US 11,055,727 B1
Account fraud detection
Uday R. Kumar, Elmhurst, IL (US)
Assigned to COX COMMUNICATIONS, INC., Atlanta, GA (US)
Filed by Cox Communications, Inc., Atlanta, GA (US)
Filed on May 15, 2018, as Appl. No. 15/979,508.
Int. Cl. G06Q 30/00 (2012.01); G06N 7/02 (2006.01); H04L 29/06 (2006.01); H04W 12/12 (2021.01); G06Q 30/02 (2012.01)
CPC G06Q 30/0185 (2013.01) [G06N 7/02 (2013.01); H04L 63/126 (2013.01); H04W 12/12 (2013.01); G06Q 30/0248 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system to detect identity masking, the system comprising:
at least one processor;
a memory storage that includes:
a new record entry portal that uses the at least one processor to receive identity information associated with a new client user to build a new data record that includes one or more of a plurality of attributes according to the identity information associated with the new client user;
an identity information analyzer that uses the at least one processor to:
generate sub-attributes from at least one attribute of the one or more of a plurality of attributes according to the identity information associated with the new client user in the new data record;
associate a type of matching method, a type of match scoring method, and a sub-attribute threshold with each sub-attribute;
access prior client user profiles, each of the prior client user profiles including identity information comprising attributes and sub-attributes relating to an existing client or a previous client;
determine one or more suspicious prior client user profiles according to a comparison of each sub-attribute of the at least one attribute of the data record of the new client user with a corresponding sub-attribute of the prior client user profiles based on the type of matching method, the type of match scoring method, and the sub-attribute threshold; and
identify suspicious activity when at least one suspicious prior client user profile is determined;
a data aggregator that uses the at least one processor to:
when suspicious activity is identified, retrieve transaction data associated with the at least one suspicious prior client user profile; and
aggregate data including the new client user profile, the at least one suspicious prior client user profile, and the transaction data;
an auditor that uses the at least one processor to audit the aggregated data associated with the suspicious activity;
a learner that uses the at least one processor to:
execute at least one machine learning algorithm against learning data to determine at least one of the type of matching method, the type of match scoring method, and the sub-attribute threshold, wherein the learning data includes training data input and historical analysis and decision data;
discover and generate, via the at least one machine learning algorithm, one or more new matching methods, new match scoring methods, and new sub-attribute thresholds; and
tune one or more of the new matching methods, new match scoring methods, and new sub-attribute thresholds, where into tune includes use of the at least one machine learning algorithm to increase accuracy of one or more of the new matching methods, new match scoring methods, and new sub-attribute thresholds in response to an implementation of one or more of the new matching methods, the new match scoring methods, and the new sub-attribute thresholds; and
an interface engine that uses the at least one processor to:
when an unresolved transaction is identified in the transaction data associated with the at least one suspicious prior client user profile, prompt the new client user to resolve the unresolved transaction or to provide additional identification information to validate that the new client user is not associated with the at least one suspicious prior client user profile.