WO2019218699A1 - Procédé et appareil de détermination de transaction frauduleuse, dispositif informatique et support d'informations - Google Patents

Procédé et appareil de détermination de transaction frauduleuse, dispositif informatique et support d'informations Download PDF

Info

Publication number
WO2019218699A1
WO2019218699A1 PCT/CN2019/070159 CN2019070159W WO2019218699A1 WO 2019218699 A1 WO2019218699 A1 WO 2019218699A1 CN 2019070159 W CN2019070159 W CN 2019070159W WO 2019218699 A1 WO2019218699 A1 WO 2019218699A1
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
variable
fraud
sample data
current transaction
Prior art date
Application number
PCT/CN2019/070159
Other languages
English (en)
Chinese (zh)
Inventor
石建
陈飞腾
Original Assignee
深圳壹账通智能科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳壹账通智能科技有限公司 filed Critical 深圳壹账通智能科技有限公司
Publication of WO2019218699A1 publication Critical patent/WO2019218699A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/018Certifying business or products
    • G06Q30/0185Product, service or business identity fraud

Definitions

  • the present application relates to a fraudulent transaction determination method, apparatus, computer device and storage medium.
  • some transaction anti-fraud real-time scoring models are generally used to analyze current transactions, such as FICO (a personal credit rating method), SAS (STATISTICAL ANALYSIS SYSTEM, data analysis system, banks can be implemented by deploying SAS fraud management. Fraud analysis), the same anti-fraud model of trading, etc.; however, the inventors realized that these models are less versatile and have lower accuracy in judging fraudulent transactions that occur in actual transactions.
  • a fraudulent transaction determination method is provided.
  • a method for judging a fraudulent transaction comprising:
  • a fraudulent transaction judging device comprising:
  • a data acquisition module for acquiring a current transaction
  • a probability analysis module configured to input the current transaction into a transaction anti-fraud analysis model to obtain a transaction fraud probability of the current transaction
  • a rule identification module configured to identify the current transaction by a pre-stored fraudulent transaction identification rule to obtain a recognition result
  • a result obtaining module configured to determine, according to the transaction fraud probability of the current transaction, the determination whether the current transaction is a fraudulent transaction.
  • a computer device comprising a memory and one or more processors having stored therein computer readable instructions, the computer readable instructions being executable by the processor to cause the one or more processors to execute The following steps:
  • One or more non-transitory computer readable storage mediums storing computer readable instructions, when executed by one or more processors, cause one or more processors to perform the steps of:
  • FIG. 1 is an application scenario diagram of a fraudulent transaction determination method in accordance with one or more embodiments.
  • FIG. 2 is a flow diagram of a fraudulent transaction determination method in accordance with one or more embodiments.
  • FIG. 3 is a flow diagram of a model training step in accordance with one or more embodiments.
  • FIG. 4 is a flow diagram of step S304 of FIG. 3 in accordance with one or more embodiments.
  • FIG. 5 is a block diagram of a fraudulent transaction determining apparatus in accordance with one or more embodiments.
  • FIG. 6 is a block diagram of a computer device in accordance with one or more embodiments.
  • the fraudulent transaction judging method provided by the present application can be applied to the application environment as shown in FIG. 1.
  • the terminal and the server communicate through the network.
  • the terminal obtains the current transaction from the server, inputs the current transaction into the transaction anti-fraud analysis model to obtain the transaction fraud probability of the current transaction, and identifies the current transaction through the fraud transaction identification rule, and the transaction fraud probability and the fraud transaction identification rule of the current transaction.
  • the result of the combination of the two solutions is to determine whether the current transaction is a fraudulent transaction.
  • the terminal can be, but is not limited to, various personal computers, notebook computers, smart phones, tablets, and portable wearable devices.
  • the server can be implemented by a separate server or a server cluster composed of multiple servers.
  • a fraudulent transaction judging method is provided.
  • the method is applied to the terminal in FIG. 1 as an example, and includes the following steps:
  • the current transaction refers to a transaction that needs to determine whether it is a fraudulent transaction. If it is necessary to make fraudulent judgments on multiple transactions, then multiple transactions are subsequently performed as a current transaction in sequence; the current transaction may include the transaction amount of a transaction. , time, account data and other information.
  • the terminal obtains a current transaction from the server that needs to determine whether it is a fraudulent transaction
  • the server may be a business system or other transaction system, wherein the business system may be a transaction website or a database storing transaction data, and other transaction systems may be other cooperative websites, etc. .
  • S204 Enter the current transaction into the transaction anti-fraud analysis model to obtain the transaction fraud probability of the current transaction.
  • the transaction anti-fraud analysis model is a model for analyzing the transaction fraud probability of the input current transaction; the transaction anti-fraud analysis model may be a neural network model or a rule model trained by a technician using historical transaction data as sample data.
  • the probability of transaction fraud is the probability that the terminal judges the current transaction through the transaction anti-fraud analysis model to obtain the current transaction as a fraudulent transaction; the probability of transaction fraud can be displayed in percentage form, and other mathematical representations can also be used.
  • the terminal inputs the acquired current transaction into the transaction anti-fraud analysis model obtained by training the fraud information in the historical transaction data and the historical transaction data as the sample data, and obtains the probability that the current transaction is a fraudulent transaction according to the rule of the model training. .
