Abstract: Cloud computing techniques utilizing distributed application execution are disclosed herein. One example technique includes receiving a command to launch an application, and in response, determining an execution location corresponding to a type of data consumed by individual components of the application. Upon determining that one of the components is to be executed in a local computing facility, the example technique includes transmitting, from a public computing facility to the local computing facility, a request to execute the one of the components in the local computing facility instead of the public computing facility. Upon being authorized by the local computing facility, data is requested and received from the one of the components executed at the local computing facility without having direct access from the public computing facility to a data source at the local computing facility.

Abstract: Various device attributes associated with a current event may be obtained. Similarity metrics may be determined that indicate a degree of similarity between the device attributes that are associated with the current event and stored device attributes that are associated with previous events and previously created fuzzy device identifiers. A fuzzy device identifier may be assigned to the current event based at least in part on a comparison of the similarity metrics with a threshold. If none of the similarity metrics compare favorably with the threshold, then a new fuzzy device identifier may be created for the current event. However, if at least one of the similarity metrics compares favorably with the threshold, then the previously created fuzzy device identifier whose stored device attributes are most similar to the device attributes that are associated with the current event may be assigned to the current event.

Abstract: Cloud computing techniques utilizing distributed application execution are disclosed herein. One example technique includes receiving a command to launch an application, and in response, determining an execution location corresponding to a type of data consumed by individual components of the application. Upon determining that one of the components is to be executed in a local computing facility, the example technique includes transmitting, from a public computing facility to the local computing facility, a request to execute the one of the components in the local computing facility instead of the public computing facility. Upon being authorized by the local computing facility, data is requested and received from the one of the components executed at the local computing facility without having direct access from the public computing facility to a data source at the local computing facility.

Abstract: Training risk determination models based on a set of labeled data transactions. A first set of labeled data transactions that have been labeled during a review process is accessed. A first risk determination model is trained using the first set of labeled data transactions. A first risk score for data transactions of a set of unlabeled data transactions is determined using the first risk determination model. Data transactions in the set of unlabeled data transactions are newly labeled based on the first risk score. The newly labeled data transactions are added to a second set of labeled data transactions that include the first set of labeled data transactions. A second risk determination model is trained using at least the second set of labeled data transactions. A second risk score is determined for subsequently received data transactions and these data transactions are rejected or approved based on the second risk score.

Abstract: Cloud computing techniques utilizing distributed application execution are disclosed herein. One example technique includes receiving a command to launch an application, and in response, determining an execution location corresponding to a type of data consumed by individual components of the application. Upon determining that one of the components is to be executed in a local computing facility, the example technique includes transmitting, from a cloud computing facility to the local computing facility, a request to execute the one of the components in the local computing facility instead of the cloud computing facility. Upon being authorized by the local computing facility, data is requested and received from the one of the components executed at the local computing facility without having direct access from the cloud computing facility to a data source at the local computing facility.

Abstract: Different fraud risk models can be developed and applied for a consortium of e-commerce merchants. With this multi-phase modeling strategy, a consortium member can get its optimal model performance at different data phases from an early phase where the consortium member does not have any historical data, to a more mature phase where the consortium member has a short time period of matured data, to a fully mature phase where the consortium member has a long-time period of matured data. On the other hand, the matured consortium data is not affected by the immature data from new members. Thus, the model performance for long-time existing members is not affected by new members at immature phases.

Abstract: Various device attributes associated with a current event may be obtained. Similarity metrics may be determined that indicate a degree of similarity between the device attributes that are associated with the current event and stored device attributes that are associated with previous events and previously created fuzzy device identifiers. A fuzzy device identifier may be assigned to the current event based at least in part on a comparison of the similarity metrics with a threshold. If none of the similarity metrics compare favorably with the threshold, then a new fuzzy device identifier may be created for the current event. However, if at least one of the similarity metrics compares favorably with the threshold, then the previously created fuzzy device identifier whose stored device attributes are most similar to the device attributes that are associated with the current event may be assigned to the current event.

Abstract: Methods, systems, and computer program products are provided for using pre-purchase scoring to efficiently detect fraud on an e-commerce platform. In particular, high dimension pre-purchase information may be consolidated into one or more scores to be carried over and applied to a real time machine learning model at the purchase stage. More specifically, a large amount of information is available, for example, when a user initially connects to the e-commerce platform, creates an account thereon, subsequently logs in using that account, or adds a payment instrument to their account. Such information is applied to a machine learning model that consolidates the information into a score to be carried over, and used further at the purchase stage.

Abstract: Methods, systems, and computer program products are provided for transaction fraud detection based on entity linking. Identifying data is collected associated with at least one transaction in a set of fraudulent transactions. A second set of transactions is searched for first linked transactions that include at least some of the identifying data. For each of the first linked transactions, the second set of transactions is recursively searched for additional linked transactions based at least in part on additional identifying data included in each of the first linked transactions. A fraud island is designated to include the at least one transaction, the first linked transactions, and the additional linked transactions. Whether a subsequent transaction is fraudulent is determined based on the fraud island and a transaction fraud risk model.

