| CPC H04L 63/1425 (2013.01) [G06F 21/31 (2013.01); G06F 21/50 (2013.01); G06F 21/552 (2013.01); H04L 63/102 (2013.01); H04L 63/1441 (2013.01); G06N 20/00 (2019.01); H04L 63/20 (2013.01); H04L 67/535 (2022.05)] | 23 Claims |
|
1. A system for fraud detection and remediation, comprising:
at least one processor; and
at least one non-transitory computer-readable medium containing instructions that, when executed by the at least one processor, cause the system to perform operations comprising:
accessing first event data for a first event or first attempted event, the first event or the first attempted event corresponding to a first entity;
determining a first location of the first event or first attempted event in a multidimensional array, the multidimensional array including at least a first axis associated with a first event parameter and a second axis associated with a second event parameter, the first location being defined relative to the first axis and the second axis;
comparing the first location to at least one first cluster location in the multidimensional array, the at least one first cluster location corresponding to the first entity and representing a behavior history of the first entity;
determining, based on the comparison of the first location and the at least one first cluster location, a risk score for the first event or the first attempted event;
determining a confidence score based on a number of events associated with the first entity;
identifying, based on the risk score, the confidence score, and a rule, a remedial action; and
providing remediation instructions to perform the remedial action in response to the first event or the first attempted event.
|