US2011282778A1PendingUtilityA1

Method and apparatus for evaluating fraud risk in an electronic commerce transaction

43
Assignee: WRIGHT WILLIAM APriority: May 30, 2001Filed: Jul 22, 2011Published: Nov 17, 2011
Est. expiryMay 30, 2021(expired)· nominal 20-yr term from priority
G07F 7/08G06Q 20/4016G06Q 40/08G06Q 20/10G06Q 30/0609G06Q 20/04G06Q 20/403G06Q 40/03G06Q 40/00G06Q 20/40
43
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Transaction information is received and applied to multiple fraud risk mathematical models that each produce a respective raw score, which are transformed with respective sigmoidal transform functions to produce optimized likelihood of fraud risk estimates to provide to a merchant. Respective fraud risk estimates are combined using fusion proportions associated with the respective risk estimates, producing a single point risk estimate, which is transformed with a sigmoidal function to produce an optimized single point risk estimate. The sigmoidal functions approximate a relationship between risk estimates produced by fraud risk detection models and a percentage of transactions associated with respective risk estimates; the relationship is represented in terms of real-world distributions of fraudulent and non-fraudulent transaction.

Claims

exact text as granted — not AI-modified
1 . A method comprising:
 generating and storing two or more fraud risk mathematical models;   receiving information about a transaction;   for each fraud risk mathematical model of the two or more fraud risk mathematical models, applying at least the information about the transaction to said each fraud risk mathematical model, said each fraud risk mathematical model producing a corresponding raw score;   transforming the corresponding raw score into a corresponding risk estimate for said each fraud risk mathematical model;   blending the corresponding risk estimate of said each fraud risk mathematical model into a single fraud score for the transaction by determining a plurality of pair-wise fusion proportion values for the two or more fraud risk mathematical models; combining the corresponding risk estimate of said each fraud risk mathematical model according to a ratio specified by the pair-wise fusion proportion values.   
     
     
         2 . The method of  claim 1  wherein one of the two or more fraud risk mathematical models is a statistical model. 
     
     
         3 . The method of  claim 2  wherein the statistical model is any of a non-linear statistical model, a neural network and a basis function network. 
     
     
         4 . The method of  claim 1  wherein one of the two or more fraud risk mathematical models is a heuristic model. 
     
     
         5 . The method of  claim 4  wherein the heuristic model computes a weighted sum of discrete scores generated by tests of any one or more of: product category information; selling frequency information; time of day weight values; risky host weight values; gender bias values; address differential weight values; and a category velocity value. 
     
     
         6 . The method of  claim 1  wherein blending comprises: establishing blending policies respectively for the two or more fraud risk mathematical models that specify a magnitude and allowable direction of influence for each of the models; determining, based on an ideal tradeoff ratio of a merchant, a limit surface for each of the models. 
     
     
         7 . The method of  claim 1  wherein the blending comprises determining a plurality of pair-wise fusion proportion values for the two or more fraud risk mathematical models; combining the corresponding risk estimate of said each fraud risk mathematical model according to the pair-wise fusion proportion values. 
     
     
         8 . The method of  claim 5  wherein the discrete scores are any of Boolean, quantitative, categorical, and probabilistic. 
     
