WO2004003676A2 - Fraud detection - Google Patents

Fraud detection Download PDF

Info

Publication number
WO2004003676A2
WO2004003676A2 PCT/IB2003/002398 IB0302398W WO2004003676A2 WO 2004003676 A2 WO2004003676 A2 WO 2004003676A2 IB 0302398 W IB0302398 W IB 0302398W WO 2004003676 A2 WO2004003676 A2 WO 2004003676A2
Authority
WO
WIPO (PCT)
Prior art keywords
fraud
purchaser
detection system
checks
transaction data
Prior art date
Application number
PCT/IB2003/002398
Other languages
French (fr)
Other versions
WO2004003676A3 (en
Inventor
Ian David King
Devan Govender
Original Assignee
Waterleaf Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Waterleaf Limited filed Critical Waterleaf Limited
Priority to AU2003240200A priority Critical patent/AU2003240200A1/en
Publication of WO2004003676A2 publication Critical patent/WO2004003676A2/en
Publication of WO2004003676A3 publication Critical patent/WO2004003676A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/403Solvency checks

Definitions

  • This invention relates to a fraud detection system and, more particularly, to a system for detecting fraud in online commercial transactions.
  • the invention extends to a method for detecting fraud in online commercial transactions.
  • MOTO MOTO credit card purchases. Such a transaction only requires that a purchaser provide a credit card number and a corresponding expiry date. The cardholder is not required to explicitly authorise the transaction, either by means of a signature, or by presentation of the credit card. Due to the ease with which credit card numbers and expiry dates may be intercepted, fraudulent MOTO transactions are easy to conduct, particularly on the World Wide Web of the Internet, as compared to mail order transactions.
  • a fraudster may avail himself of the free credit, and then fraudulently claim a charge back in order to defraud the casino of an amount of money equivalent to the value of the free credit.
  • a fraudster may conduct an online commercial transaction to purchase credit that is then consumed by placing wagers at the online casino. The purchaser then claims a charge back on the commercial transaction, thereby avoiding liability for gambling losses suffered at the online casino.
  • a fraud detection system comprising: a merchant portal accessible by a purchaser along a communication network in order to conduct a commercial transaction, the merchant portal being arranged to enable input by the purchaser of transaction data relating to the commercial transaction; and an analysis facility arranged to receive inputted transaction data from the merchant portal along the communication network and to derive, independently and asynchronously from the merchant portal, at least one indicator of potential fraud by the purchaser as a function of the inputted transaction data.
  • the analysis facility to derive, independently and asynchronously from the merchant portal, a plurality of different indicators of potential fraud by the purchaser as a function of the inputted transaction data, for the analysis facility to include a transaction data queue to which the inputted transaction data is added, for the analysis facility to include a check agent capable of processing the queued inputted transaction data according to a number of different predetermined checks to obtain corresponding check results, for the number of different predetermined checks performed asynchronously by the check agent to include any one or more of negative data checks, velocity checks, intelligent data analysis checks and external system checks, and for the check agent to process the queued inputted transaction data independently and asynchronously from the merchant portal on a first-in-first-processed basis.
  • the analysis facility to include a decision engine capable of aggregating the results of the number of predetermined checks according to a number of predetermined aggregation algorithms to derive therefrom the at least one indicator of potential fraud by the purchaser, for the analysis facility to include an exception logging means and an associated exception database, the exception logging means causing the derived at least one indicator of potential fraud to be logged by storing it in the exception database, for the fraud detection system to include a control facility operable to legislate access by the purchaser to the merchant portal as a function of the derived at least one indicator of potential fraud by the purchaser, and for the control facility to legislate access to the merchant portal by any one or more of barring the purchaser from accessing the merchant portal and activating a surveillance mode for that purchaser in the analysis facility.
  • the fraud detection system to include a configuration facility operable to configure the number of different predetermined checks to be performed by the check agent on the queued, inputted transaction data, for the configuration facility to be operable to configure the number of different predetermined aggregation algorithms according to which the at least one indicator of potential fraud is derived by the decision engine, and for the configuration facility to be operable to configure the methods by which the control facility legislates access to the merchant portal.
  • the analysis facility includes an external communication interface for communicating with at least one external information repository, for at least one of the number of predetermined checks according to which the queued, inputted transaction data is processed to require communication with the at least one external information repository, for the at least one external information repository to be a credit bureau, or a repository of credit card data, or a geo-location facility.
  • the analysis facility to be communicable with a searchable negative database having data therein relating to known fraudsters, for at least one of the number of predetermined checks according to which the queued, inputted transaction data is processed to require comparison of said data with the data contained in the negative database, for the negative database to be selectively updateable with data corresponding to a newly detected fraudster, for the merchant portal to perform at least one synchronous error check on the inputted transaction data, the at least one synchronous error check having a pass/don't pass outcome, and for the analysis facility to include a fraud control server operable under software program control.
  • the fraud detection system to include a plurality of merchant portals, each merchant portal having an associated analysis facility with a corresponding slave fraud control server and a slave exception database
  • the fraud detection system to also includes a master fraud control server communicable along the communication channel with the plurality of slave fraud control servers, for the master fraud control server to have an associated master exception database, for the contents of the slave exception databases of the plurality of slave fraud control servers to be periodically downloadable to and mergeable with the contents of the master exception database, for the data downloaded to the master exception database from any one of the slave exception databases to be accessible only by the fraud control server corresponding to that exception database, and for the fraud control system to be configurable by the configuration facility to render the data downloaded to the master exception database from any one of the slave exception databases accessible to any of the other slave exception databases by subscription.
  • the merchant portal to be an online casino website and the online commercial transaction to be the purchase of credit for playing at least one game available on the online casino website, and for the communication network to be the World Wide Web of the Internet.
  • the invention extends to a method of detecting fraud, comprising the steps of: providing a merchant portal accessible by a purchaser along a communication network in order to conduct a commercial transaction, the merchant portal being arranged to enable input by the purchaser of transaction data relating to the commercial transaction; receiving the inputted transaction data from the merchant portal along the communication network; and deriving, independently and asynchronously from the merchant portal, at least one indicator of potential fraud by the purchaser as a function of the inputted transaction data.
  • the method includes the step of deriving, independently and asynchronously from the merchant portal, a plurality of different indicators of potential fraud by the purchaser as a function of the inputted transaction data, for adding the inputted transaction data to a transaction data queue, for processing the inputted transaction data in the data queue according to a number of different predetermined checks to obtain corresponding check results, for asynchronously performing the number of different predetermined checks as negative data checks, velocity checks, intelligent data analysis checks and external system checks, and for processing the queued, inputted transaction data independently and asynchronously from the merchant portal on a first-in-first-processed basis.
  • each merchant portal having an associated exception database
  • a master exception database that is communicable along the communication network with the plurality of exception databases corresponding to the plurality of merchant portals, for periodically downloading the contents of the plurality of exception databases to the master exception database and merging said contents with the contents of the master exception database, for accessing the data downloaded to the master exception database from any one of the plurality of exception databases only from a fraud control server corresponding to that exception database, and for configuring the data downloaded to the master exception database from any one of the slave exception databases to be accessible to any of the other slave exception databases by subscription.
  • Figure 1 is a schematic representation of a first embodiment of a fraud control system according to the invention, shown in conjunction with a merchant portal;
  • Figure 2 is a schematic representation of the fraud control system of Figure 1 , shown in greater detail;
  • Figure 3 is a schematic representation of a distributed fraud control system according to the invention, shown in conjunction with three different merchant portals.