  • the fraudulent transaction identification rule is a rule based on different transaction characteristics for judging whether the current transaction is a fraudulent transaction.
  • the fraudulent transaction identification rule may include a quota limit rule based on high frequency transactions and a fraud transaction identification rule decision combination based on historical risk transaction feature extraction; the limit limit rule based on high frequency transaction is to view the account for executing the current transaction for a period of time. The number of transactions and the transaction amount.
  • the fraudulent transaction identification rule based on historical risk transaction feature extraction may Is a fraudulent transaction identification rule based on historical transaction information of an account executing the current transaction: if the device of the account has used the device to log in to multiple accounts, or the account that performs the current transaction is performed multiple times in a short time after registration
  • the amount of transactions, etc. can be used as a criterion for judging the current transaction as a fraudulent transaction.
  • the terminal will formulate a fraudulent transaction identification rule pre-existing in the terminal or the server.
  • the terminal may first retrieve the pre-stored fraudulent transaction identification rule to identify the current transaction, and determine whether the current transaction has a fraud risk. .
  • the transaction fraud probability obtained by the current transaction through the transaction anti-fraud analysis model in step S204 is combined with the recognition result of the current transaction by the pre-stored fraudulent transaction identification rule in step S206 to determine whether the current transaction is a fraudulent transaction.
  • the transaction fraud probability obtained by the transaction anti-fraud analysis model is greater than a preset value, it indicates that the current transaction is likely to be a fraudulent transaction; if the pre-stored fraudulent transaction identification rule is identified, the current transaction is also considered as an account. If the data such as information or transaction amount is more suspicious, it can be judged that the current transaction is a fraudulent transaction. Then the terminal submits the current transaction to the verification department for verification. If the verification result determines that the current transaction is a fraudulent transaction, the processing step of warning or blocking the account that initiated the transaction may be performed.
  • the transaction anti-fraud analysis model and the pre-existing fraudulent transaction identification rule have different differences in the judgment result of whether the current transaction is a risk transaction, further verification of the current transaction is required, and the transaction anti-fraud analysis model is checked according to the verification result.
  • the pre-stored fraudulent transaction identification rule determines the reason for the large difference, thereby correcting the transaction anti-fraud analysis model or the fraudulent transaction identification rule.
  • the above fraudulent transaction judging method may also be: first inputting the current transaction into the fraudulent transaction identification rule, and then using the fraudulent transaction identification rule as the reference factor of the transaction anti-fraud analysis model for the current transaction judgment as the reference factor of the current transaction judgment can make the transaction reverse The fraud analysis model more fully analyzes current transactions.
  • the terminal combines the transaction anti-fraud analysis model trained according to the actual transaction with the pre-stored fraudulent transaction identification rule to judge whether the current transaction is a fraudulent transaction, and improves the judgment of the fraudulent transaction occurring in the actual transaction. Accuracy.
  • step S202 in the above fraudulent transaction determination method may further include a step of model training before the current transaction is acquired, and the step of training the model may include:
  • the sample data is transaction data used to train the transaction anti-fraud analysis model, and may be historical data related to the current transaction. For example, when it is necessary to fraudulently judge each single transaction data of this year, the previous year may be used.
  • the transaction data is sample data.
  • the sample data may include positive sample data and negative sample data; the positive sample data is normal transaction data, and since most transactions are normal transactions, the positive sample data may be randomly sampled to extract normal transactions for a period of time.
  • the data of the negative sample data is fraudulent transaction data in the historical transaction data after the business verification; wherein the sample data may include transaction data, card binding data, account opening data, and the like.
  • S304 Clean the sample data, and select a training variable from the cleaned sample data.
  • the training variable is a variable that is input into the random forest algorithm model, such as the transaction amount, the transaction equipment model and other variables.
  • the obtained sample data is cleaned, and the data that does not satisfy the demand is filtered according to the preset cleaning rule; for example, when the sample data of the Apple account is similar to the fraud data type, the sample data that is paid by using the Apple account is excluded. So as not to affect the accuracy of the model.
  • the sample data acquired in step S202 is transaction data, and each transaction may include multiple variables, such as transaction amount, customer name, IP number of the transaction device, serial number, etc., and only need to be extracted when training the transaction anti-fraud analysis model.
  • the variable related to the transaction fraud judgment can be used.
  • the terminal extracts the variables related to the transaction fraud judgment and needs to first filter out the training variables of the input random forest algorithm.
  • multiple variables in the sample data can be excluded from the high correlation variable by the cor function (a function of calculating the correlation coefficient between the columns and columns) in the R language (a computer compiled language) for the sample data Wash it.
  • the cor function a function of calculating the correlation coefficient between the columns and columns
  • the R language a computer compiled language
  • the random forest algorithm model is an algorithm model for selecting the modulo variables from the training variables;
