Abstract: A method and system for detecting fraudulent network events in a payment card network by incorporating breach velocities into fraud scoring models are provided. A potential compromise event is detected, and payment cards that transacted at a compromised entity associated with the potential compromise event are identified. Subsequent transaction activity for the payment cards is reviewed, and a data structure for the payment cards are generated. The data structure sorts subsequent transaction activity into fraud score range stripes. The data structure is parsed over a plurality of time periods, and at least one cumulative metric is calculated for each of the time periods in each fraud score range stripe. A plurality of ratio striping values are determined, and a set of feature inputs is generated using the ratio striping values. The feature inputs are applied to a scoring model used to score future real-time transactions initiated using the payment cards.

Abstract: A compromise detection computing device is configured to receive transaction data associated with a set of transactions performed at a plurality of merchants, each transaction conducted using a payment device, identify a first merchant, and generate a list of every payment device that was used to conduct a transaction at the first merchant. The compromise detection computing device is further configured to monitor subsequent transaction activity associated with each payment device on the list, and generate a fraud proxy score for each payment device based upon the activity. The compromise detection computing device is further configured to access fraud report records associated with any payment device on the list, generate an implication score for the first merchant based upon the fraud proxy score and the fraud report records, and, when the first implication score meets a first criteria, automatically transmit an alert message to a receiving party.

Abstract: A message tracking computing device for identifying anomalous activity in real-time is provided. The message tracking computing device includes a memory in communication with a processor. The processor is programmed to receive a transaction dataset including a plurality of transaction records, each transaction record associated with a payment transaction. The processor is further programmed to compute, for a subset of transaction records of the plurality of transaction records, a normalized velocity score by computing a streaming mean, computing a streaming standard deviation, and computing the normalized velocity score based on the streaming mean, the streaming standard deviation, and a transaction ratio. The processor is further programmed to analyze the at least one computed normalized velocity score to detect anomalous activity, automatically generate an alert message identifying the anomalous activity, and transmit the alert message to a remote computing device.

Abstract: An analytics computing system for analyzing payment transaction data to identify merchants having a recurring payment program is provided. The analytics computing system is configured to receive first payment transaction data for a plurality of transactions associated with a merchant, generate an actual transaction amount distribution, compare the actual transaction amount distribution to a stored model distribution, compare an angle distance to a predefined threshold value, and identify whether the merchant is a merchant performing recurring payment transactions. The analytics computing system is also configured to store that the merchant is a recurring payment merchant and alert an analyst that the merchant is a recurring payment merchant by transmitting an alert message to a user computing device in communication with the analytics computing device.

Abstract: A system for identifying complete account identifiers from partial account identifiers is provided. The system includes an account identification computing device including at least one processor and a memory device in communication with the at least one processor. The processor is configured to receive transaction data including unique merchant identifiers, build a merchant table using the transaction data, and receive a list including partial account identifiers. The processor is further configured to determine, for each unique merchant identifier, a number of candidate account identifiers and calculate at least one metric based on the number of candidate account identifiers. The processor is further configured to identify a source unique merchant identifier and match at least one candidate account identifier to a complete account identifier by matching one of the partial account identifiers to the at least one candidate account identifier.

Abstract: A method and system for detecting fraudulent network events in a payment card network are provided. A plurality of scored payment card transaction authorization requests is received, originating from a plurality of merchants, and data structures for each of a plurality of merchant groups are generated. Each data structure sorts the scored authorization requests into fraud score range stripes. The data structures are parsed over a plurality of time periods, and at least one cumulative metric is calculated for each merchant group for each of the time periods in each fraud score range stripe. A plurality of ratio striping values is determined for each merchant group, and a set of feature inputs is generated using the ratio striping values. A second fraud detection model is applied to the scored authorization requests. Parameters of the second fraud detection model are configured to change based on the generated set of feature inputs.

