This application claims priority to European patent application no. EP22386031.3, which was filed on May 23, 2022, and titled “SYSTEMS AND METHODS FOR DETECTING UNAUTHORIZED ONLINE TRANSACTIONS,” and the entirety of this application is incorporated herein.
Legitimate online transactions initiated by individuals using their own devices are difficult to distinguish from fraudulent transactions initiated by criminals with stolen financial accounts. Most financial and security organizations do not have an adequate viewpoint from which to clearly distinguish the two. Criminals employ a wide variety of methods to steal financial account details, such as credit card skimming, physical credit card or bank card theft, phishing and other untrustworthy websites, data breaches, online account credential theft, sim swapping attacks followed by account reset, etc. With these account details they can then easily initiate fraudulent online transactions.
When antivirus and security software is installed on a consumer's device, it provides a viewpoint from which legitimate online transactions can be observed. In particular, antivirus and security software products provide visibility into web traffic. For example, such products may include browser extensions that analyze websites visited and detect viruses, spyware, malware, or other online threats. As another example, such products may include an iOS security product which registers as a VPN. However, such products provide no visibility into fraudulent transactions that are not initiated on protected devices.
On the other hand, systems and services that monitor for identity theft, the use of personal information, and credit score changes can monitor all of a user's financial transactions, but cannot readily distinguish between transactions that occurred on an account owner's device and a criminal's device.
The present disclosure, therefore, identifies and addresses a need for systems and methods for detecting unauthorized online transactions.
As will be described in greater detail below, the present disclosure describes various systems and methods for detecting unauthorized online transactions.
In one example, a method for detecting unauthorized online transactions may include correlating, by at least one processor, one or more reported financial activities to one or more online financial activities tracked in network telemetry on one or more authorized devices. The method may additionally include identifying, by the at least one processor based on the correlation, at least one of the reported financial activities that was initiated by an unauthorized device. The method may also include performing, by the at least one processor, a security action in response to the identification.
In some implementations of the method, the one or more reported financial activities may correspond to one or more card-not-present financial transactions of an account. Also, the one or more online financial activities may correspond to one or more web-based financial transactions tracked in network telemetry on at least one of the authorized devices. Such authorized devices may be authorized to perform online purchases using the account.
In some implementations of the method, the one or more reported financial activities may correspond to one or more new accounts appearing on a credit report of a user. Also, the one or more online financial activities may correspond to one or more account opening activities tracked in network telemetry on at least one of the authorized devices. Such authorized devices may be authorized to open new accounts on behalf of the user.
In some implementations of the method, the method may further include tracking the one or more online financial activities on at least one of the authorized devices that is authorized to perform the online financial activities.
In some implementations of the method, the method may further include identifying the one or more reported financial activities.
In some implementations of the method, the method may further include filtering, from the one or more reported financial activities, at least one of automated recurring transactions or transactions that do not correspond to card-not-present transactions.
In some implementations of the method, performing the security action may include at least one of issuing an alert or taking a preventative action. In some of these implementations of the method, issuing the alert may include at least one of generating an alert in response to the identifying or issuing a potential fraud alert generated based on a fraud detection analysis of the one or more reported financial activities. Additional or alternatively, taking the preventative action may include at least one of placing a hold on an account or performing an automated credit freeze.
In one embodiment, a system for detecting unauthorized online transactions may include at least one physical processor and physical memory that includes computer-executable instructions that, when executed by the physical processor, cause the physical processor to correlate one or more reported financial activities to one or more online financial activities tracked in network telemetry on one or more authorized devices. The instructions may additionally cause the physical processor to identify, based on the correlation, at least one of the reported financial activities that was initiated by an unauthorized device. The instructions may additionally cause the physical processor to perform a security action in response to the identification.
In some examples, the above-described method may be encoded as computer-readable instructions on a non-transitory computer-readable medium. For example, a computer-readable medium may include one or more computer-executable instructions that, when executed by at least one processor of a computing device, may cause the computing device to correlate one or more reported financial activities to one or more online financial activities tracked in network telemetry on one or more authorized devices. The instructions may additionally cause the computing device to identify, based on the correlation, at least one of the reported financial activities that was initiated by an unauthorized device. The instructions may further cause the computing device to perform a security action in response to the identification.