  • the random forest is a classifier containing multiple decision trees; that is, a forest is established in a random manner, and there are many decision trees in the forest. Composition, there is no correlation between each decision tree in a random forest. After getting the forest, when a new input data is entered, each decision tree in the forest is judged separately, and the input data is classified through multiple decision trees.
  • the modulo variable is a variable used to train the transaction anti-fraud analysis model, and is a variable selected by the random forest algorithm model and related to the transaction fraud judgment, such as the transaction amount.
  • the model variable is the variable corresponding to the model variable. If the model variable is the transaction amount, and the model variable is greater than 100,000 yuan, the probability of this transaction being a fraudulent transaction is 70%.
  • the training variable is input into the random forest algorithm model, and the importance of the judgment result of each training variable on the transaction fraud probability is analyzed by using multiple decision trees in the algorithm, and finally the training variable whose importance is greater than the preset value is obtained as The modulo variable and the modulo variable corresponding to the modulo variable used to calculate the probability of transaction fraud.
  • the preset initial neural network model may be acquired and trained.
  • the initial neural network is trained according to the modulo variable obtained in step S306 and the modulo variable corresponding to the modulo variable, and a transaction anti-fraud analysis model capable of calculating the transaction fraud probability of the input current transaction is obtained.
  • the model is selected according to the trained random forest algorithm model, and the corresponding model variables are selected, and the initial neural network model is trained to obtain an accurate judgment input.
  • the transaction anti-fraud analysis model of the transaction fraud probability of the current transaction since the sample data is historical transaction data related to the current transaction, the calculation of the transaction fraud probability of the current transaction is more accurate.
  • the step S304 in the fraudulent transaction determination method that is, the step of cleaning the sample data and selecting the training variable from the cleaned sample data may include:
  • S402. Acquire data whose content is empty, and identify a data type corresponding to the data whose content is empty.
  • the data with empty content may be data with NULL value in the data;
  • the data type is one or more types of data for which the content of the corresponding replacement logic is empty, such as discrete data and continuous type, etc. .
  • the replacement logic is a logic rule for replacing the data according to the data whose content is empty, and can be determined according to experience; for example, in the R language, the NULL value in the discrete variable is replaced by the character U, and the continuous variable ( In the case of numerical values, etc., the NULL value is replaced by the value 0; after the replacement logic is formulated, it can be stored in the preset position, and the preset position of the replacement logic defined by the storage can be called a logic library, and the key is used according to the key Rules such as words are retrieved from the logic library.
  • the corresponding replacement logic is obtained from the logic library, and the data in which the content in the sample data is empty is subjected to a corresponding replacement operation according to the replacement logic.
  • the terminal uses a field with a NULL value that is higher than the preset ratio and has no actual meaning as a field whose content is empty, and the terminal may directly remove the preset content, and the preset ratio may be set according to experience, such as 30%. Wait.
  • the first variable is a non-high correlation variable selected from the replaced sample data, such as a name
  • the non-high correlation variable is a variable obtained by screening the high correlation variable from the sample data, and can be followed by
  • the business operation formulates corresponding rules to analyze the correlation of variables in the sample data, and determines the correlation between multiple variables in the sample data. For example, variables such as name and last name have the same effect in business operations, which may be High correlation variable.
  • the replaced sample data obtained in step S404 may include a repetitive variable with a higher correlation, and a non-high correlation variable is selected to continue the subsequent operations.
  • the information value (IV) is the index of the degree of influence of the independent variable on the target variable; the larger the information value of the first variable, the greater the influence of the variable on the judgment of whether the transaction is a fraudulent transaction.
  • the first variable after grouping is converted into WOE (Weight of Evidence), and the conversion formula is:
  • py i is a set of transactions in a fraudulent transaction ratio of all transactions
  • pn i is the ratio of a group's normal transactions and all transactions
  • # y i is the number of the group in fraudulent transactions
  • # n i is the The number of normal transactions in the group
  • #y T is the number of all fraudulent transactions in all transaction data
  • #n T is the number of all normal transactions in all transaction data.
  • the information value of a set of first variables can be derived from the above WOE calculation formula:
  • the IV value of the first variable is the sum of the information values of the first variable of all groups.
  • the information value corresponding to the first variable may be calculated by referring to the data algorithm package in the R language.
  • S410 Select a first variable whose information value is higher than a preset value as a training variable.
  • the information value of the first variable when the information value of the first variable is higher than the preset value, it may be considered to have an influence on the judgment result of the fraudulent transaction, and may be considered as a model variable of the training transaction anti-fraud analysis model.
  • the default value can be set by big data analysis or experience.
  • the anti-fraud is more accurately trained for the transaction by performing a corresponding replacement operation on the data in which the content of the sample data is empty, and deleting the variable of high correlation and selecting the value of the information from the preset value.
  • the analysis model selects the model variables to improve the accuracy and training efficiency of the model training.
