US 12,079,813 B2
System and method for identifying suspicious destinations
Jamie Gamble, Toronto (CA); Gadi Shpits, Toronto (CA); Ilya Kolmanovich, Toronto (CA); and Cormac O'Keeffe, Toronto (CA)
Assigned to ROYAL BANK OF CANADA, Toronto (CA)
Filed by ROYAL BANK OF CANADA, Toronto (CA)
Filed on Jan. 29, 2021, as Appl. No. 17/162,039.
Claims priority of provisional application 62/968,192, filed on Jan. 31, 2020.
Prior Publication US 2021/0241281 A1, Aug. 5, 2021
Int. Cl. G06Q 20/40 (2012.01); H04L 9/40 (2022.01)
CPC G06Q 20/4016 (2013.01) [G06Q 20/4014 (2013.01); H04L 63/0876 (2013.01); H04L 63/102 (2013.01)] 21 Claims
OG exemplary drawing
 
1. A computer-implemented method for facilitating electronic financial transactions, the method performed by a web server, the method comprising:
receiving data records representing requests for a login page of the web server, wherein the requests include HTTP requests;
upon receiving the data records representing the requests, determining a referring website for each of the identified requests based on an HTTP referrer header of each of said requests, said HTTP referrer header including an address of said referring website;
scanning, by a site classifier, each of said referring websites to extract keywords from each respective referring website;
identifying, by said site classifier using natural language processing, an industry of each respective referring website;
generating classifications for classifying the referring websites into classes based on a classification system and said industry, each of the classes having a risk rating;
detecting data payloads representing logins to access the web server;
upon detecting the data payloads representing the logins, determining a user identifier associated with each of the logins;
associating each of the data payloads representing the logins with one of the identified requests and with the referring website for that identified request;
for each of the user identifiers, determining transactions occurring within a time period from when the one of the logins was initiated;
for each of the transactions occurring within the time period, associating an transaction destination with the referring website for that one of the logins;
assigning a risk rating to each of the transaction destinations based at least in part on the risk rating of the class of the associated referring website; and
permitting or blocking an electronic transaction of the transactions occurring within the time period based on the risk rating of the transaction destination associated with that transaction.