     
         9 . The method of  claim 5  wherein the tests comprise any two or more of:
 a Gibberish city test that detects whether a customer city name value has no vowels, is too short, or has three of the same letter in a row; 
 a Gibberish last name test that detects whether a customer last name value has no vowels, is too short, or has three of the same letter in a row; 
 a Gibberish first name test that detects whether a customer first name value received from a merchant has no vowels or has three of the same letter in a row; 
 a Bad word in email test that detects whether an email address value received from a merchant contains a suspicious string; 
 a Bad word in first name test that detects whether a first name value received from a merchant contains a string marked as high-risk; 
 a Bad word in last name test that detects whether a last name value received from a merchant contains a string marked as high-risk; 
 a Bad word in city test that detects whether a city value received from a merchant contains a string marked as high-risk; 
 a State change(s) found test that detects whether historical orders related to a current request have different state values; 
 a High number of credit cards test that detects whether historical orders related to the current request have many different associated credit card numbers; 
 a Long term penalty test that detects whether a customer is attempting to make too many purchases of a product during a long-term hedge period specified by a merchant for a current order; 
 a Fraud list test that detects whether information identifying a customer is found in an external fraud list; 
 a Name Change(s) Found test that detects whether historical orders related to a current request have different associated customer last name values; 
 an Email/name match test that detects whether a first name value or last name value provided by a customer also appears in an email address value provided by the customer; 
 a Browser type penalty test that detects whether a customer is using a Web browser program that is marked as high-risk; 
 a Browser email/email mismatch test that detects whether an email address that is stored as a configuration variable by a Web browser program does not match an email address that a customer provided in order information; 
 a No electronic products test that detects whether an order contains no electronic or digital products, as opposed to tangible products; 
 a Phone number bad length test that detects whether a telephone number value that a customer provided has a wrong number of digits; 
 an Invalid phone number test that detects whether a telephone number value provided by a customer is invalid; 
 a Suspicious area code test that detects whether a telephone number value provided by a customer includes a high-risk area code value; 
 an Area code/state mismatch test that detects whether an area code within a telephone number value is associated with a state other than a state value provided by a customer; 
 an Area code nonexistent test that detects whether a telephone area code value provided by a customer is not a valid area code or does not exist; 
 a Toll-free phone number test that detects whether a telephone number value provided by a customer is a toll-free telephone number; 
 a U.S. address with foreign domain test that detects whether a top-level domain portion of an email address value provided by the customer is associated with a foreign country and whether a shipping address or billing address value provided by the customer is a U.S. address; 
 a Bill/ship state mismatch test that detects whether a shipping state value provided for an order does not match a state value in a billing address of credit card information provided with the order; 
 a Bill/ship country mismatch test that detects whether a shipping country value provided for an order does not match a country value in a billing address of credit card information provided with the order; 
 an AVS test that determines whether a score value associated with an order should be adjusted based on results of testing order information using an address verification system; 
 a BIN penalty test that determines whether a penalty value should apply because a Bank Identification Number (BIN) received from a customer is marked as high-risk; 
 a Digits/all lower-case in name test that determines whether a customer name value is all in lower case, or contains numeric digit characters; 
 a Sequential digits in phone number test that determines whether a customer telephone number value contains multiple consecutive sequential digits; 
 a Goodguy test that determines whether matching customer information is found in a list of good customers; 
 an Unable to verify address that determines whether a customer address is unverifiable; 
 a City/state/zip mismatch test that determines whether city, state, and ZIP code values provided by a customer are not associated with one another based on data available from a Postal Service; 
 an Internet Protocol (IP) address/hostname mismatch test that determines whether a resolved IP address associated with a customer does not match a hostname portion of an email address provided by the customer; 
 a No hostname test that determines whether a customer IP address value received as part of the transaction information does not resolve, using the Domain Name System (DNS) of the Internet, into a valid hostname value; 
 an Email in originating domain test that detects whether an email address value provided by a customer is in the same domain as a resolved domain name of the customer; 
 an AOL user from non-AOL host value detects whether a customer email address value purports that a customer is an America Online user and whether the customer is communicating with the merchant from a host other than an AOL host; 
 an ISP state mismatch test that detects whether a state value that is provided by an Internet Service Provider as part of a resolved domain name does not match a state value provided by a customer; 
 a Netcom oldstyle host test that detects whether a customer is using a shell account of a Netcom Internet Service Provider that can be used to hide a true identity of the customer; 
 a Bill country/email mismatch test that detects whether a country value provided by a customer in its billing address information does not match a country value of an email address provided by the customer; 
 a Bill country/IP host mismatch test that detects whether a country value provided by a customer in billing address information does not match a country in which a host indicated by an IP address of the customer is located; 
 an Email/IP host country mismatch test that detects whether a country value in an email address of a customer does not match a resolved domain name country; 
 a Whereis check negative test that detects whether a country associated with an IP address of a customer, according to the whereis database of Network Solutions, Inc., does not match a country value of address information of the customer; 
 a Time Risk test that determines a riskiness of a time of day for the transaction. 
 a Host Risk test that determines a riskiness of the Internet source location from which the transaction originates, based on either an email address or Internet domain ip_address. 
 a Gender Mismatch Risk test that determines whether a customer gender violates normative expectations in relation to a product specified by the transaction; or 
 a Gift test that determines whether a mismatch between a billing address and a shipping address is risky or not. 
 