  • a fraud detection system is indicated generally by reference numeral (1).
  • the fraud detection system (1) will be described with particular reference to its application in the detection of potential fraud by patrons of on-line casinos. It is to be clearly understood, however, that the scope of the invention is not limited to this particular application, but extends, rather, to the detection of fraud, generally, in online commercial transaction.
  • the fraud detection system (1) includes a merchant portal (2) in the form of a casino server that hosts an online casino website, and an analysis facility (3) arranged to receive data from the merchant portal along a communication network (4) that is, in this embodiment, the World Wide Web of the Internet.
  • the analysis facility (3) is interfaceable with one or more external repositories of information (5) to exchange data therewith.
  • the analysis facility is also communicable with a supervisory control centre (6) associated with the merchant portal (2). Communication between the analysis facility (3) and the external repositories of information (5) and between the analysis facility (3) and the supervisory control centre (6) is also achieved by means of the World Wide Web (4) of the Internet.
  • a communication network of this type which is an open communication network, enables the merchant portal (2), the analysis facility (3) and the supervisory control centre (6) to be located remote from each other.
  • the analysis facility (3) includes a fraud control server (7) operating under control of a stored software program.
  • the stored software program provides the following functional elements to the fraud control server (7): a transaction data queue (8) in which transaction data relating to a commercial transaction conducted on the online casino website (2) is stored; a check agent (9) capable of analysing data stored in the transaction data queue (8) on a first- in-first-out basis to provide an output; an external communication interface (10) that enables communication between the check agent (9) and any one of the external repositories of information (5); and a decision engine (11) which further processes the output from the check agent (9) to derive one or more indicators of fraudulent activity committed on the merchant portal (2), as will described in detail in the description that follows.
  • the check agent (9) is able to access and to retrieve data contained in a separate negative database (12) that contains data relating to parties who are fraudsters known to have conducted fraudulent online commercial transactions. Such fraudulent commercial transactions need not have been conducted by a party on the particular merchant portal (2), but can relate to any fraudulent online commercial transaction known to have been committed by that party. All relevant known data relating to such a fraudster stored in the negative database (12), and is fully searchable to confirm the identity of a suspected fraudster.
  • the relevant known data includes all known attributes associated with the fraudster, such as a name and address of the fraudster, a telephone number, an identification number such as a social security number, associated Internet Protocol ("IP") addresses, a password, a user identification number, and details about a type of fraud committed by the fraudster, details of credit cards known to have been used by the fraudster in the commission of fraud, data relating to the types of fraud or attempted fraud committed by the fraudster, and an indication of the number of instances of such fraud.
  • IP Internet Protocol
  • the data structures used in the negative database (12) are flexible enough to be amended to accommodate new types of fraudster data. Where a new fraudster is positively identified, the negative database (12) may be manually updated with particulars of the new fraudster.
  • the check agent (9) is also able to submit queries to any of the external repositories of information (5) through the external communication interface (10) and to receive results that can then be used to as part of analyses performed by the check agent.
  • These external repositories of information (5) are usually maintained by independent parties, and examples of such external repositories are databases of credit card numbers, IP locators, social security numbers, and the like.
  • the stored software program also provides the following additional functional elements in the fraud control server (7): an exception logging facility (13) operable to log the indicators of fraudulent activity as derived by the decision engine (11); and an exception database (14) connected to the fraud control server (7), to which these indicators of fraudulent activity are logged by the exception logging facility (13).
  • a would-be patron of the online casino accesses the online casino website by means of an Internet-enabled computer terminal (not shown) to register a presence at the particular casino and to purchase credit required to play one or more games offered by that particular online casino.
  • the would-be patron referred to in this specification as the purchaser, for convenience, registers with the online casino website for a first time by entering the following transaction data on the computer terminal (not shown): a selected password, an e-mail address, a name, an address and telephone numbers, an identity number, and a date of birth.
  • the purchaser is then assigned a unique user identification number by the online casino for subsequent use. Subsequent registrations with the online casino may be made using only the previously assigned unique user identification number and the selected password.
  • the purchaser is then required to purchase a desired quantity of credit in order to play any of the games offered by the online casino.
  • the desired quantity of credit the purchaser is required to enter additional transaction data such as a desired amount of credit to be purchased, the number of a credit card to be debited with a charge for the credit purchased, together with its corresponding CVC code and a name of a holder of the credit card.
  • the purchaser's credit card only needs to be registered in this manner on the first occasion that it is used to purchase credit. Simply entering the amount of credit desired by the purchaser enables subsequent purchases of credit to be made and the previously registered credit card will be debited with a charge corresponding to the credit purchased.
  • the purchaser may, of course register additional credit cards that may also be used to purchase credit as described above.
  • the transaction data must include an amount of credit desired by the purchaser and a selection of which one of the registered credit cards is to be used for payment. All the above information entered by the purchaser for first or subsequent registrations and credit purchases will be referred to, for convenience, as the transaction data relating to the online commercial transaction.
  • the casino web server (2) obtains directly from the purchaser's Internet-enabled computer workstation (not shown) an identification code that is unique to the workstation, such as a serial number of a hard disk drive (not shown) on the computer workstation. Although such a hard disk identifier is not entered by the purchaser, but rather obtained directly by the casino web server (2), it will nevertheless be considered, for convenience, as part of the entered transaction data.
  • the casino web server (2) transmits the transaction data relating to the online commercial transaction initiated by the purchaser to the fraud control server (7) along the communication network (4).
  • the transaction data received from the casino web server (2) is queued by the fraud control server (7) in the transaction data queue (8) for analysis by the check agent (9).
  • the transaction data queued in the transaction data queue (8) is analysed by the check agent (9) on a first-in-first-out basis in the following manner: each element of transaction data is subjected to one or more checks performed by the check agent (9) independently of the casino web server (2), and asynchronously therefrom.
  • the asynchronous checks performed by the check agent (9) can be classified into one of four broad categories, namely negative data checks, velocity checks, external checks and intelligent data analysis checks. In order to more fully describe the invention, each one of these four categories is described in greater detail below, and some examples are presented of tests performed by the check agent (9) in each category.
  • a negative data check is one in which a transaction data item drawn from the transaction data queue (8) is explicitly checked against a known list of "bad” or “negative” data that the merchant wishes to explicitly avoid.
  • the negative data is that which is contained in the negative database (12). Examples of negative data checks are:
  • a velocity check is to detect the occurrence of a particular activity more than a predetermined number of times within a specified time. Examples of velocity checks are:
  • the purchaser's IP address should not have been used to register with more than X online casino websites in within Y period.
  • the hard disk identifier of the purchaser's computer workstation (not shown) should not have been used to register with more than X online casino websites within Y period.
  • the purchaser's unique identification number should not have been used to register with more than X online casino websites within Y period.
  • the purchaser's e-mail address should not be used on more than X different user accounts.
  • the purchaser's telephone number should not be used on more than X different user accounts.
  • the purchaser's address should not be used on more than X different user accounts. 7. any one of the purchaser's registered credit card numbers should not be used in association with more than X different online casino websites.
  • the bank BIN number of any one of the purchaser's registered credit cards is not being used by more than X other credit cards registered with the same user account.
  • An external check is one that is carried out by an external source, in conjunction with any one of the external repositories of information (5), in order to verify an item of transaction data. Examples of external checks are:
