Methods, systems, and computer program products for fraud detection
By analyzing continuous transaction data associated with account identifiers and identifying differences in transaction parameters, the problem of insufficient fraud detection in cross-regional transactions is solved. Real-time parallel processing of transactions inside and outside the network is achieved, improving the coverage and timeliness of fraud detection.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- VISA INTERNATIONAL SERVICE ASSOCIATION
- Filing Date
- 2021-02-02
- Publication Date
- 2026-06-26
AI Technical Summary
The lack of comprehensive understanding between existing transaction service provider systems or payment networks across different regions, countries, and continents makes it impossible for fraud detection rules and systems to effectively analyze cross-regional transactions and to identify and respond to fraudulent transactions in a timely manner.
By receiving and analyzing transaction data from multiple consecutive transactions associated with the same account identifier, the differences in transaction parameters are determined to identify fraudulent transactions. This includes real-time feeding and parallel processing of transaction data both within and outside the network, enabling cross-regional analysis of fraud patterns.
It enables real-time fraud detection for cross-regional transactions, mitigating fraud risks, and publishes fraud detection rules in new regions, improving the coverage and timeliness of fraud detection.
Smart Images

Figure CN115136173B_ABST
Abstract
Description
[0001] Cross-references to related applications
[0002] This application claims priority to U.S. Application No. 16 / 781,034, filed February 4, 2020, the entire contents of which are incorporated herein by reference. Technical Field
[0003] This disclosure relates in general to methods, systems, apparatuses, products, and equipment for fraud detection, and in some embodiments or aspects to methods, systems, and products for fraud detection using a combination of in-network and out-of-network transactions. Background Technology
[0004] Customized fraud rules are used to identify legitimate transactions from fraudulent ones. Decision criteria can be embedded in the fraud rules to take further action relative to transactions identified as fraudulent. The effectiveness or power of the customized rules can be tested against actual transaction data. The issuing system can be notified of accounts involved in potential fraudulent transactions, as well as various characteristics of payment cards that may have been misused (e.g., PIN, CVV, cardholder's personal information, etc.), and the issuing system can take further action based on this.
[0005] The issuing system can register its Bank Identification Number (BIN) and / or account range with the transaction service provider system or payment network to create and enforce fraud rules based on transaction patterns associated with the issuing system. The transaction service provider system or payment network can receive transactions that include an account identifier, which includes the BIN (and / or is included in the account range), and take actions based on fraud rules (e.g., approve the transaction, reject the transaction, generate an alert, etc.). The issuing system can then view the transactions and mark them as fraudulent or legitimate.
[0006] However, transaction service provider systems or payment networks may not exist as payment processing providers in certain geographic locations, which could lead to third-party providers processing transactions on their behalf in those locations. For example, a transaction service provider system or payment network may not have a comprehensive understanding of fraud occurring across different regions, countries, and / or continents, and fraud detection rules / systems may be region-specific and payment network-specific. As an example, many countries or organizations cannot afford certain transaction service provider systems, and issuer systems may lack visibility into current trends in fraudulent transactions because fraudulent transactions may not be identified for those occurring outside the transaction service provider system or payment network and processed by third-party providers. Therefore, unless fraud occurs within the transaction service provider system or payment network in a specific region, fraud detection rules / systems cannot analyze transactions and take appropriate action. Summary of the Invention
[0007] Therefore, improved methods, systems, apparatuses, products and / or devices for fraud detection are provided.
[0008] According to some non-limiting embodiments or aspects, a computer-implemented method is provided, comprising: receiving transaction data associated with a plurality of transactions using at least one processor; determining, based on the transaction data, that two or more consecutive transactions associated with the same account identifier include the same value of at least one transaction parameter; in response to determining that each of the two or more consecutive transactions associated with the same account identifier includes the same value of at least one transaction parameter, determining, based on the at least one processor, a difference between the value of at least one transaction parameter associated with a first transaction among the two or more consecutive transactions and the value of at least one transaction parameter associated with a second transaction among the two or more consecutive transactions; and determining, based on the difference, that the two or more consecutive transactions are fraudulent transactions using at least one processor.
[0009] According to some non-limiting embodiments or aspects, a computing system is provided, comprising: one or more processors programmed and / or configured to: receive transaction data associated with a plurality of transactions; determine, based on the transaction data, that two or more consecutive transactions associated with the same account identifier include the value of the same at least one transaction parameter; in response to determining that each of the two or more consecutive transactions associated with the same account identifier includes the value of the same at least one transaction parameter, determine a difference between the value of at least one transaction parameter associated with a first transaction of the two or more consecutive transactions and the value of at least one transaction parameter associated with a second transaction of the two or more consecutive transactions; and determine, based on the difference, that the two or more consecutive transactions are fraudulent transactions.
[0010] According to some non-limiting embodiments or aspects, a computer program product is provided, comprising at least one non-transient computer-readable medium including program instructions that, when executed by at least one processor, cause at least one processor to: receive transaction data associated with a plurality of transactions; determine, based on the transaction data, that two or more consecutive transactions associated with the same account identifier include the value of the same at least one transaction parameter; in response to determining that each of the two or more consecutive transactions associated with the same account identifier includes the value of the same at least one transaction parameter, determine a difference between the value of the at least one transaction parameter associated with a first transaction of the two or more consecutive transactions and the value of the at least one transaction parameter associated with a second transaction of the two or more consecutive transactions; and determine, based on the difference, that the two or more consecutive transactions are fraudulent transactions.
[0011] In some non-limiting embodiments or aspects, the transaction data includes intra-network transaction data associated with at least one intra-network transaction processed in the transaction processing network, and extra-network transaction data associated with at least one extra-network transaction processed outside the transaction processing network.
[0012] In some non-limiting embodiments or aspects, intra-network transaction data is received from a transaction service provider system within the transaction processing network, and extra-network transaction data is received from at least one of a merchant system and an issuer system outside the transaction processing network.
[0013] In some non-restrictive embodiments or aspects, the first transaction includes at least one out-of-network transaction, and the second transaction includes at least one in-network transaction.
[0014] In some non-restrictive implementations or aspects, in response to determining that off-network and on-network transactions are fraudulent, authorization for on-network transactions processed in the transaction processing network is denied.
[0015] In some non-restrictive implementations or aspects, in response to determining that off-network and on-network transactions are fraudulent transactions, a notification is provided to the issuer system associated with the off-network transaction, wherein the notification includes an indication that the off-network transaction is a fraudulent transaction.
[0016] In some non-restrictive implementations or aspects, at least one transaction parameter includes at least one of the following: geographic location, merchant category code (MCC), transaction time, transaction amount, or any combination thereof.
[0017] Other implementation schemes or aspects are described in the following numbered clauses:
[0018] Clause 1. A computer-implemented method comprising: receiving transaction data associated with a plurality of transactions using at least one processor; determining, based on the transaction data, that two or more consecutive transactions associated with the same account identifier include the same value of at least one transaction parameter; in response to determining that each of the two or more consecutive transactions associated with the same account identifier includes the same value of at least one transaction parameter, determining, based on the at least one processor, a difference between the value of at least one transaction parameter associated with a first transaction among the two or more consecutive transactions and the value of at least one transaction parameter associated with a second transaction among the two or more consecutive transactions; and determining, based on the difference, that the two or more consecutive transactions are fraudulent transactions using at least one processor.
[0019] Clause 2. The computer-implemented method as described in Clause 1, wherein the transaction data includes intra-network transaction data associated with at least one intra-network transaction processed in the transaction processing network, and extra-network transaction data associated with at least one extra-network transaction processed outside the transaction processing network.
