Systems, methods, and computing platforms for executing credential-less network-based communication exchanges
US-12184638-B2 · Dec 31, 2024 · US
System and method for detecting and managing fraud
US9390418B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9390418-B2 |
| Application number | US-19323308-A |
| Country | US |
| Kind code | B2 |
| Filing date | Aug 18, 2008 |
| Priority date | Apr 21, 1995 |
| Publication date | Jul 12, 2016 |
| Grant date | Jul 12, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A system, method and computer program product for processing event records. The present invention includes a detection layer, an analysis layer, an expert systems layer and a presentation layer. The layered system includes a core infrastructure and a configurable, domain-specific implementation. The detection layer employs one or more detection engines, such as, for example, a rules-based thresholding engine and a profiling engine. The detection layer can include an AI-based pattern recognition engine for analyzing data records, for detecting new and interesting patterns and for updating the detection engines to insure that the detection engines can detect the new patterns. In one embodiment, the present invention is implemented as a telecommunications fraud detection system. When fraud is detected, the detection layer generates alarms which are sent to the analysis layer. The analysis layer filters and consolidates the alarms to generate fraud cases. The analysis layer preferably generates a probability of fraud for each fraud case. The expert systems layer receives fraud cases and automatically initiates actions for certain fraud cases. The presentation layer also receives fraud cases for presentation to human analysts. The presentation layer permits the human analysts to initiate additional actions.
First claim
Opening claim text (preview).
What is claimed is: 1. A method performed by one or more servers, the method comprising: generating, by one or more servers, a first event record for one or more telephone calls handled by one or more telecommunications systems in one or more networks; applying, by the one or more servers and using a first fraud detection test, a first fraud detection rule, of a plurality of fraud detection rules, to the first event record, the first event record being of an account and corresponding to information associated with suspected fraud at a first time; generating, by the one or more servers and based on applying the first fraud detection rule, a first fraud alarm generating, by the one or more servers, a second event record for the one or more telephone calls handled by the one or more telecommunications systems in the one or more networks, the second event record being of the account and corresponding to the information associated with the suspected fraud at a second time; applying, by the one or more servers and using a second fraud detection test, a dynamically reconfigured fraud detection rule, of a plurality of dynamically reconfigured fraud detection rules, to the second event record; generating, by the one or more servers and based on applying the dynamically reconfigured fraud detection rule, a second fraud alarm, the second fraud alarm being different than the first fraud alarm; obtaining, by the one or more servers, first information from a plurality of devices; obtaining, by the one or more servers, an enhanced first fraud alarm by enhancing the first fraud alarm based on the first information, the first information being based on a first type of alarm associated with the first fraud alarm, and the first information including additional information and information indicating how the additional information is to be added to the first fraud alarm to obtain the enhanced first fraud alarm; obtaining, by the one or more servers, second information from the plurality of devices; obtaining, by the one or more servers, an enhanced second fraud alarm by enhancing the second fraud alarm based on the second information, the second information being based on a second type of alarm associated with the second fraud alarm, and the second information including other information and information indicating how the other information is to be added to the second fraud alarm to obtain the enhanced second fraud alarm; correlating, by the one or more servers, the enhanced first fraud alarm with the enhanced second fraud alarm into a fraud case for the account; and instituting, by the one or more servers one or more switch-based automatic number identification (ANI) blocks based on correlating the enhanced first fraud alarm with the enhanced second fraud alarm. 2. The method of claim 1 , where, correlating the enhanced first fraud alarm with the enhanced second fraud alarm includes: correlating the enhanced first fraud alarm with the enhanced second fraud alarm based on common aspects of the first fraud alarm and the second fraud alarm. 3. The method of claim 1 , where generating the first fraud alarm includes: conforming the first event record to a particular format by normalizing the first event record. 4. The method of claim 1 , where, when generating the first fraud alarm includes: enhancing the first event record to include data obtained from at least one external source. 5. The method of claim 1 , where, generating the first fraud alarm includes: comparing at least a portion of the first event record to a profile detection rule, and generating the first fraud alarm when the first event record violates the profile detection rule. 6. The method of claim 5 , where the profile detection rule includes at least one of: a normal usage profile, or a fraudulent usage profile. 7. The method of claim 5 , where the profile detection rule is based on historical network event records. 8. The method of claim 1 , further comprising: assigning a priority to the fraud case; and performing a fraud prevention action based on the priority. 9. A non-transitory computer-readable medium storing instructions executable by one or more processors, the instructions comprising: one or more instructions that, when executed by the one or more processors, cause the one or more processors to: generate a first event record for one or more telephone calls handled by one or more telecommunications systems in one or more networks; apply, using a first fraud detection test, a first fraud detection rule of a plurality of fraud detection rules to the first event record, the first event record being of an account and corresponding to information associated with suspected fraud at a first time; generate, based on applying the first fraud detection rule, a first fraud alarm; generate a second event record for the one or more telephone calls handled by the one or more telecommunications systems in the one or more networks, the second event record being of the account and corresponding to the information associated with the suspected fraud at a second time; apply, using a second fraud detection test, a dynamically reconfigured fraud detection rule, of a plurality of dynamically reconfigured fraud detection rules, to the second event record; generate, based on applying the dynamically reconfigured fraud detection rule, a second fraud alarm, the second fraud alarm being different than the first fraud alarm; obtain first information from a plurality of devices; obtain an enhanced first fraud alarm by enhancing the first fraud alarm based on the first information, the first information being based on a first type of alarm associated with the first fraud alarm, and the first information including additional information and information indicating how the additional information is to be added to the first fraud alarm to obtain the enhanced first fraud alarm; obtain second information from the plurality of devices; obtain an enhanced second fraud alarm by enhancing the second fraud alarm based on the second information, the second information being based on a second type of alarm associated with the second fraud alarm, and the second information including other information and information indicating how the other information is to be added to the second fraud alarm to obtain the enhanced second fraud alarm; correlate the enhanced first fraud alarm with the enhanced second fraud alarm into a fraud case for the account; and institute one or more switch-based automatic number identification (ANI) blocks based on correlating the enhanced first fraud alarm with the enhanced second fraud alarm. 10. The non-transitory computer-readable medium of claim 9 , where the one or more instructions that cause the one or more processors to correlate the enhanced first fraud alarm with the enhanced second fraud alarm include one or more instructions to cause the one or more processors to: correlate the enhanced first fraud alarm with the enhanced second fraud alarm based on common aspects of the first fraud alarm and the second fraud alarm. 11. The non-transitory computer-readable medium of claim 9 , where the one or more instructions to cause the one or more processors to generate the first fraud alarm include one or more instructions to cause the one or more processors to: conform the first event record to a predetermined format by normalizing the first event record. 12. The non-transitory computer-readable medium of claim 9 , where the one or more instructions to cause the one or more processors to generate the first fraud alarm include one or more instructions to cause the
Assignees
Inventors
Classifications
Arrangements for metering, time-control or time indication {; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP} · CPC title
using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis · CPC title
using machine learning or artificial intelligence · CPC title
Called party billing, e.g. reverse billing, freephone, collect call, 0800 or 0900 · CPC title
Provisions for network management · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9390418B2 cover?
- A system, method and computer program product for processing event records. The present invention includes a detection layer, an analysis layer, an expert systems layer and a presentation layer. The layered system includes a core infrastructure and a configurable, domain-specific implementation. The detection layer employs one or more detection engines, such as, for example, a rules-based thres…
- Who is the assignee on this patent?
- Gavan John, Paul Kevin, Richards Jim, and 7 more
- What technology area does this patent fall under?
- Primary CPC classification G06Q20/401. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jul 12 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).