GB2512340A

GB2512340A - Electronic arrangement and related method for automated fraud prevention in connection with digital transactions

Info

Publication number: GB2512340A
Application number: GB1305543.9A
Authority: GB
Inventors: Pekka Honkonen
Original assignee: RISKPOINTER Oy
Current assignee: RISKPOINTER Oy
Priority date: 2013-03-27
Filing date: 2013-03-27
Publication date: 2014-10-01
Also published as: GB201305543D0

Abstract

Electronic server arrangement 106, 101b, 214 operable in a communications network 116 and utilized for fraud detection regarding digital transactions 114 between parties 110B, 112C, comprises a processing entity 124 and a memory entity 120, and a data transfer entity 128, the arrangement being configured to host a location-based risk model based on data indicative of detected frauds and their geographical locations in connection with transacÂtions, the arrangement being further configured to receive inforÂmation regarding a potential or already-initiated transaction, wherein the information comprises location data indicative of a location associated with the transaction, 110B, 112b, determine a location-based risk score for the transaction on the basis of the model and said inÂformation, provide an indication 106B of the risk score for use as a criterion for decision-making upon the validity of the transaction, and receive feedback 106C regarding the validity of the transaction and update the model accordingly. A related method for faciliÂtating fraud detection is presented.

Description

ELECTRONIC ARRANGEMENT AND RELATED METHOD FOR

AUTOMATED FRAUD PREVENTION IN CONNECTION WITH DIGITAL

TRANSACTIONS

FIELD OF THE INVENTION

Generally the invention relates to electronic computing devices and communication systems. hi particular, however not exclusively, the present invention pertains to fraud prevention in connection with transactions utilizing such devices and related infrastructure.

BACKGROUND

Identity theft refers to stealing somebody else's identity for performing actions such as various transactions that may be e.g. teclmical, financial, or both, by nature. Such thefts may occur e.g. in connection with credit card frauds where the fraud is ac-coniplished utilizing a credit card as a fraudulent source of finds. The credit card frauds are usually made possible by stealing the actual physical card in question and/or acquiring information such as credit card (account) number, expiration date and related security code(s) required to access the account associated with the card possibly without swiping' the physical card itself, which may take place especially in the context of digital commerce. The number of credit card frauds has remained steadily high during the last years causing significant financial losses to innocent parties involved in the associated transactions.

Generally, however, tile number of different frauds in connection with transactions such as payments relating to product or service purchases has increased and also changed in shape, or become more diverse during the last few decades due to the emerge of new transaction models and payment methods many of which arising from the daybreak of the aforesaid digital commerce, or c-commerce', which has ultimately relieved the selling and buying of goods and services from their ancient Umitations regarding e.g. place and time, i.e. physical simultaneous interaction be-tween the transaction pal-ties not naturally forgetting the more traditional card not present transactions' that are still relatively popular and include e.g. transactions made over the telephone (voice connection).

Indeed, nowadays the transactions may be effectuated over communications net-works such as the Internet and related equipment such as terminal devices, servers, and various intermediate elements. Besides credit card accounts, also supplementary tecimologies have arisen to facilitate conducting transactions including e.g. mobile payment and various dedicated e-comnierce payment systems such as Paypal TM that typic&ly support transferring money from a tradition& bank account or a credit card account to a specific service account (and vice versa) for conducting digital transac- tions over the Internet and relieving both parties of the transaction from the awk-ward, usually time consuming and costly, procedures associated with direct bank transfers between the transaction parties, for instance.

While the versatility of the modern transactions naturally provides new means to conmen to conduct frauds (indeed, estimated $3.4 billion was lost in 2011 through online fraud in the US, which corresponds to the average of 1.0% of online reve- nues), it also enables utilizing sophisticated technology and related more or less au-tomated methods to detect and even prevent those.

For example, computer-based predictive analytics and especially digital forensic an-alytics, i.e. the use of electronic data to analyze financial frauds, has been exploited for some time now to detect e.g. anomalies in transaction information, which are of-ten indicative of fraudulent behavior.

Rather popular methodologies falling under such analytics include e.g. velocity of use by which it is commonly referred to screening the number of transactions or transaction attempts durhig a monitored time window associated with common data elements, such as a credit card number, e-mail address, postal address, phone num-ber, etc. By tracking the velocity, it is possible to differentiate normal' behavior from unusual one, determine associated trends, and address potential thTeats accord-ingly.

As a related form of applicable analytics, different techniques to recognize morph-ing attacks such as identity morpliing' have been previously set forth. In morpliing frauds, at least some elements associated an entity participating in, typically initiat-ing, the transaction change from transaction to another whereas at least sonic other elements remain static. For example, person name may change but the e-mail ad-dress remains the same between the transactions, or the person nanie stays the same but the utilized payment method or token such as credit card changes. By monitor-ing e.g. a so-called velocity of change', morphing attacks may be detected.

Notwithstanding the obvious benefits the prevailing analytics such as the afore-explained methods offer for detecting frauds in conjunction with transactions, there still remain defects to be overcome and work to be done iii identiiing potential threats before they materialize into real damages by which both material and finan-cial damages may be referred to.

SUMMARY

The objective of the present invention is to elevate the fraud detection capability of existing and new fraud detection solutions by a number of innovative supplementary approaches.

The objective is achieved by different embodiments of an electronic arrangement and related method described in more detail hereinafter.