[0020] Clause 3. A computer-implemented method as described in Clause 1 or 2, wherein in-network transaction data is received from a transaction service provider system within the transaction processing network, and wherein out-of-network transaction data is received from at least one of a merchant system and an issuer system outside the transaction processing network.
[0021] Clause 4. The computer-implemented method as described in any one of Clauses 1-3, wherein the first transaction includes at least one out-of-network transaction, and wherein the second transaction includes at least one in-network transaction.
[0022] Clause 5. The computer-implemented method as described in any one of Clauses 1-4 further comprises: in response to determining that an out-of-network transaction and an in-network transaction are fraudulent transactions, using at least one processor to refuse authorization for an in-network transaction processed in the transaction processing network.
[0023] Clause 6. The computer-implemented method as described in any one of Clauses 1-5 further comprises: in response to determining that an off-network transaction and an on-network transaction are fraudulent transactions, providing a notification to an issuer system associated with the off-network transaction using at least one processor, wherein the notification includes an indication that the off-network transaction is a fraudulent transaction.
[0024] Clause 7. A computer-implemented method as described in any one of Clauses 1-6, wherein at least one transaction parameter includes at least one of the following: geographic location, Merchant Category Code (MCC), transaction time, transaction amount, or any combination thereof.
[0025] Clause 8. A computing system comprising: one or more processors programmed and / or configured to: receive transaction data associated with a plurality of transactions; determine, based on the transaction data, that two or more consecutive transactions associated with the same account identifier include the value of the same at least one transaction parameter; in response to determining that each of the two or more consecutive transactions associated with the same account identifier includes the value of the same at least one transaction parameter, determine a difference between the value of at least one transaction parameter associated with a first transaction of the two or more consecutive transactions and the value of at least one transaction parameter associated with a second transaction of the two or more consecutive transactions; and determine, based on the difference, that the two or more consecutive transactions are fraudulent transactions.
[0026] Clause 9. The computing system as described in Clause 8, wherein the transaction data includes intra-network transaction data associated with at least one intra-network transaction processed in the transaction processing network, and extra-network transaction data associated with at least one extra-network transaction processed outside the transaction processing network.
[0027] Clause 10. The computing system as described in Clause 8 or 9, wherein in-network transaction data is received from a transaction service provider system within the transaction processing network, and wherein out-of-network transaction data is received from at least one of a merchant system and an issuer system outside the transaction processing network.
[0028] Clause 11. The computing system as described in any one of Clauses 8-10, wherein the first transaction includes at least one out-of-network transaction, and wherein the second transaction includes at least one in-network transaction.
[0029] Clause 12. A computing system as described in any one of Clauses 8-11, wherein one or more processors are further programmed and / or configured to: in response to determining that an out-of-network transaction and an in-network transaction are fraudulent transactions, deny authorization for in-network transactions to be processed in the transaction processing network.
[0030] Clause 13. A computing system as described in any one of Clauses 8-12, wherein one or more processors are further programmed and / or configured to: in response to determining that an off-network transaction and an on-network transaction are fraudulent transactions, provide a notification to the issuing system associated with the off-network transaction, wherein the notification includes an indication that the off-network transaction is a fraudulent transaction.
[0031] Clause 14. The calculation system as described in any one of Clauses 8-13, wherein at least one transaction parameter includes at least one of the following: geographic location, Merchant Category Code (MCC), transaction time, transaction amount, or any combination thereof.
[0032] Clause 15. A computer program product comprising at least one non-transitory computer-readable medium including program instructions that, when executed by at least one processor, cause at least one processor to: receive transaction data associated with a plurality of transactions; determine, based on the transaction data, that two or more consecutive transactions associated with the same account identifier include the value of the same at least one transaction parameter; in response to determining that each of the two or more consecutive transactions associated with the same account identifier includes the value of the same at least one transaction parameter, determine a difference between the value of the at least one transaction parameter associated with a first transaction of the two or more consecutive transactions and the value of the at least one transaction parameter associated with a second transaction of the two or more consecutive transactions; and determine, based on the difference, that the two or more consecutive transactions are fraudulent transactions.
[0033] Clause 16. The computer program product as described in Clause 15, wherein the transaction data includes intra-network transaction data associated with at least one intra-network transaction processed in the transaction processing network, and extra-network transaction data associated with at least one extra-network transaction processed outside the transaction processing network.
[0034] Clause 17. A computer program product as described in Clause 15 or 16, wherein in-network transaction data is received from a transaction service provider system within the transaction processing network, and wherein out-of-network transaction data is received from at least one of a merchant system and an issuer system outside the transaction processing network.
[0035] Clause 18. The computer program product as described in any one of Clauses 15-17, wherein the first transaction includes at least one out-of-network transaction, and wherein the second transaction includes at least one in-network transaction.
[0036] Clause 19. The computer program product of any one of Clauses 15-18, wherein the instructions further cause at least one processor to: in response to determining that an out-of-network transaction and an in-network transaction are fraudulent transactions, deny authorization for an in-network transaction to be processed in the transaction processing network.
[0037] Clause 20. The computer program product of any one of Clauses 15-19, wherein the instructions further cause at least one processor to: in response to determining that an off-network transaction and an on-network transaction are fraudulent transactions, provide a notification to the issuing system associated with the off-network transaction using at least one processor, wherein the notification includes an indication that the off-network transaction is a fraudulent transaction.
[0038] These and other features and characteristics of this disclosure, as well as the operational methods and manufacturing economies of combinations of related structural elements and parts, will become more apparent when considered in conjunction with the accompanying drawings, all of which form part of this specification, wherein similar reference numerals in the drawings denote corresponding parts. However, it should be clearly understood that the drawings are for illustrative and descriptive purposes only and are not intended to be construed as definitions of limitation. Unless the context clearly requires otherwise, the singular forms “a” and “referred to” as used in this specification and claims include plural indicators. Attached Figure Description
[0039] Additional advantages and details are explained in more detail below with reference to exemplary embodiments or aspects shown in the illustrative accompanying drawings, in which:
[0040] Figure 1 A diagram is a non-limiting embodiment or aspect of the environment in which the systems, apparatuses, products, devices and / or methods described herein may be implemented;
[0041] Figure 2 yes Figure 1 A diagram of a non-limiting embodiment or aspect of one or more devices and / or components of one or more systems;
[0042] Figure 3 This is a flowchart of a non-limiting implementation scheme or aspect of the process for detecting merchant anomalies in a coordinated manner; and
[0043] Figures 4A-4G This is a diagram illustrating a non-limiting implementation of an embodiment or aspect of the process disclosed herein. Detailed Implementation
[0044] It should be understood that, except as expressly specified otherwise, this disclosure may take various alternative variations and sequences of steps. It should also be understood that the specific apparatus and processes shown in the accompanying drawings and described in the following specification are merely exemplary and non-limiting embodiments or aspects. Therefore, specific dimensions and other physical characteristics relating to the embodiments or aspects disclosed herein should not be considered as limitations.
[0045] The terms "aspects," "components," "elements," "elements," "structures," "actions," "steps," "functions," and "instructions" used herein should not be construed as critical or essential unless explicitly stated otherwise. Furthermore, as used herein, the articles "a" and "an" are intended to include one or more items and are interchangeable with "one or more" and "at least one." Additionally, as used herein, the term "group" is intended to include one or more items (e.g., related items, unrelated items, combinations of related and unrelated items, etc.) and is interchangeable with "one or more" or "at least one." Where only one item is desired, the term "a" or similar language is used. Also, as used herein, the terms "having" and similar expressions are intended to be open-ended terms. Furthermore, unless explicitly stated otherwise, the expression "based on" is intended to mean "at least partially based on."