Features from any of the embodiments described herein may be used in combination with one another in accordance with the general principles described herein. These and other embodiments, features, and advantages will be more fully understood upon reading the following detailed description in conjunction with the accompanying drawings and claims.
The accompanying drawings illustrate a number of example embodiments and are a part of the specification. Together with the following description, these drawings demonstrate and explain various principles of the present disclosure.
Throughout the drawings, identical reference characters and descriptions indicate similar, but not necessarily identical, elements. While the example embodiments described herein are susceptible to various modifications and alternative forms, specific embodiments have been shown by way of example in the drawings and will be described in detail herein. However, the example embodiments described herein are not intended to be limited to the particular forms disclosed. Rather, the present disclosure covers all modifications, equivalents, and alternatives falling within the scope of the appended claims.
The present disclosure is generally directed to systems and methods for detecting unauthorized online transactions. As will be explained in greater detail below, by correlating reported financial activities to online financial activities tracked in network telemetry on authorized devices, reported financial activities initiated by unauthorized devices may be identified. The proposed systems and methods may respond to these identifications by performing security actions.
In addition, the systems and methods described herein may improve the functioning of a computing device by enabling the computing device to detect unauthorized online transactions and take measures to protect users. The improved detection may be a more rapid detection and/or a more accurate detection. Security actions may allow for rapid and/or automated alerts, fraud confirmations, account locks, charge reversals, and/or credit freezes. Some embodiments further allow improved user control of automated security measures by expressing user preferences on a basis that is specific to an account, device, and/or correlation type.
The following will provide, with reference to
In certain embodiments, one or more of modules 102 in
As illustrated in
As illustrated in
As illustrated in
Example system 100 in
Computing device 202 generally represents any type or form of computing device capable of reading computer-executable instructions. For example, computing device 202 may be any computer that is capable of receiving and analyzing input data to produce output data according to the instructions. Additional examples of computing device 202 include, without limitation, laptops, tablets, desktops, servers, cellular phones, Personal Digital Assistants (PDAs), multimedia players, embedded systems, wearable devices (e.g., smart watches, smart glasses, etc.), smart vehicles, smart packaging (e.g., active or intelligent packaging), gaming consoles, so-called Internet-of-Things devices (e.g., smart appliances, etc.), variations or combinations of one or more of the same, and/or any other suitable computing device.
Server 206 generally represents any type or form of computing device that is capable of receiving and analyzing input data to produce output data according to the instructions. Additional examples of server 206 include, without limitation, security servers, application servers, web servers, storage servers, and/or database servers configured to run certain software applications and/or provide various security, web, storage, and/or database services. Although illustrated as a single entity in
Network 204 generally represents any medium or architecture capable of facilitating communication or data transfer. In one example, network 204 may facilitate communication between computing device 202 and server 206. In this example, network 204 may facilitate communication or data transfer using wireless and/or wired connections. Examples of network 204 include, without limitation, an intranet, a Wide Area Network (WAN), a Local Area Network (LAN), a Personal Area Network (PAN), the Internet, Power Line Communications (PLC), a cellular network (e.g., a Global System for Mobile Communications (GSM) network), portions of one or more of the same, variations or combinations of one or more of the same, and/or any other suitable network.
As illustrated in
The term “network telemetry,” as used herein, generally refers to collection of information from various data sources using a set of automated communication processes, transmitted to receiving equipment for analysis tasks. For example, and without limitation, network telemetry may include PFIX (NetFlow) records, VPC flow logs, packet mirroring, cloud IDS, and network forensics and telemetry blueprint.
The term “correlate,” as used herein, generally refers to creating a record that two things have a mutual relationship or connection, in which one thing affects or depends on the other. For example, and without limitation, a correlation may be a positive correlation, a negative correlation, or no correlation.
The term “reported financial activity,” as used herein, generally refers to a record of a financial transaction or new account appearing on an account statement or credit report. For example, and without limitation, reported financial activity may include a purchase, a payment, a money transfer, a deposit, an application for credit, and/or opening of a new account.
The term “authorized devices,” as used herein, generally refers to any computing device capable of running anti-virus and security software, browsing the internet, and performing financial transactions online. For example, and without limitation, authorized devices, may include desktop computers, laptops, tablets, and/or smartphones.
