Search

US-20260129053-A1 - DETECTION AND MITIGATION OF AUTOMATED ACCOUNT GENERATION USING ARTIFICIAL INTELLIGENCE

US20260129053A1US 20260129053 A1US20260129053 A1US 20260129053A1US-20260129053-A1

Abstract

Disclosed herein are systems and methods for detecting automated account generation requests. An example method includes receiving an application programming interface (API) request to generate a new user account. The method then includes executing a machine learning model to predict a likelihood of the API request having been generated automatically using one or more programming protocols. The machine learning model may be trained using historic requests known to have been generated using a machine or a programming/algorithm. When the machine learning model determines that the API request is likely to have been machine-made, the method includes executing an additional security protocol associated with the new user account.

Inventors

  • Suhas Hoskote Muralidhar
  • Prasanna SRIDHAR
  • Charlotte Gils

Assignees

  • Stripe, Inc.

Dates

Publication Date
20260507
Application Date
20260105

Claims (20)

  1. 1 . A method comprising: receiving, by an application programming interface (API) from a computing device, a request to create a new user account, the request comprising at least one user identifier and at least one user attribute; transmitting, by the API, the at least one user identifier and the at least one user attribute to a machine learning model trained on account creation requests identified and labeled as having been generated automatically using one or more programming protocols; receiving, by the API from the machine learning model, a likelihood score indicating a probability that the request to create the new user account was generated automatically and not via a human operator; determining, by the API, whether the likelihood score satisfies a threshold, indicating a sensitivity level associated with requests to create new user accounts; in response to determining that the likelihood score does not satisfy the threshold, routing, by the API, the request to an account creation service provider node along with an instruction to implement a first security protocol and generate the new user account; and in response to determining that the likelihood score satisfies the threshold, routing, by the API, the request to an alternate node that comprises at least one alternative security protocol.
  2. 2 . The method of claim 1 , wherein the at least one alternative security protocol comprises a two-factor authentication protocol.
  3. 3 . The method of claim 1 , wherein the at least one alternative security protocol comprises presenting an authentication challenge of at least one of a CAPTCHA prompt, a reCAPTCHA prompt, or an hCAPTCHA prompt.
  4. 4 . The method of claim 1 , wherein the at least one user attribute comprises a time difference between a first timestamp associated with receipt of the request to create the new user account and a second timestamp associated with receipt of a second request to create another user account from the computing device.
  5. 5 . The method of claim 1 , wherein the machine learning model is executed at a predetermined time subsequent to receiving the request to create the new user account.
  6. 6 . The method of claim 1 , wherein the at least one user attribute corresponds to at least one of a phone number, a physical address, and an Internet Protocol (IP) address associated with the request to create the new user account.
  7. 7 . The method of claim 1 , further comprising denying, by the alternate node, generation of the new user account based on a determination that the request was generated automatically using one or more programming protocols and not via a human operator.
  8. 8 . A non-transitory machine-readable storage medium having computer-executable instructions stored thereon that, when executed by one or more processors associated with an application programming interface (API), cause the one or more processors to perform operations comprising: receive, from a computing device, a request to create a new user account, the request comprising at least one user identifier and at least one user attribute; transmit the at least one user identifier and the at least one user attribute to a machine learning model trained on account creation requests identified and labeled as having been generated automatically using one or more programming protocols; receive, from the machine learning model, a likelihood score indicating a probability that the request to create the new user account was generated automatically and not via a human operator; determine whether the likelihood score satisfies a threshold, indicating a sensitivity level associated with requests to create new user accounts; in response to determining that the likelihood score does not satisfy the threshold, route the request to an account creation service provider node along with an instruction to implement a first security protocol and generate the new user account; and in response to determining that the likelihood score satisfies the threshold, route the request to an alternate node that comprises at least one alternative security protocol.
  9. 9 . The non-transitory machine-readable storage medium of claim 8 , wherein the at least one alternative security protocol comprises a two-factor authentication protocol.
  10. 10 . The non-transitory machine-readable storage medium of claim 8 , wherein the at least one alternative security protocol comprises presenting an authentication challenge of at least one of a CAPTCHA prompt, a reCAPTCHA prompt, or an hCAPTCHA prompt.
  11. 11 . The non-transitory machine-readable storage medium of claim 8 , wherein the at least one user attribute comprises a time difference between a first timestamp associated with receipt of the request to create the new user account and a second timestamp associated with receipt of a second request to create another user account from the computing device.
  12. 12 . The non-transitory machine-readable storage medium of claim 8 , wherein the machine learning model is executed at a predetermined time subsequent to receiving the request to create the new user account.
  13. 13 . The non-transitory machine-readable storage medium of claim 8 , wherein the at least one user attribute corresponds to at least one of a phone number, a physical address, and an Internet Protocol (IP) address associated with the request to create the new user account.
  14. 14 . The non-transitory machine-readable storage medium of claim 8 , wherein the computer-executable instructions further cause the alternate node to deny generation of the new user account based on a determination that the request was generated automatically using one or more programming protocols and not via a human operator.
