Search

US-20260127609-A1 - COMPUTER SYSTEMS AND METHODS FOR MITIGATING FRAUDULENT TRANSACTION ACTIVITY

US20260127609A1US 20260127609 A1US20260127609 A1US 20260127609A1US-20260127609-A1

Abstract

A computing platform is configured to (i) identify a candidate set of card-not-present (CNP) transactions that are candidates for potential involvement in fraudulent activity, (ii) for each respective CNP transaction in the candidate set, determine a respective combination of transaction-element values for a set of transaction elements comprising at least (a) a first transaction element indicating a Bank Identification Number (BIN) number of a respective PAN involved in the respective CNP transaction, (b) a second transaction element indicating a client involved in the respective CNP transaction, and (c) a third transaction element indicating a merchant involved in the respective CNP transaction, (iii) based on an evaluation of the respective combinations of transaction-element values determined for the CNP transactions in the candidate set, identify at least one at-risk combination of transaction-element values that is associated with a risk of fraudulent activity, and (iv) use the identified at least one at-risk combination of transaction-element values as a basis for deploying logic for identifying CNP transactions that present a risk of fraudulent activity.

Inventors

  • Razvan Oltean
  • Pranjal Desai

Assignees

  • CAPITAL ONE FINANCIAL CORPORATION

Dates

Publication Date
20260507
Application Date
20241104

Claims (20)

