Search

US-12626012-B2 - User identification system and method for fraud detection

US12626012B2US 12626012 B2US12626012 B2US 12626012B2US-12626012-B2

Abstract

Methods, systems, and apparatuses are described for identifying potential identity fraud by tracking a user's typical communication patterns. If a new communication is received from someone who purports to be a trusted user, but the communication exhibits communication traits that are not typical for the user, additional identity fraud prevention steps may be taken.

Inventors

  • Ryan Van Antwerp
  • James Bradley Hein

Assignees

  • COMCAST CABLE COMMUNICATIONS, LLC

Dates

Publication Date
20260512
Application Date
20240315

Claims (20)

  1. 1 . A method comprising: receiving, by a computing device and from a user device, a plurality of communications of a communication session associated with a user; determining a frequency of punctuations in a current communication of the communication session; adjusting, based on comparing the frequency of punctuations in the current communication with a textual linguistic profile associated with the user, a historical value that is based on frequencies of punctuations in one or more prior communications of the communication session; and requesting, based on comparing the adjusted historical value with a threshold value, additional identification information from the user device.
  2. 2 . The method of claim 1 , wherein the adjusting the historical value comprises: determining, based on comparing the frequency of punctuations in the current communication with the textual linguistic profile associated with the user, an author confidence value of the current communication, wherein the author confidence value indicates a likelihood percentage that the user provided the current communication; and increasing or decreasing the historical value based on the author confidence value of the current communication and further based on the frequencies of punctuations in the one or more prior communications.
  3. 3 . The method of claim 1 , further comprising: requesting, from the user device, the current communication, wherein the current communication comprises a plurality of words; analyzing the plurality of words to identify the frequency of punctuations in the current communication; and updating, based on the frequency of punctuations in the current communication, the textual linguistic profile.
  4. 4 . The method of claim 1 , further comprising receiving a request to initiate the communication session, wherein the request comprises a media access control address associated with the user device.
  5. 5 . The method of claim 1 , further comprising: causing, on a display device during the communication session, display of a fraud detection graph indicating a change between the historical value and the adjusted historical value.
  6. 6 . The method of claim 1 , further comprising: causing, by the computing device and based on the comparing the adjusted historical value with the threshold value, display of an alert of potential identity fraud.
  7. 7 . The method of claim 1 , wherein the textual linguistic profile indicates at least one of: an average sentence length, an average word count, an average number of sentences, an abbreviation of a word, an average number of a type of punctuation, or a number of pictograms.
  8. 8 . A method comprising: receiving, by a computing device and from a user device, a plurality of communications of a communication session associated with a user; determining a frequency of abbreviated words in a current communication of the communication session; adjusting, based on comparing the frequency of abbreviated words in the current communication with a textual linguistic profile associated with the user, a historical value that is based on frequencies of abbreviated words in one or more prior communications of the communication session; and requesting, based on comparing the adjusted historical value with a threshold value, additional identification information from the user device.
  9. 9 . The method of claim 8 , wherein the adjusting the historical value comprises: determining, based on comparing the frequency of abbreviated words in the current communication with the textual linguistic profile associated with the user, an author confidence value of the current communication, wherein the author confidence value indicates a likelihood percentage that the user provided the current communication; and increasing or decreasing the historical value based on the author confidence value of the current communication and further based on the frequencies of abbreviated words in the one or more prior communications.
  10. 10 . The method of claim 8 , further comprising: requesting, from the user device, the current communication, wherein the current communication comprises a plurality of words; analyzing the plurality of words to identify the frequency of abbreviated words in the current communication; and updating, based on the frequency of abbreviated words in the current communication, the textual linguistic profile.
  11. 11 . The method of claim 8 , further comprising receiving a request to initiate the communication session, wherein the request comprises a media access control address associated with the user device.
  12. 12 . The method of claim 8 , further comprising: causing, on a display device during the communication session, display of a fraud detection graph indicating a change between the historical value and the adjusted historical value.
  13. 13 . The method of claim 8 , further comprising: causing, by the computing device and based on the comparing the adjusted historical value with the threshold value, display of an alert of potential identity fraud.
  14. 14 . The method of claim 8 , wherein the textual linguistic profile indicates at least one of: an average sentence length, an average word count, an average number of sentences, an abbreviation of a word, an average number of a type of punctuation, or a number of pictograms.
  15. 15 . A method comprising: determining, by a computing device, a first linguistic feature of a current communication received, during a communication session, from a user device, wherein the communication session comprises a suspicious communication session that is associated with an identification of a user; determining, based on comparing the first linguistic feature of the current communication with a second linguistic feature associated with the user, an increased likelihood, of identity fraud in the communication session, relative to a previously determined likelihood, of identity fraud in the communication session, that is based on one or more prior communications, of the communication session, received before the current communication; determining, based on the increased likelihood of identity fraud in the communication session, that an author, of the current communication and the one or more prior communications, is different from the user; and requesting, based on the determination that the author is different from the user, additional identification information from the user device.
  16. 16 . The method of claim 15 , wherein the determining the increased likelihood comprises: determining, based on the comparing the first linguistic feature of the current communication with the second linguistic feature associated with the user, an author confidence value indicating a likelihood percentage that the user provided the current communication; and determining the increased likelihood based on the author confidence value failing to satisfy a threshold value.
  17. 17 . The method of claim 15 , further comprising: requesting, from the user device, a plurality of communications, wherein the plurality of communications comprise a plurality of words; and analyzing the plurality of words to identify the second linguistic feature associated with the user.
  18. 18 . The method of claim 15 , further comprising: causing, on a display device during the communication session, display of a fraud detection graph indicating a change between the previously determined likelihood and the increase likelihood.
  19. 19 . The method of claim 15 , further comprising: causing, by the computing device and based on comparing the increased likelihood of identity fraud in the communication session with a threshold value, display of an alert of potential identity fraud.
  20. 20 . The method of claim 15 , wherein each of the first linguistic feature and the second linguistic feature comprises at least one of: an average sentence length, an average word count, an average number of sentences, a frequency of abbreviated words, a frequency of punctuations, or a frequency of pictograms.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS This application is a continuation of U.S. patent application Ser. No. 17/527,232, filed on Nov. 16, 2021, which is a continuation of U.S. patent application Ser. No. 16/218,687 (now U.S. Pat. No. 11,200,336), filed on Dec. 13, 2018, each of which is incorporated by reference in its entirety herein for all purpose. BACKGROUND Identity theft is a common problem in the digital age, particularly when identification of a person occurs electronically. Due to increasing data breaches, information that was once thought secure to verify identity, such as social security numbers, birthdays, and personal security questions, may be insufficient to protect service provider accounts from takeovers by identity thieves or cybercriminals. SUMMARY The following summary presents a simplified summary of certain features. The summary is not an extensive overview and is not intended to identify key or critical elements. Methods, systems, and apparatuses are described for creating one or more communication profiles, such as linguistic and other expression profiles, of user's communications with a system. Such profiles may be used during a communication session with the user to monitor the session for potential identity fraud. A model may be developed and trained based on a known corpus of text, audio, or other data interactions between a user and a service. During a communication session with the service, e.g., a service administered by a provider, the models may be used to monitor the text-based, audio-based, or other types of interactions provided to the communication session system by the user and a probability of identity fraud of the user may be generated. These and other features are described in greater detail below. BRIEF DESCRIPTION OF THE DRAWINGS Some features are shown by way of example, and not by limitation, in the accompanying drawings In the drawings, like numerals reference similar elements. FIG. 1 shows an example communication network. FIG. 2 shows hardware elements of a computing device. FIG. 3 is a diagram illustrating a system for applying user identification models to communication session interactions to detect potential identity fraud during the session. FIG. 4 is a flow chart showing an example method for training one or more user identification models from interactions with a user of a service provider for use in detecting potential identity fraud during a communication session. FIG. 5 is an example screenshot of a menu requesting information from a user of a service to train one or more user identification models. FIG. 6 is a diagram illustrating the extraction of linguistic features from responses provided by a user of a service for use in identifying potential identity fraud of the user. FIG. 7 is a flow chart showing an example method for applying one or more user identification models to interactions with a user of a service during a communication session to detect potential identity fraud. FIG. 8 is an example screenshot of a user identity verification device illustrating an output from one or more user identification models tracking a probability of identity fraud over a period of time of a communication session. FIG. 9 is a flow chart showing an example method for updating one or more user identification models from interactions with a user of a service for use in detecting potential identity fraud during a communication session. DETAILED DESCRIPTION The accompanying drawings, which form a part hereof, show examples of the disclosure. It is to be understood that the examples shown in the drawings and/or discussed herein are non-exclusive and that there are other examples of how the disclosure may be practiced. FIG. 1 shows an example communication network 100 in which features described herein may be implemented. The communication network 100 may comprise one or more information distribution networks of any type, such as, without limitation, a telephone network, a wireless network (e.g., an LTE network, a 5G network, a Wi-Fi IEEE 802.11 network, a WiMAX network, a satellite network, and/or any other network for wireless communication), an optical fiber network, a coaxial cable network, and/or a hybrid fiber/coax distribution network. The communication network 100 may use a series of interconnected communication links 101 (e.g., coaxial cables, optical fibers, wireless links, etc.) to connect multiple premises 102 (e.g., businesses, homes, consumer dwellings, train stations, airports, etc.) to a local office 103 (e.g., a headend). The local office 103 may send downstream information signals and receive upstream information signals via the communication links 101. Each of the premises 102 may comprise devices, described below, to receive, send, and/or otherwise process those signals and information contained therein. The communication links 101 may originate from the local office 103 and may comprise components not illustrated, such as splitters, filters, a