WO2021103701A1 - Procédé et appareil d'identification de risque de transaction - Google Patents

Procédé et appareil d'identification de risque de transaction Download PDF

Info

Publication number
WO2021103701A1
WO2021103701A1 PCT/CN2020/111779 CN2020111779W WO2021103701A1 WO 2021103701 A1 WO2021103701 A1 WO 2021103701A1 CN 2020111779 W CN2020111779 W CN 2020111779W WO 2021103701 A1 WO2021103701 A1 WO 2021103701A1
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
information
payment
trust identifier
payment code
Prior art date
Application number
PCT/CN2020/111779
Other languages
English (en)
Chinese (zh)
Inventor
汪志阳
Original Assignee
支付宝(杭州)信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 支付宝(杭州)信息技术有限公司 filed Critical 支付宝(杭州)信息技术有限公司
Publication of WO2021103701A1 publication Critical patent/WO2021103701A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4016Transaction verification involving fraud or risk level assessment in transaction processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction

Definitions

  • This manual relates to the field of Internet technology, and in particular to a method and device for identifying transaction risks.
  • offline payment the payer only needs to show the payment code to the payee, and the payee scans the payment code and initiates a deduction request to the server.
  • the payee cannot obtain the payer's device information, which causes the server to be unable to conduct risk assessment of the transaction payment from the device information dimension, thereby increasing the payer's payment risk.
  • At least one embodiment of this specification provides a transaction risk identification method, so that the server can accurately identify the transaction risk and reduce the payment risk of the payer.
  • a transaction risk identification method includes: receiving transaction information of the current transaction to be recognized, the transaction information including user information corresponding to the transaction and a device trust identifier; the device The trust identifier is used to uniquely correspond to the device where the transaction occurred; send the device trust identifier to the device center, and receive the device query result corresponding to the device trust identifier returned by the device center; according to the device query result , Perform risk identification on the transaction information.
  • a payment processing method which is applied to a client of a payer, and the method includes: receiving a payment code generation request; obtaining a payment code based on user information and a device trust identifier; the device trust identifier is used to uniquely Corresponding to the device where the transaction occurred; the payment code includes the user information and the device trust identifier;
  • the payment code is displayed, so that the payee executes this payment transaction according to the payment code.
  • a payment processing method comprising: receiving a payment request for this transaction, the payment request carrying: a payment code and payment information for this transaction; and obtaining information included in the payment code User information and device trust identifier, the device trust identifier is used to uniquely correspond to the device where this transaction occurs; the transaction information of this transaction is sent to the payment system, and the transaction information carries: the user information, the device The trust mark and the payment information.
  • a transaction risk identification device in a fourth aspect, includes: a receiving module for receiving transaction information of this transaction to be identified, the transaction information including user information and equipment trust corresponding to this transaction ID; the device trust ID is used to uniquely correspond to the device where the transaction occurs; the processing module is used to send the device trust ID to the device center, and receive the device trust ID returned by the device center corresponding to the device trust ID Equipment query result; a risk identification module for risk identification on the transaction information according to the equipment query result.
  • a payment processing device which is applied to a client of a payer.
  • the device includes: a request receiving module, configured to receive a payment code generation request; and an acquiring module, configured to obtain Payment code; the device trust identifier is used to uniquely correspond to the device where this transaction occurs; the payment code includes the user information and the device trust identifier; the display module is used to display the payment code to enable payment The party executes this payment transaction according to the payment code.
  • a payment processing device includes: a payment request receiving module for receiving a payment request for this transaction, the payment request carrying: a payment code and payment information for this transaction;
  • the second acquiring module is used to acquire the user information and the device trust identifier included in the payment code, and the device trust identifier is used to uniquely correspond to the device where the transaction occurs;
  • the second sending module is used to send this to the payment system Transaction information of the second transaction, where the transaction information carries: the user information, the device trust identifier, and the payment information.
  • a computer device including a memory, a processor, and a computer program stored in the memory and capable of running on the processor.
  • the processor executes the program, the program described in any of the embodiments of this specification is implemented.
  • a computer-readable storage medium on which a computer program is stored.
  • the program is executed by a processor, the transaction risk identification method described in any of the embodiments of this specification is implemented, or any one of the embodiments of this specification is implemented.
  • an embodiment of this specification realizes that the server can query the device information of the payer device in the current transaction according to the device trust identifier, so as to accurately identify the risk in the device information dimension and reduce the payment risk of the payer.
  • Fig. 1 is a flow chart showing a method for identifying transaction risks according to an exemplary embodiment.
  • Fig. 2 is a flow chart showing a payment processing method according to an exemplary embodiment.