Correlation module 104 may perform the correlation in a variety of ways. For example, correlation module 104 may correlate one or more card-not-present financial transactions of an account to one or more web-based financial transactions tracked in network telemetry on one or more devices authorized to perform online purchases using the account. Alternatively or additionally, correlation module 104 may, as part of computing device 202 in
At step 304, one or more of the systems described herein may identify, by the at least one processor based on the correlation, at least one of the reported financial activities that was initiated by an unauthorized device. For example, identification module 106 may, as part of computing device 202 in
Identification module 106 may perform the identification in a variety of ways. For example, identification module 106 may filter, from the one or more reported financial activities, at least one of automated recurring transactions or transactions that do not correspond to card-not-present transactions. This filtering may be performed before and/or after the correlation at step 302. Additionally or alternatively, identification module 106 may identify reported financial activities as being initiated by an unauthorized device in response to those activities failing to correlate to any of the online financial activities. Additionally, identification module 106 may identify reported financial activities as being initiated by an unauthorized device in response to such activities that correlate to online financial activities but that violate user preferences for an associated account, an associated device, and/or an associated type of activity.
The term “filter,” as used herein, generally refers to application of one or more rule or logic to identify cases of data that should be included in an analysis. For example, and without limitation, a filter may look at results for a particular period of time, calculate results for particular groups of interest, exclude erroneous or “bad” observations from an analysis, and/or train and validate statistical models.
The term “user preferences,” as used herein, generally refers to configurable settings that can be customized for a particular user. For example, and without limitation, user preferences may be persistently stored settings, dynamically updated settings, specifically provided settings, and/or heuristically learned settings.
At step 306, one or more of the systems described herein may perform, by the at least one processor, a security action in response to the identification. For example, security action module 108 may, as part of computing device 202 in
The term “security action,” as used herein, generally refers to a computer output responsive to an input indicative of a security concern, taken as a security measure. For example, and without limitation, a security action may be an alert or a preventative action.
Security action module 108 may perform the security in a variety of ways. For example, security action module 108 may issue an alert or take a preventative action. Issuing the alert may include generating an alert in response to the identifying and/or issuing a potential fraud alert generated based on a fraud detection analysis of the one or more reported financial activities. Alternatively or additionally, taking the preventative action may include placing a hold on an account and/or performing an automated credit freeze.
The term “alert,” as used herein, generally refers to a message indicative of a security concern. For example, and without limitation, an alert may communicate the security concern in any suitable manner, such as voice call, text message, email, pop up in an application or browser, etc.
The term “preventative action,” as used herein, generally refers to a measure taken to remediate a security concern. For example, and without limitation, preventative actions may include account holds, charge reversals, and/or credit freezes.
The term “account hold,” as used herein, generally refers to a restriction on an account owner's ability to access funds in an account due to various reasons. For example, and without limitation, account holds may include temporary holds, balance holds, or check holds.
The term “credit freeze,” as used herein, generally refers to a security freeze that prevents prospective creditors from accessing a credit file. For example, and without limitation, credit freezes may include free credit freezes, credit locks, and fraud alerts.
Steps 302-306 may further include one or more additional activities. For example, when the disclosed systems and methods are implemented on the cloud, they may be carried out separately from the telemetry tracking and/or the identification or filtering of one or more reported financial activities. However, some realizations of the disclosed systems and methods may be implemented on board one or more authorized devices. In such cases, one or more of steps 302-306 may further include tracking the one or more online financial activities on at least one of the authorized devices that is authorized to perform the online financial activities. In alternative or additional realizations, the disclosed systems and methods may be implemented at a server and/or service of an entity that monitors for identity theft, the use of personal information, and credit score changes. In such implementations, one or more of steps 302-306 may further include identifying the one or more reported financial activities (e.g. filtering).
