Systems and Methods for Dynamically Detecting and Preventing Consumer Fraud
US-2016005029-A1 · Jan 7, 2016 · US
Information security using velocity attack detection
US10657534B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10657534-B2 |
| Application number | US-201715595490-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 15, 2017 |
| Priority date | May 15, 2017 |
| Publication date | May 19, 2020 |
| Grant date | May 19, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A data attack detection system that includes a record host and an orchestration host. The record host stores account information for card holders. The orchestration host includes a switch interface configured to receive transaction information for a card from a network. The orchestration host further includes a velocity trap engine that stores received transaction information for the card in a cardholder file. The velocity trap engine creates entries in a velocity transaction timestamp record for the card when the number of transactions for the card in the cardholder record within a first predetermined time interval exceeds a first activity level threshold. The velocity trap engine discontinues a transaction flow between the orchestration host and the record host for the card when the number of transactions for the card in the velocity transaction timestamp record within a second predetermined time interval exceeds a second activity level threshold.
First claim
Opening claim text (preview).
The invention claimed is: 1. A data attack detection system comprising: a record host configured to store account information for a plurality of card holders; and an orchestration host in signal communication with the record host, and comprising: a memory operable to store: a cardholder file comprising card activity information and a card status associated with a card; and velocity transaction timestamp records, wherein each velocity transaction timestamp record comprises transaction information for the card and timestamp information linked with the transaction information; a switch interface configured to: receive a plurality of transaction requests from a network; determine the card status for the card associated with at least one of the plurality of transaction requests based on the cardholder file; determine the card status does not indicate that velocity event protection is active for the card; and forward the at least one of the plurality of transaction requests to a velocity trap engine in response to determining that the card status does not indicate that velocity event protection is active for the card; and the velocity trap engine implemented by a processor operably coupled to the memory, and configured to: receive the at least one of the transaction requests comprising transaction information for the card; store received transaction information for the card in the cardholder file; determine a number of transactions for the card within a first predetermined time interval based on the card activity information; determine whether the number of transactions for the card within the first predetermined time interval exceeds a first activity level threshold; create a first entry in a velocity transaction timestamp record for the card in response to determining the number of transactions for the card within the first predetermined time interval exceeds the first activity level threshold, wherein the first entry for the card in the velocity transaction timestamp file comprises at least a portion of the received transaction information and a timestamp associated with the transaction information; detect a new transaction has been reported for the card; create a second entry in the velocity transaction timestamp record for the card in response to detecting a new transaction has been reported for the card; determine a number of transactions for the card within a second predetermined time interval based on the velocity transaction timestamp record for the card, wherein: the second predetermined time interval is less than the first predetermined time interval; and determining the number of transactions for the card within the second predetermined time interval occurs after determining that the number of transactions for the card within the first predetermined time interval exceeds the first activity level threshold; determine whether the number of transactions for the card within the second predetermined time interval exceeds a second activity level threshold; and trigger velocity event protection for the card in response to determining the number of transactions for the card within the second predetermined time interval exceeds the second activity level threshold, wherein: triggering the velocity event protection for the card comprises updating the card status in the cardholder file to indicate that the velocity event protection is active for the card; and updating the card status in the cardholder file to indicate that the velocity event protection is active for the card triggers the switch interface to reject subsequent transaction requests for the card before forwarding the subsequent transaction requests to the velocity trap engine. 2. The system of claim 1 , wherein: the velocity transaction timestamp record comprises a timestamp array comprising a plurality of entries; and the timestamp array is configured to store data using a first-in-first-out methodology. 3. The system of claim 1 , wherein the orchestration host further comprises a host interface configured to facilitate the transaction flow for the card between the orchestration host and the record host. 4. The system of claim 1 , wherein: triggering the velocity event protection for the card generates an entry for the card in a velocity card file stored in the memory; and the entry for the card in the velocity card file comprises second transaction information about the transactions for the card within the second predetermined time interval. 5. The system of claim 1 , wherein creating an entry in the velocity transaction timestamp record for the card comprises updating an entry index value identifying the location of the most recent entry in a timestamp array. 6. A data attack detection method comprising: receiving, by a switch interface, a plurality of transaction requests comprising transaction information for a card from a network; determining, by the switch interface, a card status for the card associated with at least one of the plurality of transaction requests based on a cardholder file, wherein the cardholder file comprises card activity information and the card status associated with the card; determining, by the switch interface, the card status does not indicate that velocity event protection is active for the card; forwarding, by the switch interface, the at least one of the transaction requests to a velocity trap engine in response to determining that the card status does not indicate that velocity event protection is active for the card; storing, by the velocity trap engine, received transaction information for the card in the cardholder file; determining, by the velocity trap engine, a number of transactions for the card within a first predetermined time interval based on card activity information in the cardholder file; determining, by the velocity trap engine, whether the number of transactions for the card within the first predetermined time interval exceeds a first activity level threshold; creating, by the velocity trap engine, a first entry in a velocity transaction timestamp record for the card in response to determining the number of transactions for the card within the first predetermined time interval exceeds the first activity level threshold, wherein the first entry for the card in the velocity transaction timestamp record comprises at least a portion of the transaction information and a timestamp associated with the transaction information; detecting, by the velocity trap engine, a new transaction has been reported for the card; creating, by the velocity trap engine, a second entry in the velocity transaction timestamp record for the card in response to detecting a new transaction has been reported for the card; determining, by the velocity trap engine, a number of transactions for the card within a second predetermined time interval based on the velocity transaction timestamp record for the card, wherein: the second predetermined time interval is less than the first predetermined time interval; and determining the number of transactions for the card within the second predetermined time interval occurs after determining that the number of transactions for the card within the first predetermined time interval exceeds the first activity level threshold; determining, by the velocity trap engine, whether the number of transactions for the card within the second predetermined time interval exceeds a second activity level threshold; and triggering, by the velocity trap engine, velocity event protection for the card in response to determining the number of transactions for the card within the second predetermined time interval exceeds the second activity level threshold, wherein: triggering the velocity event protection for the card comprises updating the c
Assignees
Inventors
Classifications
involving event detection and direct action · CPC title
Features insuring the integrity of the data on or in the card · CPC title
Event detection, e.g. attack signature detection · CPC title
Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks · CPC title
- G06Q20/407Primary
Cancellation of a transaction · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10657534B2 cover?
- A data attack detection system that includes a record host and an orchestration host. The record host stores account information for card holders. The orchestration host includes a switch interface configured to receive transaction information for a card from a network. The orchestration host further includes a velocity trap engine that stores received transaction information for the card in a …
- Who is the assignee on this patent?
- Bank Of America
- What technology area does this patent fall under?
- Primary CPC classification G06Q20/407. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue May 19 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).