  • the cleaning of the sample data in step S304 in the fraudulent transaction determination method may include: acquiring a second variable in the sample data, and acquiring a business rule corresponding to the second variable; and the second variable according to the business rule. Selecting a second variable whose service similarity is greater than a preset value, and selecting one of the second variables whose service similarity is greater than the preset value as the cleaned sample data.
  • the second variable is a variable obtained from the sample data for performing similarity judgment; such as a transaction amount.
  • the business rule is a set rule for calculating the similarity between a plurality of variables; for example, when the variable to be calculated is the ID number, the transaction amount, and the date of birth, the ID number and the date of birth can be set.
  • the similarity is 90%, and the similarity between the ID number and the transaction amount is 0%; after the business rules are set, they can be stored in the rule base and called according to the keywords.
  • a second variable for performing similarity determination is obtained from the sample data; and a business rule related to the second variable is called from the set rule base, and a similarity between the second variables is calculated according to the business rule,
  • a similarity between two or more second variables is higher than the preset value, it can be considered that these second variables have similar effects in the business activity, and only one subsequent operation is reserved.
  • the similarity calculation is performed on the variables in the sample data according to the business rule, and only a plurality of variables with higher similarity are retained, which reduces the data calculation during the training and practical application of the transaction anti-fraud analysis model, and improves the model. The efficiency of training and application.
  • the cleaning of the sample data in step S304 in the fraudulent transaction determination method may include: acquiring a third variable in the sample data; detecting a variable type of the third variable; and when the variable type is continuous, according to the pre- The conditional reasoning tree is used to obtain the recursive segmentation algorithm, and the third variable is segmented according to the recursive segmentation algorithm.
  • the third variable is a variable obtained from the sample data and used to detect the type of the variable; such as the transaction amount.
  • Conditional inference trees is a tree-based classification algorithm, such as plot, text function in R language.
  • Recursion refers to the method of using the function itself in the definition of the function; the recursive segmentation algorithm is a machine algorithm that divides the input variable multiple times based on the recursive algorithm; that is, the third variable is divided into multiple by calling the recursive segmentation algorithm multiple times.
  • Discrete variables such as transaction amounts ranging from 0 to 1 million, are segmented into variable representations of 0 to 50,000 segments and 5 to 100,000 segments by a recursive segmentation algorithm.
  • a third variable for detecting a variable type is obtained from the sample data; when the variable type of the third variable is detected to be continuous, the recursive segmentation algorithm for segmenting the third variable is obtained according to the preset conditional inference tree. Then, according to the recursive segmentation algorithm, the third variable is segmented to obtain a variable form that is easy to train the initial neural network model.
  • the variables in the sample data are more consistent with the representation of the model training, and it is convenient to train the initial neural network model.
  • the transaction fraud probability of the current transaction is obtained according to the modulo variable, and the result of the transaction anti-fraud analysis model is more convenient for analysis and review.
  • the fraud transaction judging method may further include: obtaining a verification transaction, inputting the verification transaction into the transaction anti-fraud analysis model to obtain a verification fraud probability; obtaining a standard fraud probability corresponding to the verification transaction, calculating a verification fraud probability and a standard fraud probability The difference is obtained; the standard fraud probability corresponding to the verification transaction is obtained, and the difference between the verification fraud probability and the standard fraud probability is calculated; when the difference is greater than the preset value, the transaction anti-fraud analysis model is corrected according to the standard fraud probability.
  • the verification transaction is transaction data used for verifying the transaction anti-fraud analysis model; if the transaction anti-fraud analysis model is that the transaction of the previous year is trained as sample data, the transaction in January of this year may be used or randomly sampled therefrom.
  • the transaction is a verification transaction.
  • the probability of verifying fraud is the probability that the verified transaction is a fraudulent transaction after the transaction anti-fraud analysis model judges the verification transaction; the verification fraud probability is consistent with the transaction fraud probability form, and can be displayed in percentage form, or other mathematical representations can be used. .
  • the standard fraud probability is the probability that the transaction is actually a fraudulent transaction; it is consistent with the form of the verification fraud probability and can be displayed as a percentage, or other mathematical representations can be used.
  • the verification transaction is read from the address of the storage verification transaction, and the obtained verification transaction is input into the neural network model or the rule model trained as the sample data according to the historical transaction data and the fraud information in the historical transaction data, according to the model
  • the rules of training the probability of verifying the transaction as a verification transaction; then obtaining the standard fraud probability that the verification transaction is actually a fraudulent transaction, comparing the standard fraud probability with the probability of verifying the fraud, and when the difference between the two is small, the transaction is proved
  • the anti-fraud analysis model has higher accuracy; when the difference between the two is large, the transaction anti-fraud analysis model may have errors and correct it according to the standard fraud probability.