According to one aspect, an electronic server arrangement of e.g. one or more func-tionally connected servers operable in, i.e. at least flrnctionally connected to, a conilnunications network and utilized for fraud detection regarding digital transac- tions between a number of parties, such as a seller and a buyer, comprises a pro-cessing entity and a memory entity for processing and storing data, respectively, and a data transfer entity for receiving and transmitting data, the arrangement being con-figured to host a location-based risk model based on data indicative of detected frauds and their geographical locations in connection with transactions, the ar-rangement being further configured to receive information regarding a potential or &ready-initiated transaction, wherein the information comprises location data indicative of a location associated with the transaction, preferably estimated location of a transaction party, determine a location-based risk score for the transaction on the basis of the model and said information, provide an indication of the risk score for use as a criterion for decision-making up-on the validity of the transaction, and receive feedback regarding the validity of the transaction and update the model ac-cordingly.

hi one embodiment, the model contains a plurality of reference points. The risk al-located to the indicated location associated with the transaction may be calculated utilizing a number of such reference points (e.g. a predetermined number of closest points) of the model, wherein each of the reference points is associated with a char- acterizing risk score. The points may be defined in two (e.g. two-dimensional Car- tesian coordinates) or three dimensions (e.g. with altitude or level information add- ed), for example. Two dimensions may be enough to provide sufficient regional ac-curacy to the modeling. E.g. even a global risk surface model may be determined accordingly.

In some embodiments, the arrangement is configured to determine a location-based risk score by interpolating the risk scores of a plurality of reference points according to predetermined logic. Alternatively or additionally, suitable triangulation or other predetermined geometric algorithms may be applied. For example, the calculation may incorporate determining the distance of the indicated location from said refer- ence points and interpolating the risk score on the basis thereof. Among other op- tions, the risk score of the indicated location may be calculated through determina- tion of a weighted average of the risk scores associated with a predetermined num-ber of closest reference points, wherein the weight of the reference-point associated score may be made dependent on the distance of the point from the indicated loca-tion.

hi another, either supplementary or alternative, embodiment the arrangement is con- figured to, in response to obtaining feedback indicative of fraudulent transaction, el-evate the risk scores of a number of reference points in the model dosest, according to predetermined criterion, to the indicated location. In contrast, feedback indicative of a legitimate, valid transaction may convert into reduced risk factor of the associ-ated reference points in the model.

hi one other, either supplementary or alternative, embodiment the location of a transaction party may be estimated utilizing the location data indicative of the loca-tion of a terminal device or other entity utilized in the transaction and/or associated (e.g. according to available records) with the party, for instance. Generally, the loca-tion data may include an indication of least one element selected from the group consisting of: location of a terminal device used in the transaction and/or associated with a transaction party, location of a corresponding base station or wireless access point, cell-ID of the base station (BS), IP geolocation of the terminal device, IP geo-location of the wireless access point, satellite positioning -based location of the terminal device, GPS-based (Global Positioning System) location of tile terminal device, GLONASS-based (Global Navigation Satellite System) location of the ter-minal device, location of a used payment terminal, location of a used credit card terminal, and location of a used ATM (automatic teller machine).

In a further, either supplementary or alternative, embodiment the arrangement is configured to utilize time of day information for deternilning the risk score. Prede-termined time(s) of day, e.g. certain hours, may be considered of lower or higher risk than the rest. For instance, night time may be considered to involve higher risk than day time from the standpoint of analyzed transactions. Similar temporal judg- ment may be based on e.g. weekday basis. For example, weekend may be consid-ered as more risky than weekdays in sonic contexts. Time of day -based risk score alteration logic may optionally be adaptive and utilize statistical temporal analysis of feedback information for the adaptation. iS

Still, in a further, either supplementary or alternative, embodiment the arrangement is configured to utilize e-mail characteristics relating to a party of a transaction (e.g. buyer and/or seller) for determining the risk score according to predetermined logic.

For example, the e-mail address itself may be subjected to analysis. E.g. addresses containing several numbers and/or certain predetermined strings may elevate the risk score according to predetermined scheme. Lilcewise, addresses under certain predetermined domains may be considered risky. For example, addresses or do- mains associated with spamming may be considered as such. Even the age of an e- mail address may be converted into a risk elevating or lowering (or neutral) charac-teristic. For example, increase in the age may lower the risk factor. E-mail servers may be queried for the ages of the associated addresses.

Yet in a further, either supplementary or alternative, embodiment the indicated name or other identity information regarding a party of the transaction may be uti- lized for deternliliilig tile risk score. In sonic embodiments, the name may be ob-tained by extracting it from an e-mail address, available buyer, vendor or subscriber information, etc. For example, the name may be compared with available naming rules or standards associated with the country of the concerned person to find suspi- cious deviation from the naming culture considered as normal' according to prede-termined rules.

In a further, either supplementary or alternative, embodiment some (social media) data is utilized for determining the risk score. For example, data available through social media services, e.g. predetermined internet forums, weblogs, social blogs, microblogging, wilds, social networks, or podcasts, and associated with a transac- tion party (e.g. based on persona] name), may be analyzed by means of natural lan-guage processing such as sentiment an&ysis, for example, and apphed in adapting the estimated risk. Additionally or alternatively, more explicit, e.g. good' or bad' (or thumb up'/'thumb down'), type qualitative data may be received potentially omitting the need for subsequent complicated natural language processing. If a party has received considerable amount of negative feedback or negative comments ac-cording to the analysis logic, the risk may be raised by the ogic and vice versa, for instance.

In a further, either supplementary or alternative, embodiment an entity such as a person, credit card, mobile terminal, etc. may be associated with a number of trusted areas, whereupon transaction associated with such areas (e.g. initiated from within such area according to available location data) and with such entity may be consid-ered of having lower risk than the other areas.

th a further, either supplementary or alternative, embodiment the arrangement is configured to monitor the proximity between the location of the transaction and re-lated reference instrument or token, such as mobile terminal beforehand known to be associated with the indicated (assumed) party of the transaction. For example, if ATM cash withdrawal is detected at a known location, the indicated location of the mobile terminal associated with the assumed party may be compared therewith for determining the proximity. If the proximity is larger than a predetermined threshold, e.g. the cell being too far away from the ATM, the estimated risk associated with the transaction may be elevated by the arrangement.