Financial transaction reports may also have a description for each transaction that typically includes domain names and is usually accompanied by detailed information about the merchant. Identifying online transactions among all of the not in-person transactions (i.e., card-not-present) may require some intelligence. In particular, the filters 404 may filter out recurring transactions (e.g., monthly utility bill payments), bank transfers, payments via checks, and over-the-phone payments. These transactions, while not physical, are unlikely to appear in the user's web traffic. Most of these transactions that lack an online counterpart can be filtered out based on existing transaction category markers. However, detecting recurring transactions is more challenging. For instance, in the case of a home's electricity bill, users are likely to have set up an auto-payment plan that will not have a corresponding website visit. In this case, the system 400 may issue an alert for the first instance of a bill payment if not initiated from a trusted device, but then avoid issuing alerts for subsequent charges which are likely to occur automatically. To accomplish this behavior, a recurring charges detection procedure may be used to eliminate recurring transactions that happen on a periodic basis, as these charges are unlikely to correlate to website visits and are unlikely to be of interest. Reliability of this detection method may be increased by looking across users to identify merchants that routinely charge users on a recurrent basis.
An authorized device 408 may have a user profile 410 that records authorized accounts and user preferences 412 that may be collected by a user interface of antivirus and security software installed on authorized device 408. Authorized device 408 may also have a telemetry tracker 414 that tracks online financial activity 416 performed using the authorized device. For example, telemetry tracker 414 may be implemented as part of a browser extension and/or VPN of the antivirus and security software installed on authorized device 408.
Antivirus and security software installed on authorized device 408 (e.g., PCs and laptops) may contain network engines and web-browser extensions that enable the antivirus and security software to view web traffic. By monitoring website visits, and more specifically identifying instances in which customers are initiating financial transactions through the browser, the antivirus and security software may collect a list of visited websites, timestamps, and dollar amounts of any transactions conducted through those websites. Similarly, on iOS devices, the antivirus and security software may register as a VPN so that it can identify malicious traffic. This same service can provide insight into any domains visited through which financial transactions may have been processed, and associate these with timestamps. Antivirus and security software users may have a single antivirus and security software account with multiple licenses that they use to protect their trusted devices. The antivirus and security software may, thus, have a sense of which devices the user trusts, though users may be able to further designate which of these devices they trust to make purchases.
In an example, in order to differentiate a visit to Amazon.com and a purchase in Amazon.com, the antivirus and security software may examine the network requests that are triggered while browsing the website. A first step may be to use telemetry to understand which requests signal a buy. This operation may be accomplished using browser-based sources of telemetry to identify the requests that occur after a user inserts credit card information on a web form. With this knowledge, the antivirus and security software may create patterns of requests, related to purchases, that allow example system 400 to later determine when purchases are performed by examining network traffic even when the network traffic is collected without the extra visibility provided by a browser extension (e.g., interception of traffic on an iOS device).
Example system 400 may receive and store account activity 418 and 420 from telemetry tracker 414. Example system 400 may also receive and store account preferences 422 and 424 from user profile 410. A correlator 426 of example system 400 may further receive and process filter results 406 to produce correlation results 428-432. The correlation procedure may be carried out, for example, by matching merchant information of filter results 406 to domain names of account activity 418 and 420. Additionally or alternatively, the correlation may be carried out using fuzzy matching between online transactions on authorized devices and reported financial transactions occurring in a similar time period.
Correlation results 428-432 may involve one or more attributes, such as time of the web site purchase of account activity 418 and 420 observed by telemetry tracker 414 matched with time of a reported financial transaction of filter results 406. Another attribute of correlation results 428-432 may include a domain name, title, and/or level-1 headers matched with a description and merchant details of a reported financial transaction of filter results 406. Yet another attribute of correlation results 428-432 may include a financial account used for a website purchase of account activity 418 and 420 observed by telemetry tracker 414 matched with a financial account associated with the reported financial transaction of filter results 406. A further attribute of correlation results 428-432 may include a description of a product and/or service associated with a web site purchase of account activity 418 and 420 observed by telemetry tracker 414 matched with a description of a reported financial transaction of filter results 406. The fuzzy matching technique may be made more tractable by relying on correlations between multiple users who are making similar transactions on popular sites, which enables detection of common patterns and elimination of spurious correlations.