Abstract: A method and system for detecting fraudulent network events in a payment card network are provided. A plurality of scored payment card transaction authorization requests are received, originating from a plurality of merchants, and data structures for each of a plurality of merchant groups are generated. Each data structure sorts the scored authorization requests into fraud score range stripes. The data structures are parsed over a plurality of time periods, and at least one cumulative metric is calculated for each merchant group for each of the time periods in each fraud score range stripe. A plurality of ratio striping values is determined for each merchant group, and a set of feature inputs is generated using the ratio striping values. A second fraud detection model is applied to the scored authorization requests. Parameters of the second fraud detection model are configured to change based on the generated set of feature inputs.

Abstract: A method and system for detecting fraudulent network events in a payment card network are provided. A plurality of scored payment card transaction authorization requests are received, originating from a plurality of merchants, and at least one data structure is generated. The data structure sorts the scored authorization requests into fraud score range stripes. The data structure is parsed over a plurality of time periods, and at least one cumulative metric is calculated for each of the time periods in each fraud score range stripe. A plurality of ratio striping values is determined, and a set of feature inputs is generated using the ratio striping values. A second fraud detection model is applied to the scored authorization requests. Parameters of the second fraud detection model are configured to change based on the generated set of feature inputs.

Abstract: A message tracking computing device for identifying anomalous activity in real-time is provided. The message tracking computing device includes a memory in communication with a processor. The processor is programmed to receive a transaction dataset including a plurality of transaction records, each transaction record associated with a payment transaction. The processor is further programmed to compute, for a subset of transaction records of the plurality of transaction records, a normalized velocity score by computing a streaming mean, computing a streaming standard deviation, and computing the normalized velocity score based on the streaming mean, the streaming standard deviation, and a transaction ratio. The processor is further programmed to analyze the at least one computed normalized velocity score to detect anomalous activity, automatically generate an alert message identifying the anomalous activity, and transmit the alert message to a remote computing device.

Abstract: Described herein are systems and methods for classifying incoming payment transactions. A fraud classification computing system includes a historical transaction database for storing a plurality of transaction records associated with a respective plurality of historical transactions. The fraud classification computing system receives a current transaction request message associated with a current payment transaction. The fraud classification computing system applies a multi-class fraud prediction model to the current transaction request message to generate scores indicating a relative likelihood that the current payment transaction is each of a plurality of fraudulent transaction types. The fraud classification computing system identifies a most likely transaction classification identifier and generates a transaction classification message for the current payment transaction.

Abstract: A message tracking computing device for identifying anomalous activity in real-time is provided. The message tracking computing device is programmed to receive real-time transaction data including a plurality of transaction records. Each transaction record associated with a payment transaction. The message tracking computing device is also programmed to sort the plurality of transaction records into a plurality of channels. The message tracking computing device is further programmed to compute, for each channel, a normalized velocity score by computing a streaming mean, computing a streaming standard deviation, and computing the normalized velocity score based on the streaming mean, the streaming standard deviation, and a transaction ratio.

Abstract: A system is provided. The system includes a computing device including at least one processor in communication with at least one memory device. The at least one processor is programmed to receive a plurality of data points. The at least one processor is also programmed to sort the plurality of data points into chronological order. The at least one processor is further programmed to divide the plurality of data points into a plurality of subsets. Each subset of the plurality of subsets represents a period of time. In addition, the at least one processor is programmed to process each subset to determine a velocity value for the individual subset. Moreover, the at least one processor is programmed to combine the plurality of velocity values to determine a final velocity value.

Abstract: A common point of purchase (CPP) system for identifying a common point of purchases involved in fraudulent or unauthorized payment transactions is provided. The CPP system includes a common point of purchase (CPP) computing device that is configured to receive transaction data, store the transaction data in a database, and perform a look up within the database. The CPP computing device is also configured to build a merchant table, receive a card list, and compare a plurality of flagged account identifiers in the card list to account identifiers in the merchant table. The CPP computing device is further configured to retrieve a unique merchant identifier and/or a merchant name identifier associated with the merchant table account identifiers matched with the flagged account identifiers, aggregate the unique merchant identifier using the merchant name identifier, and determine a first number of the flagged account identifiers associated with the merchant name identifier.