In a further, either supplementary or alternative, embodiment the arrangement is configured to apply a number of velocity rules in determining the risk score. For cx- ample, velocity of use and/or velocity of change may be monitored relative to prede- termined elements such as person name, e-mail address, credit card number or ser-vice account identifier/number.

In a further, either supplementary or alternative, embodiment the arrangement is configured to subject transaction data to speed analysis. For example, if an element is detected at two locations at different times, speed required to proceed from the first location to the subsequent detected location may be calculated based on the temporal and positional information. A threshold value may be determined for the speed, whereupon exceedthg the threshold iriay convert into an elevated risk score.

For example, first transaction taken place at the first location and potential or initi-ated second transaction associated with the second location and having an element common with the first transaction so that the two may be conceptu&ly linked in tile first piace (e.g. same credit card number indicated, same person name or user name indicated, etc.), may be analyzed in terms of speed as described above, and the risk score relating at least to the potential/already-initiated second transaction be revised accordingly.

In a further, either supplementary or aiternative, embodiment the arrangement is configured to analyze tail history for determining the risk score. For example, a monitored party's standard location-based movement path may be first determined for the transactions after which deviations large enough according to the utilized cri-teria from the path may be converted into elevated risk score.

hi a further, either supplementary or alternative, embodiment the arrangement is configured to determine the risk score when a parametric value of the transaction exceeds or is at least equal to a predetermined amount, e.g. in financial terms ex- ceeds 100 EUR by which it may be referred to the price of the sold product or ser-

vice, for example.

hi a further, either supplementary or alternative, embodiment the arrangement is configured to execute or trigger a mobile verification procedure for determining the risk score. In some embodiments, different verification procedure is applied for the transactions in connection with risk determination process depending at least on a predetennined parametric value of the transaction. For instance, Mobile ID -based verification may be utilized for transactions the financial value of which exceeds a predetermined threshold, and SMS (short message service) based verification for the rest.

In a further, either supplementary or aiternative, embodiment the arrangement is configured to utilize availabie super hub and hub information for determining the risk score. For example, a list of hub thcations may be estabhshed to indicate loca-tions that are typically associated with major change in monitored element such as location of the concerned party. Such location may include a hub or super hub' air- port such that a party detected thereat is associated with larger probability of show- ing up somewhere completely else next without fraudulent tone. Also the probabil- ity of making more (legitimate) transactions in a shorter time period may be consid-ered higher at such hub locations.

Therefore, detection of a party at such a predetermined special location may oosen or remove the fraud detection rules otherwise associated with e.g. speed, velocity, proximity and/or tail analysis according to predetermined logic.

hi a further, either supplementary or alternative, embodiment the arrangement is configured to &evate the risk score according to predetermined logic if connection associated with tile transaction is made via a proxy server.

In a further, either supplementary or alternative, embodiment, the arrangement is configured to utilize burn rate analysis for determining the risk score. For example, monitored recent burn rate of finds of an entity associated with the transaction, e.g. burn rate of finds or cash per month, is compared to long-time average, and if a substantial increase is noticed according to predetermined criterion, the risk score may be elevated.

In some embodiments e.g. a payment gateway or other payment/transaction control- ling or management entity may incorporate an embodiment of the present arrange-ment. In some other embodiments, such entity may be functionally connected to the arrangement to obtain indication of the location-based risk score optionally tuned by the teachings of various embodiments listed herein. The entity is configured to uti-lize the indication of the risk score to either authorize or reject the transaction.

In another aspect of the present invention, a method for facilitating fraud detection regarding digital transactions between a number of parties, such as a seiler and a buyer, comprising obtaining a location-based risk model based on received data indicative of detected frauds and their geographical iocations in connection with transactions, receiving information regarding a potential or aiready-initiated transaction, wherein the information comprises location data indicative of a location associated with the transaction, determining a location-based risk score for the transaction on the basis of the model and said information, providing an indication of the risk score for use as a criterion for decision-making upon the validity of the transaction, and receiving feedback regarding validity of said transaction potentially taken place and updatmg the model accordingly.

The considerations presented herein concerning the various embodiments of the ar- rangement may be flexibly applied to the embodiments of the method mutatis mu-tandis and vice versa, as being appreciated by a person skilled in the art.

The utility of the present invention arises from a plurality of issues depending on each particular embodiment thereof Generally, the invention boosts fraud detection and prevention in the context of digital transactions and enables enhanced manage-ment thereof Based on conducted statistical analysis, the location of the transaction has been found to greatly affect the risk score associated therewith, whereupon the suggested solution embeds location-based analysis in risk determination procedure optionally together with various other monitored data points. The analysis may be performed substantially in real-time fashion prior to or upon execution of the trans-action so that fraudulent activity may be detected at early phase and the execution of the transaction be cancelled or interrupted when too high risk score is conceived on the basis of the analysis results.

The exploited adaptive platform is self-learning (adaptive) and the location-based model may be updated based on the received information regarding confirmed fraudulent activity at different locations. For example, the risk score associated with each reference points in the model may be adjusted based on the number of frauds recorded nearby. The established, dynamically altered, model may also be exported for use by external entities such as insurance companies, credit card companies and police forces to optiniize their activities accordingly. Crime heat map(s) may be formed or generifily high (flow) risk areas be detected by estabhshing, maintaining and observing the model. Transaction parties such as individuals potentially having no transaction history may still be evaluated in tenns of the associated risk at least based on their location by the present invention. Further, history data may be ap- plied in risk determination so that risky customers' are detected and their transac-tions considered differently from the other ones during the risk assessment.

