| CPC G06Q 20/4016 (2013.01) [G06N 20/00 (2019.01)] | 10 Claims |
|
1. A fraud detection system, comprising:
a fraud detection server comprising at least one processor configured to:
acquire information that indicates actions performed by each of a plurality of users of a service provided over the internet;
acquire, based on an action performed by each of the plurality of users of the service, a score relating to a fraud level of the each of the plurality of users;
wherein the action and the score correspond to actions conducted by the plurality of users on the service provided over the internet;
wherein the actions each include an action content comprising an action type, an IP address, an access location, an access date and time, a URL of an accessed page, and a user operation content;
wherein the action type comprises a user registration, a login, or a page transition;
wherein the IP address is the IP address of a user terminal used for the action;
wherein the access location is the location of a user or the user terminal;
determine, based on the score of each of the plurality of users, an acquisition method for a feature amount of the each of the plurality of users such that an acquisition time of the feature amount becomes shorter as the fraud level becomes lower;
wherein the feature amount is information on a feature for each of the plurality of users and is related to actions by each of the plurality of users on the service provided over the internet;
acquire the feature amount of each of the plurality of users based on the acquisition method determined for the each of the plurality of users;
detect, in real time, fraud made by each of the plurality of users based on the feature amount of the each of the plurality of users;
wherein the at least one processor is configured to acquire a plurality of types of feature amounts,
wherein the acquisition method is the type of the feature amount to be acquired,
wherein the at least one processor is configured to determine the type of the feature amount for each of the plurality of users such that the acquisition time becomes shorter as the fraud level becomes lower,
wherein the at least one processor is configured to acquire the feature amount of the type determined for each of the plurality of users;
wherein each of the plurality of types of feature amounts is acquirable in parallel with each other,
wherein the at least one processor is configured to acquire the feature amount of the type determined for each of the plurality of users and the feature amount of a type having a shorter acquisition time than the acquisition time of the determined type;
restrict a processing requested by the user based on the detection;
receive a request from each of the plurality of users,
set the acquisition method based on the score of each of the plurality of users and a number of requests from each of the plurality of users such that the acquisition time becomes shorter as the fraud level becomes lower and the acquisition time as a whole falls within a predetermined range, and
determine the acquisition method for each of the plurality of users based on the score of the each of the plurality of users and the set acquisition method.
|