     
     
         10 . A computer-readable medium encoded with one or more sequences of instructions which when executed by one or more processors cause performing:
 generating and storing two or more fraud risk mathematical models;   receiving information about a transaction;   for each fraud risk mathematical model of the two or more fraud risk mathematical models, applying at least the information about the transaction to said each fraud risk mathematical model, said each fraud risk mathematical model producing a corresponding raw score;   transforming the corresponding raw score into a corresponding risk estimate for said each fraud risk mathematical model;   blending the corresponding risk estimate of said each fraud risk mathematical model into a single fraud score for the transaction by determining a plurality of pair-wise fusion proportion values for the two or more fraud risk mathematical models; combining the corresponding risk estimate of said each fraud risk mathematical model according to a ratio specified by the pair-wise fusion proportion values.   
     
     
         11 . The computer-readable medium of  claim 10  wherein one of the two or more fraud risk mathematical models is a statistical model. 
     
     
         12 . The computer-readable medium of  claim 11  wherein the statistical model is any of a non-linear statistical model, a neural network and a basis function network. 
     
     
         13 . The computer-readable medium of  claim 10  wherein one of the two or more fraud risk mathematical models is a heuristic model. 
     
     
         14 . The computer-readable medium of  claim 13  wherein the heuristic model computes a weighted sum of discrete scores generated by tests of any one or more of: product category information; selling frequency information; time of day weight values; risky host weight values; gender bias values; address differential weight values; and a category velocity value. 
     
     
         15 . The computer-readable medium of  claim 10  further comprising one or more sequences of instructions which when executed cause establishing blending policies respectively for the two or more fraud risk mathematical models that specify a magnitude and allowable direction of influence for each of the models; determining, based on an ideal tradeoff ratio of a merchant, a limit surface for each of the models. 
     
     
         16 . The computer-readable medium of  claim 10  further comprising one or more sequences of instructions which when executed cause determining a plurality of pair-wise fusion proportion values for the two or more fraud risk mathematical models; combining the corresponding risk estimate of said each fraud risk mathematical model according to the pair-wise fusion proportion values. 
     
     
         17 . The computer-readable medium of  claim 10  wherein the discrete scores are any of Boolean, quantitative, categorical, and probabilistic. 
     
