| CPC G06Q 20/4016 (2013.01) [G06Q 30/0225 (2013.01)] | 20 Claims |
|
1. At least one computer network server for detection of merchant data breaches, the at least one server comprising:
one or more processors;
non-transitory computer-readable storage media having computer-executable instructions stored thereon, wherein when executed by the one or more processors the computer-readable instructions cause the one or more processors to—
receive transaction data corresponding to a plurality of transactions, the transaction data including a merchant identifier and a payment card identifier for each of the plurality of transactions;
compute a fraud score for each of the plurality of transactions;
identify a subset of the fraud scores, each of the fraud scores of the subset exceeding a first threshold;
count members of the subset corresponding to each of the merchant identifiers;
count the number of the plurality of transactions corresponding to each of the merchant identifiers;
compute and normalize a plurality of merchant fraud scores for each of the merchant identifiers based at least in part on the counted members and the number of the plurality of transactions corresponding to each merchant identifier;
sum the plurality of merchant fraud scores corresponding to each of the merchant identifiers to generate a final merchant fraud score for each of the merchant identifiers;
compare the final merchant fraud scores against a second threshold to identify a possible breach; and
issue a warning based on the identified possible breach.
|