  • Fig. 3 is a flow chart showing another payment processing method according to an exemplary embodiment.
  • Fig. 4 is a flow chart showing a transaction payment according to an exemplary embodiment.
  • Fig. 5 is a schematic diagram showing a transaction risk identification device according to an exemplary embodiment.
  • Fig. 6 is a schematic diagram showing a payment processing device according to an exemplary embodiment.
  • Fig. 7 is a schematic diagram showing another payment processing device according to an exemplary embodiment.
  • Fig. 8 is a schematic diagram showing yet another payment processing device according to an exemplary embodiment.
  • first, second, third, etc. may be used in this specification to describe various information, the information should not be limited to these terms. These terms are only used to distinguish the same type of information from each other.
  • first information may also be referred to as second information, and similarly, the second information may also be referred to as first information.
  • word “if” as used herein can be interpreted as "when” or “when” or "in response to determination”.
  • At least one embodiment of this specification provides a transaction risk identification method:
  • the server When the server performs risk identification on the current transaction, it queries the corresponding device information from the device center according to the unique device trust identifier of the payer device in the current transaction, and returns according to the device center The results of the equipment query to identify the risk of the current transaction. Since the device trust identifier can uniquely correspond to the device information in the current transaction, the server can accurately obtain the device information of the payer of the current transaction, and identify the risk of the current transaction from the device information dimension, reducing the payment risk of the payer.
  • Fig. 1 is a flowchart of a method for identifying transaction risks according to an embodiment provided in this specification. This method is applied to a risk control system. It is understandable that all systems with risk identification and control functions can be regarded as “risk control systems", and there is no restriction here.
  • the process includes step 101 to step 103.
  • Step 101 Receive transaction information of this transaction to be identified, where the transaction information includes user information and device trust identifier corresponding to this transaction; the device trust identifier is used to uniquely correspond to the device where the transaction occurs.
  • the payment system Before the payment system performs a corresponding payment operation for this transaction, it needs to check the risk of the transaction with the risk control system, and decide whether to perform the payment operation based on the risk feedback of the risk control system. This step is when the payment system sends a "query request" to the risk control system, and the risk control system receives the user information and device trust identifier of the payer in this transaction.
  • the device trust identifier can uniquely correspond to the device used by the payer in the current transaction.
  • the device trust identifier can be the international mobile device identity code of the payer's device in the current transaction, and the "code" that can uniquely correspond to a device can be used as the above device trust identifier, which is not limited in this manual.
  • the device trust identifier may also be a unique identifier generated based on an international mobile device identity code, an international mobile subscriber identity code, a client random number, and a server random number-a device trust identifier (Trust ID, TID).
  • TID is the unique identification of the same user and the same device in this transaction.
  • the risk control system can query all the information of the device where the payer’s client is located through TID, thereby identifying risks in this transaction from different dimensions.
  • Step 102 Send the device trust identifier to the device center, and receive the device query result corresponding to the device trust identifier returned by the device center.
  • the device center pre-stores the mapping relationship between the device information and the device trust identifier.
  • the risk control system sends the equipment trust mark to the equipment center for query, and accepts the query result fed back by the equipment center. For example, if the equipment center queries the equipment information corresponding to the same equipment trust identifier as equipment A, it will feed back the equipment query result-equipment A to the risk control system; if the equipment center queries the same equipment trust identifier, the equipment query result-no The existence of the same equipment trust mark is fed back to the risk control system.
  • Step 103 Perform risk identification on the transaction information according to the device query result.
  • the risk control system Based on the historical transaction information of the equipment, the risk control system has carried out multi-dimensional data accumulation and factual judgment. In this step, the risk control system performs risk identification on the transaction information of this transaction based on the results of the device query and combined with the user's historical transaction information in this transaction. For example, the device query result shows that the device information is device A, and the risk control system obtains that the user has been using device A to conduct transactions through historical transaction information, and then the transaction can be identified as risk-free in the device information dimension; if the risk control system passes the history The transaction information query obtains that the user has been using device B for transactions, and the high risk of this transaction can be identified in the device information dimension.
  • the risk control system can also comprehensively identify the risk of this transaction in combination with other dimensions. For example, by judging whether the transaction location is consistent with the historical transaction location, the current transaction risk can be identified; Whether the transaction object of the transaction and the historical transaction object are of the same type, identify the current transaction risk. For example, after the risk control system obtains all the information of the payer's device in this transaction based on the TID value, it performs risk identification from the SIM card dimension, and finds that the SIM card of the payer in this transaction has multiple logins with the SIM card, and it can be identified based on the number of logins.