Abstract: A computing system for detecting a pattern of fraudulent network events in a payment card network is configured to continuously receive a plurality of scored transaction authorization requests each including a respective account number and a respective fraud score. The computing system is also configured to sort the scored transaction authorization requests into account ranges based the account number, and sort the transaction authorization requests within each of the account ranges into a fraud score range stripes based on the corresponding fraud score. The computing system is further configured to calculate, for the scored transaction authorization requests within each fraud score range stripe, a ratio of a cumulative metric for a shorter time period over a longer time period, and detect, in near real-time, a fraud event associated with one of the account ranges based on the ratio for one of the fraud score range stripes within the account range.

Abstract: A common point of purchase (CPP) system for identifying a common point of purchases involved in fraudulent or unauthorized payment transactions is provided. The CPP system includes a common point of purchase (CPP) computing device that is configured to receive transaction data, store the transaction data in a database, and perform a look up within the database. The CPP computing device is also configured to build a merchant table, receive a card list, and compare a plurality of flagged account identifiers in the card list to account identifiers in the merchant table. The CPP computing device is further configured to retrieve a unique merchant identifier and/or a merchant name identifier associated with the merchant table account identifiers matched with the flagged account identifiers, aggregate the unique merchant identifier using the merchant name identifier, and determine a first number of the flagged account identifiers associated with the merchant name identifier.

Abstract: An inverse recommender system for detecting out-of-pattern payment transactions includes a memory device and a processor programmed to receive transaction data. The transaction data corresponds to historical payment transactions between account holders and merchants. The processor is programmed to generate a merchant correspondence matrix including the merchants and counters indicating the number of historical payment transactions between merchant pairs of the merchants and the account holders. The processor is programmed to store the merchant correspondence matrix in a memory device linking the merchant pairs to each account holder. The processor receives additional transaction data associated with a new payment transaction between an account holder and a merchant, and to generate an inverse recommender score for the new payment transaction based on the account holder's historical payment transaction data.

Abstract: A computing system for detecting fraudulent payment card network events includes a ratio striping engine that receives scored payment card transaction authorization requests and generates data structures for a plurality of account ranges. Each data structure sorts the transaction authorization requests within the associated account range over a plurality of fraud score range stripes. The data structures are parsed over time periods that extend back from a common starting point. For each data structure and time period, at least one cumulative metric is calculated from the transaction authorization requests in each fraud score range stripe. For each data structure, ratio striping values are determined between values of the at least one metric in a fraud score range stripe over two of the time periods. A fraud event associated with at least one of the account ranges is detected based on the ratio striping values for the corresponding data structure.

Abstract: An inverse recommender system for detecting out-of-pattern payment transactions includes a memory device and a processor programmed to receive transaction data. The transaction data corresponds to historical payment transactions between account holders and merchants. The processor is programmed to generate a merchant correspondence matrix including the merchants and counters indicating the number of historical payment transactions between merchant pairs of the merchants and the account holders. The processor is programmed to store the merchant correspondence matrix in a memory device linking the merchant pairs to each account holder. The processor receives additional transaction data associated with a new payment transaction between an account holder and a merchant, and to generate an inverse recommender score for the new payment transaction based on the account holder's historical payment transaction data.

Abstract: An analytics computing system for analyzing payment transaction data to identify merchants having a recurring payment program is provided. The analytics computing system is configured to receive first payment transaction data for a plurality of transactions associated with a merchant, generate an actual transaction amount distribution, compare the actual transaction amount distribution to a stored model distribution, compare an angle distance to a predefined threshold value, and identify whether the merchant is a merchant performing recurring payment transactions. The analytics computing system is also configured to store that the merchant is a recurring payment merchant and alert an analyst that the merchant is a recurring payment merchant by transmitting an alert message to a user computing device in communication with the analytics computing device.

Abstract: An analytics computing system for analyzing payment transaction data to identify merchants having a recurring payment program is provided. The analytics computing system is configured to receive first payment transaction data for a plurality of transactions associated with a merchant, generate an actual transaction amount distribution, compare the actual transaction amount distribution to a stored model distribution, compare an angle distance to a predefined threshold value, and identify whether the merchant is a merchant performing recurring payment transactions. The analytics computing system is also configured to store that the merchant is a recurring payment merchant and alert an analyst that the merchant is a recurring payment merchant by transmitting an alert message to a user computing device in communication with the analytics computing device.