Abstract: User identification with blended response from dual-layer identification service. In one embodiment, a server comprising an electronic processor configured to detect an access request by a user of a user interface device, retrieve a plurality of input profile records from an input profile record repository, perform an identification of the user with one or more passive biometrics models and the plurality of input profile records that are retrieved, generate an identification response and an additional identification request based on an outcome of the identification of the user, control the communication interface to transmit the additional identification request to the second server via the network, receive a second identification response from the second server, and generate a blended response by modifying one or more characteristics of the identification response with the second identification response, the blended response indicating the identification of the user.

Abstract: Some embodiments provide a novel method for assessing the suitability of network links for connecting compute nodes located at different geographic sites. The method of some embodiments identifies and analyzes sample packets from a set of flows exchanged between first and second compute sites that are connected through a first network link in order to identify attributes of the sampled packets. The method also computes attributes of predicted packets between the identified samples in order to identify attributes of each flow in the set of flows. The method then uses the identified and computed attributes of each flow in the set of flows to emulate the set of flows passing between the two compute sites through the second network link in order to assess whether a second network link should be used for future flows (e.g., future flows exchanged between the first and second compute sites).

Abstract: A fraud prevention server and method. The fraud prevention server includes an electronic processor and a memory. The memory includes an online application origination (OAO) service. The electronic processor is configured to perform feature encoding on one or more categorical variables in a first matrix to generate one or more feature encoded categorical variables, generate a second matrix including the one or more feature encoded categorical variables, generate a feature encoded OAO model by training an OAO model with the second matrix, receive information regarding a submission of an online application on a device, determine a fraud score of the online application based on the information that is received and the feature encoded OAO model, the feature encoded OAO model being more precise than the OAO model, and control the client server to approve, hold, or deny the online application based on the fraud score that is determined.

Abstract: User identification with blended response from dual-layer identification service. In one embodiment, a server comprising an electronic processor configured to detect an access request by a user of a user interface device, retrieve a plurality of input profile records from an input profile record repository, perform an identification of the user with one or more passive biometrics models and the plurality of input profile records that are retrieved, generate an identification response and an additional identification request based on an outcome of the identification of the user, control the communication interface to transmit the additional identification request to the second server via the network, receive a second identification response from the second server, and generate a blended response by modifying one or more characteristics of the identification response with the second identification response, the blended response indicating the identification of the user.

Abstract: A system for utilizing behavioral features to authenticate a user entering login credentials. The system includes an electronic processor configured to receive a request to access a user account and compare behavioral features included in the request to behavioral features included in a user behavior profile associated with the user account. The electronic processor is also configured to, based on the comparison, generate one or more scores. The electronic processor is further configured to, for each of the one or more scores, compare the score to a predetermined threshold and, based on the comparison of the score to the predetermined threshold, adjust a match value. The electronic processor is also configured to compare the match value to one or more predetermined thresholds to determine whether the behavioral features included in the request to access the user account authenticates the user, does not authenticate the user, or is inconclusive.

Abstract: A system for determining a fraud risk score associated with a transaction. The system includes a server including an electronic processor. The electronic processor is configured to determine a plurality of rules based on a plurality of transactions over time and extract one or more features of the transaction. The electronic processor is also configured to select, based on the plurality of rules, a plurality of fraud risk features Each non-categorical fraud risk feature selected is associated with a fraud risk feature value and each categorical fraud risk feature selected is associated with a categorical variable value. The electronic processor is configured to determine, for each categorical fraud risk feature, a fraud risk feature value. The electronic processor is also configured to determine the fraud risk score based on the one or more of the transformed fraud risk feature values.

