Abstract: Systems and methods are provided for identifying and detecting unauthorized user activity and for decreasing the rate of false-positives. The disclosed systems and techniques may involve analysis of users' past activity data so that individual classifications and authorization decisions with respect to requested user activity are based on activity data associated with a user's use of multiple services.

Abstract: A method of operating a computer system is disclosed. An eCommerce authentication request is received from a merchant node. The eCommerce authentication request has content including cardholder information. A risk score for the eCommerce authentication request is generated based on comparison of the cardholder information of the eCommerce authentication request to cardholder information of eCommerce authentication requests of a plurality of merchant nodes. The eCommerce authentication request is selectively provided to an authentication node based on the risk score.

Abstract: A method of operating a computer system is disclosed. An eCommerce authentication request is received from a merchant node. The eCommerce authentication request has content including merchant information. A risk score for the eCommerce authentication request is generated based on comparison of the merchant information of the eCommerce authentication request to merchant information of eCommerce authentication requests of a plurality of merchant nodes. The eCommerce authentication request is selectively provided to an authentication node based on the risk score.

Abstract: A method of operating a computer system is disclosed. An eCommerce authentication request is received. Content of the eCommerce authentication request is processed through a non-linear analytical model to generate a risk score. The eCommerce authentication request is selectively provided to an authentication node based on the risk score. Related authentication gateway nodes and computer program products are disclosed.

Abstract: Systems and methods are provided for identifying and detecting unauthorized user activity and for decreasing the rate of false-positives. The disclosed systems and techniques may involve analysis of users' past activity data so that individual classifications and authorization decisions with respect to requested user activity are based on activity data associated with a user's use of multiple services.

Abstract: A method of operating a computer system includes receiving from a merchant node an eCommerce authentication request for a pending eCommerce transaction associated with a user terminal. The eCommerce authentication request contains transaction information of the pending eCommerce transaction that includes a user terminal identifier. A risk score for the pending eCommerce transaction is generated based on similarities between the transaction information of the pending eCommerce transaction and a cluster of historical eCommerce transactions each containing transaction information including a user terminal identifier that matches the user terminal identifier of the pending eCommerce transaction. The eCommerce authentication request is selectively provided to an authentication node based on the risk score.

Abstract: This disclosure describes methods, systems, and computer-program products for determining classification rules to use within a fraud detection system The classification rules are determined by accessing distributional data representing a distribution of historical transactional events over a multivariate observational sample space defined with respect to multiple transactional variables. Each of the transactional events is represented by data with respect to each of the variables, and the distributional data is organized with respect to multi-dimensional subspaces of the sample space. A classification rule that references at least one of the subspaces is accessed, and the rule is modified using local optimization applied using the distributional data. A pending transaction is classified based on the modified classification rule and the transactional data.

Abstract: A method of operating a computer system is disclosed. An eCommerce authentication request is received from a merchant node. The eCommerce authentication request has content including cardholder information. A risk score for the eCommerce authentication request is generated based on comparison of the cardholder information of the eCommerce authentication request to cardholder information of eCommerce authentication requests of a plurality of merchant nodes. The eCommerce authentication request is selectively provided to an authentication node based on the risk score.

Abstract: A method of operating a computer system is disclosed. An eCommerce authentication request is received. Content of the eCommerce authentication request is processed through a non-linear analytical model to generate a risk score. The eCommerce authentication request is selectively provided to an authentication node based on the risk score. Related authentication gateway nodes and computer program products are disclosed.

Abstract: A method of operating a computer system is disclosed. An eCommerce authentication request is received from a merchant node. The eCommerce authentication request has content including merchant information. A risk score for the eCommerce authentication request is generated based on comparison of the merchant information of the eCommerce authentication request to merchant information of eCommerce authentication requests of a plurality of merchant nodes. The eCommerce authentication request is selectively provided to an authentication node based on the risk score.

Abstract: This disclosure describes methods, systems, and computer-program products for determining classification rules to use within a fraud detection system The classification rules are determined by accessing distributional data representing a distribution of historical transactional events over a multivariate observational sample space defined with respect to multiple transactional variables. Each of the transactional events is represented by data with respect to each of the variables, and the distributional data is organized with respect to multi-dimensional subspaces of the sample space. A classification rule that references at least one of the subspaces is accessed, and the rule is modified using local optimization applied using the distributional data. A pending transaction is classified based on the modified classification rule and the transactional data.

