| CPC G06Q 20/4016 (2013.01) [G06F 21/552 (2013.01)] | 20 Claims |
|
1. A computer-implemented method for detecting group activities in a network based on unsupervised machine learning techniques, comprising:
receiving, by a transaction service provider system, interaction data associated with a plurality of interactions, the interaction data for each interaction of the plurality of interactions including account identifier data associated with at least one account identifier, the at least one account identifier comprising a payment token mapped to a primary account number (PAN);
storing, by the transaction service provider system, the interaction data for each interaction of the plurality of interactions in a distributed storage system;
receiving, by a data attributes extraction system, the interaction data for each interaction of the plurality of interactions from the distributed storage system;
for each account identifier associated with at least one interaction of the plurality of interactions, determining, by the data attributes extraction system, a value for each category of a first set of categories based on the interaction data;
for each account identifier associated with at least one interaction of the plurality of interactions, generating, by the data attributes extraction system, a vector for each account identifier associated with at least one interaction of the plurality of interactions based on inputting the value for each category of the first set of categories into at least one machine learning model, wherein the at least one machine learning model provides the vector for each account identifier associated with at least one interaction of the plurality of interactions as an output;
determining, by the data attributes extraction system, a length of each vector based on the value for each category of the first set of categories of a respective vector, wherein the length of each vector is associated with a risk score;
generating, by a relational graphing system, at least one relational graph based on the interaction data received from the data attributes extraction system, each relational graph associated with a respective category of a second set of categories, each relational graph comprising a plurality of nodes and a plurality of edges, the plurality of nodes comprising a node for each account identifier associated with at least one interaction of the plurality of interactions, the plurality of edges comprising an edge connecting each respective node of the plurality of nodes with each other node of the plurality of nodes having a same value of the respective category as the respective node;
determining, by a suspicious group activity indicator system, at least one cluster of nodes based on the at least one relational graph received from the relational graphing system using an unsupervised cluster detection technique;
determining, by the suspicious group activity indicator system, a score for each cluster of the at least one cluster using an unsupervised machine learning score risk assessment model based on the length of the vector associated with the account identifier of each node of the cluster of nodes;
updating, by the suspicious group activity indicator system, the unsupervised machine learning score risk assessment model in real time without pre-training the unsupervised machine learning score risk assessment model to provide an updated model;
outputting, by the suspicious group activity indicator system, score data for each cluster of the at least one cluster based on the updated model;
denying, by the transaction service provider system, at least one further interaction based on the score data from the suspicious group activity indicator system for one or more clusters of the at least one cluster; and
opening, by at least one of the transaction service provider system or a continuous real time transaction monitoring system, a case investigation based on the score for one or more clusters of the at least one cluster.
|