  • An intelligent data analysis checks is one in which an item of transaction data is analysed in an intelligent manner to determine whether it is invalid in some or other way. Examples of intelligent data analysis checks are:
  • the billing address associated with a credit card registered by the purchaser should match the address of the purchaser.
  • the casino web server (2) performs such checks synchronously by means of appropriate software, both during registration of the purchaser, during registration of a credit card, and during a purchase of credit by the purchaser. Examples of such synchronous error checks are:
  • the purchaser's e-mail address must conform to a known standard format. 2. the purchaser's account number should exist. 3. the purchaser's password should match a stored password for the account.
  • the status of the purchaser's account should not be locked in order for the purchaser to be able to log on to the online casino website. 5. the purchaser's hard disk identifier and the user identification code for the purchaser's account should not be locked.
  • the purchaser's registered credit card must not be deleted or invalid.
  • all mandatory fields for registration of the purchaser's credit card should have been completed.
  • the number of the purchaser's credit card should pass a Luhns Modulus check.
  • the type of the purchaser's credit card, such as Mastercard or Visa, should match that expected according to the first digit of the card number.
  • results of the synchronous and asynchronous checks performed by the casino web server (2) and the asynchronous check agent (9) are the basic building blocks that can be used be used to detect instances of potential fraud that may be worthy of further investigation.
  • the decision engine (11 ) aggregates the results of the various checks performed by the asynchronous check agent (9) in order to derive therefrom one or more indicators of potential fraud by the purchaser.
  • the decision engine (11) is rule-based, and is, accordingly, configurable as to the manner in which the results of the asynchronous checks are to be aggregated and appropriate actions taken, if desired.
  • the decision rules according to which the decision engine (11) is configured allow for the engine to take appropriate action in response to a degree of success or failure of the asynchronous checks.
  • the decision engine (11) may send a mail to an operator of the online casino if a name comparison check results in a match of less than a 70% match, but disables the purchaser's account if the name comparison check resulted in less than a 50% match.
  • the derivation of an indicator of potential fraud by the purchaser performed by the decision engine (11) is referred to, for convenience, as a "test", which, as described above, is the result of an aggregation of multiple checks, where a minimum pass mark can be specified for each check, and the test itself is considered passed or failed if either all of the checks fail, or one of the checks fail.
  • the fraud detection system (1) includes a control facility (15) that is able to regulate use of the online casino website (2) by the purchaser once such an indicator of potential fraud has been detected by the decision engine (11).
  • Use of the online casino website (2) is regulated either by locking out the purchaser from accessing the online casino website, or by activating a surveillance mode to specifically track the purchaser's progress during the commercial transaction.
  • the fraud detection system (1) also includes a configuration facility (16) that enables a number of different checks to be configured for execution by the check agent (9), as well as a number of tests, or decision rules, to be performed by the decision engine (11) and corresponding corrective action, if any, to be taken by the control facility (15) upon detection by the decision engine of probable fraud by the purchaser.
  • Each decision rule comprises an aggregation algorithm of one or more different checks, together with, optionally, an action to be taken by the control facility.
  • an exception notification is generated and transmitted by the fraud control server (7) to the exception logging facility (13) which logs the exception in the exception database (14) .
  • the fraud detection system (1) is in also communication along the communication network (4) with a supervisory control centre (6) in the form of a casino management server associated with the casino web server (2).
  • the generated exception notification is also transmitted by the fraud control server (7) to the casino management server (6), where it can be acted upon by management staff of the online casino website.
  • the fraud detection system (1) thus provides an asynchronous watchdog that can be used in conjunction with a merchant website to analyse all events occurring during the execution of a commercial transaction on the merchant portal (2) in order to detect any attempt at fraudulent activity.
  • the asynchronous nature of the analysis performed by the fraud detection system (1) offers an advantage that it does not impact the performance and speed of response of the merchant portal (2).
  • the fraud detection system (1) uses a negative database (12) of known fraudster information, intelligent data analysis techniques, and integration with external repositories of information (5) to determine if a particular activity has a potential fraud risk associated with it. Suspicious activities generate exceptions that alert the merchant of the risk.
  • the purchaser's particulars may be added manually to the negative database (12) where they will be available to flag further activity by that fraudulent purchaser.
  • the system can, additionally, be configured to take immediate action in response to certain detected high-risk exceptions.
  • the configuration facility (16) may be used to configure different categories of checks to be performed by the check agent (9), other than negative data checks, velocity checks, external checks and intelligent data analysis checks described above. Further, the configuration facility (16) may be used to configure different individual checks to be performed by the check agent (9) and different decision rules to be applied by the decision engine other than those described above.
  • the embodiment described above is a centralised fraud detection system (1 ) associated with a single merchant portal (2) in the form of an online casino. It will be appreciated by those skilled in the art that a single fraud control server (7) can be associated with more than one different merchant portal (2).
  • the operation of such a variation of the embodiment js similar to that previously described, with the exception that transaction data from each one of the different merchant portals (2) is added to the same transaction data queue (8) for analysis by the single check agent (9) and the decision engine (11).
  • the exception database (14) that is built up locally in this manner may be of interest to other merchants having portals through which clients can conduct online commercial transactions. There is therefore an incentive for merchants to pool and share the contents of their different exception databases (14).
  • FIG. 3 An embodiment of such a distributed fraud detection system (100) for use with a plurality of different casino web server (2) is illustrated in Figure 3.
  • a different fraud control server (7) is associated with each one of a number of online casino websites.
  • the system (100) also includes a master fraud control server (101), the function and operation of which will be described below.
  • each casino web server (2) and fraud control server (7) pair logs indications of fraudulent activity on its corresponding local exception database (14). All information from the separate fraud control servers (7) and exception databases (14) is accumulated and consolidated by a master fraud control server (101) having a corresponding master exception database (102). The consolidated information contained in the master exception database (102) is then published by the master fraud control server (101) and is available, on a read-only basis, for subscription by any one or all of the individual fraud control servers (7).
  • the master fraud control server (101 ) in the master exception database (102) is marked as originating from a particular one of the individual fraud control servers (7) ("the Source"), and such information can be locked for subsequent access only by its corresponding Source.
  • the master fraud control server (101 ) may be configured to allow for data to be synchronised between any of the individual fraud control servers (7) by selectively enabling any Source to read or to update data that originated from another Source.
  • the technical problem solved by this invention is that of providing increased protection for online merchant portals (2) against actual or potential fraudulent activity by a purchaser accessing such portals.
  • the protection is aimed principally, but not exclusively, at preventing credit card fraud, whether by use of a stolen credit card, use of an illegally generated credit card number, or fraudulent use of charge backs.
  • Such increased protection can be achieved by instituting checks during registration of the purchaser on the merchant portal (2) .
  • This approach has a disadvantage of slowing the registration procedure and making it laborious, leading to a risk of purchaser attrition.
  • the invention enables the same checks to be conducted asynchronously in an off-line manner, thereby maintaining the simplicity and responsiveness of the registration procedure, without any attendant loss of security.
  • the invention also enables intelligent sharing of data relating to known fraudsters, by any number of merchant portals.
  • the fraud control system (1, 101) is not, however, restricted to use with merchant portals (2) in the form of online casino websites, but finds application in conjunction with any merchant portal, such as an e-commerce portal, on which commercial transactions may be conducted.
  • e-commerce portals usually relate to the purchase of goods, such as books, music or computer software and services, such as travel and entertainment services.
  • the invention therefore provides a fraud control system (1 , 100) that is operable in a supervisory mode in conjunction with a merchant portal in order to detect actual or potential fraudulent activity by a purchaser accessing such portal.