  15. 15 . A system comprising at least one processor associated with an application programming interface (API), the at least one processor configured to: receive, from a computing device, a request to create a new user account, the request comprising at least one user identifier and at least one user attribute; transmit the at least one user identifier and the at least one user attribute to a machine learning model trained on account creation requests identified and labeled as having been generated automatically using one or more programming protocols; receive, from the machine learning model, a likelihood score indicating a probability that the request to create the new user account was generated automatically and not via a human operator; determine whether the likelihood score satisfies a threshold, indicating a sensitivity level associated with requests to create new user accounts; in response to determining that the likelihood score does not satisfy the threshold, route the request to an account creation service provider node along with an instruction to implement a first security protocol and generate the new user account; and in response to determining that the likelihood score satisfies the threshold, route the request to an alternate node that comprises at least one alternative security protocol.
  16. 16 . The system of claim 15 , wherein the at least one alternative security protocol comprises a two-factor authentication protocol.
  17. 17 . The system of claim 15 , wherein the at least one alternative security protocol comprises presenting an authentication challenge of at least one of a CAPTCHA prompt, a reCAPTCHA prompt, or an hCAPTCHA prompt.
  18. 18 . The system of claim 15 , wherein the at least one user attribute comprises a time difference between a first timestamp associated with receipt of the request to create the new user account and a second timestamp associated with receipt of a second request to create another user account from the computing device.
  19. 19 . The system of claim 15 , wherein the machine learning model is executed at a predetermined time subsequent to receiving the request to create the new user account.
  20. 20 . The system of claim 15 , wherein the at least one user attribute corresponds to at least one of a phone number, a physical address, and an Internet Protocol (IP) address associated with the request to create the new user account.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS This application is a continuation application of U.S. patent application Ser. No. 18/522,000, filed Nov. 28, 2023, which is incorporated herein by reference in its entirety for all purposes. TECHNICAL FIELD This application relates generally to the generation, training, and use of computer models that analyze and detect automated account generation requests. BACKGROUND Systems involved in online payment transaction processing may be configured to create, maintain, and regularly update databases of user accounts involved in online payment transactions. These accounts can be created prior to or during the time when users complete an initial online payment transaction. For example, a user checking out at a merchant's online store may receive a prompt generated by a system involved in processing the payment transaction to create a new account. The user may then provide information such as the user's name, address, and the like, in response to the prompt, and the system involved may store this information in a database for future use. This enables the system to provide the information during a subsequent transaction involving the user, reducing the need for repeated communication of the same information between the user's device and the merchant's system. However, malicious third parties have developed techniques that target these systems with the end goal of disrupting the service provided by the one or more parties involved in the transaction. As an example, a malicious third party can masquerade as multiple users and attempt to generate multiple new accounts. If successful, the malicious third party can cause systems involved in processing the payment transaction to become overwhelmed and possibly unresponsive. And conventional techniques for identifying these attempts by malicious third parties to disrupt service are becoming increasingly unsatisfactory as they typically involve the use of fixed criteria or manual (e.g., human) intervention to identify creation requests generated by such malicious third parties. SUMMARY In view of the above-noted challenges posed by malicious third parties, there is a desire for methods and systems that are capable of intelligently monitoring the account generation process and detecting automated account generation requests. Systems are designed to monitor traffic originating from a particular internet protocol (IP) address and analyze the traffic to determine whether an automated account generation request is received. Conventional systems used to monitor traffic are proving to be moderately effective against sophisticated malicious third parties. To improve on these systems, when implemented, the methods and implementations described herein can intelligently analyze and detect automated account generation requests coming from one or more IP addresses. This can be particularly helpful as malicious third parties may design their programming protocols to cause the automated account generation requests to appear increasingly as if they were generated by a human. By virtue of the implementation of the systems and methods described herein, systems involved in account generation can more accurately discern between requests to generate new user accounts that are generated automatically using one or more programming protocols and requests generated by humans. This, in turn, reduces the need for the automatic implementation of additional security protocols that often require additional communication between devices, thereby consuming more computing resources and resulting in increased network activity than is otherwise necessary. This also enables service providers or other entities described herein to more accurately determine how many new accounts that are generated are generated by human users while denying requests that could later block a true request from a human user (referred to sometimes as email address squatting). Additionally, the systems involved can more quickly identify attacks by malicious third parties and stop computing resource consumption caused by these malicious third parties. For example, in cases where service providers provide APIs available to the public to allow for account creation outside of the context of an instant payment transaction, such service providers can implement the techniques described herein to monitor the requests they receive and quickly identify suspicious or malicious requests. This can again save computing resources from being consumed as a result of the attempted attacks prompted by the malicious third parties. And in some cases, this can prevent systems (e.g., service provider systems) from being taken down entirely (similar to what happens in a distributed denial-of-service (DDoS) attack). In some cases, this can also prevent email bounce-backs whereby additional messages are transmitted indicating that a given email address associated with a given attack during account verification is not in