     
         18 . The computer-readable medium of  claim 14  wherein the tests comprise any two or more of:
 a Gibberish city test that detects whether a customer city name value has no vowels, is too short, or has three of the same letter in a row; 
 a Gibberish last name test that detects whether a customer last name value has no vowels, is too short, or has three of the same letter in a row; 
 a Gibberish first name test that detects whether a customer first name value received from a merchant has no vowels or has three of the same letter in a row; 
 a Bad word in email test that detects whether an email address value received from a merchant contains a suspicious string; 
 a Bad word in first name test that detects whether a first name value received from a merchant contains a string marked as high-risk; 
 a Bad word in last name test that detects whether a last name value received from a merchant contains a string marked as high-risk; 
 a Bad word in city test that detects whether a city value received from a merchant contains a string marked as high-risk; 
 a State change(s) found test that detects whether historical orders related to a current request have different state values; 
 a High number of credit cards test that detects whether historical orders related to the current request have many different associated credit card numbers; 
 a Long term penalty test that detects whether a customer is attempting to make too many purchases of a product during a long-term hedge period specified by a merchant for a current order; 
 a Fraud list test that detects whether information identifying a customer is found in an external fraud list; 
 a Name Change(s) Found test that detects whether historical orders related to a current request have different associated customer last name values; 
 an Email/name match test that detects whether a first name value or last name value provided by a customer also appears in an email address value provided by the customer; 
 a Browser type penalty test that detects whether a customer is using a Web browser program that is marked as high-risk; 
 a Browser email/email mismatch test that detects whether an email address that is stored as a configuration variable by a Web browser program does not match an email address that a customer provided in order information; 
 a No electronic products test that detects whether an order contains no electronic or digital products, as opposed to tangible products; 
 a Phone number bad length test that detects whether a telephone number value that a customer provided has a wrong number of digits; 
 an Invalid phone number test that detects whether a telephone number value provided by a customer is invalid; 
 a Suspicious area code test that detects whether a telephone number value provided by a customer includes a high-risk area code value; 
 an Area code/state mismatch test that detects whether an area code within a telephone number value is associated with a state other than a state value provided by a customer; 
 an Area code nonexistent test that detects whether a telephone area code value provided by a customer is not a valid area code or does not exist; 
 a Toll-free phone number test that detects whether a telephone number value provided by a customer is a toll-free telephone number; 
 a U.S. address with foreign domain test that detects whether a top-level domain portion of an email address value provided by the customer is associated with a foreign country and whether a shipping address or billing address value provided by the customer is a U.S. address; 
 a Bill/ship state mismatch test that detects whether a shipping state value provided for an order does not match a state value in a billing address of credit card information provided with the order; 
 a Bill/ship country mismatch test that detects whether a shipping country value provided for an order does not match a country value in a billing address of credit card information provided with the order; 
 an AVS test that determines whether a score value associated with an order should be adjusted based on results of testing order information using an address verification system; 
 a BIN penalty test that determines whether a penalty value should apply because a Bank Identification Number (BIN) received from a customer is marked as high-risk; 
 a Digits/all lower-case in name test that determines whether a customer name value is all in lower case, or contains numeric digit characters; 
 a Sequential digits in phone number test that determines whether a customer telephone number value contains multiple consecutive sequential digits; 
 a Goodguy test that determines whether matching customer information is found in a list of good customers; 
 an Unable to verify address that determines whether a customer address is unverifiable; 
 a City/state/zip mismatch test that determines whether city, state, and ZIP code values provided by a customer are not associated with one another based on data available from a Postal Service; 
 an Internet Protocol (IP) address/hostname mismatch test that determines whether a resolved IP address associated with a customer does not match a hostname portion of an email address provided by the customer; 
 a No hostname test that determines whether a customer IP address value received as part of the transaction information does not resolve, using the Domain Name System (DNS) of the Internet, into a valid hostname value; 
 an Email in originating domain test that detects whether an email address value provided by a customer is in the same domain as a resolved domain name of the customer; 
 an AOL user from non-AOL host value detects whether a customer email address value purports that a customer is an America Online user and whether the customer is communicating with the merchant from a host other than an AOL host; 
 an ISP state mismatch test that detects whether a state value that is provided by an Internet Service Provider as part of a resolved domain name does not match a state value provided by a customer; 
 a Netcom oldstyle host test that detects whether a customer is using a shell account of a Netcom Internet Service Provider that can be used to hide a true identity of the customer; 
 a Bill country/email mismatch test that detects whether a country value provided by a customer in its billing address information does not match a country value of an email address provided by the customer; 
 a Bill country/IP host mismatch test that detects whether a country value provided by a customer in billing address information does not match a country in which a host indicated by an IP address of the customer is located; 
 an Email/IP host country mismatch test that detects whether a country value in an email address of a customer does not match a resolved domain name country; 
 a Whereis check negative test that detects whether a country associated with an IP address of a customer, according to the whereis database of Network Solutions, Inc., does not match a country value of address information of the customer; 
 a Time Risk test that determines a riskiness of a time of day for the transaction. 
 a Host Risk test that determines a riskiness of the Internet source location from which the transaction originates, based on either an email address or Internet domain ip_address. 
 a Gender Mismatch Risk test that determines whether a customer gender violates normative expectations in relation to a product specified by the transaction; or 
 a Gift test that determines whether a mismatch between a billing address and a shipping address is risky or not.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.