[0046] As used herein, the terms "communication" and "communicate" refer to receiving or transmitting one or more signals, messages, commands, or other types of data. For a unit (e.g., any device, system, or component thereof) to communicate with another unit, it means that the unit is able to receive data directly or indirectly from and / or send data to the other unit. This can refer to a direct or indirect connection that is inherently wired and / or wireless. Furthermore, although the transmitted data may be modified, processed, relayed, and / or routed between the first and second units, the first and second units may also communicate with each other. For example, the first unit may communicate with the second unit even though it passively receives data and does not actively send data to the second unit. As another example, the first unit may communicate with the second unit if an intermediate unit processes data from one unit and sends the processed data to the second unit. It should be understood that many other arrangements are possible.
[0047] Clearly, the systems and / or methods described herein can be implemented in various forms of hardware, software, or combinations of hardware and software. The actual dedicated control hardware or software code used to implement these systems and / or methods does not limit the implementation. Therefore, while the operation and behavior of the systems and / or methods are described herein without reference to specific software code, it should be understood that software and hardware can be designed to implement the systems and / or methods based on the description herein.
[0048] This document describes some non-limiting implementations or aspects in conjunction with thresholds. As used herein, satisfying a threshold can refer to a value that is greater than, more than, higher than, greater than or equal to, less than, less than, lower than, less than or equal to, or equal to a threshold.
[0049] As used herein, the term "transaction service provider" can refer to an entity that receives transaction authorization requests from merchants or other entities and, in some cases, provides payment guarantees through an agreement between the transaction service provider and the issuing entity. The terms "transaction service provider" and "transaction service provider system" can also refer to one or more computer systems operated by or on behalf of the transaction service provider, such as transaction processing systems executing one or more software applications. Transaction processing systems may include server computers with one or more processors and, in some non-limiting embodiments or aspects, may be operated by or on behalf of the transaction service provider.
[0050] As used herein, the term "account identifier" may include one or more master accounts (PANs), tokens, or other identifiers (e.g., globally unique identifiers (GUIDs), universally unique identifiers (UUIDs), etc.) associated with a user's (e.g., a customer, consumer, etc.) customer account. The term "token" may refer to an identifier used as a substitute or replacement identifier for an original account identifier such as a PAN. Account identifiers may be alphanumeric or any combination of characters and / or symbols. Tokens may be associated with a PAN or other original account identifiers in one or more databases, enabling transactions to be conducted using the token without directly using the original account identifier. In some instances, an original account identifier such as a PAN may be associated with multiple tokens for different individuals or purposes.
[0051] As used herein, the terms “issuer institution,” “portable financial device issuer,” “issuer,” or “issuer bank” can refer to one or more entities that provide one or more accounts to users (e.g., customers, consumers, organizations, etc.) for transactions (e.g., payment transactions), such as initiating credit card payment transactions and / or debit card payment transactions. For example, an issuer institution may provide users with an account identifier such as a PAN that uniquely identifies one or more accounts associated with that user. The account identifier may be embodied in a portable financial device such as a physical financial instrument (e.g., a payment card) and / or may be electronic and used for electronic payments. In some non-limiting embodiments or aspects, an issuer institution may be associated with a Bank Identification Number (BIN) that uniquely identifies the issuer institution. As used herein, “issuer institution system” can refer to one or more computer systems operated by or on behalf of an issuer institution, such as a server computer executing one or more software applications. For example, an issuer institution system may include one or more authorization servers for authorizing payment transactions.
[0052] As used herein, the term "merchant" can refer to an individual or entity that provides products and / or services or the right to use products and / or services to a customer based on a transaction such as a payment transaction. The terms "merchant" or "merchant system" can also refer to one or more computer systems operated by or on behalf of a merchant, such as a server computer executing one or more software applications. As used herein, a "point-of-sale (POS) system" can refer to one or more computers and / or peripheral devices used by a merchant to conduct payment transactions with customers, including one or more card readers, near-field communication (NFC) receivers, RFID receivers and / or other contactless transceivers or receivers, contact-based receivers, payment terminals, computers, servers, input devices and / or other similar devices that can be used to initiate payment transactions.
[0053] As used herein, the term "mobile device" can refer to one or more portable electronic devices configured to communicate with one or more networks. As examples, a mobile device may include a cellular phone (e.g., a smartphone or standard cellular phone), a portable computer (e.g., a tablet computer, laptop computer, etc.), a wearable device (e.g., a watch, glasses, lenses, clothing, etc.), a personal digital assistant (PDA), and / or other similar devices. As used herein, the terms "client device" and "user device" refer to any electronic device configured to communicate with one or more servers or remote devices and / or systems. A client device or user device may include a mobile device, a network-enabled device (e.g., a network-enabled television, refrigerator, thermostat, etc.), a computer, a POS system, and / or any other device or system capable of communicating with a network.
[0054] As used herein, the term "computing device" or "computer apparatus" can refer to one or more electronic devices configured to communicate directly or indirectly with or on one or more networks. A computing device can be a mobile device, a desktop computer, etc. Furthermore, the term "computer" can refer to any computing device that includes the necessary components for receiving, processing, and outputting data, and typically includes a display, processor, memory, input devices, and network interfaces. "Application program" or "Application Programming Interface" (API) refers to computer code or other data ordered on a computer-readable medium that can be executed by a processor to facilitate interaction between software components, such as interaction between a client-side front-end and / or a server-side back-end for receiving data from a client. "Interface" refers to a generated display, such as one or more graphical user interfaces (GUIs) with which a user can interact directly or indirectly (e.g., via a keyboard, mouse, touchscreen, etc.).
[0055] As used herein, the terms “e-wallet” and “e-wallet application” refer to one or more electronic devices and / or software applications configured to initiate and / or conduct payment transactions. For example, an e-wallet may include a mobile device executing an e-wallet application, and may also include server-side software and / or a database for maintaining transaction data and providing that data to the mobile device. An “e-wallet provider” may include entities that provide and / or maintain e-wallets to customers, such as Google Wallet. TM Android Apple Samsung And / or other similar electronic payment systems. In some non-restrictive examples, the issuing bank may be an e-wallet provider.
[0056] As used herein, by way of example, the term "portable financial device" can refer to payment cards (e.g., credit or debit cards), gift cards, smart cards, smart media, payroll cards, healthcare cards, wristbands, machine-readable media containing account information, keychain devices or ornaments, RFID transponders, retailer discount or loyalty cards, mobile devices executing e-wallet applications, personal digital assistants (PDAs), security cards, access cards, wireless terminals, and / or transponders. Portable financial devices may include volatile or non-volatile memory for storing information such as account identifiers and / or account holder names.
[0057] As used herein, the term "server" may refer to or include one or more processors or computers, storage devices, or similar computer arrangements operated by or facilitating communication and processing among multiple parties in a network environment such as the Internet. However, it should be understood that communication may be facilitated through one or more public or private network environments, and various other arrangements are also possible. Furthermore, multiple computers (e.g., servers) or other computerized devices (such as POS devices) communicating directly or indirectly in a network environment may constitute a "system" such as a merchant's POS system.