Abstract

A fraud detection system (1) comprises a merchant portal (2) accessible by a purchaser along a communication network (4) in order to conduct a commercial transaction, and an analysis facility (3) in communication with the merchant portal (2). The merchant portal (2) is arranged to enable input by the purchaser of transaction data relating to the commercial transaction. The analysis facility (3) receives inputted transaction data from the merchant portal (2) along the communication network (4) and derives, independently and asynchronously from the merchant portal (2), one or more indicators of potential fraud by the purchaser as a function of the inputted transaction data. The transaction data is added to a queue (8) and is processed by a check agent (9) on a first-in-first-processed basis, independently and asynchronously from the merchant portal (2), according to a number of predetermined checks to obtain corresponding check results. A decision engine (11) aggregates the results of the checks according to one or more aggregation algorithms to derive the one or more indicators of potential fraud by the purchaser.

Description

FRAUD DETECTION
FIELD OF THE INVENTION
This invention relates to a fraud detection system and, more particularly, to a system for detecting fraud in online commercial transactions. The invention extends to a method for detecting fraud in online commercial transactions.
BACKGROUND TO THE INVENTION
Credit cards have, over time, emerged as the most widely used means for making payment for goods and services purchased from a merchant in an on-line environment such as the World Wide Web of the Internet.
Despite their popularity for use in online commercial transactions, credit cards have several disadvantages. One of these disadvantages is a high level of charges levied on the merchant supplying the goods and services. A further disadvantage is that such online commercial transactions suffer from a high rate of charge backs, in which charges made by merchants are repudiated by the credit card holders, leading to losses suffered by the merchants.
In order to appreciate fully the nature of such charge backs, it must be understood that a majority of all commercial transactions effected on the World Wide Web of the Internet are processed as Mail Order/Telephone Order
("MOTO") credit card purchases. Such a transaction only requires that a purchaser provide a credit card number and a corresponding expiry date. The cardholder is not required to explicitly authorise the transaction, either by means of a signature, or by presentation of the credit card. Due to the ease with which credit card numbers and expiry dates may be intercepted, fraudulent MOTO transactions are easy to conduct, particularly on the World Wide Web of the Internet, as compared to mail order transactions.
The above system is disadvantageous for merchants because current practice by credit card issuing banks favours a cardholder who can claim that a charge relating to a particular transaction is fraudulent, the so-called "charge back", thereby placing an onus on the merchant to prove the legitimacy of the corresponding transaction. In many instances, this burden of proof is exceedingly difficult, if not impossible to discharge in respect of online transactions, leading to the cost of such a transaction being borne by the merchant as a loss. While some charge backs may be legitimate as they arise from fraudulent use of intercepted credit card details, it is also known for a cardholder to fraudulently claim a charge back on an otherwise legitimate online commercial transaction. This is particularly so for a merchant who is an online casino offering a limited amount of free credit as a promotional inducement for would-be players to visit the casino. A fraudster may avail himself of the free credit, and then fraudulently claim a charge back in order to defraud the casino of an amount of money equivalent to the value of the free credit. Similarly, a fraudster may conduct an online commercial transaction to purchase credit that is then consumed by placing wagers at the online casino. The purchaser then claims a charge back on the commercial transaction, thereby avoiding liability for gambling losses suffered at the online casino.
In order to prevent or reduce such instances of fraud, it is known to implement rigorous checks when a purchaser registers with a merchant website in order to conduct an online commercial transaction. The rigorous checks generally involve a number of sequential tests, each with a pass/don't pass outcome. The registration process terminates upon failure of any one of these sequential tests. Such a sequence of tests is disadvantageous in that it can render the online commercial transaction tedious and time-consuming to complete and can lead to attrition of purchasers from the merchant's online website, whereas the merchant desires to make the commercial transaction as simple and as quick as possible.
OBJECT OF THE INVENTION
It is an object of this invention to provide a fraud detection system, and a method for detecting fraud that will, at least partially, alleviate the above-mentioned difficulties and disadvantages.
SUMMARY OF THE INVENTION
In accordance with this invention there is provided a fraud detection system, comprising: a merchant portal accessible by a purchaser along a communication network in order to conduct a commercial transaction, the merchant portal being arranged to enable input by the purchaser of transaction data relating to the commercial transaction; and an analysis facility arranged to receive inputted transaction data from the merchant portal along the communication network and to derive, independently and asynchronously from the merchant portal, at least one indicator of potential fraud by the purchaser as a function of the inputted transaction data.
Further features of the invention provide for the analysis facility to derive, independently and asynchronously from the merchant portal, a plurality of different indicators of potential fraud by the purchaser as a function of the inputted transaction data, for the analysis facility to include a transaction data queue to which the inputted transaction data is added, for the analysis facility to include a check agent capable of processing the queued inputted transaction data according to a number of different predetermined checks to obtain corresponding check results, for the number of different predetermined checks performed asynchronously by the check agent to include any one or more of negative data checks, velocity checks, intelligent data analysis checks and external system checks, and for the check agent to process the queued inputted transaction data independently and asynchronously from the merchant portal on a first-in-first-processed basis.
Still further features of the invention provide for the analysis facility to include a decision engine capable of aggregating the results of the number of predetermined checks according to a number of predetermined aggregation algorithms to derive therefrom the at least one indicator of potential fraud by the purchaser, for the analysis facility to include an exception logging means and an associated exception database, the exception logging means causing the derived at least one indicator of potential fraud to be logged by storing it in the exception database, for the fraud detection system to include a control facility operable to legislate access by the purchaser to the merchant portal as a function of the derived at least one indicator of potential fraud by the purchaser, and for the control facility to legislate access to the merchant portal by any one or more of barring the purchaser from accessing the merchant portal and activating a surveillance mode for that purchaser in the analysis facility.
Yet further features of the invention provide for the fraud detection system to include a configuration facility operable to configure the number of different predetermined checks to be performed by the check agent on the queued, inputted transaction data, for the configuration facility to be operable to configure the number of different predetermined aggregation algorithms according to which the at least one indicator of potential fraud is derived by the decision engine, and for the configuration facility to be operable to configure the methods by which the control facility legislates access to the merchant portal. There is also provided for the analysis facility to include an external communication interface for communicating with at least one external information repository, for at least one of the number of predetermined checks according to which the queued, inputted transaction data is processed to require communication with the at least one external information repository, for the at least one external information repository to be a credit bureau, or a repository of credit card data, or a geo-location facility.
There is further provided for the analysis facility to be communicable with a searchable negative database having data therein relating to known fraudsters, for at least one of the number of predetermined checks according to which the queued, inputted transaction data is processed to require comparison of said data with the data contained in the negative database, for the negative database to be selectively updateable with data corresponding to a newly detected fraudster, for the merchant portal to perform at least one synchronous error check on the inputted transaction data, the at least one synchronous error check having a pass/don't pass outcome, and for the analysis facility to include a fraud control server operable under software program control.
There is still further provided for the fraud detection system to include a plurality of merchant portals, each merchant portal having an associated analysis facility with a corresponding slave fraud control server and a slave exception database, for the fraud detection system to also includes a master fraud control server communicable along the communication channel with the plurality of slave fraud control servers, for the master fraud control server to have an associated master exception database, for the contents of the slave exception databases of the plurality of slave fraud control servers to be periodically downloadable to and mergeable with the contents of the master exception database, for the data downloaded to the master exception database from any one of the slave exception databases to be accessible only by the fraud control server corresponding to that exception database, and for the fraud control system to be configurable by the configuration facility to render the data downloaded to the master exception database from any one of the slave exception databases accessible to any of the other slave exception databases by subscription.
There is yet further provided for the merchant portal to be an online casino website and the online commercial transaction to be the purchase of credit for playing at least one game available on the online casino website, and for the communication network to be the World Wide Web of the Internet.
The invention extends to a method of detecting fraud, comprising the steps of: providing a merchant portal accessible by a purchaser along a communication network in order to conduct a commercial transaction, the merchant portal being arranged to enable input by the purchaser of transaction data relating to the commercial transaction; receiving the inputted transaction data from the merchant portal along the communication network; and deriving, independently and asynchronously from the merchant portal, at least one indicator of potential fraud by the purchaser as a function of the inputted transaction data.
There is further provided for the method to include the step of deriving, independently and asynchronously from the merchant portal, a plurality of different indicators of potential fraud by the purchaser as a function of the inputted transaction data, for adding the inputted transaction data to a transaction data queue, for processing the inputted transaction data in the data queue according to a number of different predetermined checks to obtain corresponding check results, for asynchronously performing the number of different predetermined checks as negative data checks, velocity checks, intelligent data analysis checks and external system checks, and for processing the queued, inputted transaction data independently and asynchronously from the merchant portal on a first-in-first-processed basis. There is still further provided for aggregating the results of the number of predetermined checks according to a number of predetermined aggregation algorithms to derive therefrom the at least one indicator of potential fraud by the purchaser, for logging the derived at least one indicator of potential fraud by storing it in an exception database, for legislating access by the purchaser to the merchant portal as a function of the derived at least one indicator of potential fraud by the purchaser, and for legislating access to the merchant portal by any one or more of barring the purchaser from accessing the merchant portal and activating a surveillance mode to track the purchaser's activity.
There is yet further provided for configuring the number of different predetermined checks to be performed on the queued, inputted transaction data, for configuring the number of different predetermined aggregation algorithms according to which the at least one indicator of potential fraud is derived, for configuring the methods by which access to the merchant portal is legislated, and for communicating with at least one external information repository; and for processing at least one of the number of predetermined checks with data contained in the at least one external information repository.