  • the historical transaction data may be segmented by a stratified sampling method or a random sampling method, for example, 2-8 segments, 80% of the data is used as sample data to model the transaction anti-fraud analysis model, and 20% of the data is used as The verification transaction verifies the transaction anti-fraud analysis model.
  • all historical transaction data is used as sample data, such as the transaction data after sampling in the previous year, and the transaction data after the date of the data is sampled, such as the transaction data of January of this year, and the transaction anti-fraud analysis model is verified as the verification transaction.
  • the verification step of the transaction anti-fraud analysis model can ensure the accuracy of the model's fraud probability judgment on the current transaction.
  • FIGS. 2 through 4 are sequentially displayed as indicated by the arrows, these steps are not necessarily performed in the order indicated by the arrows. Except as explicitly stated herein, the execution of these steps is not strictly limited, and the steps may be performed in other orders. Moreover, at least some of the steps in FIGS. 2 to 4 may include a plurality of sub-steps or stages, which are not necessarily performed at the same time, but may be performed at different times, or The order of execution of the stages is also not necessarily sequential, but may be performed alternately or alternately with at least a portion of the sub-steps or stages of other steps or other steps.
  • a fraudulent transaction determining apparatus including: a data acquisition module 100, a probability analysis module 200, a rule identification module 300, and a result acquisition module 400, wherein:
  • the data acquisition module 100 is configured to acquire a current transaction.
  • the probability analysis module 200 is configured to input the current transaction into the transaction anti-fraud analysis model to obtain the transaction fraud probability of the current transaction.
  • the rule identification module 300 is configured to identify the current transaction by using a pre-stored fraudulent transaction identification rule to obtain a recognition result.
  • the result obtaining module 400 is configured to determine whether the current transaction is a fraudulent transaction according to the transaction fraud probability of the current transaction and the recognition result.
  • the fraud transaction determining apparatus may further include:
  • a sample acquisition module for obtaining sample data.
  • a cleaning module for cleaning sample data and selecting training variables from the cleaned sample data.
  • the variable selection module is configured to select the modulo variable from the training variable and the modulo variable corresponding to the modulo variable through the random forest algorithm model.
  • An initial model acquisition module is configured to acquire a preset initial neural network model.
  • the model training module is configured to train the initial neural network model according to the model variables corresponding to the model variables and the model variables to obtain a transaction anti-fraud analysis model.
  • the cleaning module in the fraud transaction determining apparatus may include:
  • the empty data obtaining unit is configured to acquire data whose content is empty, and identify a data type corresponding to the data whose content is empty.
  • a replacement unit configured to acquire a replacement logic corresponding to the data type, and replace the data in the sample data with the empty content according to the obtained replacement logic.
  • a correlation analysis unit is configured to obtain a non-high correlation variable in the replaced sample data as the first variable.
  • a value calculation unit for calculating the information value of the first variable.
  • the training variable selecting unit is configured to select the first variable whose information value is higher than the preset value as the training variable.
  • the cleaning module in the fraud transaction determining apparatus may include:
  • the business rule obtaining unit is configured to acquire a second variable in the sample data, and obtain a business rule corresponding to the second variable.
  • the variable similarity analysis unit is configured to select, from the second variable, a second variable whose service similarity is greater than a preset value according to the business rule, and select one of the second variables whose service similarity is greater than the preset value. As sample data after cleaning.
  • the cleaning module in the fraud transaction determining apparatus may include:
  • a sample variable acquisition unit is configured to acquire a third variable in the sample data.
  • a variable type identifying unit for detecting a variable type of the third variable.
  • the continuous variable segmentation unit is configured to acquire a recursive segmentation algorithm according to a predetermined conditional reasoning tree when the variable type is continuous, and segment the third variable according to the recursive segmentation algorithm.
  • the fraud transaction determining apparatus may further include:
  • a score conversion module for converting a transaction fraud probability into a transaction fraud score according to the following formula:
  • Score is the transaction fraud score
  • p is the transaction fraud probability
  • a and B are preset constants.
  • the result obtaining module 400 may be configured to: determine whether the current transaction is a fraudulent transaction according to the transaction fraud score of the current transaction and the recognition result.
  • the fraud transaction determining apparatus may further include:
  • the verification transaction acquisition module is used to obtain the verification transaction.
  • the verification fraud probability acquisition module is configured to input the verification transaction into the transaction anti-fraud analysis model to obtain the verification fraud probability.
  • the difference calculation module is configured to obtain a standard fraud probability corresponding to the verification transaction, and calculate a difference between the verification fraud probability and the standard fraud probability.
  • the correction module is configured to correct the transaction anti-fraud analysis model according to the standard fraud probability when the difference is greater than the preset value.
  • Each of the above-described fraudulent transaction determination devices may be implemented in whole or in part by software, hardware, and combinations thereof.
  • Each of the above modules may be embedded in or independent of the processor in the computer device, or may be stored in a memory in the computer device in a software form, so that the processor invokes the operations corresponding to the above modules.