[0058] As used herein, the term "acquiring party" can refer to an entity licensed and / or approved by a transaction service provider to initiate transactions using the transaction service provider's portable financial device. An acquiring party can also refer to one or more computer systems operated by or on behalf of the acquiring party, such as a server computer executing one or more software applications (e.g., an "acquiring party server"). An "acquiring party" can be a merchant bank, or in some cases, a merchant system can be an acquiring party. The transactions can include Original Credit Transactions (OCT) and Account Funds Transactions (AFT). A transaction service provider may authorize an acquiring party to sign up merchants of the service provider to initiate transactions using the transaction service provider's portable financial device. An acquiring party may sign up with a payment service provider to enable the service provider to sponsor merchants. An acquiring party may monitor the compliance of a payment service provider in accordance with the transaction service provider's regulations. An acquiring party may conduct due diligence on payment service providers and ensure appropriate due diligence is performed before signing up sponsored merchants. An acquiring party may be responsible for all transaction service provider programs they operate or sponsor. An acquiring party may be responsible for the actions of its payment service providers and the merchants sponsored by it or its payment service providers.
[0059] As used herein, the term "payment gateway" can refer to an entity and / or a payment processing system operated by or on behalf of such entity, which (e.g., a merchant service provider, payment service provider, payment servicer, payment servicer contracted with an acquirer, payment aggregator, etc.) provides payment services (e.g., transaction service provider payment services, payment processing services, etc.) to one or more merchants. Payment services may be associated with the use of portable financial devices managed by a transaction service provider. As used herein, the term "payment gateway system" can refer to one or more computer systems, computer devices, servers, server clusters, etc., operated by or on behalf of a payment gateway.
[0060] Improved systems, apparatuses, products, devices and / or methods for fraud detection are provided.
[0061] Non-limiting embodiments or aspects of this disclosure relate to methods, systems, and computer program products for fraud detection, which receive transaction data associated with multiple transactions; determine, based on the transaction data, that two or more consecutive transactions associated with the same account identifier include the value of at least one transaction parameter; in response to determining that each of the two or more consecutive transactions associated with the same account identifier includes the value of at least one transaction parameter, determine a difference between the value of at least one transaction parameter associated with a first transaction of the two or more consecutive transactions and the value of at least one transaction parameter associated with a second transaction of the two or more consecutive transactions; and determine, based on the difference, that the two or more consecutive transactions are fraudulent transactions. For example, the transaction data may include intra-network transaction data associated with at least one intra-network transaction processed within a transaction processing network, and extra-network transaction data associated with at least one extra-network transaction processed outside the transaction processing network. In this manner, the non-limiting embodiments or aspects of this disclosure specify receiving real-time feeds of in-network and out-of-network transactions and processing both in parallel to determine fraud in consecutive transactions. This enables the merging of fraud patterns regardless of the transaction service provider system or payment network processing the transactions, the analysis of transactions and the mitigation of fraud in other regions where similar fraud has not yet occurred, and the issuance of fraud detection rules across other regions before the same fraud pattern can be repeated across various other network processors in new regions.
[0062] Now for reference Figure 1 , Figure 1 This is a diagram of an example environment 100 in which the apparatus, systems, methods, and / or products described herein can be implemented. Figure 1As shown, environment 100 includes a transaction processing network 101, which may include a merchant system 102, a payment gateway system 104, an acquiring system 106, a transaction service provider system 108 and / or an issuer system 110, a user device 112, a communication network 114 and / or an external system 116. The transaction processing network 101, merchant system 102, payment gateway system 104, acquiring system 106, transaction service provider system 108, issuer system 110, user device 112 and / or external system 116 may be interconnected via wired connections, wireless connections, or a combination of wired and wireless connections (e.g., establishing connections for communication, etc.).
[0063] Merchant system 102 may include one or more devices capable of receiving information and / or data from payment gateway system 104, acquirer system 106, transaction service provider system 108, issuer system 110, user device 112, and / or external system 116 (e.g., via communication network 114, etc.), and / or (e.g., via communication network 114, etc.) transmitting information and / or data to payment gateway system 104, acquirer system 106, transaction service provider system 108, issuer system 110, user device 112, and / or external system 116. Merchant system 102 may include devices capable of communicating with user device 112 via a communication connection (e.g., NFC communication connection, RFID communication connection, etc.). A means of receiving information and / or data from user device 112 and / or transmitting information and / or data to user device 112 via a communication connection. For example, merchant system 102 may include computing devices such as servers, server clusters, client devices, client device clusters, and / or other similar devices. In some non-limiting embodiments or aspects, merchant system 102 may be associated with the merchant described herein. In some non-limiting embodiments or aspects, merchant system 102 may include one or more devices, such as computers, computer systems, and / or peripheral devices, that can be used by the merchant to conduct payment transactions with users. For example, merchant system 102 may include POS devices and / or POS systems.
[0064] Payment gateway system 104 may include devices capable of receiving information and / or data from merchant system 102, acquiring system 106, transaction service provider system 108, issuer system 110, user device 112, and / or external system 116 (e.g., via communication network 114, etc.), and / or (e.g., via communication network 114, etc.) transmitting information and / or data to merchant system 102, acquiring system 106, transaction service provider system 108, issuer system 110, user device 112, and / or external system 116. For example, payment gateway system 104 may include computing devices, such as servers, server clusters, and / or other similar devices. In some non-limiting embodiments or aspects, payment gateway system 104 is associated with the payment gateway described herein.
[0065] Acquiring system 106 may include devices capable of receiving information and / or data from merchant system 102, payment gateway system 104, transaction service provider system 108, issuer system 110, user device 112, and / or external system 116 (e.g., via communication network 114, etc.), and / or (e.g., via communication network 114, etc.) transmitting information and / or data to merchant system 102, payment gateway system 104, transaction service provider system 108, issuer system 110, and / or user device 112. For example, acquiring system 106 may include computing devices, such as servers, server clusters, and / or other similar devices. In some non-limiting embodiments or aspects, acquiring system 106 may be associated with the acquiring party described herein.
[0066] Transaction service provider system 108 may include devices capable of receiving information and / or data from merchant system 102, payment gateway system 104, acquiring system 106, issuing system 110, user device 112, and / or external system 116 (e.g., via communication network 114, etc.), and / or (e.g., via communication network 114, etc.) transmitting information and / or data to one or more of these systems. For example, transaction service provider system 108 may include computing devices such as servers (e.g., transaction processing servers, etc.), server clusters, and / or other similar devices. In some non-limiting embodiments or aspects, transaction service provider system 108 may be associated with the transaction service provider described herein. In some non-limiting embodiments or aspects, transaction service provider system 108 may include and / or access one or more internal and / or external databases, including transaction data, etc.
[0067] Issuing system 110 may include devices capable of receiving information and / or data from merchant system 102, payment gateway system 104, acquiring system 106, transaction service provider system 108, user device 112, and / or external system 116 (e.g., via communication network 114, etc.), and / or (e.g., via communication network 114, etc.) transmitting information and / or data to one or more of these systems. For example, issuing system 110 may include computing devices such as servers, server clusters, and / or other similar devices. In some non-limiting embodiments or aspects, issuing system 110 may be associated with the issuing entity described herein. For example, issuing system 110 may be associated with an issuing entity that issues payment accounts or instruments (e.g., credit accounts, debit accounts, credit cards, debit cards, etc.) to users (e.g., users associated with user device 112, etc.).
[0068] In some non-limiting embodiments or aspects, transaction processing network 101 includes multiple systems in a communication path for processing transactions. For example, transaction processing network 101 may include merchant system 102, payment gateway system 104, acquiring system 106, transaction service provider system 108, and / or issuer system 110 in a communication path (e.g., communication path, communication channel, communication network, etc.) for processing electronic payment transactions. For example, transaction processing network 101 may process (e.g., initiate, perform, authorize, etc.) electronic payment transactions via a communication path between merchant system 102, payment gateway system 104, acquiring system 106, transaction service provider system 108, and / or issuer system 110.