There is also provided for communicating with a searchable negative database having data relating to known fraudsters, for configuring at least one of the predetermined checks to require a comparison of at least a portion of the queued, inputted transaction data with the data contained in the negative database, for selectively updating the negative database with data corresponding to a newly detected fraudster, and for performing, at the merchant portal, at least one synchronous error check having a pass/don't pass outcome.
There is also provided for providing a plurality of merchant portals, each merchant portal having an associated exception database, for providing a master exception database that is communicable along the communication network with the plurality of exception databases corresponding to the plurality of merchant portals, for periodically downloading the contents of the plurality of exception databases to the master exception database and merging said contents with the contents of the master exception database, for accessing the data downloaded to the master exception database from any one of the plurality of exception databases only from a fraud control server corresponding to that exception database, and for configuring the data downloaded to the master exception database from any one of the slave exception databases to be accessible to any of the other slave exception databases by subscription.
BRIEF DESCRIPTION OF THE DRAWINGS
A preferred embodiment of the invention is described below, by way of example only, and with reference to the accompanying drawings, in which:
Figure 1 is a schematic representation of a first embodiment of a fraud control system according to the invention, shown in conjunction with a merchant portal;
Figure 2 is a schematic representation of the fraud control system of Figure 1 , shown in greater detail; and
Figure 3 is a schematic representation of a distributed fraud control system according to the invention, shown in conjunction with three different merchant portals.
DETAILED DESCRIPTION OF THE INVENTION
Referring to Figures 1 and 2, in which like features of the invention are indicated by like numerals, a fraud detection system is indicated generally by reference numeral (1). In the following description, the fraud detection system (1) will be described with particular reference to its application in the detection of potential fraud by patrons of on-line casinos. It is to be clearly understood, however, that the scope of the invention is not limited to this particular application, but extends, rather, to the detection of fraud, generally, in online commercial transaction.
The fraud detection system (1) includes a merchant portal (2) in the form of a casino server that hosts an online casino website, and an analysis facility (3) arranged to receive data from the merchant portal along a communication network (4) that is, in this embodiment, the World Wide Web of the Internet. The analysis facility (3) is interfaceable with one or more external repositories of information (5) to exchange data therewith. The analysis facility is also communicable with a supervisory control centre (6) associated with the merchant portal (2). Communication between the analysis facility (3) and the external repositories of information (5) and between the analysis facility (3) and the supervisory control centre (6) is also achieved by means of the World Wide Web (4) of the Internet. A communication network of this type, which is an open communication network, enables the merchant portal (2), the analysis facility (3) and the supervisory control centre (6) to be located remote from each other.
Turning now to Figure 2, the fraud detection system (1 ) of Figure 1 is indicated in more detail. The analysis facility (3) includes a fraud control server (7) operating under control of a stored software program. The stored software program provides the following functional elements to the fraud control server (7): a transaction data queue (8) in which transaction data relating to a commercial transaction conducted on the online casino website (2) is stored; a check agent (9) capable of analysing data stored in the transaction data queue (8) on a first- in-first-out basis to provide an output; an external communication interface (10) that enables communication between the check agent (9) and any one of the external repositories of information (5); and a decision engine (11) which further processes the output from the check agent (9) to derive one or more indicators of fraudulent activity committed on the merchant portal (2), as will described in detail in the description that follows.
The check agent (9) is able to access and to retrieve data contained in a separate negative database (12) that contains data relating to parties who are fraudsters known to have conducted fraudulent online commercial transactions. Such fraudulent commercial transactions need not have been conducted by a party on the particular merchant portal (2), but can relate to any fraudulent online commercial transaction known to have been committed by that party. All relevant known data relating to such a fraudster stored in the negative database (12), and is fully searchable to confirm the identity of a suspected fraudster. The relevant known data includes all known attributes associated with the fraudster, such as a name and address of the fraudster, a telephone number, an identification number such as a social security number, associated Internet Protocol ("IP") addresses, a password, a user identification number, and details about a type of fraud committed by the fraudster, details of credit cards known to have been used by the fraudster in the commission of fraud, data relating to the types of fraud or attempted fraud committed by the fraudster, and an indication of the number of instances of such fraud. The data structures used in the negative database (12) are flexible enough to be amended to accommodate new types of fraudster data. Where a new fraudster is positively identified, the negative database (12) may be manually updated with particulars of the new fraudster.
The check agent (9) is also able to submit queries to any of the external repositories of information (5) through the external communication interface (10) and to receive results that can then be used to as part of analyses performed by the check agent. These external repositories of information (5) are usually maintained by independent parties, and examples of such external repositories are databases of credit card numbers, IP locators, social security numbers, and the like. The stored software program also provides the following additional functional elements in the fraud control server (7): an exception logging facility (13) operable to log the indicators of fraudulent activity as derived by the decision engine (11); and an exception database (14) connected to the fraud control server (7), to which these indicators of fraudulent activity are logged by the exception logging facility (13).
In use, a would-be patron of the online casino accesses the online casino website by means of an Internet-enabled computer terminal (not shown) to register a presence at the particular casino and to purchase credit required to play one or more games offered by that particular online casino. The would-be patron, referred to in this specification as the purchaser, for convenience, registers with the online casino website for a first time by entering the following transaction data on the computer terminal (not shown): a selected password, an e-mail address, a name, an address and telephone numbers, an identity number, and a date of birth. The purchaser is then assigned a unique user identification number by the online casino for subsequent use. Subsequent registrations with the online casino may be made using only the previously assigned unique user identification number and the selected password. Once registration, whether for the first time, or subsequently, has been completed, the purchaser is then required to purchase a desired quantity of credit in order to play any of the games offered by the online casino. In order to purchase the desired quantity of credit, the purchaser is required to enter additional transaction data such as a desired amount of credit to be purchased, the number of a credit card to be debited with a charge for the credit purchased, together with its corresponding CVC code and a name of a holder of the credit card. The purchaser's credit card only needs to be registered in this manner on the first occasion that it is used to purchase credit. Simply entering the amount of credit desired by the purchaser enables subsequent purchases of credit to be made and the previously registered credit card will be debited with a charge corresponding to the credit purchased. The purchaser may, of course register additional credit cards that may also be used to purchase credit as described above. Where the purchaser has registered multiple credit cards, the transaction data must include an amount of credit desired by the purchaser and a selection of which one of the registered credit cards is to be used for payment. All the above information entered by the purchaser for first or subsequent registrations and credit purchases will be referred to, for convenience, as the transaction data relating to the online commercial transaction.
In addition to the information entered by the purchaser, the casino web server (2) obtains directly from the purchaser's Internet-enabled computer workstation (not shown) an identification code that is unique to the workstation, such as a serial number of a hard disk drive (not shown) on the computer workstation. Although such a hard disk identifier is not entered by the purchaser, but rather obtained directly by the casino web server (2), it will nevertheless be considered, for convenience, as part of the entered transaction data.
The casino web server (2) transmits the transaction data relating to the online commercial transaction initiated by the purchaser to the fraud control server (7) along the communication network (4). The transaction data received from the casino web server (2) is queued by the fraud control server (7) in the transaction data queue (8) for analysis by the check agent (9).
The transaction data queued in the transaction data queue (8) is analysed by the check agent (9) on a first-in-first-out basis in the following manner: each element of transaction data is subjected to one or more checks performed by the check agent (9) independently of the casino web server (2), and asynchronously therefrom. The asynchronous checks performed by the check agent (9) can be classified into one of four broad categories, namely negative data checks, velocity checks, external checks and intelligent data analysis checks. In order to more fully describe the invention, each one of these four categories is described in greater detail below, and some examples are presented of tests performed by the check agent (9) in each category.
A negative data check is one in which a transaction data item drawn from the transaction data queue (8) is explicitly checked against a known list of "bad" or "negative" data that the merchant wishes to explicitly avoid. In this embodiment the negative data is that which is contained in the negative database (12). Examples of negative data checks are:
1. the purchaser's IP address should not be in the negative database
(12).
2. the hard disk identifier of the purchaser's computer workstation (not shown) should not be contained in the negative database (12).
3. the purchaser's unique identification number should not be in the negative database (12).
4. any item of transaction data must be checked against the contents of the negative database (12).
5. none of the purchaser's registered credit card numbers should be in the negative database (12).
The purpose of a velocity check is to detect the occurrence of a particular activity more than a predetermined number of times within a specified time. Examples of velocity checks are:
1. the purchaser's IP address should not have been used to register with more than X online casino websites in within Y period. 2. the hard disk identifier of the purchaser's computer workstation (not shown) should not have been used to register with more than X online casino websites within Y period. 3. the purchaser's unique identification number should not have been used to register with more than X online casino websites within Y period.
4. the purchaser's e-mail address should not be used on more than X different user accounts.
5. the purchaser's telephone number should not be used on more than X different user accounts.
6. the purchaser's address should not be used on more than X different user accounts. 7. any one of the purchaser's registered credit card numbers should not be used in association with more than X different online casino websites.
8. the bank BIN number of any one of the purchaser's registered credit cards is not being used by more than X other credit cards registered with the same user account.
9. the number of credit cards registered by the purchaser and having the same bank BIN number should not exceed X within period Y.
10. no more than X promotions should have been claimed within period Y by a purchaser with the same hard disk identifier. 11. no more than X promotions should have been claimed within Y period by a purchaser with the same unique user identification number. 12. the same password should not have been used to create more than X user accounts within the last Y hours.