  • a computer device which may be a terminal, and its internal structure diagram may be as shown in FIG. 6.
  • the computer device includes a processor, memory, network interface, display screen, and input device connected by a system bus.
  • the processor of the computer device is used to provide computing and control capabilities.
  • the memory of the computer device includes a non-volatile storage medium, an internal memory.
  • the non-volatile storage medium stores operating systems and computer readable instructions.
  • the internal memory provides an environment for operation of an operating system and computer readable instructions in a non-volatile storage medium.
  • the network interface of the computer device is used to communicate with an external terminal via a network connection.
  • the computer readable instructions are executed by the processor to implement a fraudulent transaction determination method.
  • the display screen of the computer device may be a liquid crystal display or an electronic ink display screen
  • the input device of the computer device may be a touch layer covered on the display screen, or may be a button, a trackball or a touchpad provided on the computer device casing. It can also be an external keyboard, trackpad or mouse.
  • FIG. 6 is only a block diagram of a part of the structure related to the solution of the present application, and does not constitute a limitation of the computer device to which the solution of the present application is applied.
  • the specific computer device may It includes more or fewer components than those shown in the figures, or some components are combined, or have different component arrangements.
  • a computer device comprising a memory and one or more processors having stored therein computer readable instructions, the computer readable instructions being executed by the processor such that the one or more processors perform the following steps:
  • the method may further include:
  • the random forest algorithm model is used to select the modulo variables from the training variables and the modulo variables corresponding to the modulo variables;
  • the initial neural network model is trained according to the model variables corresponding to the model variables and the model variables to obtain a transaction anti-fraud analysis model.
  • the cleaning of the sample data by the processor when executing the computer readable instructions and selecting the training variables from the cleaned sample data may include:
  • the first variable whose information value is higher than the preset value is selected as the training variable.
  • the cleaning of the sample data implemented by the processor when the computer readable instructions are executed may include:
  • the second variable whose service similarity is greater than the preset value is selected from the second variable, and one of the second variables whose service similarity is greater than the preset value is selected as the cleaned sample data.
  • the cleaning of the sample data implemented by the processor when the computer readable instructions are executed may include:
  • the recursive segmentation algorithm is obtained according to the preset conditional inference tree, and the third variable is segmented according to the recursive segmentation algorithm.
  • the method may further include:
  • Score is the transaction fraud score
  • p is the transaction fraud probability
  • a and B are preset constants
  • the processor determines whether the current transaction is a fraudulent transaction based on the transaction fraud probability of the current transaction and the recognition result when the processor executes the computer readable instruction, and may include:
  • the processor may also implement the following steps when executing the computer readable instructions:
  • the transaction anti-fraud analysis model is corrected according to the standard fraud probability.
  • One or more non-transitory computer readable storage mediums storing computer readable instructions, when executed by one or more processors, cause one or more processors to perform the steps of:
  • the method may further include:
  • the random forest algorithm model is used to select the modulo variables from the training variables and the modulo variables corresponding to the modulo variables;
  • the initial neural network model is trained according to the model variables corresponding to the model variables and the model variables to obtain a transaction anti-fraud analysis model.
  • the computer readable instructions are cleaned of the sample data as implemented by the processor and the training variables are selected from the cleaned sample data, which may include:
  • the first variable whose information value is higher than the preset value is selected as the training variable.
  • the cleaning of the sample data by the computer readable instructions when executed by the processor may include:
  • the second variable whose service similarity is greater than the preset value is selected from the second variable, and one of the second variables whose service similarity is greater than the preset value is selected as the cleaned sample data.
  • the cleaning of the sample data by the computer readable instructions when executed by the processor may include:
  • the recursive segmentation algorithm is obtained according to the preset conditional inference tree, and the third variable is segmented according to the recursive segmentation algorithm.
  • the method may further include:
  • Score is the transaction fraud score
  • p is the transaction fraud probability
  • a and B are preset constants
  • the computer readable instruction is executed by the processor to determine whether the current transaction is a fraudulent transaction according to the transaction fraud probability of the current transaction and the recognition result, and may include:
  • the computer readable instructions when executed by the processor, can also implement the following steps:
  • the transaction anti-fraud analysis model is corrected according to the standard fraud probability.
  • Non-volatile memory can include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory.
  • Volatile memory can include random access memory (RAM) or external cache memory.
  • RAM is available in a variety of formats, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronization chain.
  • SRAM static RAM
  • DRAM dynamic RAM
  • SDRAM synchronous DRAM
  • DDRSDRAM double data rate SDRAM
  • ESDRAM enhanced SDRAM
  • Synchlink DRAM SLDRAM
  • Memory Bus Radbus
  • RDRAM Direct RAM
  • DRAM Direct Memory Bus Dynamic RAM
  • RDRAM Memory Bus Dynamic RAM

