System and method for identifying compromised accounts

Abstract

Using common points-of-purchase revealed by back trace windows, a merchant risk system provides suspect merchants to a financial institution (such as a card issuer), identifying merchants who may have had account data (such as credit card numbers) compromised. In one embodiment, merchants are ranked based on spikes in fraudulent transactions on cards used at those merchants. Merchants may also be identified based on merchant risk scores that are calculated using data from the back trace windows.

Description

CROSS-REFERENCES TO RELATED APPLICATIONS[0001]This application claims the benefit of U.S. Patent Application No. 62 / 174,432 filed Jun. 11, 2015 and titled “System and Method for Identifying Compromised Accounts,” the entire disclosure of which is hereby incorporated by reference herein for all purposes.BACKGROUND OF THE INVENTION[0002]Fraudulent credit card and other financial transactions often result from breached or compromised systems that store account data. As an example, fraudsters may “hack” into a retailer / merchant system and steal credit card information of the merchant's customers, and then subsequently use that credit card information to conduct fraudulent transactions.[0003]Much of the fraudulent activity that is conducted today involves at least two persons or entities, namely, a first entity that unlawfully accesses and steals the account data, and then a second entity that purchases the stolen account data and attempts to conduct a transaction using the data.[0004]En...

AI Technical Summary

Benefits of technology

The invention is a system for identifying accounts that have been compromised at a common point-of-purchase merchant. The system receives transaction data from multiple financial institutions and standardizes it. then, it identifies fraudulent transactions and evaluates them for connection fraud. The system also determines a merchant risk based on the fraudulent transactions. The merchant risk includes data identifying the merchant where the at-risk accounts were used to conduct a transaction prior to the identified fraudulent transactions and data relating to fraudulent transactions against accounts at financial institutions other than the at-risk accounts. This system helps to better protect against compromised accounts and fraudulent transactions.

Problems solved by technology

Fraudulent credit card and other financial transactions often result from breached or compromised systems that store account data.

As an example, fraudsters may “hack” into a retailer / merchant system and steal credit card information of the merchant's customers, and then subsequently use that credit card information to conduct fraudulent transactions.

Where systems are hacked or skimmers are used, the activity may occur over a substantial period of time and result in continuously capturing new card data as it is collected at the compromised system, thereby enabling the fraudster to sometimes accumulate vast amounts of data before being detected.

Because the fraudulent acquisition of data, such as by the use of malicious software, may occur over a period of time (say weeks or even months), it may be difficult for card issuers to identify when and where a breach or compromise occurred (and which card accounts may have been impacted).

However, identifying a common point-of-purchase can be difficult, especially when fraudulent transactions are conducted against the compromised accounts in patterns that are difficult to analyze.

For example, an entity that has hacked into a retailer system and acquired account data relating to large numbers of accounts across many financial institutions, may “package” the stolen data for subsequent use in ways that make detection difficult.

With perhaps only portions of the stolen data being used when fraudulent transactions are first detected, back tracing transactions to find a common point-of-purchase can be difficult, leading to extensive losses by financial institutions until the likely location and time of breach has been identified.

If there has been a suspected breach, it may be difficult to know which of the two merchants has given rise to the suspected breached.

Further, once a potential breach has been identified, large numbers of accounts or credit cards may be potentially implicated and a financial institution may be forced into monitoring all those accounts, even those accounts at lower risk for fraudulent transactions.

This can make it difficult for a financial institution to properly address a potential breach of data pertaining to its accounts, and can lead to needless expense in trying to contain the risk.

Images