The proposed solution is applicable for determining tile risk of both technical and financial transactions such as fraudulent use of teclrnical resources (terminal, server, service, etc.) and fraudulent payments.

The expression "a number of' refers herein to any positive integer starting from one (1), e.g. one, two, or three.

The expression "a plurality of' refers herein to any positive integer starting from two (2), e.g. two, three, or four.

The tenn "digital transaction" refers to any transaction such as payment or other fi-nancial and/or technical transaction that may be executed or monitored utilizing electronic equipment over a conmunication network.

iS The term "risk score" refers herein to an indication of risk magnitude, or level', de- termined in accordance with predeterniined risk assessment logic. It may be numer- ic, follow a predetermined scale (e.g. 0-1 or 0-10), and comprise one or more con-stituents such as numbers.

Different embodiments of the present invention are disclosed in the dependent claims.

BRIEF DESCRIPTION OF THE RELATED DRAW1NGS

Next the present invention is described in more detail with reference to the append-ed drawings in which Fig. 1 illustrates the concept of an embodiment of the present invention.

Fig. 2 illustrates one embodiment of mobile tracking in connection with the present invention.

Fig. 3 delineates an embodiment of location-based risk score determination based on geometrically disposed reference points.

Fig. 4 illustrates different positioning options and r&ated fall-back' analytics.

Fig. S is a block diagram of an embodiment of the arrangement in accordance with the present invention.

Fig. 6 is a flow diagram of an embodiment of a method according to the present in-vention.

DETAILED DESCRIPTION OF THE EMBODIMENTS

Figure 1 illustrates, by way of example only, at 10 Ia the concept of an embodiment in accordance with the present invention. Arrangement 106, typical'y comprising a number of servers or other functionally connected computing elements 108 option- ally located in a cloud computing environment to enable dynamic and flexible re-source allocation, determines location-based risk scores (e.g. numeric indications) for transactions 114 planned or initiated between different entities 1 bA, 1 lOB, II 2C, such as natural persons and businesses (e.g. web store), via r&ated terminals II 2A, II 2B and other gear such as servers and connecting network infrastructure(s) 116, 118 by which both wired and wireless networks may be referred to. The ar-rangement 1 06 hosts (stores and/or maintains by updates etc.) the aforementioned location-based risk model. The connecting network(s) may include e.g. the Internet and/or various cellular networks such as the GSM (Global System for Mobile Cornmunications)/3G network(s). The utilized terminal devices may include mobile terminals 1 12A, desktop or laptop computers 1 12B, tablets, communications-enabled PDAs, etc. Various entities 1 lOB, 1 12B, I 12C associated with a transaction 114 iriay be obviously located in different areas, even countries or continents as be-ing also indicated in the figure.

The arrangement 106 may communicate with, be included in, or it may, in terms of hardware and/or functionality, overlap with a transaction management system or payment system 102, such as a gateway, that deals with the transactions. The system 102 may itself include a number of servers 104 and other elements. The arrange-ment 106 may provide location risk based information I 06B to the system 102 upon request, for example. It may further receive feedback I 06C regarding the validity of transactions from the system 102 or other entities.

At 101 b, a coarse, more hardware-oriented, sketch of the illustrated device's (pri-manly server(s) shown at 108, but basically applies also to terminals 1 12A-l l2C and servers 104) possible internals is provided by means of example only. The de- vice may comprise at least one processing element 124 such as one or more micro-processors, micro-controflers, DSP's (digital signal processor), programmable logic chips, etc. The processor 124 may be configured to execute the application code stored in a memory 120, which may imply processing instructions and other data relative to a number of application(s) associated with the present invention. The da-ta may incorporate e.g. an embodiment of the location-based risk model established by the arrangement. The model is preferably dynamic, i.e. it is also maintained (up- dated etc.) upon need after the initial establishment. The memory 120 may be divid-ed between one or more physical memory chips or other memory elements. In some embodiments, processing and memory elements may be integrated. The memory may further refer to and include other storage media such as a preferably de-tachable memory card, a floppy disc, a CD-ROM, or a fixed storage niediurn such as a hard drive. The memory 120 may be non-volatile, e.g. ROM, and/or volatile, e.g. RAM, by nature.

A local UI may be provided and comprise a display 122, and/or a connector to an external display or a data projector, and keyboard/keypad 126 or other apphcable control input means (e.g. touch screen or voice control input, or separate keys/buttons/knobs) configured so as to provide the user of the device with practi-cable data visualization and device control means. The UI may farther include one or more loudspeakers and associated circuitry for sound output. In addition, the de-vice comprises a data transfer interface 128 including e.g. a wireless transceiver (e.g. GSM, UMIS (Universal Mobile Teleconrnmuiications System), WLAN (Wire- less Local Area Network)) for control and/or data communications with other devic-es and/or network infrastructure(s), and/or a wired data comiectivity means (e.g. Ethernet or other wired network interface) for similar purposes. For example, trans-action related information may be received via the interface 128 and indications of risk scores sent via the interface 128. It is clear to a skilled person that the device may in practice comprise numerous further functional and/or structural elements for providing various beneficial communication, processing, storage or other features, whereupon this disclosure is not to be construed as limiting the presence of potential additional elements in any manner.

