| CPC G06F 21/552 (2013.01) [G06F 21/554 (2013.01); G06Q 20/382 (2013.01); G06Q 20/4016 (2013.01); G06F 2221/034 (2013.01); G06F 2221/2101 (2013.01)] | 18 Claims |
|
1. A method for identifying and blocking anomalous transactions within a computing system, comprising:
selecting a set of accounts for analysis, wherein the selected set of accounts comprise accounts associated with requests to perform transactions using the computing system;
for each respective account in the selected set of accounts, calculating an anomaly score based on an account number associated with the respective account and transaction amounts associated with the respective account;
generating, for each respective account provider of a plurality of account providers, an aggregated anomaly score based on anomaly scores associated with each respective account in a set of accounts associated with the respective account provider;
normalizing the aggregated anomaly score for each respective account provider of the plurality of account providers based on a historical minimum score and a historical maximum anomaly score for the respective account provider;
based on a threshold value and the normalized aggregated anomaly score for each respective account provider, identifying one or more account providers that are potential targets of anomalous activity; and
taking one or more actions to block completion of transactions requested by one or more accounts associated with the identified one or more account providers, wherein the one or more actions comprise terminating access to a software application for users associated with accounts associated with the identified one or more account providers.
|