Search

US-12619770-B1 - Systems and methods for generating and providing disinformation to mitigate fraud

US12619770B1US 12619770 B1US12619770 B1US 12619770B1US-12619770-B1

Abstract

A computing system includes storage that includes a customer database, a trained artificial intelligence (AI) component, and a disinformation processing module and processing circuitry configured to execute stored instructions to perform actions including providing customer information stored in the customer database as input to the trained AI component, receiving potential customer disinformation as output from the trained AI component, analyzing and modifying the potential customer disinformation using the disinformation processing module to yield customer disinformation, and providing a portion of the customer disinformation to an untrusted client device, a malicious website, a third party service, or any combination thereof.

Inventors

  • David Patrick Dixon
  • Ashley Raine Philbrick
  • Surender Kumar
  • Megan Sarah Jennings
  • Salvador Adrian Bretado
  • Brian Tougas
  • Arthur Quentin Smith
  • Jennifer Anne Scamardo

Assignees

  • UNITED SERVICES AUTOMOBILE ASSOCIATION (USAA)

Dates

Publication Date
20260505
Application Date
20230728

Claims (19)

  1. 1 . A computing system, comprising: storage that includes a customer database, a trained artificial intelligence (AI) component, and instructions; and a processor system including at least one processor, wherein the processor system is configured to execute the instructions to perform actions comprising: providing customer information stored in the customer database as input to the trained AI component; receiving potential customer disinformation as output from the trained AI component; analyzing and modifying the potential customer disinformation to yield customer disinformation by comparing the potential customer disinformation to the customer information stored in the customer database and modifying one or more fields of the potential customer disinformation based on the comparison to generate the customer disinformation; and providing a portion of the customer disinformation to an untrusted client device, a malicious website, a third party service, or any combination thereof.
  2. 2 . The computing system of claim 1 , wherein the processor system is configured to execute the instructions to perform actions comprising: storing the customer disinformation along with the customer information in a database table of the customer database.
  3. 3 . The computing system of claim 2 , wherein each entry in the database table includes a respective disinformation flag field value that indicates whether the entry corresponds to the customer information or the customer disinformation.
  4. 4 . The computing system of claim 3 , wherein the customer database is configured to block or prevent external queries from accessing the respective disinformation flag field value of each entry in the database table and is configured to only allow internal queries to access the respective disinformation flag field value of each entry in the database table.
  5. 5 . The computing system of claim 1 , wherein, to provide the portion of the customer disinformation to the untrusted client device, the processor system is configured to execute the instructions to perform actions comprising: receiving, from a communicatively coupled client device, a request for at least a portion of the customer information stored in the customer database; determining that the client device is the untrusted client device; and providing the portion of the customer disinformation to the untrusted client device in response to the request.
  6. 6 . The computing system of claim 5 , wherein, to provide the portion of the customer disinformation to the untrusted client device, the processor system is configured to execute the instructions to perform actions comprising: determining and storing details regarding the untrusted client device, the request, the customer disinformation, or any combination thereof; and notifying the third party service of the details regarding the untrusted client device, the request, the customer disinformation, or any combination thereof.
  7. 7 . The computing system of claim 5 , wherein, to determine that the client device is the untrusted client device, the processor system is configured to execute the instructions to perform actions comprising: receiving authentication credentials from the client device, wherein the authentication credentials are incorrect, incomplete, or have been compromised.
  8. 8 . The computing system of claim 1 , wherein the third party service comprises law enforcement services, government or regulatory agencies, credit card fraud prevention services, data monitoring services, affiliated companies, or a combination thereof.
  9. 9 . The computing system of claim 1 , wherein, to analyze and modify the potential customer disinformation, the processor system is configured to execute the instructions to perform actions comprising: applying one or more rules of the instructions to the potential customer disinformation that selectively modify the one or more fields of the potential customer disinformation to conform to an expected style or format associated with the one or more fields.
  10. 10 . The computing system of claim 1 , wherein the customer information corresponds to personal information of an actual customer, and the customer disinformation corresponds to generated information that is not true or accurate information associated with the actual customer.
  11. 11 . A computer-implemented method, comprising: providing, via a processor system including at least one processor, customer information stored in a customer database as input to a trained artificial intelligence (AI) component; receiving, via the processor system, potential customer disinformation as output from the trained AI component; analyzing and modifying, via the processor system, the potential customer disinformation to yield customer disinformation; and providing a portion of the customer disinformation to an untrusted client device, a malicious website, a third party service, or any combination thereof based on: receiving, via the processor system and from a communicatively coupled client device, a request for at least a portion of the customer information stored in the customer database; determining, via the processor system, that the communicatively coupled client device is the untrusted client device; and providing, via the processor system, the portion of the customer disinformation to the untrusted client device in response to the request.
  12. 12 . The computer-implemented method of claim 11 , comprising: storing the customer disinformation along with the customer information in a database table of the customer database.
  13. 13 . The computer-implemented method of claim 12 , wherein each entry in the database table includes a respective disinformation flag field value that indicates whether the entry corresponds to the customer information or the customer disinformation, and wherein the customer database is configured to block or prevent external queries from accessing the respective disinformation flag field value of each of the entries in the database table and configured to only allow internal queries to access the respective disinformation flag field value of each of the entries in the database table.
  14. 14 . The computer-implemented method of claim 11 , wherein providing the portion of the customer disinformation to the untrusted client device comprises: determining and storing details regarding the untrusted client device, the request, the customer disinformation, or any combination thereof; and notifying the third party service of the details regarding the untrusted client device, the request, the customer disinformation, or any combination thereof.
  15. 15 . The computer-implemented method of claim 11 , wherein determining that the communicatively coupled client device is the untrusted client device comprises: receiving authentication credentials from the communicatively coupled client device, wherein the authentication credentials are incorrect, incomplete, or have been compromised.
  16. 16 . The computer-implemented method of claim 11 , wherein the third party service comprises law enforcement services, government or regulatory agencies, credit card fraud prevention services, data monitoring services, affiliated companies, or a combination thereof.
  17. 17 . The computer-implemented method of claim 11 , wherein analyzing and modifying the potential customer disinformation comprises: comparing the potential customer disinformation to the customer information stored in the customer database and modifying the potential customer disinformation based on the comparison; and applying one or more rules to the potential customer disinformation that selectively modify the potential customer disinformation to conform to an expected style or format.
  18. 18 . The computer-implemented method of claim 11 , wherein the trained AI component comprises a trained recurrent neural network (RNN), wherein the trained RNN is trained, based on the customer information, to generate the potential customer disinformation.
  19. 19 . A non-transitory, computer-readable medium, having stored thereon instructions that, when executed by a processor system including at least one processor, cause the processor system to: provide customer information stored in a customer database as input to a trained AI component; receive potential customer disinformation as output from the trained AI component; analyze and modify the potential customer disinformation to yield customer disinformation by applying one or more rules of the instructions to the potential customer disinformation that selectively modify one or more fields of the potential customer disinformation to conform to an expected style or format associated with the one or more fields; and provide a portion of the customer disinformation to an untrusted client device, a malicious website, a third party service, or any combination thereof.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS This application claims priority from and the benefit of U.S. Provisional Application No. 63/393,480, entitled “SYSTEMS AND METHODS FOR GENERATING AND PROVIDING DISINFORMATION TO MITIGATE FRAUD,” filed Jul. 29, 2022, which is hereby incorporated by reference in its entirety for all purposes. BACKGROUND This section is intended to introduce the reader to various aspects of art that may be related to various aspects of the present techniques, which are described and/or claimed below. This discussion is believed to be helpful in providing the reader with background information to facilitate a better understanding of the various aspects of the present disclosure. Accordingly, it should be understood that these statements are to be read in this light, and not as admissions of prior art. Organizations, such as businesses, educational entities, and governmental entities, often store various data to enable operations. For example, this data may include personal information (e.g., names, birthdates, contact information) of people (e.g., customers, users, students, citizens) associated with the organization. It is generally desirable for these organizations to store, retrieve, and use this personal information to provide goods or services to the people associated with the organization. However, it is presently recognized that such data can be a lucrative target for malicious actors (e.g., hackers), who can leverage this personal information to gain additional attack vectors against the organization and/or the people associated with the organization, or may simply sell this information (e.g., on the “dark web”) to be used by other malicious actors for nefarious or illicit purposes. For example, malicious actors may use this illicitly accessed information to conduct identity theft, credit card fraud, insurance fraud, and to gain unauthorized access to accounts or services associated with the organization or the customers and employees associated with the organization. SUMMARY A summary of certain embodiments disclosed herein is set forth below. It should be understood that these aspects are presented merely to provide the reader with a brief summary of these certain embodiments and that these aspects are not intended to limit the scope of this disclosure. Indeed, this disclosure may encompass a variety of aspects that may not be set forth below. In an embodiment, a computing system includes storage that includes a customer database, a trained artificial intelligence (AI) component, and a disinformation processing module and processing circuitry configured to execute stored instructions to perform actions including providing customer information stored in the customer database as input to the trained AI component, receiving potential customer disinformation as output from the trained AI component, analyzing and modifying the potential customer disinformation using the disinformation processing module to yield customer disinformation, and providing a portion of the customer disinformation to an untrusted client device, a malicious website, a third party service, or any combination thereof. In another embodiment, a computer-implemented method includes providing customer information stored in a customer database as input to a trained artificial intelligence (AI) component, receiving potential customer disinformation as output from the trained AI component, analyzing and modifying the potential customer disinformation using a disinformation processing module to yield customer disinformation, and providing a portion of the customer disinformation to an untrusted client device, a malicious website, a third party service, or any combination thereof. In another embodiment, a non-transitory, computer-readable medium includes instructions stored thereon that, when executed by processing circuitry, cause the processing circuitry to provide customer information stored in a customer database as input to a trained artificial intelligence (AI) component, receive potential customer disinformation as output from the trained AI component, analyze and modify the potential customer disinformation using a disinformation processing module to yield customer disinformation, and provide a portion of the customer disinformation to an untrusted client device, a malicious website, a third party service, or any combination thereof. Various refinements of the features noted above may exist in relation to various aspects of the present disclosure. Further features may also be incorporated in these various aspects as well. These refinements and additional features may exist individually or in any combination. For instance, various features discussed below in relation to one or more of the illustrated embodiments may be incorporated into any of the above-described aspects of the present disclosure alone or in any combination. The brief summary presented above is intended only to familiarize the reader with certai