Reverting to the foregoing, software functionalities for instructing the underlynig hardware to carry out the various procedures suggested herein may be implemented as one or more software applications executed by the processing element 124. Such coniputer software (product) may be thus provided on a carrier medium such as a memory card, a memory stick, an optical disc (e.g. CD-ROM, DVD, Blu-ray TM), or sonic other memory carrier.

Fig. 2 illustrates at 200 one embodiment of mobile (location) tracking in connection with the present invention. The arrangement is herein configured to utilize mobile identity verification or validation procedure to detect fraudulent activity such as copying and fraudulent identification.

hi the suggested procedure, a mobile application such as a native application run- ning in a terminal 212 may be configured to comiect to a remote service 214 execut-ed or operated by an embodiment of the arrangenient according to present invention and send message(s) 202 including one-time secret (e.g. string), location infor- niation, and identity information thereto, whereupon the service 214 pTovides mes- sage(s) 204 with new random secret back to be stored by the mobile application, re- placing the previous secret. When the mobile device 212, after movement 206, con- nects to the service 214 from a new location and sends 208 the current secret, loca-tion and identity information, the service 214 analyzes whether the movement by the same mobile device 212 taken place between the indicated locations was Hkely (e.g. within realistic movement range) according to predetennined criterion and again provides 210 a new secret for replacing the current one in future connection requests, provided that the criterion is met. Yet, the service 214 may determine whether the secret was valid and track multiple uses thereof to detect, through both the analysis of the secret and movement data, whether identity fraud is likely. The service 214 may transmit e.g. a pin code request to the mobile device in case identi-ty fraud is suspected based on e.g. multiple connections from mobile devices using the same secret optionally from different locations.

Naturally, a skilled person may construct variations of the explicitly indicated em-bodiment to better suit each particular use scenario when needed. For instance, the location of the mobile device 212 may be provided by a third party such as network operator instead of mobile application depending on the positioning technologies applicable and available in the use scenario.

Yet generally, in various embodiments of the present invention, the location used to determine the risk score is typically the estimated location of at least one transaction party, such as transaction initiator, or of related element or entity, such as one's terminal device, used payment terminal, active wireless access point or base station, etc. In some embodiments, the ocation data may refer to e.g. a shipping address or other party-(self-)indicated location data. Such data may be converted into coordinates or sonic other desired location data format when necessary to enable location-based risk score determination on the basis of the model supporting the format. The loca-tion estimation may refer to technical, preferably automatized, positioning utilizing one or more applicable techniques as mentioned herein, e.g. satellite positioning and wireless access point/cell ID -based positioning.

Fig. 3 represents, at 300, an embodiment of location-based risk score determination utilizing a plurality of geometrically symmetrically (evenly) disposed reference points, or a grid of reference points, in the model. The constructed model may gen- erally be p&ygonal, for example, and thus incorporate polygons with related verti-cc s.

Regarding the geographical scope of the model, it may be global or cover only pre-determined area(s) or region(s) of the Earth. Optionally, the arrangement may be configured to utilize multi-resolution approach in the modeL For instance, areas with more transactions per monitored time window may be modeled with finer reso-lution (e.g. greater number/thicker grid of reference points) and areas with lesser amount of activity with correspondingly coarser resolution according to predeter- mined logic. Additionally or alternatively, different models may be utilized for dif- ferent regions. The model(s) may be 2-dimensional, i.e. surface models' with de-sired spatial resolution, but alternatively 3-dimensional model could be applied. For example, Cartesian coordinates or longitude/latitude -based coordinates such as GPS coordinates (e.g. W0S84) may be utilized.

In the model(s), a plurality of geographic reference points 304 may be allocated e.g. symmetrically (e.g. with at least locally constant mutual separation and other con-figuxation or geometry to form) and associated with risk scores that are a) utilized to calculate the risk score relating to locations 308 in between the reference points and b) updated in response to the received data indicative of legitimate transactions and/or detected frauds and their locations. Such data in b' may refer to data gener-ally received regarding transactions (and their locations) and data concerning those specific transactions for which risk score has already been determined by the sug-gested arrangement itself, whereby such data is classifiable as feedback information regarding the previously considered transaction. Data regarding both legitimate and fraudulent transactions taken place may be utilized to update the model.

As hinted above, the reference points 304 may be located so as to span a more lim- ited area 302 or e.g. globally the whole surface, or at least considerable surface por-tion(s), of the Earth (including land and/or sea) to fonn a grid of desired shape and other configuration. In the shown case, the reference points 304 are each associated with a characterizing risk score, whereupon they are exploited three at a time (notice the triangles 306, or generally basic reference areas' (overall area building blocks), into which the reference points are considered to divide the overall area) for calcu-lating the risk score relating to a desired location 308 such as a location of a party to a transaction as indicated by the associated terminal device, active cell, or access point. The target location 308 is first associated with a corresponding reference tn-angle, such as isosc&es or equilateral triangular area, or generally reference area, 306 after which the risk scores REEl, REF2, REF3 of the related nearest reference points 304 (triangle edges in the visualized example) are utilized to determine the risk directly relating to the target location 308 preferably by means of a suitable in-terpolation method.

One option is to calculate arithmetic mean of the reference point -associated risk scores REFI, REF2, REF3. In a bit more sophisticated solution, the risk may de- pend on the distance of the desired location from the nearest reference points ac- cording to predetermined geometric formula such as weighted average. For exam-ple, inverse distance weighting may be applied. In other words, an increase in the distance between the indicated location and reference point x reduces the weight factor wx of the risk score REFx associated with reference point x, i.e. the overall risk associated with an indicated location could be determined on the basis of e.g. closest till-ce reference points 1-3 by sunmiation wl*REFi + w2*REF2 + w3*REF3, wherein the weight factors wl-w3 advantageously sum up to one.

