Abstract: A system for generating a fraud risk score for a third party provider (TPP) transaction. The system includes a server including an electronic processor. The electronic processor is configured to determine a frequency-recency-monetary value feature, a reputation feature, and a rule feature for a TPP transaction, using the frequency-recency-monetary value feature, the reputation feature, and the rule feature as input for a machine learning model, execute the machine learning model to generate a blended score, and, when the blended score is above a second predetermined threshold, determine that the TPP transaction is fraudulent.

Abstract: An anomaly detection system that includes a database and a server. The server is connected to the database. The server is configured to identify anomalous web traffic for a certain time period based on one or more client keys from the certain time period. The client key(s) includes at least two characteristics related to web traffic data. The server includes a processing unit and a memory. The server is configured to receive the web traffic data from the database, calculate a z-score metric for the client key, calculate a change rate metric for the client key, calculate a failure metric for the client key, determine an anomaly score based on the z-score metric, the change rate metric, and the failure metric, and determine that the certain time period is an anomalous time period based on the anomaly score.

Abstract: A fraud prevention server that includes an electronic processor and a memory. The memory includes an online application origination (OAO) service and a plurality of OAO models, each of the plurality of OAO models differentiates between a behavior of a normal user and a behavior of a nefarious actor during a submission of the online application on a device. When executing the OAO service, the electronic processor is configured to receive form data from a client server, determine a best OAO model from a plurality of OAO models with deep-learning, determine a fraud score of the online application based on the best OAO model, and control the client server to approve, hold, or deny the online application based on the fraud score that is determined.

Abstract: In one embodiment, the present disclosure includes a mobile computing device. The mobile computing device includes a communication interface, one or more sensors, a memory, and an electronic processor. The electronic processor is configured to detect a remuneration trigger event, retrieve sensor data from a sensor data repository in response to detecting the remuneration trigger event, determine whether a user of the mobile computing device intended to perform a remuneration action by applying a user intention model to the sensor data, generate remuneration credentials in response to determining that the user of the mobile computing device intended to perform the remuneration action, and control the communication interface to transmit the remuneration credentials to the terminal device to complete the remuneration action.

Abstract: An anomaly detection system that includes a database and a server. The server is connected to the database. The server is configured to identify anomalous web traffic for a certain time period based on one or more client keys from the certain time period. The client key(s) includes at least two characteristics related to web traffic data. The server includes a processing unit and a memory. The server is configured to receive the web traffic data from the database, calculate a z-score metric for the client key, calculate a change rate metric for the client key, calculate a failure metric for the client key, determine an anomaly score based on the z-score metric, the change rate metric, and the failure metric, and determine that the certain time period is an anomalous time period based on the anomaly score.

Abstract: A system for determining a fraud risk score associated with a transaction. The system includes a server including an electronic processor. The electronic processor is configured to determine a plurality of rules based on a plurality of transactions over time and extract one or more features of the transaction. The electronic processor is also configured to select, based on the plurality of rules, a plurality of fraud risk features Each non-categorical fraud risk feature selected is associated with a fraud risk feature value and each categorical fraud risk feature selected is associated with a categorical variable value. The electronic processor is configured to determine, for each categorical fraud risk feature, a fraud risk feature value. The electronic processor is also configured to determine the fraud risk score based on the one or more of the transformed fraud risk feature values.

Abstract: A fraud prevention server that includes an electronic processor and a memory. The memory includes an online application origination (OAO) service and a plurality of OAO models, each of the plurality of OAO models differentiates between a behavior of a normal user and a behavior of a nefarious actor during a submission of the online application on a device. When executing the OAO service, the electronic processor is configured to receive form data from a client server, determine a best OAO model from a plurality of OAO models with deep-learning, determine a fraud score of the online application based on the best OAO model, and control the client server to approve, hold, or deny the online application based on the fraud score that is determined.

Abstract: A universal device identifier (UDID) service with adjusted attribute distances. In one embodiment, a server includes an electronic processor and a memory storing the UDID service. The electronic processor is configured to receive an identification request regarding a currently-observed device having a first set of device attributes, retrieve any previously-observed devices, determine whether one or more devices are found from retrieving the any of the previously-observed devices, determine all changed device attributes for each device of the one or more devices that are found relative to the first set of device attributes, generate an adjusted attribute distance corresponding to the all changed device attributes for the each device, retrieve a universal device identifier (UDID) of a closest device having a lowest adjusted attribute distance among all adjusted attribute distances that are generated, and assign the UDID of the closest device to the currently-observed device.

Abstract: A fraud prevention system that includes a client server and a fraud prevention server. The fraud prevention server includes an electronic processor and a memory. The memory including a trust scoring service. When executing the trust scoring service, the electronic processor is configured to receive a trust score request of a device from the client server, generate, with a trust model, a trust score of the device, and responsive to generating the trust score, output the trust score to the client server in satisfaction of the trust score request, wherein the trust score is distinct from a risk factor, the trust score representing a predicted trust level of the device, and the risk factor representing a fraud risk level associated with the device based on one or more device behaviors.

Abstract: Methods and systems for secure model development. One system includes an electronic processor configured to receive, within a data quality assurance environment, a user input from a user device and access a code artifact stored in a code artifact repository from a data development environment based on the user input. The electronic processor is also configured to access a set of data stored in a database from a data production environment based on the user input and download a copy of the set of data without changing the set of data stored in the database. The electronic processor is also configured to train, within the data quality assurance environment, a model using machine learning based on the code artifact and the copy of the set of data. The electronic processor is also configured to transmit the model to a model database.