  • the risk of this transaction Perform risk identification from the device dimension and find that the device of the payer of this transaction has multiple account logins with the same device, and then identify the risk of this transaction based on the number of logged-in accounts.
  • the aforementioned user historical transaction information may also include: transaction time, transaction object type, transaction corresponding commodity type or transaction amount, etc.
  • the performing risk identification on the transaction information according to the device query result includes: if the device query result returned by the device center includes: there is no device information corresponding to the device trust identifier, then Confirm that this transaction is a risky transaction.
  • the equipment center determines through query that there is no identical equipment trust identifier (that is, no corresponding equipment information), and it can identify the high risk of the current transaction in the dimension of equipment information.
  • A has been using device A for payment transactions, criminal B illegally obtained A’s user information and logged in on device B for offline payment (called illegal transactions), and intercepted the device sent to the device center during offline payment
  • the data packet of information (device B) and user information causes the device center to fail to store the mapping relationship between device B and device trust identifier b.
  • the risk control system identifies this illegal transaction, after sending the device trust mark b to the equipment center, the device center query returns the result that there is no device information corresponding to the device trust mark b, and the risk control system can confirm that the illegal transaction is a risk Transaction, thereby preventing this transaction.
  • the performing risk identification on the transaction information according to the device query result includes: if the device query result returned by the device center includes: device information corresponding to the device trust identifier, and confirming all The device information is different from the device where the history of the user information is located, and it is confirmed that the current transaction is a risky transaction. For example: A has been using device A for payment transactions, criminal B illegally obtained A’s user information and logged in on device B for offline payment (known as illegal transactions), and sent device information (device B) during offline payment And user information to the device center, the device center stores the mapping relationship between device B and device trust identifier b.
  • the risk control system When the risk control system recognizes this illegal transaction, it sends the device trust mark b to the equipment center, and the equipment center queries and returns the device information corresponding to the device trust mark b is equipment B.
  • the risk control system finds equipment B and the equipment in the historical transaction information If the equipment information of A is inconsistent, the illegal transaction is confirmed as a risky transaction, so as to prevent the illegal transaction in time.
  • the transaction information of this transaction obtains the user information of this transaction and the device trust identifier uniquely corresponding to the payer device in this transaction .
  • the device trust mark query the corresponding device information from the device center, so as to identify the risk of this transaction in the device information dimension, thereby reducing the payment risk of the payer. Since the device trust ID can uniquely correspond to the payer's device in the current transaction, it is ensured that the device information queried by the risk control system based on the device trust ID is the device information of the payer's device in the current transaction, so that accurate risk identification is performed in the device information dimension and reduces Payer’s payment risk.
  • Fig. 2 is a flowchart of a payment processing method shown in an embodiment of this specification. This method is applied to the client of the payer.
  • the process of this embodiment includes the following steps 201 to 203.
  • Step 201 Receive a payment code generation request.
  • the user uses the payer's client to make a payment, he will input a command to display the payment code to the payer's client. For example, the user clicks the "Payment Code” button on the payer's client. In this step, the payer client receives the payment code generation request (corresponding to the user inputting a command to display the payment code to the payment client).
  • the method before the receiving the payment code generation request, further includes: sending the device information of the device where the client is located and the device trust identifier to the device center, so that the device center stores The mapping relationship between the device information and the device trust identifier.
  • the payer client directly or indirectly sends the device information and the device trust identifier to the device center, for example, through a number of intermediate devices and finally sent to the device center.
  • the device center has related management functions such as viewing, deleting, and storing device information, as well as features such as high stability and maintainability.
  • the storage and management of the mapping relationship between the device information and the device trust mark in the device center is more reliable and manageable than the temporary storage of device information in the risk control system.
  • the sending the device information of the device where the payment client is located and the device trust identifier to the device center includes: when the client login is detected, the device information and the device trust Identification, sent to the equipment center.
  • the payer client detects that the user logs in to the client, it will automatically send the device information and device trust identifier to the device center.
  • the above-mentioned "user login client” includes the automatic login of the client based on the saved account information after the user opens the client.