Abstract: Methods, systems, computer-readable media, and apparatuses for detecting unauthorized activity are disclosed. Detecting unauthorized activity is done by accessing first data that represents activity involving a first service provided to a customer, accessing second data that represents activity involving a second service provided to a customer. The activity involving the second service and the activity involving the first service both include authorized customer activity, and the activity associated with the second service further includes unauthorized activity. The first data is filtered using a filtering criteria and a portion of the first data is selected to be retained. The second data and the retained portion of the first data are analyzed, and the analysis includes classifying the activity associated with the second service in a way that distinguishes the unauthorized activity from the authorized activity associated with the second service.

Abstract: Transaction data is processed by first determining transactions in a database that are associated with a respective event that indicates a classification of interest and that share at least one common point of purchase (CPP) identifier across two or more of the determined transactions associated with the classification of interest. A set of the transactions in the database are determined, based on the CPP identifiers for transactions from as time period prior to a start time of the event and accounts associated with the event. Times of occurrence for the transactions in the set are determined, based on the CPP, and a score is generated for the received transaction for any transactions associated with at least one of the respective events and sharing at least one common CPP.

Abstract: Systems and methods for matching domain-specific transactions are provided. Some of the disclosed systems and methods can include receiving, on a computing device, transaction data associated with an entity, retrieving signature data associated with the entity, wherein the signature data includes historic data associated with the entity; updating the signature data to include the transaction data, wherein updating includes using a model, and generating a score for the transaction data using the updated signature data and the model. The disclosed system and method further includes receiving new transaction data associated with the entity; retrieving the updated signature data associated with the entity; determining whether the transaction data and the new transaction data are related, and if so, updating the transaction data with the new transaction data, and generating a score for the updated transaction data using the updated signature data and the model.

Abstract: Systems and methods for performing fraud detection. As an example, a system and method can be configured to contain a raw data repository for storing raw data related to financial transactions. A data store contains rules to indicate how many generations or to indicate a time period within which data items are to be stored in the raw data repository. Data items stored in the raw data repository are then accessed by a predictive model in order to perform fraud detection.

Abstract: Systems and methods for storing transaction data associated with transactions of disparate types are provided. Transaction data is received describing a transaction that has occurred, the transaction being performed by an customer of a particular customer type and the transaction being performed using a channel of a particular channel type. Transaction data about the customer is stored in an customer segment according to one of a plurality of customer templates, the one of the plurality of customer templates being selected according to the customer type. Transaction data about the channel is stored in a channel segment according to one of a plurality of channel templates, the one of the plurality of channel templates being selected according to the channel type. Data from the customer segment, the activity segment, and the channel segment for the transaction is extracted and scored by a predictive model.

Abstract: Systems and methods are provided for scoring transaction data representative of transactions of disparate types transaction data describing a transaction that has occurred is received. The transaction data is stored in a plurality of segments, where a segment is formatted according to a template, where the template is selected based on an attribute of the transaction, and where the attribute is a customer attribute, an activity attribute, or a channel attribute. Transaction data associated with a segment is aggregated based on a particular attribute. The aggregate transaction data is provided to a predictive model to generate a fraud score. New transaction data is received describing a new transaction, wherein the new transaction includes the particular attribute. A real-time score is provided indicating a likelihood of fraud for the new transaction, wherein the score is based at least in part on the fraud score generated using the aggregate transaction data.

Abstract: Systems and methods are provided for providing real-time scoring of received transaction data. Transaction data describing a particular transaction that has occurred is received. The transaction data is stored in an enterprise database, where the enterprise database is configured to store transactions of disparate types, where the transaction data is stored using a plurality of segments, where a segment is formatted according to a template, and where the template is selected based on an attribute of the transaction, wherein the attribute is a customer attribute, an activity attribute, or a channel attribute. A transaction type of the particular transaction is determined. One or more models are selected from a pool of models based on the transaction type, wherein the one or more models are configured based on a plurality of records from the enterprise database, and a score of the received transaction data is generated based on the transaction data.

Abstract: Computer implemented methods and systems of processing transactions to determine the risk of transaction convert high categorical information, such as text data, to low categorical information, such as category or cluster IDs. The text data may be merchant names or other textual content of the transactions, or data related to a consumer, or any other type of entity which engages in the transaction. Content mining techniques are used to provide the conversion from high to low categorical information. In operation, the resulting low categorical information is input, along with other data, into a statistical model. The statistical model provides an output of the level of risk in the transaction. Methods of converting the high categorical information to low categorical clusters, of using such information, and other aspects of the use of such clusters are disclosed.

Abstract: Systems and methods for performing fraud detection. As an example, a system and method can be configured to contain a raw data repository for storing raw data related to financial transactions. A data store contains rules to indicate how many generations or to indicate a time period within which data items are to be stored in the raw data repository. Data items stored in the raw data repository are then accessed by a predictive model in order to perform fraud detection.