Landscapes

  • Business, Economics & Management (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Accounting & Taxation (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Finance (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

La présente invention concerne un procédé de détermination de transaction frauduleuse comprenant : l'obtention d'une transaction actuelle ; l'entrée de la transaction actuelle dans un modèle d'analyse antifraude de transaction pour obtenir la probabilité de fraude de la transaction actuelle ; l'identification de la transaction actuelle au moyen d'une règle préstockée d'identification de transaction frauduleuse pour obtenir le résultat de l'identification ; et le fait de déterminer si la transaction actuelle est une transaction frauduleuse selon la probabilité de fraude de la transaction actuelle et selon le résultat de l'identification.
PCT/CN2019/070159 2018-05-18 2019-01-03 Procédé et appareil de détermination de transaction frauduleuse, dispositif informatique et support d'informations WO2019218699A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810479060.4A CN108717638A (zh) 2018-05-18 2018-05-18 欺诈交易判断方法、装置、计算机设备和存储介质
CN201810479060.4 2018-05-18

Publications (1)

Publication Number Publication Date
WO2019218699A1 true WO2019218699A1 (fr) 2019-11-21

Family

ID=63900035

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/070159 WO2019218699A1 (fr) 2018-05-18 2019-01-03 Procédé et appareil de détermination de transaction frauduleuse, dispositif informatique et support d'informations

Country Status (2)

Country Link
CN (1) CN108717638A (fr)
WO (1) WO2019218699A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111277433A (zh) * 2020-01-15 2020-06-12 同济大学 基于属性网络表征学习的网络服务异常检测方法及装置

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108717638A (zh) * 2018-05-18 2018-10-30 深圳壹账通智能科技有限公司 欺诈交易判断方法、装置、计算机设备和存储介质
CN109544014B (zh) * 2018-11-26 2020-03-31 北京国舜科技股份有限公司 基于历史数据回放的反欺诈方法及装置
CN109544163B (zh) * 2018-11-30 2021-01-29 华青融天(北京)软件股份有限公司 一种用户支付行为的风险控制方法、装置、设备及介质
CN111325550A (zh) * 2018-12-13 2020-06-23 中国移动通信集团广东有限公司 一种欺诈交易行为识别方法和装置
CN109784662A (zh) * 2018-12-19 2019-05-21 深圳平安综合金融服务有限公司 交易数据处理方法、装置、计算机设备和存储介质
CN109767322B (zh) * 2018-12-20 2024-02-27 平安科技(深圳)有限公司 基于大数据的可疑交易分析方法、装置和计算机设备
CN109816390A (zh) * 2019-01-03 2019-05-28 深圳壹账通智能科技有限公司 基于交易数据的反欺诈分析处理方法、装置和计算机设备
US20200252802A1 (en) * 2019-02-06 2020-08-06 Pccw Vuclip (Singapore) Pte. Ltd. Apparatus and method for fraud detection
CN110363534B (zh) * 2019-06-28 2023-11-17 创新先进技术有限公司 用于识别异常交易的方法及装置
CN110458571B (zh) * 2019-07-05 2023-06-02 创新先进技术有限公司 一种信息泄露的风险识别方法、装置及设备
CN110378699A (zh) * 2019-07-25 2019-10-25 中国工商银行股份有限公司 一种交易反欺诈方法、装置及系统
CN111161054A (zh) * 2020-01-02 2020-05-15 中国银行股份有限公司 作业风险监测方法及系统
CN111798244B (zh) * 2020-06-30 2023-08-25 中国工商银行股份有限公司 交易欺诈行为监测方法及装置
CN112116358A (zh) * 2020-09-29 2020-12-22 中国银行股份有限公司 一种交易欺诈行为的预测方法、装置及电子设备
CN112348519A (zh) * 2020-10-21 2021-02-09 上海淇玥信息技术有限公司 一种欺诈用户识别方法、装置和电子设备
CN113627566A (zh) * 2021-08-23 2021-11-09 上海淇玥信息技术有限公司 一种网络诈骗的预警方法、装置和计算机设备
CN113744054A (zh) * 2021-09-02 2021-12-03 上海浦东发展银行股份有限公司 一种反欺诈方法、装置和设备

