| CPC G06Q 20/4016 (2013.01) [G06Q 20/4015 (2020.05); G11C 11/41 (2013.01)] | 20 Claims |
|
1. An apparatus comprising:
a processor having programmed instructions stored in memory that when executed cause the processor to:
receive, via a communication network, information regarding suspicious fraud activity at a first location involving a plurality of transaction cards;
monitor changes over a first time interval to received information regarding suspicious fraud activity at the first location, wherein to monitor includes to increment a different counter stored in memory for each of the plurality of transaction cards that performed a fraudulent transaction at a second location subsequent to performing a non-fraudulent transaction at the first location during the first time interval;
identify a point-of-compromise (POC) location based on monitored changes surpassing a threshold indicating suspicious fraud activity at the first location over the first time interval;
responsive to identifying the POC location, determine a number of transaction cards having suspicious fraud activity at the POC location for each of a plurality of time slices of the first time interval;
identify an initial POC time slice that has a highest number of transaction cards having suspicious fraud activity of the plurality of time slices;
determine an end POC time slice after the initial POC time slice based on the end POC time slice being the first time slice after the initial POC time slice having a number of transaction cards having suspicious fraud activity below a value determined from a number of transaction cards having suspicious fraud activity of the plurality of time slices, wherein a time period beginning at the initial POC time slice and ending at the end POC time slice is a window of compromise;
determine one or more transaction cards of the plurality of transaction cards that performed non-fraudulent transactions at the POC location during the first time interval but outside and not within the window of compromise between the initial POC time slice and the end POC time slice; and
responsive to the determination of the one or more transaction cards that performed non-fraudulent transactions at the POC location during the first time interval but outside and not within the window of compromise between the initial POC time slice and the end POC time slice, remove the incremented counter for each of the one or more transaction cards from the memory.
|