| CPC H04L 63/1416 (2013.01) [G06F 16/951 (2019.01); G06F 16/955 (2019.01); G06F 21/554 (2013.01); G06N 20/00 (2019.01); G06Q 20/4016 (2013.01); G06Q 30/0185 (2013.01); H04L 63/14 (2013.01); H04L 63/1425 (2013.01); H04L 63/1433 (2013.01)] | 20 Claims |
|
1. A computer-implemented method comprising:
generating, by a computing system, a first session record for a client interaction, the first session record comprising first session attributes;
identifying, by the computing system, one or more second session records, with second session attributes, based on one or more of the second session attributes matching one or more of the first session attributes;
determining, by the computing system and based on a pre-defined threshold criteria, a threshold value for each of the one or more of the second session attributes;
determining, by the computing system, a probability score, for a likelihood of fraud in each of the one or more second session records, based on the threshold value for each of the one or more of the second session attributes;
generating, by the computing system, a new fraud alert element for each client associated with selected ones of the one or more second session records, wherein the selected ones of the one or more second session records were selected based on the probability score for the likelihood of fraud determined for each of the selected ones of the one or more second session records; and
in response to the computing system determining that at least one second session attribute of unselected ones of the one or more second session records is not in a whitelist record, updating the whitelist record by adding the at least one second session attribute into the whitelist record.
|