| CPC G06Q 20/4016 (2013.01) [G06N 20/00 (2019.01); G06Q 30/0185 (2013.01)] | 20 Claims |
|
1. A computing system for creating data structures used to detect fraudulent computer network events in a payment card network, the computing system comprising at least one processor and a memory storing instructions executable by the at least one processor to execute a merchant profiling engine configured to:
receive a plurality of scored payment card transaction authorization requests originating from a plurality of merchants, wherein each of the scored payment card transaction authorization requests is associated with a respective preliminary fraud score that is proportional to indicia of fraud present in an individual transaction corresponding to the respective scored payment card transaction authorization request;
generate, for each of a plurality of merchant groups of the plurality of merchants, a respective data structure within a computer memory, wherein the data structure is configured to sort the scored payment card transaction authorization requests associated with the respective merchant group over a plurality of fraud score range stripes, each of the fraud score range stripes defined by an upper fraud score threshold and a lower fraud score threshold and including one or more of the scored payment card transaction authorization requests having a value of the corresponding preliminary fraud score therebetween;
parse each of the data structures over a plurality of time periods, wherein each of the time periods extends back over a respective predetermined interval from a common starting point;
calculate, for each merchant group for each of the time periods, at least one cumulative metric from the one or more scored payment card transaction authorization requests associated with each of the fraud score range stripes;
determine, for each merchant group, a plurality of ratio striping values, each of the ratio striping values being a ratio of a first value of the at least one cumulative metric in a first of the fraud score range stripes from a first time period with respect to a second value of the at least one cumulative metric in the first fraud score range stripe from a second time period, wherein the second time period extends back farther in time than the first time period resulting in each of the plurality of ratio striping values being constrained to have values between zero and one;
generate a set of feature inputs using the determined plurality of ratio striping values, wherein each of the set of feature inputs is derived from a corresponding one of the plurality of ratio striping values, wherein the set of features is configured to periodically change as additional ratio striping values are determined, and wherein using the determined plurality of ratio striping values to generate the set of feature inputs increases a processing speed of the computing system;
train, using the set of feature inputs, one or more machine learning algorithms;
modify, using the trained one or more machine learning algorithms, parameters used to identify at least one potential fraud attack associated with the one or more scored payment card transaction authorization requests associated with the one of the merchant groups;
identify, by applying the modified parameters to the one or more scored payment card transaction authorization requests, the at least one potential attack;
generate, in response to a ratio striping value for a first fraud score range stripe for one of the merchant groups approaching a value of 1 and identifying the at least one potential fraud attack, a potential fraud attack alert, wherein the upper fraud score threshold of the first fraud score range stripe corresponds to a low indicia of the at least one potential fraud attack present in the individual scored payment card transaction authorization requests for the one of the merchant groups in the first fraud score range stripe; and
output the potential fraud attack alert to the one of the merchant groups.
|