Abstract: Systems and methods are provided for identifying and detecting unauthorized user activity and for decreasing the rate of false-positives. The disclosed systems and techniques may involve analysis of users' past activity data so that individual classifications and authorization decisions with respect to requested user activity are based on activity data associated with a user's use of multiple services.

Abstract: A method of operating a computer system is disclosed. An eCommerce authentication request is received from a merchant node. The eCommerce authentication request has content including cardholder information. A risk score for the eCommerce authentication request is generated based on comparison of the cardholder information of the eCommerce authentication request to cardholder information of eCommerce authentication requests of a plurality of merchant nodes. The eCommerce authentication request is selectively provided to an authentication node based on the risk score.

Abstract: A method of operating a computer system is disclosed. An eCommerce authentication request is received from a merchant node. The eCommerce authentication request has content including merchant information. A risk score for the eCommerce authentication request is generated based on comparison of the merchant information of the eCommerce authentication request to merchant information of eCommerce authentication requests of a plurality of merchant nodes. The eCommerce authentication request is selectively provided to an authentication node based on the risk score.

Abstract: A method of operating a computer system is disclosed. An eCommerce authentication request is received. Content of the eCommerce authentication request is processed through a non-linear analytical model to generate a risk score. The eCommerce authentication request is selectively provided to an authentication node based on the risk score. Related authentication gateway nodes and computer program products are disclosed.

Abstract: Systems and methods are provided for identifying and detecting unauthorized user activity and for decreasing the rate of false-positives. The disclosed systems and techniques may involve analysis of users' past activity data so that individual classifications and authorization decisions with respect to requested user activity are based on activity data associated with a user's use of multiple services.

Abstract: A method of operating a computer system includes receiving from a merchant node an eCommerce authentication request for a pending eCommerce transaction associated with a user terminal. The eCommerce authentication request contains transaction information of the pending eCommerce transaction that includes a user terminal identifier. A risk score for the pending eCommerce transaction is generated based on similarities between the transaction information of the pending eCommerce transaction and a cluster of historical eCommerce transactions each containing transaction information including a user terminal identifier that matches the user terminal identifier of the pending eCommerce transaction. The eCommerce authentication request is selectively provided to an authentication node based on the risk score.

Abstract: This disclosure describes methods, systems, and computer-program products for determining classification rules to use within a fraud detection system The classification rules are determined by accessing distributional data representing a distribution of historical transactional events over a multivariate observational sample space defined with respect to multiple transactional variables. Each of the transactional events is represented by data with respect to each of the variables, and the distributional data is organized with respect to multi-dimensional subspaces of the sample space. A classification rule that references at least one of the subspaces is accessed, and the rule is modified using local optimization applied using the distributional data. A pending transaction is classified based on the modified classification rule and the transactional data.

Abstract: A method of operating a computer system is disclosed. An eCommerce authentication request is received from a merchant node. The eCommerce authentication request has content including cardholder information. A risk score for the eCommerce authentication request is generated based on comparison of the cardholder information of the eCommerce authentication request to cardholder information of eCommerce authentication requests of a plurality of merchant nodes. The eCommerce authentication request is selectively provided to an authentication node based on the risk score.

Abstract: A method of operating a computer system is disclosed. An eCommerce authentication request is received. Content of the eCommerce authentication request is processed through a non-linear analytical model to generate a risk score. The eCommerce authentication request is selectively provided to an authentication node based on the risk score. Related authentication gateway nodes and computer program products are disclosed.

Abstract: A method of operating a computer system is disclosed. An eCommerce authentication request is received from a merchant node. The eCommerce authentication request has content including merchant information. A risk score for the eCommerce authentication request is generated based on comparison of the merchant information of the eCommerce authentication request to merchant information of eCommerce authentication requests of a plurality of merchant nodes. The eCommerce authentication request is selectively provided to an authentication node based on the risk score.

Abstract: This disclosure describes methods, systems, and computer-program products for determining classification rules to use within a fraud detection system The classification rules are determined by accessing distributional data representing a distribution of historical transactional events over a multivariate observational sample space defined with respect to multiple transactional variables. Each of the transactional events is represented by data with respect to each of the variables, and the distributional data is organized with respect to multi-dimensional subspaces of the sample space. A classification rule that references at least one of the subspaces is accessed, and the rule is modified using local optimization applied using the distributional data. A pending transaction is classified based on the modified classification rule and the transactional data.

Abstract: Methods, systems, computer-readable media, and apparatuses for detecting unauthorized activity are disclosed. Detecting unauthorized activity is done by accessing first data that represents activity involving a first service provided to a customer, accessing second data that represents activity involving a second service provided to a customer. The activity involving the second service and the activity involving the first service both include authorized customer activity, and the activity associated with the second service further includes unauthorized activity. The first data is filtered using a filtering criteria and a portion of the first data is selected to be retained. The second data and the retained portion of the first data are analyzed, and the analysis includes classifying the activity associated with the second service in a way that distinguishes the unauthorized activity from the authorized activity associated with the second service.