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105005901A (zh) * 2015-07-09 2015-10-28 厦门快商通信息技术有限公司 一种面向金融领域的交易欺诈检测系统与方法
CN107679862A (zh) * 2017-09-08 2018-02-09 中国银联股份有限公司 一种欺诈交易模型的特征值确定方法及装置
CN108717638A (zh) * 2018-05-18 2018-10-30 深圳壹账通智能科技有限公司 欺诈交易判断方法、装置、计算机设备和存储介质

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140244528A1 (en) * 2013-02-22 2014-08-28 Palo Alto Research Center Incorporated Method and apparatus for combining multi-dimensional fraud measurements for anomaly detection
CN106447333A (zh) * 2016-11-29 2017-02-22 中国银联股份有限公司 一种欺诈交易侦测方法及服务器
CN107993139A (zh) * 2017-11-15 2018-05-04 华融融通(北京)科技有限公司 一种基于动态规则库的消费金融反欺诈系统与方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105005901A (zh) * 2015-07-09 2015-10-28 厦门快商通信息技术有限公司 一种面向金融领域的交易欺诈检测系统与方法
CN107679862A (zh) * 2017-09-08 2018-02-09 中国银联股份有限公司 一种欺诈交易模型的特征值确定方法及装置
CN108717638A (zh) * 2018-05-18 2018-10-30 深圳壹账通智能科技有限公司 欺诈交易判断方法、装置、计算机设备和存储介质

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111277433A (zh) * 2020-01-15 2020-06-12 同济大学 基于属性网络表征学习的网络服务异常检测方法及装置

Also Published As

Publication number Publication date
CN108717638A (zh) 2018-10-30

Similar Documents

Publication Publication Date Title
WO2019218699A1 (fr) Procédé et appareil de détermination de transaction frauduleuse, dispositif informatique et support d'informations
CN108876133B (zh) 基于业务信息的风险评估处理方法、装置、服务器和介质
CN109829776B (zh) 商户风险评估方法、装置、计算机设备和存储介质
US11475143B2 (en) Sensitive data classification
WO2020037942A1 (fr) Procédé et appareil de traitement de prédiction de risque, dispositif informatique et support
WO2020000688A1 (fr) Appareil et procédé de traitement de vérification de risque financier, dispositif informatique et support de stockage
WO2020143233A1 (fr) Procédé et dispositif de construction d'un modèle de carte de score, appareil informatique et support d'informations
CN109523153A (zh) 非法集资企业的获取方法、装置、计算机设备和存储介质
WO2019085064A1 (fr) Procédé, dispositif, appareil terminal et support d'informations pour la détermination de refus de demande de frais médicaux
CN110287103B (zh) 软件产品测评处理方法、装置、计算机设备及存储介质
CN109543925B (zh) 基于机器学习的风险预测方法、装置、计算机设备和存储介质
WO2023056723A1 (fr) Procédé et appareil de diagnostic de défaillance, dispositif électronique et support de stockage
CN110674131A (zh) 财务报表数据处理方法、装置、计算机设备和存储介质
CN112819611A (zh) 欺诈识别方法、装置、电子设备和计算机可读存储介质
CN114693192A (zh) 风控决策方法、装置、计算机设备和存储介质
CN112990989B (zh) 价值预测模型输入数据生成方法、装置、设备和介质
CN117235608B (zh) 风险检测方法、装置、电子设备及存储介质
CN111861733B (zh) 基于地址模糊匹配的欺诈防控系统及方法
CN112581271A (zh) 一种商户交易风险监测方法、装置、设备及存储介质
US11341547B1 (en) Real-time detection of duplicate data records
CN114495137B (zh) 票据异常检测模型生成方法与票据异常检测方法
US20230113578A1 (en) Transaction and ownership information document extraction
US11715120B1 (en) Predictive machine learning models
CN115439928A (zh) 一种操作行为识别方法及装置
CN113094595A (zh) 对象识别方法、装置、计算机系统及可读存储介质

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19802818

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 21/04/2021)

122 Ep: pct application non-entry in european phase

Ref document number: 19802818

Country of ref document: EP

Kind code of ref document: A1