Abstract: A fraud prevention system that includes a fraud prevention server including an electronic processor and a memory. The memory includes a feature drift hardened online application origination (OAO) service. When executing the feature drift hardened OAO service, the electronic processor is configured to detect, with respect to a first OAO model, feature drift in a dataset of an online application that exceeds a predefined threshold, generate one or more feature drift hardened OAO models that mitigate the feature drift, determine a fraud score of the online application based on the one or more feature drift hardened OAO models that differentiates between a behavior of a normal user and a behavior of a nefarious actor during a submission of the online application on a device and mitigates the feature drift, and control a client server to approve, hold, or deny the online application based on the fraud score.

Abstract: An account recommendation system that includes a server. The server is operable to identify a user account based on a server-side persistent device identification. The server includes a processor and a memory. The server is configured to receive a request including one or more attributes related to a client device, identify the server-side persistent device identification (“PDI”) record for the client device based on the one or more attributes of the client device, identify one or more candidate accounts based on the server-side persistent device identification, determine confidence scores for each of the one or more candidate accounts, generate a recommendation signal for the user account associated with the client device based on the confidence scores, and transmit the recommendation signal to a merchant server.

Abstract: Embodiment described herein provide a system for authenticating an identity of a user. The system includes a first device, a second device, a user device, and a remote computing device. The first device, the second device, and the user device are connected to and operable to communicate over the first communications network. The user device is connected to and operable to communicate over a second communications network. The user device is configured to detect the first device or the second device when the first device or the second device is connected the first communications network, and to generate one or more signals related to the detection of the first device or the second device. The remote computing device is configured to receive the one or more signals from the user device and authenticate the identity of the user based on the one or more signals.

Abstract: A system for generating a fraud risk score for a third party provider (TPP) transaction. The system includes a server including an electronic processor. The electronic processor is configured to determine a frequency-recency-monetary value feature, a reputation feature, and a rule feature for a TPP transaction, using the frequency-recency-monetary value feature, the reputation feature, and the rule feature as input for a machine learning model, execute the machine learning model to generate a blended score, and, when the blended score is above a second predetermined threshold, determine that the TPP transaction is fraudulent.

Abstract: Methods and systems of providing fraud prediction services. One method includes receiving a request from a resource provider network and generating a set of features associated with the request. The method also includes accessing a fraud prediction model from a model database and applying the fraud prediction model to the set of features. The method also includes determining, with an electronic processor, a fraud prediction for the request based on the application of the fraud prediction model to the set of features. The method also includes generating and transmitting, with the electronic processor, a response to the request, the response including the fraud prediction.

Abstract: An account recommendation system that includes a server. The server is operable to identify a user account based on a server-side persistent device identification. The server includes a processor and a memory. The server is configured to receive a request including one or more attributes related to a client device, identify the server-side persistent device identification (“PDI”) record for the client device based on the one or more attributes of the client device, identify one or more candidate accounts based on the server-side persistent device identification, determine confidence scores for each of the one or more candidate accounts, generate a recommendation signal for the user account associated with the client device based on the confidence scores, and transmit the recommendation signal to a merchant server.

Abstract: A universal device identifier (UDID) service with adjusted attribute distances. In one embodiment, a server includes an electronic processor and a memory storing the UDID service. The electronic processor is configured to receive an identification request regarding a currently-observed device having a first set of device attributes, retrieve any previously-observed devices, determine whether one or more devices are found from retrieving the any of the previously-observed devices, determine all changed device attributes for each device of the one or more devices that are found relative to the first set of device attributes, generate an adjusted attribute distance corresponding to the all changed device attributes for the each device, retrieve a universal device identifier (UDID) of a closest device having a lowest adjusted attribute distance among all adjusted attribute distances that are generated, and assign the UDID of the closest device to the currently-observed device.

Abstract: A fraud prevention system that includes a server. The server is operable to receive a first attribute of a client device from the client device and associated with a first transaction, receive a second attribute of the client device from the client device and associated with the first transaction, receive a third attribute related to the client device and associated with the first transaction, and generate a persistent device identification (“PDI”) record including the first attribute, the second attribute, and the third attribute, store the PDI record in a memory, receive the third attribute related to the client device and associated with a second transaction, and identify the client device using the PDI record based on the third attribute without receiving, in association with the second transaction, the first attribute of the client device and the second attribute of the client device.

Abstract: An anomaly detection system that includes a database and a server. The server is connected to the database. The server is configured to identify anomalous web traffic for a certain time period based on one or more client keys from the certain time period. The client key(s) includes at least two characteristics related to web traffic data. The server includes a processing unit and a memory. The server is configured to receive the web traffic data from the database, calculate a z-score metric for the client key, calculate a change rate metric for the client key, calculate a failure metric for the client key, determine an anomaly score based on the z-score metric, the change rate metric, and the failure metric, and determine that the certain time period is an anomalous time period based on the anomaly score.

Abstract: Systems, methods, devices, and computer readable media for determining whether a transaction was initiated by a known user. Known users can be identified using a known user identification linear regression algorithm. The known user identification algorithm incorporates a variety of features of an initiated transaction, as well as reputation and historical data associated with an account or user, to produce a prediction value that indicates whether a user is a known user or whether there is a high potential for fraud. If the prediction value that results from the known user identification algorithm is greater than or equal to the threshold value, a fraud rule is triggered (i.e., predicted fraud). If the prediction value that results from the known user identification algorithm is less than the threshold value, the user who initiated the transaction is identified as a known user and the transaction is permitted to proceed (i.e., predicted non-fraud).