2 (en) * | 2009-02-09 | 2013-07-23 | Datalogic ADC, Inc. | Automatic learning in a merchandise checkout system with visual recognition |
JP2011118583A (en) * | 2009-12-02 | 2011-06-16 | Seiko Epson Corp | Injustice degree calculation device, method for controlling injustice degree calculation device and program |
US9218580B2 (en) * | 2010-12-30 | 2015-12-22 | Honeywell International Inc. | Detecting retail shrinkage using behavioral analytics |
US9396621B2 (en) * | 2012-03-23 | 2016-07-19 | International Business Machines Corporation | Systems and methods for false alarm reduction during event detection |
IES20120354A2 (en) * | 2012-08-15 | 2013-12-04 | Everseen | Intelligent retail manager |
US20150039512A1 (en) * | 2014-08-08 | 2015-02-05 | Brighterion, Inc. | Real-time cross-channel fraud protection |
US11830005B2 (en) * | 2020-12-10 | 2023-11-28 | Ncr Corporation | Terminal operator theft detector and analyzer |
-
2019
- 2019-08-29 US US16/555,775 patent/US11551227B2/en active Active
-
2022
- 2022-10-14 US US17/966,358 patent/US20230044595A1/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090272801A1 (en) * | 2008-04-30 | 2009-11-05 | Connell Ii Jonathan H | Deterring checkout fraud |
US20120075450A1 (en) * | 2010-09-24 | 2012-03-29 | International Business Machines Corporation | Activity determination as function of transaction log |
US20200104851A1 (en) * | 2018-09-28 | 2020-04-02 | Accenture Global Solutions Limited | Target recognition and verification using image processing techniques and/or artifical intelligence |
Also Published As
Publication number | Publication date |
---|---|
US20210065189A1 (en) | 2021-03-04 |
US11551227B2 (en) | 2023-01-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20230044595A1 (en) | Data-Driven Machine-Learning Theft Detection | |
US11875355B2 (en) | Fast access vectors in real-time behavioral profiling in fraudulent financial transactions | |
US20190130407A1 (en) | Real-time cross-channel fraud protection | |
US8645250B2 (en) | Rules suggestion engine | |
CN110874778A (en) | Abnormal order detection method and device | |
US20140089193A1 (en) | Replay Engine and Passive Profile/Multiple Model Parallel Scoring | |
US11830005B2 (en) | Terminal operator theft detector and analyzer | |
US20200265437A1 (en) | In situ and network-based transaction classifying systems and methods | |
CN111127178A (en) | Data processing method and device, storage medium and electronic equipment | |
US20220067568A1 (en) | Computer vision transaction monitoring | |
US11961083B2 (en) | Alert controller for loss prevention | |
WO2020023003A1 (en) | System, method, and computer program product for early detection of a merchant data breach through machine-learning analysis | |
US11875353B2 (en) | Supervised machine learning for distinguishing between risky and legitimate actions in transactions | |
US20230087355A1 (en) | System and method for online analysis | |
US11763192B2 (en) | Transaction exception and fraud processing | |
US20240169359A1 (en) | Self-service terminal (sst) item return anti-fraud processing | |
US20140289085A1 (en) | System and Method For Identifying Suspicious Financial Transactions | |
WO2022136692A1 (en) | Method for calculating at least one score representative of a probable activity breakage of a merchant, system, apparatus and corresponding computer program | |
US20220277313A1 (en) | Image-based produce recognition and verification | |
US20230014642A1 (en) | Item return architecture and processing | |
US20230027855A1 (en) | Predictive rescan service | |
US20230029777A1 (en) | Intra transaction item-based sequence modeling for fraud detection | |
US20220092568A1 (en) | Data-driven partial rescan precision booster | |
Takahashi et al. | A study on deliberate presumptions of customer payments with reminder in the absence of face-to-face contact transactions | |
US20230116135A1 (en) | Self-service item exception processing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: NCR CORPORATION, GEORGIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:LASERSON, ITAMAR DAVID;FARBSTEIN, AVISHAY;SHPIGEL, TALI;AND OTHERS;REEL/FRAME:061545/0826 Effective date: 20190909 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: FINAL REJECTION MAILED |
|
AS | Assignment |
Owner name: BANK OF AMERICA, N.A., AS ADMINISTRATIVE AGENT, NORTH CAROLINA Free format text: SECURITY INTEREST;ASSIGNOR:NCR VOYIX CORPORATION;REEL/FRAME:065346/0168 Effective date: 20231016 |
|
AS | Assignment |
Owner name: NCR VOYIX CORPORATION, GEORGIA Free format text: CHANGE OF NAME;ASSIGNOR:NCR CORPORATION;REEL/FRAME:065532/0893 Effective date: 20231013 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE AFTER FINAL ACTION FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: ADVISORY ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: FINAL REJECTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE AFTER FINAL ACTION FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: ADVISORY ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |