Abstract: Techniques are provided for generating performance improvement recommendations for machine learning models. One method comprises evaluating performance metrics for multiple implementations of a machine learning model; computing a performance score that aggregates the performance metrics for a given machine learning model implementation; and recommending a modification to the given machine learning model implementation based on the performance score by evaluating one or more performance metrics for the given implementation relative to at least one additional performance metric for the given implementation, wherein the recommended modification is based on a performance with the recommended modification for another implementation. A given performance metric may be weighted based on an expected improvement from modifying a factor related to the given performance metric.

Abstract: Techniques are provided for generating adaptive policies from organization data for detection of risk-related events. One method comprises obtaining features identified in organization data of an organization for a risk analysis, wherein a given feature comprises a plurality of data values, wherein each data value for the given feature comprises a discrete value of the given feature or a range of values for the given feature; obtaining a probability of occurrence associated with each data value based on the organization data; identifying a plurality of candidate anomalous data values based on the probabilities of occurrence; determining an intervention rate for a plurality of combinations of the candidate anomalous data values; and generating policies for the organization using the combinations of candidate anomalous data values based on a corresponding intervention rate. The generated policies are used to detect one or more risk-related events.

Abstract: Techniques are provided for generating performance improvement recommendations for machine learning models. One method comprises evaluating performance metrics for multiple implementations of a machine learning model; computing a performance score that aggregates the performance metrics for a given machine learning model implementation; and recommending a modification to the given machine learning model implementation based on the performance score by evaluating one or more performance metrics for the given implementation relative to at least one additional performance metric for the given implementation, wherein the recommended modification is based on a performance with the recommended modification for another implementation. A given performance metric may be weighted based on an expected improvement from modifying a factor related to the given performance metric.

Abstract: Methods, apparatus, and processor-readable storage media for enriching structured data are provided herein. An example method includes receiving a first data structure and a second data structure; normalizing the first data structure and the second data structure using one or more configuration files; identifying, from the normalized first data structure and second data structure, one or more items of data in the second data structure that contain information relevant to one or more items of corresponding data in the first data structure; and generating a target data structure comprising at least a portion of the one or more items of identified data from the second data structure, at least a portion of the one or more items of corresponding data from the first data structure, and a unique key corresponding to the portions of the one or more items of data from the first and second data structures.

Abstract: A method involves performing a mathematical estimation operation identifying a risk score threshold. The operation identifies the risk score threshold as a point on a curve rather than a value of a particular risk score. Such a curve approximates the distribution of risk score values output over a time interval and represents a function embodied by a plot of risk score percentile vs. risk score value. The risk engine, rather than selecting a particular risk score, selects a curve from a family of curves that is known to accurately represent such risk score distributions. For example, the risk engine may choose the curve that provides the best fit to the previous week's risk scores over the family of curves. The risk engine identifies the risk score threshold by finding a risk score value such that the function evaluated at that risk score value produces a specified risk score percentile.

Abstract: Techniques of risk-based authentication involve adjusting a risk engine used by a recipient entity based on feedback acquired from multiple entities. Along these lines, both a recipient risk engine and one or more donor risk engines perform risk-based authentication for which respective feedback is generated. The feedback indicates whether certain transaction requests predicted to be fraudulent are confirmed to be fraudulent. The recipient risk engine is then adjusted based on the feedback created for itself, the feedback created for any of the donor risk engines, or some combination thereof.

Abstract: Methods, apparatus, and processor-readable storage media for enriching structured data are provided herein. An example method includes receiving a first data structure and a second data structure; normalizing the first data structure and the second data structure using one or more configuration files; identifying, from the normalized first data structure and second data structure, one or more items of data in the second data structure that contain information relevant to one or more items of corresponding data in the first data structure; and generating a target data structure comprising at least a portion of the one or more items of identified data from the second data structure, at least a portion of the one or more items of corresponding data from the first data structure, and a unique key corresponding to the portions of the one or more items of data from the first and second data structures.

Abstract: Techniques are provided for generating adaptive policies from organization data for detection of risk-related events. One method comprises obtaining features identified in organization data of an organization for a risk analysis, wherein a given feature comprises a plurality of data values, wherein each data value for the given feature comprises a discrete value of the given feature or a range of values for the given feature; obtaining a probability of occurrence associated with each data value based on the organization data; identifying a plurality of candidate anomalous data values based on the probabilities of occurrence; determining an intervention rate for a plurality of combinations of the candidate anomalous data values; and generating policies for the organization using the combinations of candidate anomalous data values based on a corresponding intervention rate. The generated policies are used to detect one or more risk-related events.

Abstract: An improved technique involves generating, from historical transaction data, a relational graph that represents connections between users who initiate transactions and transaction devices used to carry out the transactions. By supplementing traditional relational database models with a tool such as a graph database, a risk analysis server is able to express users and transaction devices as nodes in a graph and the connections between them as edges in the graph. The risk analysis server may then match the topology of the graph in a neighborhood of the user initiating the transaction to a known topology that is linked to an indication of risk. In some arrangements, this topology is an input into a risk model used to compute a risk score for adaptive authentication.

Abstract: Techniques are provided for smoothing discretized values used, for example, for authentication or identity assurance. An illustrative method comprises obtaining at least one probability of transitioning between at least two discretized values of a given feature; computing a smoothed feature score for the given feature for a transition from a first one of the discretized values to a second one of the discretized values based on the probability of the transition from the first discrete value to the second discrete value; and performing one or more of authenticating a user and verifying an identity of a user based at least in part on the smoothed feature score. The probabilities of transitioning between the discretized values are optionally stored in a transition matrix. Feature scores for first and second discretized values are optionally weighted based on the probability of the transition from the first discrete value to the second discrete value.

Abstract: Techniques of identifying fraud detection rule strength involve varying the rendering of a graph from transaction data. Along these lines, a rules server computer provides a general graph from a group of transaction entries defining a group of fraudulent and authentic transactions on an electronic display. A user defines selection criteria that the rules server computer applies to the group of transaction entries to generate a subgroup of transaction entries. From the subgroup of transaction entries, the rules server computer provides a focused graph on the electronic display from the subgroup of transaction entries defining a subgroup of the group of fraudulent and authentic transactions. A ratio of the number of fraudulent transactions to the number of authentic transactions represented in the focused graph identifies the strength of the selection criteria for use in a fraud detection rule.

Abstract: An improved technique involves identifying other transactions for investigation from entries in a database that involve a particular actor involved in a known fraudulent transaction. From a transaction log listing transactions, a server generates a database of transaction entries which identify transactions from the transaction log, each transaction entry (i) describing an activity and (ii) identifying a set of actors involved in that activity. Based on a known fraudulent transaction involving a particular actor, the server finds a set of transaction entries from the database which involve the particular actor. From the found set of transaction entries, the server identifies other transactions for investigation.