System and method of fraud and misuse detection using event logs
Abstract
A system and method are provided for detecting fraud and/or misuse of data in a computer environment through generating a rule for monitoring at least one of transactions and activities that are associated with the data. The rule can be generated based on one or more criteria related to the at least one of the transactions and the activities that is indicative of fraud or misuse of the data. The rule can be applied to the at least one of the transactions and the activities to determine if an event has occurred, where the event occurs if the at least one criteria has been met. A hit is stored if the event has occurred and a notification can be provided if the event has occurred. A compilation of hits related to the rule can be provided.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A method of detecting fraud or misuse of organization data in a computer environment, the method comprising:
generating a rule for monitoring at least one of transactions or activities that are associated with the organization data, the rule comprising at least one criterion related to the at least one of the transactions or the activities that is indicative of fraud or misuse of the organization data by an authorized user; applying the rule to the at least one of the transactions or the activities to determine if an event has occurred, the event occurring if the at least one criterion has been met; storing, in a memory, a hit if the event has occurred; and providing notification if the event has occurred.
2 . The method of claim 1 , further comprising scheduling application of the rule to the at least one of the transactions and the activities.
3 . The method of claim 1 , further comprising: determining if the rule is to be applied to the at least one of the transactions and the activities in real time; and scheduling the application of the rule to the at least one of the transactions and the activities if the rule is not to be applied in real time.
4 . The method of claim 1 , further comprising designating a recipient of the notification and generating a message to be sent with the notification.
5 . The method of claim 1 , further comprising choosing the at least one criteria for the rule based at least in part on at least one of a time parameter, a volume parameter and a user parameter.
6 . The method of claim 1 , further comprising applying the rule to the at least one of the transactions and the activities associated with the data from a plurality of databases.
7 . The method of claim 1 , further comprising choosing the at least one criteria for the rule based at least in part on a time parameter and a volume parameter.
8 . The method of claim 1 , further comprising providing a rule management page for selection of the at least one criteria and generating the rule based at least in part on the at least one criteria selected.
9 . The method of claim 8 , further comprising: providing a rule scheduling page for selection of a schedule for application of the rule to the at least one of the transactions and the activities; and applying the rule to the at least one of the transactions and the activities according to the schedule to determine if the event has occurred.
10 . The method of claim 1 , further comprising scheduling the application of the rule in real time.
11 . The method of claim 1 , further comprising designating an electronic mail address for receipt of the notification.
12 . A system for detecting fraud or misuse of organization data in an organization system computer environment, the system comprising:
a user interface for selection of at least one criterion related to at least one of transactions or activities associated with the organization data that is indicative of fraud or misuse of the data by an authorized user in the organization system and for selection of a schedule for application of a rule for monitoring the at least one of the transactions or the activities; and a microprocessor in communication with the user interface and having access to the transactions or the activities of the data, the microprocessor generating the rule based at least in part on the at least one criterion selected and applying the rule to the at least one of the transactions or the activities according to the schedule selected in order to determine if an event has occurred; wherein the event occurs if the at least one criterion has been met; wherein the microprocessor stores a hit if the event has occurred; and wherein the microprocessor provides notification if the event has occurred.
13 . The system of claim 12 , wherein the microprocessor determines if the rule is to be applied to the at least one of the transactions and the activities in real time.
14 . The system of claim 12 , wherein the microprocessor generates a message to be sent with the notification.
15 . The system of claim 12 , wherein the microprocessor generates the rule based at least in part on at least one of a time parameter, a volume parameter and a user parameter.
16 . The system of claim 12 , wherein the microprocessor applies the rule to the at least one of the transactions and the activities associated with the data from a plurality of databases.
17 . A non-transitory computer-readable medium with computer-executable instructions embodied thereon for performing a method of detecting fraud or misuse of organization data in an organization system computing environment, the method comprising:
providing a selection of a criterion related to at least one of transactions or activities associated with the organization data, wherein the criterion is indicative of fraud or misuse of the organization data by an authorized user of the organization system computing environment and the authorized user has authorized access to the organization data; generating a rule based at least in part on the criterion for monitoring the at least one of the transactions or the activities; providing a selection for a schedule for application of the rule to the at least one of the transactions or the activities; applying the rule according to the schedule selected to the at least one of the transactions or the activities to determine if an even has occurred, the event occurring if the criterion has been met; storing a hit if the event has occurred; and providing notification if the event has occurred.
18 . The non-transitory computer-readable medium of claim 17 , wherein the generating the rule further comprises generating the rule based at least in part on at least one of a time parameter, a volume parameter, and a user parameter.
19 . The non-transitory computer-readable medium of claim 17 , wherein the providing a selection of the criterion further comprises providing a criterion that is indicative of improper access by an employee that is the authorized user.
20 . The non-transitory computer-readable medium of claim 17 , wherein the providing the criterion is indicative of fraudulent claims filed by the authorized user of the organization system computing environment with authorized access to the organization data.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.