  1. 1 . A computing platform comprising: at least one processor; at least one non-transitory computer-readable medium; and program instructions stored on the at least one non-transitory computer-readable medium that, when executed by the at least one processor, cause the computing platform to: identify a candidate set of card-not-present (CNP) transactions that are candidates for potential involvement in fraudulent activity by: identifying an initial set of CNP transactions that were processed during a past window of time; identifying a set of primary account numbers (PANs) involved in CNP transactions from the initial set; and for each respective PAN in the identified set of PANs, (i) determining a respective numeric difference between the respective PAN and a next-closest PAN in the identified set of PANs, (ii) comparing the respective numeric difference determined for the respective PAN to a threshold numeric difference, and (iii) if the respective numeric difference determined for the respective PAN does not exceed the threshold numeric difference, identifying each CNP transaction from the initial set that involved the respective PAN as a CNP transaction to include in the candidate set; for each respective CNP transaction in the candidate set, determine a respective combination of transaction-element values for a set of transaction elements comprising (i) a first transaction element indicating a Bank Identification Number (BIN) number of a respective PAN involved in the respective CNP transaction, (ii) a second transaction element indicating a client involved in the respective CNP transaction, (iii) a third transaction element indicating a merchant involved in the respective CNP transaction, and (iv) a fourth transaction element indicating a transaction amount of the respective CNP transaction; based on an evaluation of the respective combinations of transaction-element values determined for the CNP transactions in the candidate set, identify at least one at-risk combination of transaction-element values that is associated with a risk of fraudulent activity; and use the identified at least one at-risk combination of transaction-element values as a basis for deploying logic for identifying CNP transactions that present a risk of fraudulent activity.
  2. 2 . The computing platform of claim 1 , wherein identifying the initial set of CNP transactions that were processed during the past window of time comprises: identifying a set of CNP transactions involving a given issuer bank that were processed during the past window of time.
  3. 3 . The computing platform of claim 1 , wherein identifying the set of PANs involved in CNP transactions from the initial set comprises: identifying a set of PANs involved in less than a threshold number of CNP transactions from the initial set.
  4. 4 . The computing platform of claim 1 , wherein the threshold numeric difference comprises a numeric value that is selected from a numeric range between 50 and 1000.
  5. 5 . The computing platform of claim 1 , wherein the set of transaction elements further comprises a fifth transaction element indicating an issuer bank for the respective PAN involved in the respective CNP transaction.
  6. 6 . The computing platform of claim 1 , wherein the program instructions that, when executed by the at least one processor, cause the computing platform to identify the at least one at-risk combination of transaction-element values based on the evaluation of the respective combinations of transaction-element values determined for the CNP transactions in the candidate set comprise program instructions that, when executed by the at least one processor, cause the computing platform to: based on the evaluation of the respective combinations of transaction-element values determined for the CNP transactions in the candidate set, define groups of CNP transactions that each correspond to a distinct combination of transaction-element values for the set of transaction elements; and for each respective group of the defined groups of CNP transactions: determine a respective number of CNP transactions included in the respective group; compare the respective number of CNP transactions included in respective group to a threshold number of CNP transactions; and if the respective number of CNP transactions included in respective group exceeds the threshold number of CNP transactions, identify the respective group's distinct combination of transaction-element values as an at-risk combination of transaction-element values.
  7. 7 . The computing platform of claim 1 , wherein the identified at least one at-risk combination of transaction-element values includes a respective transaction-element value for each transaction element in the set of transaction elements.
  8. 8 . The computing platform of claim 1 , wherein the logic for identifying CNP transactions that present the risk of fraudulent activity comprises a conditional statement that corresponds to the identified at least one at-risk combination of transaction-element values.
  9. 9 . The computing platform of claim 8 , wherein the conditional statement that corresponds to the identified at least one at-risk combination of transaction-element values includes conditions for evaluating transaction-element values of the first, second, and third data elements but does not include a condition for evaluating transaction-element values of the fourth data element.
  10. 10 . The computing platform of claim 1 , further comprising program instructions stored on the at least one non-transitory computer-readable medium that, when executed by the at least one processor, cause the computing platform to: while utilizing the logic to evaluate new CNP transactions that are being processed, identify one or more CNP transactions that present the risk of fraudulent activity.
  11. 11 . The computing platform of claim 1 , wherein the logic for identifying CNP transactions that present the risk of fraudulent activity has a defined expiration time.
  12. 12 . The computing platform of claim 11 , further comprising program instructions stored on the at least one non-transitory computer-readable medium that, when executed by the at least one processor, cause the computing platform to: extend the defined expiration time of the logic for identifying CNP transactions that present the risk of fraudulent activity if, prior to the defined expiration time, the logic results in an identification of at least one new CNP transaction that present the risk of fraudulent activity.
  13. 13 . The computing platform of claim 1 , wherein the program instructions that, when executed by the at least one processor, cause the computing platform to use the identified at least one at-risk combination of transaction-element values as the basis for deploying the logic for identifying CNP transactions that present the risk of fraudulent activity comprises program instructions that, when executed by the at least one processor, cause the computing platform to: based on the identified at least one at-risk combination of transaction-element values, define the logic for identifying CNP transactions that present the risk of fraudulent activity; and either (i) begin utilizing the logic to evaluate new CNP transactions at the computing platform or (ii) cause one or more other computing platforms to begin utilizing the logic to evaluate new CNP transactions.
  14. 14 . A non-transitory computer-readable medium, wherein the non-transitory computer-readable medium is provisioned with program instructions that, when executed by at least one processor, cause a computing platform to: identify a candidate set of card-not-present (CNP) transactions that are candidates for potential involvement in fraudulent activity by: identifying an initial set of CNP transactions that were processed during a past window of time; identifying a set of primary account numbers (PANs) involved in CNP transactions from the initial set; and for each respective PAN in the identified set of PANs, (i) determining a respective numeric difference between the respective PAN and a next-closest PAN in the identified set of PANs, (ii) comparing the respective numeric difference determined for the respective PAN to a threshold numeric difference, and (iii) if the respective numeric difference determined for the respective PAN does not exceed the threshold numeric difference, identifying each CNP transaction from the initial set that involved the respective PAN as a CNP transaction to include in the candidate set; for each respective CNP transaction in the candidate set, determine a respective combination of transaction-element values for a set of transaction elements comprising (i) a first transaction element indicating a Bank Identification Number (BIN) number of a respective PAN involved in the respective CNP transaction, (ii) a second transaction element indicating a client involved in the respective CNP transaction, (iii) a third transaction element indicating a merchant involved in the respective CNP transaction, and (iv) a fourth transaction element indicating a transaction amount of the respective CNP transaction; based on an evaluation of the respective combinations of transaction-element values determined for the CNP transactions in the candidate set, identify at least one at-risk combination of transaction-element values that is associated with a risk of fraudulent activity; and use the identified at least one at-risk combination of transaction-element values as a basis for deploying logic for identifying CNP transactions that present a risk of fraudulent activity.
  15. 15 . A method implemented by a computing platform, the method comprising: identifying a candidate set of card-not-present (CNP) transactions that are candidates for potential involvement in fraudulent activity by: identifying an initial set of CNP transactions that were processed during a past window of time; identifying a set of primary account numbers (PANs) involved in CNP transactions from the initial set; and for each respective PAN in the identified set of PANs, (i) determining a respective numeric difference between the respective PAN and a next-closest PAN in the identified set of PANs, (ii) comparing the respective numeric difference determined for the respective PAN to a threshold numeric difference, and (iii) if the respective numeric difference determined for the respective PAN does not exceed the threshold numeric difference, identifying each CNP transaction from the initial set that involved the respective PAN as a CNP transaction to include in the candidate set; for each respective CNP transaction in the candidate set, determining a respective combination of transaction-element values for a set of transaction elements comprising (i) a first transaction element indicating a Bank Identification Number (BIN) number of a respective PAN involved in the respective CNP transaction, (ii) a second transaction element indicating a client involved in the respective CNP transaction, (iii) a third transaction element indicating a merchant involved in the respective CNP transaction, and (iv) a fourth transaction element indicating a transaction amount of the respective CNP transaction; based on an evaluation of the respective combinations of transaction-element values determined for the CNP transactions in the candidate set, identifying at least one at-risk combination of transaction-element values that is associated with a risk of fraudulent activity; and using the identified at least one at-risk combination of transaction-element values as a basis for deploying logic for identifying CNP transactions that present a risk of fraudulent activity.
  16. 16 . The method of claim 15 , wherein identifying the at least one at-risk combination of transaction-element values based on the evaluation of the respective combinations of transaction-element values determined for the CNP transactions in the candidate set comprises: based on the evaluation of the respective combinations of transaction-element values determined for the CNP transactions in the candidate set, defining groups of CNP transactions that each correspond to a distinct combination of transaction-element values for the set of transaction elements; and for each respective group of the defined groups of CNP transactions: determining a respective number of CNP transactions included in the respective group; comparing the respective number of CNP transactions included in respective group to a threshold number of CNP transactions; and if the respective number of CNP transactions included in respective group exceeds the threshold number of CNP transactions, identifying the respective group's distinct combination of transaction-element values as an at-risk combination of transaction-element values.
  17. 17 . The method of claim 15 , wherein the identified at least one at-risk combination of transaction-element values includes a respective transaction-element value for each transaction element in the set of transaction elements.
  18. 18 . The method of claim 15 , wherein the logic for identifying CNP transactions that present the risk of fraudulent activity comprises a conditional statement that corresponds to the identified at least one at-risk combination of transaction-element values.
  19. 19 . The method of claim 18 , wherein the conditional statement that corresponds to the identified at least one at-risk combination of transaction-element values includes conditions for evaluating transaction-element values of the first, second, and third data elements but does not include a condition for evaluating transaction-element values of the fourth data element.
  20. 20 . The method of claim 15 , further comprising: while utilizing the logic to evaluate new CNP transactions that are being processed, identifying one or more CNP transactions that present the risk of fraudulent activity.