Abstract: Methods, systems, and computer program products are provided for tracking user actions made via a user account, and to accurately detect fraudulent transactions made therewith. Information associated with the user actions such as, for example, device ID, device IP address, and device IP location, is captured and stored. Stored information is used to create features. The features are assembled into an n-dimensional vector, and a measure similarity between that vector and a previously created n-dimensional vector can be computed. The measure of similarity may be used to assess the probability that the present transaction is fraudulent. Alternatively, one or more n-dimensional vectors, and/or the computed measure of similarity may be used as input to a machine learning model. The output of machine learning model also may be used to assess the probability that the present transaction is fraudulent.

Abstract: Training risk determination models based on a set of labeled data transactions. A first set of labeled data transactions that have been labeled during a review process is accessed. A first risk determination model is trained using the first set of labeled data transactions. A first risk score for data transactions of a set of unlabeled data transactions is determined using the first risk determination model. Data transactions in the set of unlabeled data transactions are newly labeled based on the first risk score. The newly labeled data transactions are added to a second set of labeled data transactions that include the first set of labeled data transactions. A second risk determination model is trained using at least the second set of labeled data transactions. A second risk score is determined for subsequently received data transactions and these data transactions are rejected or approved based on the second risk score.

Abstract: Embodiments disclosed herein are related to computing systems and methods for detecting anomalies in a distribution of one or more attributes associated with data transactions. In the embodiments, data transactions are accessed that each include various attributes. The data transactions are grouped into a first subset associated with a first sub-type of a first attribute and a second subset including any remaining sub-types of the first attribute. Second attributes in the first and second subsets are compared to determine differences in the proportion of the second attributes between the first and second subsets, where the differences are indicative of an anomaly in an expected distribution of the second attributes. Based at least on a determination that there are differences in the proportion, subsequently accessed data transactions that are associated with attributes similar to the data transactions of the first subset are rejected or subjected to a further review process.

Abstract: Embodiments disclosed herein are related determining a risk score for one or more data transactions. Current data transactions that are associated with one or more current attributes are received. Stored data transactions associated with stored attributes are accessed. A plurality of the stored attributes are selected. A first sliding window and a second sliding window are selected. A duration of the second sliding window is longer than a duration of the first sliding window and encompasses the duration of first sliding window. Risk information for those stored data transactions that are associated with the plurality of attributes is determined. The risk information is determined during the duration of both the first and second sliding windows and is indicative of a level fraud that is occurring. The determined risk information and the current attributes are used to generate a risk score for the current data transactions. The current data transactions are approved or rejected based on the risk score.

Abstract: Embodiments disclosed herein are related to computing systems and methods for determining a risk score for a plurality of data transactions. In the embodiments, a first risk score module may receive data transactions. The first risk score module may then determine a first risk score for each of the data transactions. A second risk score module that is different from the first risk score module may receive each of the first risk scores determined by the first risk score module as an input. The second risk score module may determine a second risk score based in part on the input first risk scores for each of the data transactions. The second risk scores may specify if each of the data transactions is to be approved or rejected by the computing system.

Abstract: Embodiments herein are related to selecting one or more cutoff values used to determine if a plurality of data transactions should be accepted or rejected. In the embodiments, various data sets from a plurality of data transactions are generated. At least one of the data sets includes a different subset of the data transactions than a second data set. One or more cutoff values for each of the data sets are determined. The cutoff values specify if the data transactions are to be accepted or rejected. An efficiency value for each of the data sets is determined at each of the cutoff values. An average efficiency value and an efficiency standard deviation value at each of the cutoff values are determined based on the determined efficiency values. At least one of the cutoff values is selected based on the average efficiency value and the efficiency standard deviation value.

Abstract: A machine learning method for performing an efficiency analysis on a decision to accept or reject a data transaction. A machine learning classifier receives a decision analysis for data transactions, the decision analysis determining if each of the data transactions was accepted or rejected. The machine learning classifier performs an overall result analysis of a result that would occur if all true negatives and all false positives were accepted. The machine learning classifier performs an impact analysis of the false negatives on the true negatives that were properly accepted. The machine learning classifier performing an efficiency analysis by finding a ratio of the impact of the false negatives on the true negatives that were properly accepted to the result that would occur if all true negatives and all false positives were accepted.

Abstract: The claimed subject matter relates to an architecture that can mitigate privacy concerns in connection with ad targeting or data collection. In particular, architecture can be included in a personal mobile communication device such as a cell phone. During communication transactions between the host device and a peer device, shared information can be extracted either from content included in the communication or from metadata. Based upon the shared information, a social graph maintained on the host device can be updated. In addition, the host device can receive a large set of ads and select or tailor a custom ad from the set based upon the social graph.

Abstract: The claimed subject matter relates to an architecture that can mitigate privacy concerns in connection with ad targeting or data collection. In particular, architecture can be included in a personal mobile communication device such as a cell phone. During communication transactions between the host device and a peer device, shared information can be extracted either from content included in the communication or from metadata. Based upon the shared information, a social graph maintained on the host device can be updated. In addition, the host device can receive a large set of ads and select or tailor a custom ad from the set based upon the social graph.