An external check is one that is carried out by an external source, in conjunction with any one of the external repositories of information (5), in order to verify an item of transaction data. Examples of external checks are:
1. initiation of a bounce check on the purchaser's e-mail address.
2. validation of the purchaser's telephone number. 3. validation of the purchaser's address.
4. for each one of the purchaser's registered credit cards, the name of the an issuing bank for the card must match that expected according to the bank BIN number on the card. 5. submission of details of the purchaser's credit card to a banking gateway for an Address System Verification check.
An intelligent data analysis checks is one in which an item of transaction data is analysed in an intelligent manner to determine whether it is invalid in some or other way. Examples of intelligent data analysis checks are:
1. any item of transaction data should not contain only spaces.
2. the same item of transaction data should not be repeated across different data fields. 3. any single item of transaction data should not be nonsensical.
4. the name on a registered credit card credit card should match the surname and initials of the purchaser.
5. the billing address associated with a credit card registered by the purchaser should match the address of the purchaser.
By their nature, some of the checks performed on the transaction data cannot be performed asynchronously by the check agent, as the results of such checks must be correct for the online commercial transaction to proceed at all. The casino web server (2) performs such checks synchronously by means of appropriate software, both during registration of the purchaser, during registration of a credit card, and during a purchase of credit by the purchaser. Examples of such synchronous error checks are:
1. the purchaser's e-mail address must conform to a known standard format. 2. the purchaser's account number should exist. 3. the purchaser's password should match a stored password for the account.
4. the status of the purchaser's account should not be locked in order for the purchaser to be able to log on to the online casino website. 5. the purchaser's hard disk identifier and the user identification code for the purchaser's account should not be locked.
6. the number of unsuccessful login attempts by the purchaser should not exceed a predetermined threshold.
7. the purchaser's registered credit card must not be deleted or invalid. 8. all mandatory fields for registration of the purchaser's credit card should have been completed. 9. the number of the purchaser's credit card should pass a Luhns Modulus check. 10. the type of the purchaser's credit card, such as Mastercard or Visa, should match that expected according to the first digit of the card number.
11. the expiry date on the purchaser's credit card should not have been reached.
The results of the synchronous and asynchronous checks performed by the casino web server (2) and the asynchronous check agent (9) are the basic building blocks that can be used be used to detect instances of potential fraud that may be worthy of further investigation.
In order to detect such instances of potential fraud, The decision engine (11 ) aggregates the results of the various checks performed by the asynchronous check agent (9) in order to derive therefrom one or more indicators of potential fraud by the purchaser. The decision engine (11) is rule-based, and is, accordingly, configurable as to the manner in which the results of the asynchronous checks are to be aggregated and appropriate actions taken, if desired. The decision rules according to which the decision engine (11) is configured allow for the engine to take appropriate action in response to a degree of success or failure of the asynchronous checks. For example, the decision engine (11) may send a mail to an operator of the online casino if a name comparison check results in a match of less than a 70% match, but disables the purchaser's account if the name comparison check resulted in less than a 50% match. The derivation of an indicator of potential fraud by the purchaser performed by the decision engine (11) is referred to, for convenience, as a "test", which, as described above, is the result of an aggregation of multiple checks, where a minimum pass mark can be specified for each check, and the test itself is considered passed or failed if either all of the checks fail, or one of the checks fail.
The fraud detection system (1) includes a control facility (15) that is able to regulate use of the online casino website (2) by the purchaser once such an indicator of potential fraud has been detected by the decision engine (11). Use of the online casino website (2) is regulated either by locking out the purchaser from accessing the online casino website, or by activating a surveillance mode to specifically track the purchaser's progress during the commercial transaction.
Examples of such decision rules for the decision engine (11 ) are:
• When a new purchaser account is registered, if the purchaser's name is on the negative database (with 70% certainty), AND the player's address is on the negative database (with 40% certainty), THEN set the player's account to Fraudster Surveillance Mode.
• When a purchaser logs on to the casino website, if the purchaser's user identification code has been associated with more than 3 different accounts in the last 24 hours (with 100% certainty),
OR the player's hard disk identifier has been associated with more than 3 different accounts in the last 24 hours (with 100% certainty),
THEN lock out the player's account.
The fraud detection system (1) also includes a configuration facility (16) that enables a number of different checks to be configured for execution by the check agent (9), as well as a number of tests, or decision rules, to be performed by the decision engine (11) and corresponding corrective action, if any, to be taken by the control facility (15) upon detection by the decision engine of probable fraud by the purchaser. Each decision rule comprises an aggregation algorithm of one or more different checks, together with, optionally, an action to be taken by the control facility.
When the decision engine (11) detects evidence of potential fraud by the purchaser, as described above, an exception notification is generated and transmitted by the fraud control server (7) to the exception logging facility (13) which logs the exception in the exception database (14) . The fraud detection system (1) is in also communication along the communication network (4) with a supervisory control centre (6) in the form of a casino management server associated with the casino web server (2). The generated exception notification is also transmitted by the fraud control server (7) to the casino management server (6), where it can be acted upon by management staff of the online casino website.
It will be appreciated by those skilled in the art that the fraud detection system (1) thus provides an asynchronous watchdog that can be used in conjunction with a merchant website to analyse all events occurring during the execution of a commercial transaction on the merchant portal (2) in order to detect any attempt at fraudulent activity. The asynchronous nature of the analysis performed by the fraud detection system (1) offers an advantage that it does not impact the performance and speed of response of the merchant portal (2). The fraud detection system (1) uses a negative database (12) of known fraudster information, intelligent data analysis techniques, and integration with external repositories of information (5) to determine if a particular activity has a potential fraud risk associated with it. Suspicious activities generate exceptions that alert the merchant of the risk. When such an exception notification is subjected to further investigation and fraud by the purchaser is confirmed, the purchaser's particulars may be added manually to the negative database (12) where they will be available to flag further activity by that fraudulent purchaser. The system can, additionally, be configured to take immediate action in response to certain detected high-risk exceptions.
Numerous modifications are possible to this embodiment without departing from the scope of the invention. In particular, the configuration facility (16) may be used to configure different categories of checks to be performed by the check agent (9), other than negative data checks, velocity checks, external checks and intelligent data analysis checks described above. Further, the configuration facility (16) may be used to configure different individual checks to be performed by the check agent (9) and different decision rules to be applied by the decision engine other than those described above.
The embodiment described above is a centralised fraud detection system (1 ) associated with a single merchant portal (2) in the form of an online casino. It will be appreciated by those skilled in the art that a single fraud control server (7) can be associated with more than one different merchant portal (2). The operation of such a variation of the embodiment js similar to that previously described, with the exception that transaction data from each one of the different merchant portals (2) is added to the same transaction data queue (8) for analysis by the single check agent (9) and the decision engine (11). The exception database (14) that is built up locally in this manner may be of interest to other merchants having portals through which clients can conduct online commercial transactions. There is therefore an incentive for merchants to pool and share the contents of their different exception databases (14).
An embodiment of such a distributed fraud detection system (100) for use with a plurality of different casino web server (2) is illustrated in Figure 3. In this embodiment, a different fraud control server (7) is associated with each one of a number of online casino websites. For convenience, this embodiment will be described with particular reference to three different casino web servers (2). The system (100) also includes a master fraud control server (101), the function and operation of which will be described below.
The operation of each casino web server (2) and fraud control server (7) pair is identical to that described above. It will be appreciated that each fraud control server (7) logs indications of fraudulent activity on its corresponding local exception database (14). All information from the separate fraud control servers (7) and exception databases (14) is accumulated and consolidated by a master fraud control server (101) having a corresponding master exception database (102). The consolidated information contained in the master exception database (102) is then published by the master fraud control server (101) and is available, on a read-only basis, for subscription by any one or all of the individual fraud control servers (7).
Any information that is consolidated in this manner by the master fraud control server (101 ) in the master exception database (102) is marked as originating from a particular one of the individual fraud control servers (7) ("the Source"), and such information can be locked for subsequent access only by its corresponding Source. This feature enables one fraud control server (7) to be used in association with multiple merchant portals (2), without compromising data security by making it available to anyone other than the Source. Numerous modifications are possible to this embodiment without departing from the scope of the invention. In particular, the master fraud control server (101 ) may be configured to allow for data to be synchronised between any of the individual fraud control servers (7) by selectively enabling any Source to read or to update data that originated from another Source.
The technical problem solved by this invention is that of providing increased protection for online merchant portals (2) against actual or potential fraudulent activity by a purchaser accessing such portals. The protection is aimed principally, but not exclusively, at preventing credit card fraud, whether by use of a stolen credit card, use of an illegally generated credit card number, or fraudulent use of charge backs. Such increased protection can be achieved by instituting checks during registration of the purchaser on the merchant portal (2) . This approach has a disadvantage of slowing the registration procedure and making it laborious, leading to a risk of purchaser attrition. The invention enables the same checks to be conducted asynchronously in an off-line manner, thereby maintaining the simplicity and responsiveness of the registration procedure, without any attendant loss of security. The invention also enables intelligent sharing of data relating to known fraudsters, by any number of merchant portals.
The fraud control system (1, 101) is not, however, restricted to use with merchant portals (2) in the form of online casino websites, but finds application in conjunction with any merchant portal, such as an e-commerce portal, on which commercial transactions may be conducted. Such e-commerce portals usually relate to the purchase of goods, such as books, music or computer software and services, such as travel and entertainment services.
The invention therefore provides a fraud control system (1 , 100) that is operable in a supervisory mode in conjunction with a merchant portal in order to detect actual or potential fraudulent activity by a purchaser accessing such portal.