[0069] User device 112 may include one or more devices capable of receiving information and / or data from merchant system 102, payment gateway system 104, acquirer system 106, transaction service provider system 108, issuer system 110 and / or external system 116 (e.g., via communication network 114, etc.), and / or (e.g., via communication network 114, etc.) transmitting information and / or data to merchant system 102, payment gateway system 104, acquirer system 106, transaction service provider system 108, issuer system 110 and / or external system 116. For example, user device 112 may include client devices, etc. In some non-limiting embodiments or aspects, user device 112 is capable of using short-range wireless communication connections (e.g., NFC communication connections, RFID communication connections, etc.). Receives information via a communication connection (e.g., from merchant system 102, etc.) and / or transmits information via a short-range wireless communication connection (e.g., to merchant system 102). In some non-limiting embodiments or aspects, user device 112 may include applications associated with user device 112, such as applications stored on user device 112, mobile applications stored and / or executed on user device 112 (e.g., mobile device applications, native applications of mobile devices, mobile cloud applications of mobile devices, e-wallet applications, peer-to-peer transfer payment applications, etc.).
[0070] Communication network 114 may include one or more wired and / or wireless networks. For example, communication network 114 may include cellular networks (e.g., Long Term Evolution (LTE) networks, third-generation (3G) networks, fourth-generation (4G) networks, Code Division Multiple Access (CDMA) networks, etc.), Public Land Mobile Network (PLMN), Local Area Network (LAN), Wide Area Network (WAN), Metropolitan Area Network (MAN), Telephone Network (e.g., Public Switched Telephone Network (PSTN), Private Network, Ad Hoc Network, Intranet, Internet, Fiber-based Network, Cloud Computing Network and / or similar networks, and / or combinations of these or other types of networks).
[0071] External system 116 may include one or more devices capable of receiving information and / or data from merchant system 102, payment gateway system 104, acquiring system 106, transaction service provider system 108, issuer system 110, and / or user device 112 (e.g., via communication network 114, etc.), and / or (e.g., via communication network 114, etc.) transmitting information and / or data to merchant system 102, payment gateway system 104, acquiring system 106, transaction service provider system 108, issuer system 110, and / or user device 112. For example, external system 116 may include computing devices, such as servers, server clusters, and / or other similar devices. In some non-limiting embodiments or aspects, external system 116 is located outside transaction processing network 101. For example, external system 116 may be located outside communication paths for processing transactions within transaction processing network 101. As an example, external system 116 may be associated with one or more electronic payment transactions processed (e.g., initiating, performing, authorizing, etc.) via communication paths (e.g., communication paths, communication channels, communication networks, etc.) for processing electronic payment transactions other than those between or including communication paths between merchant system 102, payment gateway system 104, acquiring system 106, transaction service provider system 108, and / or issuer system 110. In some non-limiting embodiments or aspects, external system 116 may be associated with the issuer institution described herein. For example, external system 116 may be associated with an issuer institution that issues payment accounts or instruments (e.g., credit accounts, debit accounts, credit cards, debit cards, etc.) to users (e.g., users associated with user device 112, etc.). In some non-limiting embodiments or aspects, external system 116 may be associated with the merchant described herein. In some non-limiting embodiments or aspects, external system 116 may include one or more devices, such as computers, computer systems, and / or peripheral devices, that can be used by merchants to conduct payment transactions with users. For example, the network-external system 116 may include a POS device and / or a POS system.
[0072] supply Figure 1 The number and arrangement of devices and systems shown are for illustrative purposes only. Additional devices and / or systems, fewer devices and / or systems, different devices and / or systems, and / or systems may exist, and / or may be combined with… Figure 1 The devices and / or systems shown are arranged in different ways. Furthermore, they can be implemented within a single device and / or system. Figure 1 The two or more devices and / or systems shown, or Figure 1The single device and / or system shown may be implemented as multiple distributed devices and / or systems. Alternatively or additionally, a group of devices and / or systems of environment 100 (e.g., one or more devices or systems) may perform one or more functions described as being performed by another group of devices or systems of environment 100.
[0073] Now for reference Figure 2 , Figure 2 This is a diagram illustrating example components of device 200. Device 200 may correspond to one or more devices of transaction processing network 101, one or more devices of merchant system 102, one or more devices of payment gateway system 104, one or more devices of acquiring system 106, one or more devices of transaction service provider system 108, one or more devices of issuing system 110, user device 112 (e.g., one or more devices of the system of user device 112, etc.), and / or one or more devices of communication network 114. In some non-limiting embodiments or aspects, one or more devices of transaction processing network 101, one or more devices of merchant system 102, one or more devices of payment gateway system 104, one or more devices of acquiring system 106, one or more devices of transaction service provider system 108, one or more devices of issuing system 110, user device 112 (e.g., one or more devices of the system of user device 112, etc.), and / or one or more devices of communication network 114 may include at least one device 200 and / or at least one component of device 200. Figure 2 As shown, the device 200 may include a bus 202, a processor 204, a memory 206, a storage component 208, an input component 210, an output component 212, and a communication interface 214.
[0074] Bus 202 may include components that enable communication between components of device 200. In some non-limiting embodiments or aspects, processor 204 may be implemented in hardware, software, or a combination of hardware and software. For example, processor 204 may include a processor (e.g., a central processing unit (CPU), graphics processing unit (GPU), accelerated processing unit (APU), etc.), microprocessor, digital signal processor (DSP), and / or any processing component that can be programmed to perform functions (e.g., a field-programmable gate array (FPGA), application-specific integrated circuit (ASIC), etc.). Memory 206 may include random access memory (RAM), read-only memory (ROM), and / or another type of dynamic or static storage device (e.g., flash memory, magnetic storage, optical storage, etc.) that stores information and / or instructions for use by processor 204.
[0075] Storage component 208 may store information and / or software associated with the operation and use of device 200. For example, storage component 208 may include hard disk (e.g., magnetic disk, optical disk, magneto-optical disk, solid-state disk, etc.), compressed optical disk (CD), digital versatile optical disk (DVD), floppy disk, cassette tape, magnetic tape and / or another type of computer-readable medium, and corresponding drives.
[0076] Input component 210 may include components that allow device 200 to receive information, such as through user input (e.g., a touchscreen display, keyboard, keypad, mouse, button, switch, microphone, etc.). Alternatively, input component 210 may include sensors for sensing information (e.g., a Global Positioning System (GPS) component, accelerometer, gyroscope, actuator, etc.). Output component 212 may include components that provide output information from device 200 (e.g., a display, speaker, one or more light-emitting diodes (LEDs), etc.).
[0077] Communication interface 214 may include transceiver components (e.g., transceiver, separate receiver and transmitter, etc.) that enable device 200 to communicate with other devices, for example, via a wired connection, a wireless connection, or a combination of wired and wireless connections. Communication interface 214 may allow device 200 to receive information from another device and / or provide information to another device. For example, communication interface 214 may include an Ethernet interface, an optical interface, a coaxial interface, an infrared interface, a radio frequency (RF) interface, a universal serial bus (USB) interface, etc. Interfaces, cellular network interfaces, etc.
[0078] Apparatus 200 can perform one or more of the processes described herein. Apparatus 200 can perform these processes based on software instructions stored in a computer-readable medium, such as memory 206 and / or storage component 208, executed by processor 204. Computer-readable medium (e.g., non-transient computer-readable medium) is defined herein as a non-transient memory device. A non-transient memory device includes memory space located within a single physical storage device or memory space distributed across multiple physical storage devices.
[0079] Software instructions may be read from another computer-readable medium or from another device into memory 206 and / or storage component 208 via communication interface 214. When executed, the software instructions stored in memory 206 and / or storage component 208 may cause processor 204 to perform one or more processes described herein. Alternatively or additionally, hardwired circuitry may be used in place of or in combination with the software instructions to perform one or more processes described herein. Therefore, the embodiments or aspects described herein are not limited to any particular combination of hardware circuitry and software.
[0080] Memory 206 and / or storage component 208 may include data storage devices or one or more data structures (e.g., databases). Device 200 is capable of receiving information from the data storage devices or one or more data structures in memory 206 and / or storage component 208, storing information in the data storage devices or one or more data structures, transmitting information to the data storage devices or one or more data structures, or searching for information stored therein. For example, transaction service provider system 108 may include and / or access one or more internal and / or external databases that store transaction data associated with transactions processed and / or being processed in transaction processing network 101 (e.g., previous or historical transactions processed via transaction service provider system 108) and / or transactions processed and / or being processed outside of transaction processing network 101.
[0081] supply Figure 2 The number and arrangement of components shown are for illustrative purposes only. In some non-limiting embodiments or aspects, with Figure 2 Compared to those shown, device 200 may include additional components, fewer components, different components, or components arranged in a different manner. Alternatively, a set of components of device 200 (e.g., one or more components) may perform one or more functions described as being performed by another set of components of device 200.
[0082] Now for reference Figure 3 , Figure 3 This is a flowchart of a non-limiting embodiment or aspect of a process 300 for locating merchant anomaly detection. In some non-limiting embodiments or aspects, one or more steps in process 300 may (e.g., wholly, partially, etc.) be performed by transaction service provider system 108 (e.g., one or more devices of transaction service provider system 108). In some non-limiting embodiments or aspects, one or more steps in process 300 may (e.g., wholly, partially, etc.) be performed by another device or group of devices independent of or including transaction service provider system 108, such as merchant system 102 (e.g., one or more devices of merchant system 102), payment gateway system 104 (e.g., one or more devices of payment gateway system 104), acquiring system 106 (e.g., one or more devices of acquiring system 106), issuing system 110 (e.g., one or more devices of issuing system 110), and / or user device 112 (e.g., one or more devices of user device 112).
[0083] like Figure 3As shown, at step 302, process 300 includes receiving transaction data. For example, transaction service provider system 108 may receive transaction data. As an example, transaction service provider system 108 may receive transaction data associated with multiple transactions.
[0084] In some non-limiting embodiments or aspects, transaction data may include parameters associated with the transaction, such as account identifiers (e.g., PAN, etc.), transaction amount, transaction date and / or time, type of product and / or service associated with the transaction, currency exchange rate, currency type, merchant type, merchant name, merchant location, merchant, Merchant Category Group (MCG), Merchant Category Code (MCC), AA score, card acceptor identifier, cardholder country / state / region, etc. In such instances, the MCG may include the general category to which the MCC falls, such as travel, accommodation, food and entertainment, vehicle expenses, office services and goods, cash prepayment, others, etc. In such instances, the MCC is a four-digit number listed in ISO 18245 for retail financial services, used to classify businesses according to the type of goods or services they offer.
[0085] In some non-limiting embodiments or aspects, transaction data may include intra-network transaction data associated with at least one intra-network transaction processed in transaction network 101, and / or extra-network transaction data associated with at least one extra-network transaction processed outside of transaction processing network 101. For example, transaction service provider system 108 may receive intra-network transaction data associated with intra-network transactions processed in transaction processing network 101 (e.g., via real-time feeds when processing transactions within the network), and / or extra-network transaction data associated with extra-network transactions processed outside of transaction processing network 101 (e.g., via real-time feeds when transactions are processed outside the network). For example, intra-network transaction data may be received at or from transaction service provider system 108 within transaction processing network 101 (e.g., via merchant system 102, payment gateway 104, and / or acquirer system 106), and extra-network transaction data may be received from extra-network system 116 (e.g., from at least one of merchant systems and issuer systems outside of transaction processing network 101). In such an instance, the transaction service provider system 108 may receive off-network transaction data 108 from the merchant system and / or the issuer system (such as from the POS via the merchant system or from the POS via the issuer system) via a secure transmission channel (e.g., via Connect:Direct, etc.).
[0086] In some non-limiting embodiments or aspects, the issuer system associated with a transaction processed outside of transaction processing network 101 may register or enroll with transaction service provider system 108 to provide transaction service provider system 108 with off-network transaction data associated with off-network transactions processed outside of transaction processing network 101, and / or receive fraud / potential fraud information and / or suggested fraud rules based on transaction and fraud patterns analyzed by service provider system 108, as described below.
[0087] like Figure 3 As shown, at step 304, process 300 includes determining consecutive transactions that include values of the same parameter. For example, transaction service provider system 108 may determine consecutive transactions that include values of the same parameter. As an example, transaction service provider system 108 may determine, based on transaction data, that two or more consecutive transactions associated with the same account identifier (e.g., the same PAN, etc.) include the same value of at least one transaction parameter. In such an instance, consecutive transactions associated with the same account identifier may include a first transaction associated with the account identifier and a second transaction associated with the same account identifier that occurs directly after the first transaction (e.g., no other transaction associated with the same account identifier occurs between the first and second transactions, and zero or more other transactions associated with different account identifiers occur between the first and second transactions). In such an instance, at least one transaction parameter may include any transaction parameter, such as at least one of the following: geographic location, Merchant Category Code (MCC), transaction time, transaction amount, or any combination thereof.
[0088] In some non-limiting embodiments or aspects, if two or more consecutive transactions associated with the same account identifier (e.g., the same PAN, etc.) do not include a value for at least one of the same transaction parameters (e.g., numerical value, code, time, amount, etc.), the transaction service provider system 108 may not further analyze the two or more consecutive transactions for fraud. For example, if two or more consecutive transactions associated with the same account identifier (e.g., the same PAN, etc.) do include a value for at least one of the same transaction parameters, the transaction service provider system 108 may further analyze the two or more consecutive transactions for fraud based on the value of the same at least one transaction parameter. As an example, without considering a single transaction running concurrently with another transaction associated with the same account identifier, the single transaction may not be further analyzed for fraud, and if, between two consecutive transactions, one of the transactions does not include a value for at least one transaction parameter, either of the two consecutive transactions may not be further analyzed for fraud. For example, between two consecutive transactions associated with the same account identifier, if both transactions include a value for at least one transaction parameter, both transactions may be further analyzed for fraud.
[0089] In some non-limiting embodiments or aspects, in-network transactions and out-of-network transactions are consecutive transactions associated with the same account identifier. For example, a first transaction may include at least one out-of-network transaction, and a second transaction may include at least one in-network transaction. As an example, a second transaction may include at least one out-of-network transaction, and a first transaction may include at least one in-network transaction. In such an instance, a cardholder may initiate one transaction processed within transaction processing network 101 and another transaction processed outside of transaction processing network 101.
[0090] like Figure 3 As shown, at step 306, process 300 includes determining the difference between values of the same parameter. For example, transaction service provider system 108 may determine the difference between values of the same parameter. As an example, transaction service provider system 108 may determine the difference between the value of at least one transaction parameter associated with a first transaction in the two or more consecutive transactions and the value of at least one transaction parameter associated with a second transaction in the two or more consecutive transactions in response to determining that each of two or more consecutive transactions associated with the same account identifier includes the value of at least one transaction parameter.
[0091] In some non-limiting embodiments or aspects, the values between the same transaction parameters can include values between any transaction parameters, such as at least one of the following: geographic location, Merchant Category Code (MCC), transaction time, transaction amount, indication of a difference that meets a threshold difference, or any combination thereof. For example, the difference between geographic location values (e.g., postal code, etc.) can include an absolute difference, an indication of the same or matching (complete or partial match) geographic location, an indication of different or mismatched geographic locations, distance between geographic locations, an indication of a difference that meets a threshold difference, or any combination thereof. For example, the difference between MCC values can include an absolute difference, an indication of the same or matching (complete or partial match) MCC, an indication of different or mismatched MCC, an indication of a difference that meets a threshold difference, or any combination thereof. For example, the difference between transaction time values can include an absolute difference, an indication of the same or matching time, an indication of time within the same time period, an indication of a difference that meets a threshold difference, or any combination thereof. For example, the difference between transaction amount values can include an absolute difference, an indication of the same or matching amount, an indication of a difference that meets a threshold difference, or any combination thereof.
[0092] like Figure 3 As shown, at step 308, process 300 includes determining consecutive transactions as fraudulent transactions. For example, transaction service provider system 108 can determine consecutive transactions as fraudulent transactions. As an example, transaction service provider system 108 can determine that two or more consecutive transactions are fraudulent transactions based on differences. In such an instance, transaction service provider system 108 can compare the differences to at least one threshold, and if the differences meet at least one threshold, determine that two or more consecutive transactions are fraudulent transactions.
[0093] The following discussion, relative to Table 1, presents a first instance of a first consecutive transaction and a second consecutive transaction associated with the same account identifier used by the transaction service provider system 108 to analyze fraud. The table shows the values of the transaction parameters for the first and second transactions, which are compared to determine whether the first and second transactions are fraudulent.
[0094]
[0095] Table 1
[0096] As shown in Table 1, on a specific day, for the first and second transactions with the same transaction amount, both transactions involve swiping the card more than once at a gas station, the time difference between the two transactions is less than 30 minutes, the MCC codes are the same for both transactions, and the distance between the gas stations is less than 60 miles (or the transactions occur within the same postal code area). This is an unlikely scenario to be associated with fraud, as it is highly improbable for the same transaction amount to occur within 30 minutes and within a distance of less than 60 miles between different gas stations. Therefore, the transaction service provider system 108 can compare the differences in transaction amount, transaction time, MCC, and postal code between the first and second transactions associated with the same account identifier with predetermined thresholds or fraud rules associated with them to determine whether the first and second transactions are fraudulent transactions.
[0097] The following discussion, relative to Table 2, presents a second instance of a first and second consecutive transaction associated with the same account identifier used by the transaction service provider system 108 to analyze fraud. The table shows the values of the transaction parameters for the first and second transactions, which are compared to determine whether the first and second transactions are fraudulent.
[0098]
[0099] Table 2
[0100] As shown in Table 2, on a specific day, a card is swiped more than once from the same MCC (e.g., the MCC of a grocery store), with different transaction amounts, a transaction time of less than 30 minutes between the two transactions, and a distance of more than 60 miles between the stores (or the transactions occur in different postal code areas). This is an unlikely scenario to be associated with fraud, as it is unlikely that a cardholder would make purchases with significantly different transaction amounts from grocery stores more than 60 miles apart within 30 minutes. Therefore, the transaction service provider system 108 can compare the differences in transaction amount, transaction time, MCC, and postal code between the first and second transactions associated with the same account identifier with predetermined thresholds or fraud rules associated with them to determine whether the first and second transactions are fraudulent transactions.
[0101] like Figure 3 As shown, in step 310, process 300 includes denying authorization for one or more in-network transactions. For example, transaction service provider system 108 may deny authorization for one or more in-network transactions. As an example, transaction service provider system 108 may deny authorization for in-network transactions processed in transaction processing network 101 in response to determining that both out-of-network and in-network transactions are fraudulent transactions.
[0102] In some non-limiting implementations or aspects, the transaction service provider system 108 can analyze off-network transactions, capture fraud patterns based on them, and apply the captured fraud patterns to in-network transactions in the transaction processing network 101. This can enhance the fraud detection capabilities of the transaction service provider system 108, thereby more effectively identifying fraudulent in-network transactions.
[0103] like Figure 3 As shown, at step 312, process 300 includes providing a notification to the issuing system associated with one or more off-network transactions. For example, transaction service provider system 108 may provide a notification to the issuing system associated with one or more off-network transactions. For example, transaction service provider system 108 may provide a notification to the issuing system associated with the off-network transaction in response to determining that both the off-network and on-network transactions are fraudulent transactions. In such instances, the notification may include an indication that the off-network transaction is a fraudulent transaction and / or a fraud rule based on it. For example, transaction service provider system 108 may send fraud / potential fraud information to the issuing system associated with a transaction processed outside of transaction processing network 101 that is registered or registered for such services. This information may include a fraud rule based on the transaction and a fraud pattern analyzed by transaction service provider system 108. Thus, non-limiting implementations or aspects may help issuers / organizations and / or cardholders understand potential or confirmed fraudulent transactions.
[0104] Now for reference Figures 4A-4G , Figures 4A-4G This is a non-limiting overview diagram of an implementation scheme or aspect of 400 related to the fraud detection process. For example... Figures 4A-4G As shown, implementation 400 includes a transaction processing network 401, a transaction service provider system 408, and an off-network issuer system 416. In some non-limiting embodiments or aspects, the transaction processing network 401 may be the same as or similar to the transaction processing network 101. In some non-limiting embodiments or aspects, the transaction service provider system 408 may be the same as or similar to the transaction service provider system 108. In some non-limiting embodiments or aspects, the off-network issuer system 416 may be the same as or similar to the off-network system 116.
[0105] like Figure 4A As indicated by reference numeral 420 in the accompanying drawings, the transaction service provider system 408 can receive intra-network transaction data associated with intra-network transactions processed in the transaction processing network 401.
[0106] like Figure 4BAs indicated by reference numeral 425 in the accompanying drawings, the transaction service provider system 408 can receive off-network transaction data associated with off-network transactions processed outside of the transaction processing network 401. In such an instance, in-network and off-network transactions can be consecutive transactions associated with the same account identifier.
[0107] like Figure 4C As indicated by reference numeral 430 in the attached figure, the transaction service provider system 408 can determine, based on in-network transaction data and out-of-network transaction data, that each of the in-network and out-of-network transactions associated with the same account identifier includes the value of at least one of the same transaction parameters.
[0108] like Figure 4D As shown by reference numeral 435 in the accompanying drawings, the transaction service provider system 408 can determine the difference between the value of at least one transaction parameter associated with the intranet transaction and the value of at least one transaction parameter associated with the extranet transaction in response to determining that each of the intranet transaction and the extranet transaction includes the same value of at least one transaction parameter.
[0109] like Figure 4E As shown by reference numeral 440 in the attached figure, the transaction service provider system 408 can determine whether in-network and out-of-network transactions are fraudulent based on the difference.
[0110] like Figure 4F As shown by reference numeral 445 in the accompanying drawings, the transaction service provider system 408 can refuse authorization for in-network transactions processed in the transaction processing network 401 in response to determining that in-network and out-of-network transactions are fraudulent transactions.
[0111] like Figure 4G As indicated by reference numeral 450 in the accompanying drawings, the transaction service provider system 408 may, in response to determining that an in-network transaction and an out-of-network transaction are fraudulent transactions, provide a notification to the issuer system associated with the out-of-network transaction. In such an instance, the notification may include an indication that the out-of-network transaction is a fraudulent transaction.