Description

BACKGROUND Card-not-present (CNP) transactions are becoming increasingly common. CNP transactions offer convenience to both cardholders and merchants, allowing for cardholders to initiate transactions remotely from merchant points of service and thereby removing the need for many of the physical tools that may be required for card-present (CP) transactions at merchant points of service. Processing CNP transactions typically involves a two-stage process, including an “authorization” stage and a “settlement” stage. During one possible implementation of the authorization stage, a merchant's computing platform may send an authorization request for a CNP transaction initiated by a consumer to a computing platform of the merchant's acquiring financial institution (often referred to as the “acquirer bank”) or an associated processor, which in turn routs the authorization request to a computing platform of the financial institution that issued the payment card used for the CNP transaction (often referred to as the “issuing bank”) over a payment network. After receiving the authorization request, the issuing bank's computing platform renders a decision as to whether the CNP transaction should be approved or denied and generates an authorization response memorializing that decision, which gets routed back to the acquirer bank's computing platform (or an associated processor) and then back to the merchant's computing platform. Then, during one possible implementation of the settlement stage, the merchant's computing platform sends a settlement request for the authorized CNP transaction (and perhaps other authorized CNP transactions) to the acquirer bank's computing platform or an associated processor, which in turn routes the settlement request to the issuing bank's computing platform over a payment network. After the issuing bank receives and approves the settlement request, the funds for the CNP transaction are transferred from the issuing bank's computing platform to the acquirer bank's computing platform through the payment network, the acquirer bank deposits the proceeds from the CNP transaction into a bank account of the merchant, and the issuer bank charges the cardholder for the CNP transaction. The processing of a CNP transaction could take various other forms as well. OVERVIEW Disclosed herein is new technology for mitigating fraudulent CNP transaction activity. In a first aspect, the disclosed technology may involve computer-implemented functionality for (a) identifying a candidate set of card-not-present (CNP) transactions that are candidates for potential involvement in fraudulent activity, (b) for each respective CNP transaction in the candidate set, determining a respective combination of transaction-element values for a set of transaction elements comprising at least (i) a first transaction element indicating a Bank Identification Number (BIN) number of a respective PAN involved in the respective CNP transaction, (ii) a second transaction element indicating a client involved in the respective CNP transaction, and (iii) a third transaction element indicating a merchant involved in the respective CNP transaction, (c) based on an evaluation of the respective combinations of transaction-element values determined for the CNP transactions in the candidate set, identifying at least one at-risk combination of transaction-element values that is associated with a risk of fraudulent activity (e.g., a combination that includes a respective transaction-element value for each transaction element in the set of transaction elements), and (d) using the identified at least one at-risk combination of transaction-element values as a basis for deploying logic for identifying CNP transactions that present a risk of fraudulent activity (e.g., by defining the logic for identifying CNP transactions that present the risk of fraudulent activity based on the identified at least one at-risk combination of transaction-element values and then either utilizing the logic to evaluate new CNP transactions at the computing platform or causing one or more other computing platforms to begin utilizing the logic to evaluate new CNP transactions). In this first aspect, the function of identifying the candidate set of CNP transactions may take any of various forms. For instance, as one possibility, the function of identifying the candidate set of CNP transactions may involve identifying an initial set of CNP transactions that were processed during a past window of time (e.g., a set of CNP transactions involving a given issuer bank that were processed during the past window of time), identifying a set of primary account numbers (PANs) involved in CNP transactions from the initial set (e.g., a set of PANs involved in less than a threshold number of CNP transactions from the initial set), and then for each respective PAN in the identified set of PANs, (i) determining a respective numeric difference between the respective PAN and a next-closest PA