Abstract: A fraud prevention system that includes a client server and a fraud prevention server. The fraud prevention server includes an electronic processor and a memory. The memory including a trust scoring service. When executing the trust scoring service, the electronic processor is configured to receive a trust score request of a device from the client server, generate, with a trust model, a trust score of the device, and responsive to generating the trust score, output the trust score to the client server in satisfaction of the trust score request, wherein the trust score is distinct from a risk factor, the trust score representing a predicted trust level of the device, and the risk factor representing a fraud risk level associated with the device based on one or more device behaviors.

Abstract: A fraud prevention system that includes a fraud prevention server including an electronic processor and a memory. The memory includes a feature drift hardened online application origination (OAO) service. When executing the feature drift hardened OAO service, the electronic processor is configured to detect, with respect to a first OAO model, feature drift in a dataset of an online application that exceeds a predefined threshold, generate one or more feature drift hardened OAO models that mitigate the feature drift, determine a fraud score of the online application based on the one or more feature drift hardened OAO models that differentiates between a behavior of a normal user and a behavior of a nefarious actor during a submission of the online application on a device and mitigates the feature drift, and control a client server to approve, hold, or deny the online application based on the fraud score.

Abstract: An account recommendation system that includes a server. The server is operable to identify a user account based on a server-side persistent device identification. The server includes a processor and a memory. The server is configured to receive a request including one or more attributes related to a client device, identify the server-side persistent device identification (“PDI”) record for the client device based on the one or more attributes of the client device, identify one or more candidate accounts based on the server-side persistent device identification, determine confidence scores for each of the one or more candidate accounts, generate a recommendation signal for the user account associated with the client device based on the confidence scores, and transmit the recommendation signal to a merchant server.

Abstract: Methods and systems of providing fraud prediction services. One method includes receiving a request from a resource provider network and generating a set of features associated with the request. The method also includes accessing a fraud prediction model from a model database and applying the fraud prediction model to the set of features. The method also includes determining, with an electronic processor, a fraud prediction for the request based on the application of the fraud prediction model to the set of features. The method also includes generating and transmitting, with the electronic processor, a response to the request, the response including the fraud prediction.

Abstract: An account recommendation system that includes a server. The server is operable to identify a user account based on a server-side persistent device identification. The server includes a processor and a memory. The server is configured to receive a request including one or more attributes related to a client device, identify the server-side persistent device identification (“PDI”) record for the client device based on the one or more attributes of the client device, identify one or more candidate accounts based on the server-side persistent device identification, determine confidence scores for each of the one or more candidate accounts, generate a recommendation signal for the user account associated with the client device based on the confidence scores, and transmit the recommendation signal to a merchant server.

Abstract: A method and apparatus for conditional transaction pre-approval is disclosed. In one embodiment, a computer system receives a transaction request, the computer being configured to perform a verification process to authorize transactions. The computer system may initiate, prior to completion of the verification process for a transaction, a prediction process using a model, to predict whether the transaction will pass the verification process. In response to determining that the transaction is predicted to pass, the transaction is pre-approved by the computer system, prior to completing the verification process. Subsequent to pre-approving, the verification process may be completed to determine if the prediction was correct. Based on the result of the verification process, the model is updated for future transaction requests.

Abstract: A fraud prevention system that includes a server. The server is operable to receive a first attribute of a client device from the client device and associated with a first transaction, receive a second attribute of the client device from the client device and associated with the first transaction, receive a third attribute related to the client device and associated with the first transaction, and generate a persistent device identification (“PDI”) record including the first attribute, the second attribute, and the third attribute, store the PDI record in a memory, receive the third attribute related to the client device and associated with a second transaction, and identify the client device using the PDI record based on the third attribute without receiving, in association with the second transaction, the first attribute of the client device and the second attribute of the client device.

Abstract: User identification with blended response from dual-layer identification service. In one embodiment, a server comprising an electronic processor configured to detect an access request by a user of a user interface device, retrieve a plurality of input profile records from an input profile record repository, perform an identification of the user with one or more passive biometrics models and the plurality of input profile records that are retrieved, generate an identification response and an additional identification request based on an outcome of the identification of the user, control the communication interface to transmit the additional identification request to the second server via the network, receive a second identification response from the second server, and generate a blended response by modifying one or more characteristics of the identification response with the second identification response, the blended response indicating the identification of the user.