[0112] Although embodiments or aspects have been described in detail for purposes of illustration and description, it should be understood that such detail is for said purposes only, and the embodiments or aspects are not limited to the disclosed embodiments or aspects, but rather are intended to cover modifications and equivalent arrangements within the spirit and scope of the appended claims. For example, it should be understood that this disclosure contemplates, as far as possible, that one or more features of any embodiment or aspect may be combined with one or more features of any other embodiment or aspect. In fact, any of these features may be combined in a manner not specifically stated in the claims and / or not disclosed in the specification. Although each dependent claim listed below may depend directly on only one claim, the disclosure of possible implementations includes each dependent claim combined with each other claim in the claim set.
Claims
1. A computer-implemented method, comprising: During the processing of at least one intra-network transaction in the transaction processing network, at least one processor receives real-time feeds of intra-network transaction data associated with the at least one intra-network transaction from a transaction service provider system within the communication path used to process the at least one intra-network transaction in the transaction processing network. During the processing of at least one out-of-network transaction processed outside the transaction processing network, the at least one processor receives real-time feeds of out-of-network transaction data associated with the at least one out-of-network transaction from a point-of-sale (POS) device outside the communication path used for processing the at least one in-network transaction in the transaction processing network via a secure transmission channel outside the communication path. The at least one processor processes in parallel the real-time feed of in-network transaction data and the real-time feed of out-of-network transaction data to determine two or more consecutive transactions initiated in time, the two or more consecutive transactions having the same account identifier and including a first transaction and a second transaction, the first transaction including one of the at least one out-of-network transaction and the at least one in-network transaction, and the second transaction including the other of the at least one out-of-network transaction and the at least one in-network transaction; The at least one processor determines whether each of the two or more consecutive transactions associated with the same account identifier includes the value of at least one transaction parameter; In response to determining that each of the two or more consecutive transactions associated with the same account identifier includes the value of the same at least one transaction parameter, the at least one processor determines the difference between the value of the at least one transaction parameter associated with the first transaction of the two or more consecutive transactions and the value of the at least one transaction parameter associated with the second transaction of the two or more consecutive transactions; The at least one processor compares the difference with at least one threshold difference; In response to determining that the difference satisfies the at least one threshold difference, the at least one processor determines that the two or more consecutive transactions are fraudulent transactions; as well as In response to determining that two or more consecutive transactions, including at least one out-of-network transaction and at least one in-network transaction, are fraudulent transactions, the at least one processor denies authorization for the at least one in-network transaction to be processed in the transaction processing network.
2. The computer-implemented method as described in claim 1, further comprising: In response to determining that the two or more consecutive transactions, including the at least one off-network transaction and the at least one on-network transaction, are fraudulent transactions, the at least one processor provides a notification to an issuer system located outside the communication path of the at least one on-network transaction in the transaction processing network and associated with the off-network transaction, wherein the notification includes an indication that the at least one off-network transaction is a fraudulent transaction.
3. The computer-implemented method of claim 1, wherein the at least one transaction parameter includes at least one of the following: geographic location, Merchant Category Code (MCC), transaction time, transaction amount, or any combination thereof.
4. A computing system, comprising: One or more processors, said one or more processors being programmed and / or configured to: During the processing of at least one intra-network transaction processed in the transaction processing network, a real-time feed of intra-network transaction data associated with the at least one intra-network transaction is received from a transaction service provider system within the communication path used to process the at least one intra-network transaction in the transaction processing network. During the processing of at least one out-of-network transaction processed outside the transaction processing network, real-time feeds of out-of-network transaction data associated with the at least one out-of-network transaction are received from a point-of-sale (POS) device outside the communication path used to process the at least one in-network transaction in the transaction processing network via a secure transmission channel outside the communication path. The real-time feeds of the in-network transaction data and the real-time feeds of the out-of-network transaction data are processed in parallel to determine two or more consecutive transactions initiated in time, the two or more consecutive transactions having the same account identifier and including a first transaction and a second transaction, the first transaction including one of the at least one out-of-network transaction and the at least one in-network transaction, and the second transaction including the other of the at least one out-of-network transaction and the at least one in-network transaction; Determine whether each of the two or more consecutive transactions associated with the same account identifier includes the value of at least one of the same transaction parameters; In response to determining that each of the two or more consecutive transactions associated with the same account identifier includes the value of the same at least one transaction parameter, a difference is determined between the value of the at least one transaction parameter associated with the first transaction of the two or more consecutive transactions and the value of the at least one transaction parameter associated with the second transaction of the two or more consecutive transactions; The difference is compared with at least one threshold difference; In response to determining that the difference satisfies the at least one threshold difference, the two or more consecutive transactions are determined to be fraudulent transactions; as well as In response to determining that two or more consecutive transactions, including at least one out-of-network transaction and at least one in-network transaction, are fraudulent transactions, authorization for processing the at least one in-network transaction in the transaction processing network is denied.
5. The computing system of claim 4, wherein the one or more processors are further programmed and / or configured to: In response to determining that two or more consecutive transactions, including at least one off-network transaction and at least one on-network transaction, are fraudulent transactions, a notification is provided to an issuer system located outside the communication path of the at least one on-network transaction in the transaction processing network and associated with the at least one off-network transaction, wherein the notification includes an indication that the at least one off-network transaction is a fraudulent transaction.
6. The computing system of claim 4, wherein the at least one transaction parameter includes at least one of the following: geographic location, Merchant Category Code (MCC), transaction time, transaction amount, or any combination thereof.
7. A computer program product comprising at least one non-transitory computer-readable medium, said at least one non-transitory computer-readable medium comprising program instructions that, when executed by at least one processor, cause the at least one processor to: During the processing of at least one intra-network transaction processed in the transaction processing network, a real-time feed of intra-network transaction data associated with the at least one intra-network transaction is received from a transaction service provider system within the communication path used to process the at least one intra-network transaction in the transaction processing network. During the processing of at least one out-of-network transaction processed outside the transaction processing network, real-time feeds of out-of-network transaction data associated with the at least one out-of-network transaction are received from a point-of-sale (POS) device outside the communication path used to process the at least one in-network transaction in the transaction processing network via a secure transmission channel outside the communication path. The real-time feeds of the in-network transaction data and the real-time feeds of the out-of-network transaction data are processed in parallel to determine two or more consecutive transactions initiated in time, the two or more consecutive transactions having the same account identifier and including a first transaction and a second transaction, the first transaction including one of the at least one out-of-network transaction and the at least one in-network transaction, and the second transaction including the other of the at least one out-of-network transaction and the at least one in-network transaction; Determine whether each of the two or more consecutive transactions associated with the same account identifier includes the value of at least one of the same transaction parameters; In response to determining that each of the two or more consecutive transactions associated with the same account identifier includes the value of the same at least one transaction parameter, a difference is determined between the value of the at least one transaction parameter associated with the first transaction of the two or more consecutive transactions and the value of the at least one transaction parameter associated with the second transaction of the two or more consecutive transactions; The difference is compared with at least one threshold difference; In response to determining that the difference satisfies the at least one threshold difference, the two or more consecutive transactions are determined to be fraudulent transactions; as well as In response to determining that two or more consecutive transactions, including at least one out-of-network transaction and at least one in-network transaction, are fraudulent transactions, authorization for processing the at least one in-network transaction in the transaction processing network is denied.
8. The computer program product of claim 7, wherein the instructions further cause the at least one processor to: In response to determining that two or more consecutive transactions, including at least one off-network transaction and at least one on-network transaction, are fraudulent transactions, a notification is provided to an issuer system located outside the communication path of the at least one on-network transaction in the transaction processing network and associated with the at least one off-network transaction, wherein the notification includes an indication that the at least one off-network transaction is a fraudulent transaction.
9. The computer program product of claim 7, wherein the at least one transaction parameter includes at least one of the following: geographic location, Merchant Category Code (MCC), transaction time, transaction amount, or any combination thereof.