Claims

1. A fraud detection system, comprising: a merchant portal accessible by a purchaser along a communication network in order to conduct a commercial transaction, the merchant portal being arranged to enable input by the purchaser of transaction data relating to the commercial transaction; and an analysis facility arranged to receive inputted transaction data from the merchant portal along the communication network and to derive, independently and asynchronously from the merchant portal, at least one indicator of potential fraud by the purchaser as a function of the inputted transaction data.
2. A fraud detection system as claimed in claim 1 in which the analysis facility derives, independently and asynchronously from the merchant portal, a plurality of different indicators of potential fraud by the purchaser as a function of the inputted transaction data.
3. A fraud detection system as claimed in either one of claims 1 or 2 in which the analysis facility includes a transaction data queue to which the inputted transaction data is added.
4. A fraud detection system as claimed in claim 3 in which the analysis facility includes a check agent capable of processing the queued inputted transaction data according to a number of different predetermined checks to obtain corresponding check results.
5. A fraud detection system as claimed in claim 4 in which the number of different predetermined checks performed asynchronously by the check agent includes any one or more of negative data checks, velocity checks, intelligent data analysis checks and external system checks.
6. A fraud detection system as claimed in either one of claims 4 or 5 in which the check agent processes the queued inputted transaction data independently and asynchronously from the merchant portal on a first-in- first-processed basis.
7. A fraud detection system as claimed in any one of claims 4 to 6 in which the analysis facility includes a decision engine capable of aggregating the results of the number of predetermined checks according to a number of predetermined aggregation algorithms to derive therefrom the at least one indicator of potential fraud by the purchaser.
8. A fraud detection system as claimed in claim 7 in which the analysis facility includes an exception logging means and an associated exception database, the exception logging means causing the derived at least one indicator of potential fraud to be logged by storing it in the exception database.
9. A fraud detection system as claimed in claim 8 that includes a control facility operable to legislate access by the purchaser to the merchant portal as a function of the derived at least one indicator of potential fraud by the purchaser.
10. A fraud detection system as claimed in claim 9 in which the control facility legislates access to the merchant portal by any one or more of barring the purchaser from accessing the merchant portal and activating a surveillance mode for that purchaser in the analysis facility.
11. A fraud detection system as claimed in either one of claims 9 or 10 that includes a configuration facility operable to configure the number of different predetermined checks to be performed by the check agent on the queued, inputted transaction data.
12. A fraud detection system as claimed in claim 11 in which the configuration facility is operable to configure the number of different predetermined aggregation algorithms according to which the at least one indicator of potential fraud is derived by the decision engine.
13. A fraud detection system as claimed in either one of claims 11 or 12 in which the configuration facility is operable to configure the methods by which the control facility legislates access to the merchant portal.
14. A fraud detection system as claimed in any one of claims 7 to 13 in which the analysis facility also includes an external communication interface for communicating with at least one external information repository.
15. A fraud detection system as claimed in claim 14 in which at least one of the number of predetermined checks according to which the queued, inputted transaction data is processed requires communication with the at least one external information repository.
16. A fraud detection system as claimed in either one of claims 14 or 15 in which the at least one external information repository is a credit bureau, or a repository of credit card data, or a geo-location facility.
17. A fraud detection system as claimed in any one of claims 7 to 16 in which the analysis facility is communicable with a searchable negative database having data therein relating to known fraudsters.
18. A fraud detection system as claimed in claim 17 in which at least one of the number of predetermined checks according to which the queued, inputted transaction data is processed requires comparison of said data with the data contained in the negative database.
19. A fraud detection system as claimed in either one of claims 17 or 18 in which the negative database is selectively updateable with data corresponding to a newly detected fraudster.
20. A fraud detection system as claimed in any one of claims 11 to 19 in which the merchant portal performs at least one synchronous error check on the inputted transaction data, the at least one synchronous error check having a pass/don't pass outcome.
21.A fraud detection system as claimed in any one of claims 7 to 20 in which the analysis facility includes a fraud control server operable under software program control.
22. A fraud detection system as claimed in claim 21 that includes a plurality of merchant portals, each merchant portal having an associated analysis facility with a corresponding slave fraud control server and a slave exception database.
23. A fraud detection system as claimed in claim 22 that also includes a master fraud control server communicable along the communication channel with the plurality of slave fraud control servers.
24. A fraud detection system as claimed in claim 23 in which the master fraud control server has an associated master exception database.
25. A fraud detection system as claimed in claims 22 to 24 in which the contents of the slave exception databases of the plurality of slave fraud control servers are periodically downloadable to and mergeable with the contents of the master exception database.
26. A fraud detection system as claimed in claim 25 in which the data downloaded to the master exception database from any one of the slave exception databases is accessible only by the fraud control server corresponding to that exception database.
27. A fraud detection system as claimed in claim 26 in which the fraud control system is configurable by the configuration facility to render the data downloaded to the master exception database from any one of the slave exception databases accessible to any of the other slave exception databases by subscription.
28. A fraud detection system as claimed in any one of the preceding claims in which the merchant portal is an online casino website and the online commercial transaction is the purchase of credit for playing at least one game available on the online casino website.
29. A fraud detection system as claimed in any one of the preceding claims in which the communication network is the World Wide Web of the Internet.
30. A method of detecting fraud, comprising the steps of: providing a merchant portal accessible by a purchaser along a communication network in order to conduct a commercial transaction, the merchant portal being arranged to enable input by the purchaser of transaction data relating to the commercial transaction; receiving the inputted transaction data from the merchant portal along the communication network; and deriving, independently and asynchronously from the merchant portal, at least one indicator of potential fraud by the purchaser as a function of the inputted transaction data.
31. A method of detecting fraud as claimed in claim 30 that includes the step of deriving, independently and asynchronously from the merchant portal, a plurality of different indicators of potential fraud by the purchaser as a function of the inputted transaction data.
32. A method of detecting fraud as claimed in either one of claims 30 or 31 in which the inputted transaction data is added to a transaction data queue.
33. A method of detecting fraud as claimed in claim 32 that includes the further step of processing the inputted transaction data in the data queue according to a number of different predetermined checks to obtain corresponding check results.
34. A method of detecting fraud as claimed in claim 33 in which the number of different predetermined checks performed asynchronously includes any one or more of negative data checks, velocity checks, intelligent data analysis checks and external system checks.
35. A method of detecting fraud as claimed in either one of claims 33 or 34 in which the queued, inputted transaction data is processed independently and asynchronously from the merchant portal on a first-in-first-processed basis.
36. A method of detecting fraud as claimed in any one of claims 33 to 35 that includes the still further step of aggregating the results of the number of predetermined checks according to a number of predetermined aggregation algorithms to derive therefrom the at least one indicator of potential fraud by the purchaser.
37. A method of detecting fraud as claimed in claim 36 that includes the step of logging the derived at least one indicator of potential fraud by storing it in an exception database.
38. A method of detecting fraud as claimed in claim 37 in which access by the purchaser to the merchant portal is legislated as a function of the derived at least one indicator of potential fraud by the purchaser.
39. A method of detecting fraud as claimed in claim 38 in which access to the merchant portal is legislated by any one or more of barring the purchaser from accessing the merchant portal and activating a surveillance mode to track the purchaser's activity.
40. A method of detecting fraud as claimed in either one of claims 38 or 39 that includes the further step of configuring the number of different predetermined checks to be performed on the queued, inputted transaction data.
41. A method of detecting fraud as claimed in claim 40 that includes the step of configuring the number of different predetermined aggregation algorithms according to which the at least one indicator of potential fraud is derived.
42. A method of detecting fraud as claimed in either one of claims 36 to 56 that includes the step of configuring the methods by which access to the merchant portal is legislated.
43. A method of detecting fraud as claimed in any one of claims 33 to 42 which includes the further steps of: communicating with at least one external information repository; and processing at least one of the number of predetermined checks with data contained in the at least one external information repository.
44. A method of detecting fraud as claimed in any one of claims 33 to 43 that includes the step of communicating with a searchable negative database having data relating to known fraudsters.
45. A method of detecting fraud as claimed in claim 44 which includes the step of configuring at least one of the predetermined checks to require a comparison of at least a portion of the queued, inputted transaction data with the data contained in the negative database.
46. A method as claimed in either one of claims 44 or 45 that includes the further step of selectively updating the negative database with data corresponding to a newly detected fraudster.
47. A method as claimed in any one of claims 32 to 46 that includes performance by the merchant portal of at least one synchronous error check having a pass/don't pass outcome.
48. A method of detecting fraud as claimed in any one of claims 32 to 47 that includes the further step of providing a plurality of merchant portals, each merchant portal having an associated exception database.
49. A method of detecting fraud as claimed in claim 48 that includes the step of providing a master exception database that is communicable along the communication network with the plurality of exception databases corresponding to the plurality of merchant portals.
50. A method of detecting fraud as claimed in claim 49 that includes the step of periodically downloading the contents of the plurality of exception databases to the master exception database and merging said contents with the contents of the master exception database.
51. A method of detecting fraud as claimed in claim 50 which provides for accessing the data downloaded to the master exception database from any one of the plurality of exception databases only from a fraud control server corresponding to that exception database.
52. A method of detecting fraud as claimed in claim 51 in which the data downloaded to the master exception database from any one of the slave exception databases is configured to be accessible to any of the other slave exception databases by subscription.
PCT/IB2003/002398 2002-06-28 2003-06-20 Fraud detection WO2004003676A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2003240200A AU2003240200A1 (en) 2002-06-28 2003-06-20 Fraud detection