  • the method before receiving the payment code generation request, the method further includes: storing a device trust identifier, the device trust identifier being an identifier generated by the server according to device association parameters, and the device association parameters include: International Mobile Device identification code, international mobile user identification code, random number generated by the client and random number generated by the server.
  • the server When the user enters user information (such as account number and password) when logging in to the payer’s client for the first time, the server will use the international mobile device identification code of the device where the current payer’s client is located, the international mobile user identification code in the device where the payer is located, and the current payer
  • the random number generated by the client and the random number generated by the server are four device-related parameters to generate the device trust ID (Trust ID, abbreviated as TID), and the TID is used to uniquely correspond to the device where the payer client is located, and the payer client stores the TID .
  • the server will generate a device trust identifier and store it in the payer's client; and the record is recorded on the payer's client for the first login After the login information, when the client automatically logs in when the user uses it again, the server will not regenerate a new device trust identifier.
  • the server will regenerate the device trust identifier; log out of A’s account in a and log in to B’s account, then the server will regenerate the device trust identifier; when logging in to user A’s account in a, change the mobile SIM card, the device trust mark is regenerated.
  • Step 202 Obtain a payment code according to the user information and the device trust identifier; the device trust identifier is used to uniquely correspond to the device where the transaction occurs; the payment code includes the user information and the device trust identifier.
  • the payer client goes to the decoding center to obtain the payment code according to the user information and the device trust identifier.
  • the obtaining the payment code according to the user information and the device trust identifier includes: sending a payment code obtaining request to a decoding center, and the payment code obtaining request includes: the user information and the device trust identifier; receiving the Decoding the payment code returned by the center, where the payment code is generated by the decoding center according to the user information and the device trust identifier.
  • the payer client sends a payment code request containing the user information and the device trust identifier to the decoding center, and the decoding center generates the payment code based on the user information and the device trust identifier and returns it to the payer client.
  • Step 203 Display the payment code so that the payee executes the current payment transaction according to the payment code.
  • the payer client displays the payment code to the payee client so that the payee can obtain the payment code and execute the payment transaction.
  • the payer client obtains and displays the payment code according to the user information and the device trust identifier uniquely corresponding to the device where the transaction occurs, so that the payee client obtains the user information and device through the payment code Trust the ID, so that the payee client can initiate a payment request for this transaction based on the user information and the device trust ID.
  • Fig. 3 is a flowchart of a payment processing method shown in an embodiment of this specification. This method is applied to the receiver's server.
  • the process of this embodiment includes the following steps 301 to 303.
  • Step 301 Receive a payment request for this transaction, where the payment request carries: a payment code and payment information for this transaction.
  • the payee client After obtaining the payment code, the payee client sends a payment request for this transaction to the payee server.
  • the payment request carries the payment code and payment information.
  • the payment information may include: payee account, transaction amount, product information, transaction time, etc.
  • Step 302 Obtain the user information and the device trust identifier included in the payment code, where the device trust identifier is used to uniquely correspond to the device where the transaction occurs.
  • the payee server sends the payment code to the decoding center for analysis, and obtains the user information and the device trust identifier from the analysis result.
  • the device trust identifier uniquely corresponds to the device where the payer client is located in this transaction.
  • the obtaining the user information and the device trust identifier included in the payment code includes: sending an analysis request to a decoding center, where the analysis request includes: the payment code; and receiving the payment code returned by the decoding center The user information and device trust identifier obtained by analyzing the payment code.
  • Step 303 Send transaction information of this transaction to the payment system, where the transaction information carries: the user information, the device trust identifier, and the payment information.
  • the payee server sends the transaction information of this transaction to the payment system, so that the payment system performs the payment operation for this transaction.
  • the payee server obtains the user information of the transaction in the payment code and the device trust identifier uniquely corresponding to the device where the transaction occurs, and combines the user information and device trust identifier of the transaction And the payment information is sent to the payment system, so that the payment system will perform the payment operation for this transaction according to the risk identification result of the risk control system.
  • Figure 4 illustrates a complete transaction payment process, describing the process of applying the transaction risk identification method shown in the embodiment of this specification to carry out risk control on the payment of this transaction. As shown in Figure 4, the process can include steps 401 to 416.
  • step 401 when the payer client logs in to the current account for the first time (when the user enters the account password to log in), the device trust identifier generated by the server is stored.
  • the device trust identifier is a unique identifier generated by the server according to the four influencing factors of the international mobile device identification code, the international mobile subscriber identification code, the client random number and the server random number of the device where the payer’s client is located, so the device trusts The identification uniquely corresponds to the device where the payer's client is located.
  • the device information and the device trust identifier are sent to the device center to store the corresponding mapping relationship.
  • the device information is information that can indicate the device where the current payer's client is located, for example, it may be an international mobile device identity code.
  • step 403 the payment code acquisition request carrying the user information and the device trust identifier is sent to In the decoding center, the decoding center generates a payment code according to the user information and the device trust identifier and returns (step 404) to the payer client.
  • step 405 the payer client displays the payment code to the payee client, so that the payee scans the code in step 406 and obtains the payment code.
  • the payment code displayed by the payer client in step 405 can be time-limited, for example, the payment code is valid within 3 minutes after it is generated; if the payment code becomes invalid after 3 minutes, the payment code needs to be regenerated in the decoding center and returned to the payer client .
  • the payee client sends a payment request carrying the payment code and payment information to the payee server.
  • the payment information may include: payee account, transaction amount, product information, and transaction time.
  • the payee server After receiving the payment request, the payee server sends a payment request carrying the payment code to the decoding center in step 408, and the decoding center parses the payment code and returns the user information and device trust identifier to the payee server in step 409.
  • the payee server sends the complete transaction information of this transaction to the payment system, so that the payment system performs the payment operation for this transaction.
  • the transaction information includes: user information, device trust identifier, and payment information.
  • the payment system Before the payment system performs payment operations on this transaction, it first consults with the risk control system whether there is any risk in this transaction.
  • the payment system sends transaction information carrying user information and device trust identification to the risk control system.
  • the risk control system sends the equipment trust mark to the equipment center, and the equipment center obtains the equipment query result according to the stored mapping relationship and returns it to the risk control system.
  • the device query result includes: there is no device information corresponding to the device trust identifier or device information corresponding to the device trust identifier.
  • the risk control system performs risk identification of the equipment information dimension on the transaction information of this transaction in step 414. For example, if the device query result is that there is no device information corresponding to the device trust mark, the transaction is high risk; if the device query result is that the device information corresponding to the device trust mark is device B, and it is confirmed that the user’s commonly used device in this transaction is Device A identifies that this transaction is a high risk; if the device query result is that the device information corresponding to the device trust mark is device B, and it is confirmed that the user's commonly used device in this transaction is device B, then it is identified that this transaction is risk-free.
  • step 414 risk identification, the risk control system is based on the risk identification of the equipment information dimension, and integrates other kinds of historical information, carries out risk identification of this transaction from multiple dimensions, and finally comprehensively obtains the risk identification result of this transaction, as The risk control result is returned to the payment system in step 415.
  • a variety of historical information includes, the user's historical transaction location, transaction time, transaction object type, transaction commodity type and transaction amount in this transaction.
  • the payment system completes the payment operation for this transaction according to the risk control result (step 416); or, abandons the payment operation for this transaction.
  • This implementation describes a complete transaction payment process.
  • the payer client stores the device information and the device trust identifier uniquely corresponding to the device where the payer client is located in the device center in advance, and the payee server uses the payment code displayed by the payer client.
  • Obtain the equipment information and the equipment trust mark so that when the risk control system identifies the risk of this transaction, it can query the corresponding equipment information from the equipment center according to the equipment trust mark, and identify the risk of principal and interest transactions in the equipment information dimension. Since the device trust identifier uniquely corresponds to the device where the payer's client is located in this transaction, the risk control system can accurately obtain the device information of the payer of this transaction, and perform risk identification in the device information dimension, which reduces the payment risk of the payer.
  • this specification provides a transaction risk identification device, which can execute the transaction risk identification method of any embodiment of this specification.
  • the device may include a receiving module 501, a processing module 502, and a risk identification module 503.
  • the receiving module 501 is used to receive the transaction information of this transaction to be identified, the transaction information includes the user information corresponding to this transaction and the device trust identifier; the device trust identifier is used to uniquely correspond to the occurrence of this transaction The device where it is located; processing module 502, used to send the device trust identifier to the device center, and receive the device query results corresponding to the device trust identifier returned by the device center; risk identification module 503, used to As a result of the equipment query, risk identification is performed on the transaction information.
  • the risk identification module 503 is configured to perform risk identification on the transaction information according to the device query result, including: when the device query result returned by the device center includes: the device query result does not exist The device information corresponding to the device trust identifier confirms that the current transaction is a risky transaction.
  • the risk identification module 503 is configured to perform risk identification on the transaction information according to the device query result, including: when the device query result returned by the device center includes: the device trust Identify the corresponding device information, confirm that the device information is different from the device where the history of the user information is located, and confirm that the current transaction is a risky transaction.
  • the device may include a request receiving module 601, an obtaining module 602, and a display module 603.
  • the request receiving module 601 is used to receive the payment code generation request
  • the obtaining module 602 is used to obtain the payment code according to the user information and the device trust identifier
  • the device trust identifier is used to uniquely correspond to the device where the transaction occurred
  • the payment code includes the user information and the device trust identifier
  • the display module 603 is configured to display the payment code so that the payee can execute the current payment transaction according to the payment code.
  • the obtaining module 602 is configured to obtain the payment code according to the user information and the device trust identifier, including: sending a payment code obtaining request to the decoding center, and the payment code obtaining request includes: the user information And a device trust identifier; receiving the payment code returned by the decoding center, where the payment code is generated by the decoding center according to the user information and the device trust identifier.
  • the apparatus further includes: a sending module 701, configured to send the device information of the device where the payer client is located and the device trust identifier to the device center, so that The device center stores the mapping relationship between the device information and the device trust identifier.
  • a sending module 701 configured to send the device information of the device where the payer client is located and the device trust identifier to the device center, so that The device center stores the mapping relationship between the device information and the device trust identifier.
  • the sending module 701 is configured to send the device information of the device where the payer client is located and the device trust identifier to the device center, including: when the client login is detected, sending The device information and the device trust identifier are sent to the device center.
  • the apparatus further includes: a storage module 702, configured to store a device trust identifier, the device trust identifier being an identifier generated by the server according to device associated parameters, and the device associated parameters include : International Mobile Equipment Identity Code, International Mobile User Identity Code, random number generated by the client and random number generated by the server.
  • a storage module 702 configured to store a device trust identifier, the device trust identifier being an identifier generated by the server according to device associated parameters, and the device associated parameters include : International Mobile Equipment Identity Code, International Mobile User Identity Code, random number generated by the client and random number generated by the server.
  • the device may include a payment request receiving module 801, a second obtaining module 802, and a second sending module 803.
  • the payment request receiving module 801 is used to receive the payment request of this transaction, and the payment request carries: the payment code and the payment information of this transaction
  • the second obtaining module 802 is used to obtain the payment code including
  • the user information and the device trust identifier of the device are used to uniquely correspond to the device where the transaction occurs
  • the second sending module 803 is used to send the transaction information of this transaction to the payment system, and the transaction information carries : The user information, the device trust identifier, and the payment information.
  • the second obtaining module 802 when used to obtain the user information and the device trust identifier included in the payment code, it includes: sending a resolution request to a decoding center, and the resolution request includes: the payment Code; receiving the user information and device trust identifier returned by the decoding center from the analysis of the payment code.
  • the relevant part can refer to the part of the description of the method embodiment.
  • the device embodiments described above are merely illustrative, where the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in One place, or it can be distributed to multiple network units. Some or all of the modules may be selected according to actual needs to achieve the objectives of at least one embodiment of the specification. Those of ordinary skill in the art can understand and implement without creative work.
  • This specification also provides a computer device, including a memory, a processor, and a computer program stored in the memory and capable of running on the processor.
  • the processor executes the program, the transaction in any embodiment of this specification can be realized.
  • This specification also provides a computer-readable storage medium on which a computer program is stored. When the program is executed by a processor, it can implement the transaction risk identification method of any embodiment of this specification, or implement any embodiment of this specification. Payment processing method.
  • non-transitory computer-readable storage medium may be ROM, random access memory (RAM), CD-ROM, magnetic tape, floppy disk, optical data storage device, etc., which is not limited in this specification.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Emergency Alarm Devices (AREA)

Abstract

L'invention concerne un procédé et un appareil d'identification de risque de transaction. Le procédé consiste à : recevoir les informations d'une transaction actuelle à identifier, les informations de transaction comprenant des informations d'utilisateur et un identifiant de confiance de dispositif correspondant à la transaction actuelle, et l'identifiant de confiance de dispositif correspondant de façon unique à un dispositif dans lequel a lieu la transaction actuelle (101) ; envoyer l'identifiant de confiance de dispositif à un centre de dispositif, puis recevoir un résultat d'interrogation de dispositif correspondant à l'identifiant de confiance de dispositif et renvoyé par le centre de dispositif (102) ; et en fonction du résultat d'interrogation de dispositif, effectuer une identification de risque sur les informations de transaction (103).
PCT/CN2020/111779 2019-11-26 2020-08-27 Procédé et appareil d'identification de risque de transaction WO2021103701A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201911171021.9A CN111080302A (zh) 2019-11-26 2019-11-26 一种交易风险识别方法及装置
CN201911171021.9 2019-11-26

Publications (1)

Publication Number Publication Date
WO2021103701A1 true WO2021103701A1 (fr) 2021-06-03

Family

ID=70311669

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/111779 WO2021103701A1 (fr) 2019-11-26 2020-08-27 Procédé et appareil d'identification de risque de transaction

Country Status (3)

Country Link
CN (1) CN111080302A (fr)
TW (1) TWI807185B (fr)
WO (1) WO2021103701A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111080302A (zh) * 2019-11-26 2020-04-28 支付宝(杭州)信息技术有限公司 一种交易风险识别方法及装置
CN112598513B (zh) * 2020-12-07 2024-04-05 深圳价值在线信息科技股份有限公司 识别股东风险交易行为的方法及装置

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107181714A (zh) * 2016-03-09 2017-09-19 阿里巴巴集团控股有限公司 基于业务码的验证方法和装置、业务码的生成方法和装置
US20180082301A1 (en) * 2016-09-19 2018-03-22 Early Warning Services, Llc Authentication and fraud prevention in provisioning a mobile wallet
CN109118189A (zh) * 2018-06-25 2019-01-01 阿里巴巴集团控股有限公司 一种使用智能设备进行支付的方法和装置
CN109741065A (zh) * 2019-01-28 2019-05-10 广州虎牙信息科技有限公司 一种支付风险识别方法、装置、设备及存储介质
CN109741066A (zh) * 2018-11-30 2019-05-10 广东康美通信息服务有限公司 自动冻结客户账户的方法、电子设备、存储介质及系统
CN109993521A (zh) * 2018-11-09 2019-07-09 阿里巴巴集团控股有限公司 移动支付方法及装置和电子设备
CN111080302A (zh) * 2019-11-26 2020-04-28 支付宝(杭州)信息技术有限公司 一种交易风险识别方法及装置

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10783565B2 (en) * 2014-10-30 2020-09-22 Ebay Inc. Method, manufacture, and system of transferring authenticated sessions and states between electronic devices
CN105844526A (zh) * 2015-01-14 2016-08-10 阿里巴巴集团控股有限公司 基于计算机系统的网络交易风险识别方法及其装置
CN105117905A (zh) * 2015-07-21 2015-12-02 北京邮电大学 基于可见光通信的无线Key支付系统及支付方法
US10366378B1 (en) * 2016-06-30 2019-07-30 Square, Inc. Processing transactions in offline mode
CN109345230B (zh) * 2018-08-02 2021-07-30 创新先进技术有限公司 一种支付二维码的生成方法和装置
CN109102301A (zh) * 2018-08-20 2018-12-28 阿里巴巴集团控股有限公司 一种支付风控方法及系统

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107181714A (zh) * 2016-03-09 2017-09-19 阿里巴巴集团控股有限公司 基于业务码的验证方法和装置、业务码的生成方法和装置
US20180082301A1 (en) * 2016-09-19 2018-03-22 Early Warning Services, Llc Authentication and fraud prevention in provisioning a mobile wallet
CN109118189A (zh) * 2018-06-25 2019-01-01 阿里巴巴集团控股有限公司 一种使用智能设备进行支付的方法和装置
CN109993521A (zh) * 2018-11-09 2019-07-09 阿里巴巴集团控股有限公司 移动支付方法及装置和电子设备
CN109741066A (zh) * 2018-11-30 2019-05-10 广东康美通信息服务有限公司 自动冻结客户账户的方法、电子设备、存储介质及系统
CN109741065A (zh) * 2019-01-28 2019-05-10 广州虎牙信息科技有限公司 一种支付风险识别方法、装置、设备及存储介质
CN111080302A (zh) * 2019-11-26 2020-04-28 支付宝(杭州)信息技术有限公司 一种交易风险识别方法及装置

Also Published As

Publication number Publication date
TWI807185B (zh) 2023-07-01
TW202121290A (zh) 2021-06-01
CN111080302A (zh) 2020-04-28

Similar Documents

Publication Publication Date Title
US11962577B2 (en) Resource transfer setup and verification
US9350739B2 (en) Recovery from rolling security token loss
AU2017215589B2 (en) Electronic payment service processing method and device, and electronic payment method and device
KR102179152B1 (ko) 사회 관계 데이터를 이용한 클라이언트 인증
EP3242455A1 (fr) Procédé et dispositif pour identifier une identité d'utilisateur
US20130054433A1 (en) Multi-Factor Identity Fingerprinting with User Behavior
CN106302308B (zh) 一种信任登录方法和装置
US20130239173A1 (en) Computer program and method for administering secure transactions using secondary authentication
WO2018228036A1 (fr) Procédé et dispositif de vérification, serveur et support d'informations lisible
WO2021103701A1 (fr) Procédé et appareil d'identification de risque de transaction
US20230015258A1 (en) Data verification in a distributed data processing system
US20240143832A1 (en) Methods and systems for leveraging existing user data to verify user credentials
CN107483477B (zh) 账户管理方法及账户管理系统
US20190066012A1 (en) Enterprise customer website
CN117375986A (zh) 一种应用访问方法、装置、服务器
CN109040056B (zh) 一种基于服务器的用户验证方法
CN110610071A (zh) 基于屏幕识别的特权账号管理方法及装置
US20190012669A1 (en) Security System Using Communication Channel-Based Authorization
CN113962700A (zh) 银行业务审核方法及系统
WO2020072745A1 (fr) Systèmes et procédés pour obtenir des informations anonymisées dérivées de données obtenues à partir de fournisseurs de données externes
CN113010365A (zh) 系统运行状态的监控方法、检测方法、装置、电子设备及存储介质
WO2018232667A1 (fr) Procédé et système de paiement en réseau
CN116471328A (zh) 基于多租户的数据处理方法、装置及电子设备
CN116452309A (zh) 账户信息监控方法、系统、电子设备及存储介质
CN113689214A (zh) 企业安全认证证书激活方法、终端及服务器

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20893937

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20893937

Country of ref document: EP

Kind code of ref document: A1