Abstract: A method is provided for detecting an interception of a communications session established by a user over a network, comprising the steps of: (i) monitoring communications sessions by the user over a profile time period to capture information identifying distinct communications to one or more identified network addresses and their timing over the profile time period; (ii) monitoring communications sessions within the profile time period to capture information characterising the content of transactions initiated in respect of said one or more network addresses; (iii) using the captured information to generate a profile characterising communications sessions established in respect of said one or more network addresses over the profile time period; and (iv) monitoring communications sessions with said one or more network addresses within a configurable detection time period to determine one or more measures of deviation from the profile generated at step (iii) thereby to detect the presence of an interception oc

Abstract: A monitoring system (1) comprises an interface (2) for receiving source alerts from at least one detection engine, a database (7) of historical events; and a classifier (3) for classifying received source alerts by linking a source alert with an historical event or a current source alert to provide a link, and providing said link as an output alert. The classifier comprises match methods (9) for processing source alerts and generating a score for extent of matching of a source alert with an historical event or current source alert, a voting engine (4) for weighting scores from the match methods (9), and a linking function (6) for determining that there is a link if a combination of the weighted outputs of a plurality of match methods exceeds a threshold. At least some match methods (9) are each associated with a specific field of a source alert such as a numerical value field or a name field of a source alert.

Abstract: A method is provided for detecting an interception of a communications session established by a user over a network, comprising the steps of: (i) monitoring communications sessions by the user over a profile time period to capture information identifying distinct communications to one or more identified network addresses and their timing over the profile time period; (ii) monitoring communications sessions within the profile time period to capture information characterising the content of transactions initiated in respect of said one or more network addresses; (iii) using the captured information to generate a profile characterising communications sessions established in respect of said one or more network addresses over the profile time period; and (iv) monitoring communications sessions with said one or more network addresses within a configurable detection time period to determine one or more measures of deviation from the profile generated at step (iii) thereby to detect the presence of an interception oc

Abstract: A fraud detection method and apparatus are provided, arranged to: (i) select a sample of entities, including at least one entity known to have been exposed to fraudulent activity or suspected of having been so exposed; (ii) inputting, from an activity database, transaction data defining activity in respect of the sample of entities, the transaction data identifying associated information processing points; (iii) processing the input transaction data to determine, using a predetermined set of metrics, evidence of compromise in any one or more of the identified information processing points; and (iv) ranking the identified information processing points according to likelihood of compromise. In this way, one or more information processing points may be identified as a potential source of fraud and steps triggered to identify, from the activity database, any other entities associated with those potential sources of fraud to prevent further fraud.