During model maintenance such as update procedures, data indicative of executed transactions, their (indicated) locations and validity (legitimate vs. fraudulent), may be mapped into respective reference points and their risk scores, In some embodi-ments, only the closest reference points (e.g. the ones defining the reference area in which the indicated thcation resides) may be updated while in some other embodi-ment, greater number of reference points around the indicated location are updated in terms of the risk scores. For example, distance-based weighting may again be uti-lized to determine the level of updating such that reference points (i.e. risk scores) located farther away from the indicated location are affected less from the feedback than the near-by points.

In cases where the resolution of the obtained location estimate of a target entity is coarser than the actual resolution of the model, predetennined logic may be applied to determine the risk score. For example, the average of the risk scores of the refer-ence points of the model falling within the area as determined by the coarse location estimate may be calculated. Similar aggregate approach may be utilized for updating the model in cases where the reference or feedback data indicative of already-executed transactions is of coarse(r) spatial resolution concerning the location of transaction.

Initially, when a location-based risk model is established, each location-linked ref-erence point 304 may be assigned a predetennined risk score that is updated based on obtained feedback and other reference data. For example, valid, legitimate trans-actions occurring at the neighborhood, e.g. within the (triangular) reference area, may trigger lowering the risk score associated with the reference point whereas fraudulent transactions increase the risk.

In various embodiments of the present invention, the feedback regarding the validity or fraudulence of a transaction taken place, may be received from the system 102 (see Fig. 1) or some other entity such as credit card company, police, etc. receiving and forwarding notices of, or noticing, confirmed fraudulent activity. Such notice may also originate from the loss sufferer' such as the legitimate owner of the credit card exploited.

Fig. 4 illustrates, at 400, different applicable positioning options and related fall-back' analytics applicable in connection with various embodiments of the present invention.

When satellite positioning based data 402 such as OPS or GLONASS data is availa-ble, such data indicates the position of the target (e.g. transaction party) with rather high accuracy, typically the positioning error being less than about ten meters.

Alternatively or additionally, wireless computer network such as Wi-Fi based posi- tioning 404 may be applied, by which both positioning data by Wi-H based posi- tioning system (WPS) and/or location of the used Wi-Fi access points may be uti-lized. The obtained accuracy may be in the order of magnitude of about 15 meters, for instance.

Alternatively or additionally, Cell ID based positioning data 406 may be applied, where the accuracy may vary from few tens of meters to few hundred meters in typ-ical cases.

IP-based positioning technologies 410, i.e. IP geolocation, may be likewise applied, but the obtainable accuracy may often remain relatively modest if compared to other technologies, e.g. about 15 kilometers.

Naturally the available positioning technologies may be utilized in combination such as Wi-h and Cell ID as indicated at 408. Deficient coverage of one technology may be compensated by the other, or the positioning resifits of multiple technologies may be combined to yield enhanced accuracy exceeding the accuracy of any stand-alone positioning technique.

Besides mobile terminals, also static devices, or generally entities, may be posi-tioned using the available technological solutions. E.g. payment terminals or ATMs are practically always linked to certain location and e.g. related address information that may be automatically delivered upon transaction to the arrangement of the pre- sent invention for exploitation. Also mobile payment terminals usually contain wire-less means such as a communication modem that enables positioning the ternilnal.

Fig. 5 is a high-level block diagram of an embodiment of the arrangement in ac-cordance with the present invention.

The arrangement 500 may comprise a main control logic block 502 that triggers dif-ferent analysis blocks to conduct various risk related analysis in order to determine the location-based risk score associated with a transaction the other details of which it may receive from an external entity such as a payment management system.

Thereby, main logic 502 also preferably communicates with external entities (I/O) via appropriate communication interfaces (not shown). The arrangement may in-corporate or be at least functionally connected to a number of databases and other resources including e.g. location-based risk model 510.

The fomiula to provide the location-based risk score may coniprise one or a plurali- ty of variables at least one of which is preferably based on the risk indication pro-vided by the location-based model. Further variables to be taken into account may be based on burn rate analysis (or check') 504A, velocity analysis 504B, speed analysis 504C, hub analysis 504D, tail analysis 504E, e-mail analysis 504F, name (or generally identifier) analysis 504G, time (of day) analysis 504H, proxiniity analysis 5041, trusted areas 504K, social media analysis 504L, mobile verification procedure 504M (refer also to Fig. 2), and/or (party or entity) history 504N.

The fonnula(e) (or overall aggregate' model) itself may be selected and/or deter- mined, e.g. through predetermined training procedure(s), based on available statisti-cal data on transactions and related parameters, optionally use scenario specifically.

It may be e.g. a regressive formula with multiple variables and related parameters. It may be dynamically updated based on recent statistics and aforementioned feed-back. Instead or in addition to an aggregate' model, a number of parall& analysis actions or checks' may be performed to detennine whether tile transaction under scrutiny passes such checks, either each of them separateiy or according to a com-mon decision-making logic. Each check (outcome) or combination of predetermined checks iriay be associated with a certain risk score or change of risk score.

For example, a new entity, e.g. a party of the transaction to be anaiyzed, may be first allocated with a defauit risk (or converseiy trust) score that is to be updated based on transaction details (e.g. outcome of aforesaid paraliel analysis phases or checks', such as location-based analysis, and/or personal transaction history such as payment history to obtain the risk score for the transaction. A passed check may lower the risk and failed one increase it. Then the final decision whether to accept or deny the transaction may be based on the final aggregate score with optional far-ther conditions (e.g. potentially certain analysis action(s) or check(s)' should be always passed to allow the overall transaction to proceed, etc.).

The arrangement 500 may be configured to store user data or generally entity data' such as name, address, e-mail address, phone number, mobile device and/or smart card details (e.g. IMEI (International Mobile Equipment Identity) or other device- specific code, SIM (Subscriber Identity Module) or other smart card ID, etc.), one-time secret data, PiN (Personal Identification Number) or other (more) permanent code, risk data and/or credit card information. Such data may be utilized in coirnec-tion with transaction-related risk score determination and/or overall payment or transaction management. For exampie, upon detecting suspicious aspects relative to an initiated transaction according to predetermined criterion, the mobile verification procedure 504M may be at least partially executed (e.g. at least the P[N code verifi-cation phase) relative to the indicated transaction party's terminal device.

As ailuded above, a transaction party such as a naturai person, or user', may be temporally tracked (based on e.g. name, e-mail, or cell phone/smart card id) so that his/her payment history affects the risk determination, i.e. the legitima-cy/fraudulence of previous transactions associated with him/her affects the current risk score according to predetermined logic 504N. It allows operators to personalize the risk scores for each individual consumer, for example. Transaction history may affect e.g. the base risk score that is dynamically updated and obtained from the user records upon a new transaction to be used as a basis or at least one factor for the transaction-specific risk determination. The personalized base risk may be then used in the overall decision making logic, which will ultimately either approve or decline the transaction. A number of whitelists, greylists, andior blacklists each identiIing a number of transaction parties or related entities may be formed based on history data and utilized in connection with transaction risk assessment.

A transaction typically involves two or more parties, whereupon the utilized logic for determining the effect of transaction parties in the risk preferably takes into ac-count several or all of the parties, such as a private person as a buyer and web shop as a seller. Obviously, certain legal persons such as c-commerce sites may be asso-ciated with higher risk of fraudulent transactions than some other sites (because of the nature of the associated products or services, for instance), whereupon not just a private buyer, or individual', but also the vendor could be evaluated during the transaction risk determination.

Fig. 6 is a flow diagram of an embodiment of a method according to the present in- vention for fraud detection regarding digital transactions between a number of par-ties, such as a seller and a buyer.

At method start-up 602, the utilized hardware such as an embodiment of aforemen-tioned arrangement in accordance with present invention is obtained and configured.

For example, software for implementing the desired functionalities may be installed, configured and executed. Access to external data repositories and sources may be established.

At 604, a location-based risk model based on the available data indicative of detect- ed frauds and their geographical locations in connection with transactions is estab- lished for subsequent maintenance actions (updates etc.) when further data regard-ing transactions and their locations is received. Also data indicative of legitimate transactions and their locations may be obtained to update the model as described hereinbefore.

At 606, information regarding a potential or already-initiated transaction, wherein the information comprises at least location data indicative of a location associated with the transaction, is received. Such information may be received from a related web store or other entity being involved in the transaction e.g. as a party or broker thereof Further, the information may identify transaction parties, the nature of the transaction, payment details, utilized terminals and network infrastructure(s), etc. At 608, a location-based risk score is determined on the basis of the model and the received information.

At 610, an indication of the risk score for use as a criterion for decision-making up-on the validity of the transaction is provided to a target entity such as transaction or payment management entity. In case such entity is integrated with the arrangement, the arrangement may be further configured to utilize the risk score in authorizing or rejecting, and optionafly performing', the transaction 611. An alarm signal may al- so be sent to a predeteniiined recipient such as authorities or e.g. a credit card com-pany, when applicable, to inform the recipient about potentially fraudulent activity detected.

At 612, feedback regarding the validity of the transaction (legitimate vs. fraudulent) taken place is received from available information sources such as credit card com-panies, banks, transaction management or payment systems, merchants, etc. and the model is updated accordingly, wherein legitimate transaction may be converted at 604 into a decrease of risk associated with the corresponding reference point(s) of the model, whereas a transaction turned out fraudulent frirther increases the risk score. If the transaction is never allowed and executed due to high associated risk determined beforehand, such feedback is naturally not available. However, even in that case, some feedback may later become available if e.g. declined transaction turns out valid based on e.g. received legitimate complaints by the transaction party or parties to the transaction management system about the rejected transaction.

Based on the feedback, also the risk history data such as the aforementioned base risk score associated with a transaction party may be updated according to prede-termined logic (executed legitimate transactions associated with the party typically lowering the risk and vice versa).

At 614, the method execution is ended.

The dotted thop-back arrow indicates the repetitive nature of the various method items, i.e. emerging transactions are evaluated upon need and the model is prefera- bly updated when new data (general statistics or specific feedback) becomes availa-ble.

A skilled person may, on the basis of this disclosure and general knowledge, apply the provided teachings in order to implement the scope of the present invention as defined by the appended claims iii each particular use case with necessary modifica- tions, deletions, and additions, if any. Different features of the embodiments de- scribed hereinbefore may be flexibly utilized and combined to construct new em-bodirnents as understood by tile skilled person. For instance, various princip'es set forth herein regarding mod& estabiishment, maintenance (updates) and utilization could be extended to activities and transactions beyond digital transactions as long as necessary information could be extracted therefrom and electronically provided to the arrangement of the invention for analysis.

Claims

Claims 1. Electronic server arrangement (106, bIb, 214, 500) for fraud detection re-garding digital transactions (114) between a number of parties (1 lOB, I 12C), such as a seller and a buyer, comprising a processing entity (124) and a memory entity (120) for processing and stoung data, respectively, and a data transfer entity (128) for receiving and transmitting data, the arrangement being configured to host a loca-tion-based risk model (300, 510) based on data indicative of detected frauds and their geographical locations in connection with transactions, the arrangement being further configured to receive information regarding a potential or already-initiated transaction (114), wherein the information comprises location data indicative of a location (308, 400) associated with the transaction, preferably estimated location of a transaction party (11OB, 112B), determine a location-based risk score (504J) for the transaction on the basis of the model (300, 510) and said received information, provide an indication (106B) of the risk score for use as a criterion for decision-making upon the validity of the transaction (114), and receive feedback (1 06C) regardthg the validity of the transaction (114) and update the model (300) accordingly.
2. The ai-rangenient of claim 1, wherein the location-based risk model (300, 510) contains a plurality of reference points (304) each associated with a characterizing risk score (REF1, REF2, REF3).
3. The arrangement of claim 2, configured to select a sub-set of the reference points (304) on the basis of the location data and utilize the risk scores (REFI, REF2, REF3) of the reference points of the sub-set in determining the location-based risk score.
4. The arrangement of claim 3, configured to determine a weighted average of the risk scores of the reference points in the sub-set, wherein the reference point -specific weights are dependent on the distance from the indicated location.
5. The arrangement of claim 4, configured to apply inverse distant weighting.
6. The arrangement of any preceding claim, wherein the location data includes an indication of least one element selected from the group consisting of: location of a terminal device (1 12A, 1 12B) used in tile transaction, iocation of a terminal device (112A, 112B) associated with a party of the transaction, iocation of a base station or wireless access point (118) used by a terminal device (112A, 112B) used in the transaction or associated with the transaction party, cell-ID of the base station, IF geolocation of the terminal device, IP geolocation of the wir&ess access point (118), satellite positioning -based location of the terminal device (I 12A, 11211), GPS-based (Global Positioning System) location of the terminal device (1 i2A, I 12B), GLONASS-based (Global Navigation Satellite System) location of the terminal de-vice (11 2A, 11211), location of a used payment terminal, location of a used credit card terminal, and location of a used ATM (automatic teller machine).
7. The arrangement of any preceding claim, configured to determine the risk score further based on the time of day of at least one location associated with the transaction according to predetermined logic (504H).
8. The arrangement of any preceding claim, configured to determine the risk score further based on e-mail characteristics relating to a party of the transaction, said characteristics including the e-mail address of the party (504F).
9. The arrangement of any preceding claim, configured to determine the risk score further based on the indication of name of a party to the transaction (5046).
10. The arrangement of any preceding claim, configured to determine the risk score further based on social media data on a party of the transaction received from a number of social media services, wherein the received data is optionally subjected to sentiment analysis for extracting qualitative information therefrom (504L).
11. The arrangement of any preceding claim, configured to determine the risk score further based on assessing whether a party or other entity associated with the transaction is located, according to the location data, in a predetermined trusted area or not (504K).
12. The arrangement of any preceding claim, configured to determine the risk score further based on assessing proximity between the location associated with the transaction and a reference instrument or token, optionally mobile terminal associat-ed with a party of the transaction (5041).
13. The arrangement of any preceding claim, configured to deteniiine the risk score further based on at least one technique targeted to an entity associated with the transaction and selected from the group consisting of: velocity nile (504B), ve-locity of use (504B), velocity of change (504B), burn rate analysis (504A), speed analysis (504C), and movement path analysis (504E).
14. The arrangement of any preceding claim, configured to determine the risk score further based on hub detection, where in case a party of a transaction is esti-mated to be located in one of a plurality of predetermined hub locations, such as predetermined airports or other predetermined traffic terminals, predetermined fraud analysis rules are loosened according to predetermined logic such that more devia- tion from predetermined standard activity reflecting legitimate transactions is toler-ated prior to classifying such transaction fraudulent (504D).
15. The arrangement of any preceding claim, configured to determine the risk score further based on indication of a connection associated with the transaction made via a proxy server, in which case the arrangement is configured to elevate the risk score according to predetermined ogic.
16. The arrangement of any preceding claim, configured to determine the risk score thrther based on a mobile tracking procedure (200), in which the arrangement is configured to transmit a one-time secret (204) to mobile application running in a mobile terminal (212) at a first location, to subsequently receive (208), in coirnec- tion with the transaction, the one-time secret from the mobile application and loca-tion data indicative of the location of the executing terminal, to determine whether the movement (206) as indicated by the first and second locations while considering also the temporal difference between the provision instances of secrets (202, 208) satisfies a number of predetermined criteria, and if this is the case, to transmit a new one-time secret (210) to the mobile ternñnal at the second location, otherwise classi-ing the transaction as fraudulent or at least increasing the risk score.
17. The arrangement of any preceding claim, wherein the model is a multi-resolution model, where a geographic area (302, 306) with more transactions is modeled with finer resolution than an area with fewer transactions.
18. A payment control system (102) comprising an arrangement of any preceding claim, configured to accept or reject the transaction on the basis of the indication of the risk score according to predetermined logic.
19. A method for facilitating fraud detection regarding digital transactions between a number of parties, optionally a seller and a buyer, to be performed by electronic arrangement comprising one or more at least thnctionally connected electronic de-vices, optionally servers, said method comprising obtaining a location-based risk model based on received data indicative of detected frauds and their geographical locations in connection with transactions (604), receiving information regarding a potential or already-initiated transaction, wherein the information comprises location data indicative of a location associated with the transaction (606), determining a thcation-based risk score for the transaction on the basis of the mode] and said information (608), providing an indication of the risk score for use as a criterion for decision-making upon the validity of the transaction (610), and receiving feedback regarding validity of said transaction potentially taken place and updating the mode] accordingly (612, 604).
20. A computer program, comprising code means adapted, when run on a comput-er device such as a server to execute the method items of claim 19.
21. A carrier medium comprising the computer program of claim 20.