Abstract: A fraud prevention server and method. The fraud prevention server includes an electronic processor and a memory. The memory includes an online application origination (OAO) service. The electronic processor is configured to perform feature encoding on one or more categorical variables in a first matrix to generate one or more feature encoded categorical variables, generate a second matrix including the one or more feature encoded categorical variables, generate a feature encoded OAO model by training an OAO model with the second matrix, receive information regarding a submission of an online application on a device, determine a fraud score of the online application based on the information that is received and the feature encoded OAO model, the feature encoded OAO model being more precise than the OAO model, and control the client server to approve, hold, or deny the online application based on the fraud score that is determined.

Abstract: Systems, methods, devices, and computer readable media for determining whether a transaction was initiated by a known user. Known users can be identified using a known user identification linear regression algorithm. The known user identification algorithm incorporates a variety of features of an initiated transaction, as well as reputation and historical data associated with an account or user, to produce a prediction value that indicates whether a user is a known user or whether there is a high potential for fraud. If the prediction value that results from the known user identification algorithm is greater than or equal to the threshold value, a fraud rule is triggered (i.e., predicted fraud). If the prediction value that results from the known user identification algorithm is less than the threshold value, the user who initiated the transaction is identified as a known user and the transaction is permitted to proceed (i.e., predicted non-fraud).

Abstract: A system for determining a fraud risk score associated with a transaction. The system includes a server including an electronic processor. The electronic processor is configured to determine a plurality of rules based on a plurality of transactions over time and extract one or more features of the transaction. The electronic processor is also configured to select, based on the plurality of rules, a plurality of fraud risk features Each non-categorical fraud risk feature selected is associated with a fraud risk feature value and each categorical fraud risk feature selected is associated with a categorical variable value. The electronic processor is configured to determine, for each categorical fraud risk feature, a fraud risk feature value. The electronic processor is also configured to determine the fraud risk score based on the one or more of the transformed fraud risk feature values.

Abstract: A system for utilizing behavioral features to authenticate a user entering login credentials. The system includes an electronic processor configured to receive a request to access a user account and compare behavioral features included in the request to behavioral features included in a user behavior profile associated with the user account. The electronic processor is also configured to, based on the comparison, generate one or more scores. The electronic processor is further configured to, for each of the one or more scores, compare the score to a predetermined threshold and, based on the comparison of the score to the predetermined threshold, adjust a match value. The electronic processor is also configured to compare the match value to one or more predetermined thresholds to determine whether the behavioral features included in the request to access the user account authenticates the user, does not authenticate the user, or is inconclusive.

Abstract: A method and apparatus for conditional transaction pre-approval is disclosed. In one embodiment, a computer system receives a transaction request, the computer being configured to perform a verification process to authorize transactions. The computer system may initiate, prior to completion of the verification process for a transaction, a prediction process using a model, to predict whether the transaction will pass the verification process. In response to determining that the transaction is predicted to pass, the transaction is pre-approved by the computer system, prior to completing the verification process. Subsequent to pre-approving, the verification process may be completed to determine if the prediction was correct. Based on the result of the verification process, the model is updated for future transaction requests.

Abstract: A fraud prevention system that includes a server. The server is operable to receive a first attribute of a client device from the client device and associated with a first transaction, receive a second attribute of the client device from the client device and associated with the first transaction, receive a third attribute related to the client device and associated with the first transaction, and generate a persistent device identification (“PDI”) record including the first attribute, the second attribute, and the third attribute, store the PDI record in a memory, receive the third attribute related to the client device and associated with a second transaction, and identify the client device using the PDI record based on the third attribute without receiving, in association with the second transaction, the first attribute of the client device and the second attribute of the client device.