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB0214995A GB0214995D0 (en) 2002-06-28 2002-06-28 Fraud detection
GB0214995.3 2002-06-28

Publications (2)

Publication Number Publication Date
WO2004003676A2 true WO2004003676A2 (en) 2004-01-08
WO2004003676A3 WO2004003676A3 (en) 2004-03-11

Family

ID=9939482

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2003/002398 WO2004003676A2 (en) 2002-06-28 2003-06-20 Fraud detection

Country Status (3)

Country Link
AU (1) AU2003240200A1 (en)
GB (1) GB0214995D0 (en)
WO (1) WO2004003676A2 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007090605A1 (en) * 2006-02-06 2007-08-16 Mediakey Ltd. A method and a system for identifying potentially fraudulent customers in relation to electronic customer action based systems, and a computer program for performing said method
WO2008138029A1 (en) * 2007-05-11 2008-11-20 Fmt Worldwide Pty Ltd A detection filter
US8666841B1 (en) 2007-10-09 2014-03-04 Convergys Information Management Group, Inc. Fraud detection engine and method of using the same

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5365046A (en) * 1991-04-09 1994-11-15 Haymann Frank V Preventing unauthorized use of a credit card
US5457305A (en) * 1994-03-31 1995-10-10 Akel; William S. Distributed on-line money access card transaction processing system
US6047268A (en) * 1997-11-04 2000-04-04 A.T.&T. Corporation Method and apparatus for billing for transactions conducted over the internet
US6122624A (en) * 1998-05-28 2000-09-19 Automated Transaction Corp. System and method for enhanced fraud detection in automated electronic purchases

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5365046A (en) * 1991-04-09 1994-11-15 Haymann Frank V Preventing unauthorized use of a credit card
US5457305A (en) * 1994-03-31 1995-10-10 Akel; William S. Distributed on-line money access card transaction processing system
US6047268A (en) * 1997-11-04 2000-04-04 A.T.&T. Corporation Method and apparatus for billing for transactions conducted over the internet
US6122624A (en) * 1998-05-28 2000-09-19 Automated Transaction Corp. System and method for enhanced fraud detection in automated electronic purchases

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007090605A1 (en) * 2006-02-06 2007-08-16 Mediakey Ltd. A method and a system for identifying potentially fraudulent customers in relation to electronic customer action based systems, and a computer program for performing said method
WO2008138029A1 (en) * 2007-05-11 2008-11-20 Fmt Worldwide Pty Ltd A detection filter
US8666841B1 (en) 2007-10-09 2014-03-04 Convergys Information Management Group, Inc. Fraud detection engine and method of using the same

Also Published As

Publication number Publication date
AU2003240200A8 (en) 2004-01-19
GB0214995D0 (en) 2002-08-07
WO2004003676A3 (en) 2004-03-11
AU2003240200A1 (en) 2004-01-19

Similar Documents

Publication Publication Date Title
US7698567B2 (en) System and method for tokenless biometric electronic scrip
US7620599B2 (en) System and method for detecting fraudulent calls
US7319987B1 (en) Tokenless financial access system
US7624073B1 (en) System and method for categorizing transactions
US7437330B1 (en) System and method for categorizing transactions
US7539644B2 (en) Method of processing online payments with fraud analysis and management system
US8032449B2 (en) Method of processing online payments with fraud analysis and management system
JP5265213B2 (en) Method and apparatus for assessing fraud risk in electronic commerce
US6192142B1 (en) Tokenless biometric electronic stored value transactions
WO2000067187A1 (en) Tokenless biometric electronic rewards system
US20120030116A1 (en) System and apparatus for transaction fraud processing
US8308557B2 (en) Tiered verification
US20230274009A1 (en) System for designing and validating fine grained fraud detection rules
CN103282923A (en) Integration of verification tokens with portable computing devices
WO2003075197A2 (en) Online financial transaction veracity assurance mechanism
EP2255328A2 (en) Systems and methods to verify payment transactions
US20130281190A1 (en) Game Play System for Automated Terminals
WO2017139035A1 (en) Automatic detection of points of compromise
WO1999031621A1 (en) Tokenless financial access system
CN107846393B (en) Real person authentication method and device
JP2004533045A (en) Method and system for detecting incorrect merchant code used with payment card transactions
WO2014183152A9 (en) Method of processing a transaction request
WO2004003676A2 (en) Fraud detection
JP4942245B2 (en) Payment processing method using a credit card
JP2022025720A (en) Information processor and information processing system

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase in:

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP