Abstract: Methods and systems are presented for cross-entity fraud mitigation. A refund request for a transaction between a first entity and a second entity is received via a network from a device of the first entity. A transaction history associated with an account of the first entity with a service provider is obtained. From the obtained transaction history, metadata relating to previous refund requests processed for previous transactions associated with the account of the first entity is extracted. The extracted metadata is evaluated to determine a risk score for the refund request received for the transaction, where the risk score indicating a risk of fraud associated with the refund request. A decision on authorization of the refund request is generated for the transaction, based on the risk score. A notification of the decision is transmitted via the network to a device of the second entity.

Abstract: Methods and systems are presented for providing a framework for facilitating time-sensitive cryptocurrency transactions for users. When a request for processing a time-sensitive cryptocurrency transaction using funds from a cryptocurrency wallet is received from a user, a transaction system first verifies whether the cryptocurrency wallet has a balance to cover the cryptocurrency transaction. The transaction system also verifies the ownership of the cryptocurrency wallet based on an asynchronous method. The user generates verification data without any input from the transaction system, and based on a private key associated with the cryptocurrency wallet, a generator function, and a user-generated value. Without knowing the user-generated value, the transaction system verifies the ownership of the cryptocurrency wallet based on the verification data, and processes the transaction for the user.

Abstract: Methods and systems for digital hot wallet protection are provided. A payment channel is established via a Layer-2 network of a cryptocurrency blockchain for transferring a cryptocurrency balance from a first digital wallet of a service provider to a second digital wallet of a trusted entity over a plurality of commitment transactions. A transaction receipt for each commitment transaction is transmitted to the trusted entity via a secure communication channel previously established between the service provider and the trusted entity outside of the Layer-2 network. A transaction log of the service provider is modified so that it no longer represents the current transaction state of the payment channel Responsive to detecting a breach of the first wallet, a transaction is broadcast to a Layer-1 network of the blockchain for transferring the total cryptocurrency balance from the first wallet to the second wallet.

Abstract: Methods and systems described herein may implement blockchain cryptocurrency transactions in a variety of environments. An online transaction processor may provide operations for cryptocurrency conversions. The transaction processor may detect that a user is involved in a cryptocurrency transaction with another entity, which is requested to be processed using an amount of cryptocurrency and using an off-chain amount of the cryptocurrency. The transaction processor may determine that the entity does not have a digital wallet, node, or the like on a layer two network to receive and/or process the off-chain balance for the cryptocurrency. The transaction processor may then, after a risk assessment, determine that the user may access the amount of the cryptocurrency from an on-chain balance available to a digital wallet of the cryptocurrency. The transaction processor may make that on-chain amount available and may request repayment via the user's off-chain balance.

Abstract: A method for generating a smart protocol includes providing, by a server computer system, a user interface to one or more of a plurality of users. The server computer system may receive, via the user interface, input specifying terms corresponding to a smart protocol that is to be deployed on a particular blockchain platform. The specified terms may include the plurality of users associated with the smart protocol and a web resource to be used to identify one or more external data. An execution of the smart protocol may be based on a value of the external data. Based on the specified terms, the server computer system may generate, without further input from the plurality of users, the smart protocol. The server computer system may deploy the smart protocol to the particular blockchain platform.

Abstract: There are provided systems and methods for a voice vector framework that authenticates user interactions. A service provider server receives user interaction data having audio data that is associated with an interaction between a user device and the service provider server. The server extracts user attributes from the audio data and obtains user account information associated with the user device. The server selects a classifier that corresponds to a select combination of features based on the user account information and applies the classifier to the user attributes. The server generates a voice vector that includes multiple scores indicating likelihoods that a respective user attribute corresponds to an attribute of the select combination of features. The server compares the voice vector to a baseline vector corresponding to a predetermined combination of features and sends a notification to an agent device with an indication of whether the user device is verified.

Abstract: Methods and systems are presented for tracking activities that occur off of a first layer blockchain in in a second layer network built on the first layer blockchain. In one embodiment, a computer system determines that a transfer of cryptocurrency from a first node to a second node has transpired in the second layer network based on querying channel capacities in the second layer network. The computer system determines a first public address for the first node based on information associated with a first channel that connects the computer system and the first node in the second layer network, and determines a second public address for the second node based on information associated with a second channel that connects the computer system and the second node in the second layer network. The first public address and the second public address are used to monitor activity in the first layer blockchain.

Abstract: There are provided systems and methods for an automated device data retrieval and analysis platform. A service provider server invokes an instance of an application in a remote processing environment using device data associated with the application and sends a control message that prompts the instance to send a request to a web server for a process script that invokes a process executable in the remote processing environment. The service provider server obtains traffic data a behavior of application data based on an interaction between the instance and the web server, and determines features of the application in a native state from the behavior of the application data. The server generates a data profile of the application that indicates the features in the native state and provides the data profile to a remote engine to detect potential malicious activity associated with the application from the detection operation.

Abstract: There are provided systems and methods for actionable insight into user interaction data. A service provider server can access user interaction data associated with an interaction between a first communication device and the service provider server, and generates feature representations of the user interaction data, in which the feature representations respectively correspond to extracted features that include textual data features or audio data features. The service provider server can determine an intent of the interaction from the feature representations using a machine learning-trained classifier, in which the intent corresponds to a first actionable insight category. The interaction is mapped to a first cluster based on the intent, and the service provider server issues a remedial action for the interaction based on the mapping of the interaction to the first cluster, in which the remedial action is associated with a particular type of activity in the first actionable insight category.

Abstract: Techniques are disclosed relating to methods that include a process, executing on a computer system, receiving a request to access a website, and altering the request to include one or more characteristics of anti-malware scanners. The method further includes the process sending the altered request to the website, and receiving a response to the altered request. The method also includes the process detecting whether the received response utilizes one of a known set of anti-malware cloaking techniques, and providing, based on the detecting, an output indicative of an outcome of the altered request.

Abstract: There are provided systems and methods for actionable insight into user interaction data. A service provider server can access user interaction data associated with an interaction between a first communication device and the service provider server, and generates feature representations of the user interaction data, in which the feature representations respectively correspond to extracted features that include textual data features or audio data features. The service provider server can determine an intent of the interaction from the feature representations using a machine learning-trained classifier, in which the intent corresponds to a first actionable insight category. The interaction is mapped to a first cluster based on the intent, and the service provider server issues a remedial action for the interaction based on the mapping of the interaction to the first cluster, in which the remedial action is associated with a particular type of activity in the first actionable insight category.

Abstract: There are provided systems and methods for an automated device data retrieval and analysis platform. A service provider server invokes an instance of an application in a remote processing environment using device data associated with the application and sends a control message that prompts the instance to send a request to a web server for a process script that invokes a process executable in the remote processing environment. The service provider server obtains traffic data a behavior of application data based on an interaction between the instance and the web server, and determines features of the application in a native state from the behavior of the application data. The server generates a data profile of the application that indicates the features in the native state and provides the data profile to a remote engine to detect potential malicious activity associated with the application from the detection operation.

Abstract: There are provided systems and methods for a machine learning model for probabilistic anomaly detection in streaming device data. A server obtains a plurality of features associated with a user interaction between a user device and the server. The server selects a combination of features from the plurality of features, where the combination of features comprises features having a variance of expected values that exceeds a threshold variance. The server selects a prediction engine to process the combination of features with a corresponding non-parametric statistical model of a plurality of non-parametric statistical models and to generate a prediction indicating a likelihood that the combination of features represents an anomaly corresponding to fraudulent activity. The server issues a remedial action to the user device through an application programming interface with a remedial action engine based on the prediction for applying the remedial action on the user interaction.

Abstract: There are provided systems and methods for a voice vector framework that authenticates user interactions. A service provider server receives user interaction data having audio data that is associated with an interaction between a user device and the service provider server. The server extracts user attributes from the audio data and obtains user account information associated with the user device. The server selects a classifier that corresponds to a select combination of features based on the user account information and applies the classifier to the user attributes. The server generates a voice vector that includes multiple scores indicating likelihoods that a respective user attribute corresponds to an attribute of the select combination of features. The server compares the voice vector to a baseline vector corresponding to a predetermined combination of features and sends a notification to an agent device with an indication of whether the user device is verified.

Abstract: There are provided systems and methods for an automated device data retrieval and analysis platform. A service provider server invokes an instance of an application in a remote processing environment using device data associated with the application and sends a control message that prompts the instance to send a request to a web server for a process script that invokes a process executable in the remote processing environment. The service provider server obtains traffic data a behavior of application data based on an interaction between the instance and the web server, and determines features of the application in a native state from the behavior of the application data. The server generates a data profile of the application that indicates the features in the native state and provides the data profile to a remote engine to detect potential malicious activity associated with the application from the detection operation.

Abstract: Methods and systems are presented for detecting malicious webpages based on dynamically configuring a device to circumvent one or more evasion techniques implemented within the malicious webpages. When a known malicious webpage is obtained, programming code of the known malicious webpage is analyzed to determine one or more evasion techniques implemented within the known malicious webpage. The one or more evasion techniques may cause a webpage classification engine to falsely classify the known malicious webpage as a non-malicious webpage. A software update is generated based on one or more feature parameters extracted from the one or more evasion techniques. The software update is used to for modify the webpage classification engine such that the webpage classification engine would correctly classify the known malicious webpage.

Abstract: Methods and systems are presented for detecting malicious webpages based on dynamically configuring a device to circumvent one or more evasion techniques implemented within the malicious webpages. When a known malicious webpage is obtained, programming code of the known malicious webpage is analyzed to determine one or more evasion techniques implemented within the known malicious webpage. The one or more evasion techniques may cause a webpage classification engine to falsely classify the known malicious webpage as a non-malicious webpage. A software update is generated based on one or more feature parameters extracted from the one or more evasion techniques. The software update is used to for modify the webpage classification engine such that the webpage classification engine would correctly classify the known malicious webpage.

Abstract: A computer system associates one or more actions with an emoji. The computer system detects a selection of the emoji within an electronic communication by a user. In response to the detecting the selection of the emoji within the electronic communication, the computer system initiates performance of at least one action of the one or more actions based on determining that one or more contextual factors associated with the electronic communication satisfy a set of conditions associated with the at least one action.

Abstract: A computer system associates one or more actions with an emoji. The computer system detects a selection of the emoji within an electronic communication by a user. In response to the detecting the selection of the emoji within the electronic communication, the computer system initiates performance of at least one action of the one or more actions based on determining that one or more contextual factors associated with the electronic communication satisfy a set of conditions associated with the at least one action.

Abstract: A computer system associates one or more actions with an emoji. The computer system detects a selection of the emoji within an electronic communication by a user. In response to the detecting the selection of the emoji within the electronic communication, the computer system initiates performance of at least one action of the one or more actions based on determining that one or more contextual factors associated with the electronic communication satisfy a set of conditions associated with the at least one action.