In the example of
Identifier and security action module 434 of example system 400 may receive correlation results 428-432 and act on these correlation results in accordance with various predetermined rules and/or preferences 422 and 424. For example, a predetermined rule may identify all uncorrelated activity, such as correlation results 430 and 432, as transactions initiated using an unauthorized device, and security actions 436 (e.g., alerts, account holds, and/or credit freezes) may be enacted based on predetermined rules and/or preferences 422 and/or 424. Alternatively or additionally, identification of the authorized activity may not occur if preferences 422 and/or 424 indicate that certain types of transactions (e.g., from a particular merchant and/or below a certain amount) should not be identified, or that no security action should be taken in response to such an identification. In another example, an account preference 422 specific to the first account may be applied in identifying a correlated activity as unauthorized based on one or more characteristics of the transaction (e.g., from a disallowed merchant and/or above a certain amount).
Use of account preferences 422 and 424 that are account-specific allows customers to customize behavior of example system 400 to accommodate customer preferences regarding various situations. For example, a customer may not have the antivirus and security software installed on all devices that the customer uses to make purchases using one or more of the accounts. Such a situation may occur if the customer has too many devices and not enough licenses and/or if the customer using an account on a device (e.g., a gaming console or a device of an employer of the customer) on which the customer is not authorized to install the antivirus and security software. In such cases, the customer may specify account preferences 422 specific to the first account to avoid generating alerts for purchases made from one or more merchants and/or below a certain amount. Customer feedback in response to security actions 436 may also be employed to generate such preferences 422 (e.g., adding a merchant to a whitelist for the first account and/or recording a minimum purchase price for causing a security action to occur).
Use of device activity 522 and 524 and device preferences 532 and 534 that are device-specific and account-specific allows customers to customize behavior of example system 500 to accommodate customer preferences regarding various situations. For example, given a device-specific and account-specific correlation result 548, preferences 536 that are device-specific and account-specific may cause identifier and security action module 554 to respond to correlation result 548 in various ways. In a first example, a customer may specify that use of an account is restricted on one of the devices (e.g., parental controls that allow only certain types of transactions (e.g., vendor and/or amount) on an account authorized for use by a child's device). In another example, a customer may express preferences for security actions to be taken for uncorrelated account activity, and the specified preferences may be different when the customer provides them on a different device. In this situation, example system 500 may allow the user to designate a master device for which these preferences should take priority when there is a conflict. Alternatively or additionally, example system 500 may apply the most recently provided preferences of this type as updated preferences.
Potential fraud alerts 650 that are filtered out because they are in-person, non-recurring transactions may be handled in the ordinary manner by issuing a potential fraud alert to a customer and seeking confirmation of fraud. However, filter results 648, which may contain potential fraud alerts for card-not-present transactions that are not recurring, may be received by correlator 652. Correlator 652 may operate on the same or similar principles as correlator 546 or correlator 426 as previously described. However, correlation results 654-658 are for reported transactions that have already been detected as potentially fraudulent. Device preferences 632 and 634 may automatically confirm fraud in some cases, while alerts of transactions that correlate to device activity 620 and 622 tracked by authorized devices 608 and 610 may be eliminated. Advantageously, the customer may avoid being contacted about such fraud alerts and fraud confirmation may be achieved more rapidly, resulting in a more rapid response (e.g., account holds and/or credit freezes).
Correlator 752 may receive filter results 706 and produce correlation results 754-764 based on device activity 720 and 725. Examples of such results may include result 754, which corresponds to a potentially fraud alert correlated with activity 726 on a first account using second authorized device 710. Another example of such results may include result 756, which corresponds to an uncorrelated potential fraud alert on the first account. Another example of such results may include result 758, which corresponds to reported financial activity correlated with activity on the first account using first authorized device 708. Another example of such results may include result 760, which corresponds to an uncorrelated reported financial activity on the first account. Another example of such results may include result 762, which corresponds to an uncorrelated newly opened account. Another example of such results may include result 764, which corresponds to an uncorrelated potential fraud alert regarding a newly opened account.
Identifier and security action module 766 may, for results 758-762, perform the identification and take security actions using preferences 740 that are device-specific and account-specific as previously described with reference to example system 500. Identifier and security action module 766 may, for results 754, 756, and 764, perform the identification and take security actions using a different set of preferences 742 for potential fraud alerts, and these preferences may also be device-specific and account-specific as previously described with reference to example system 600. Accordingly, the security actions 768 enacted by system 700 may be customized by users who desire that different identification criteria be used and security responses taken on a device and account specific basis for correlation results 754-764 depending whether the results 754-764 are potential fraud alerts. In this way the advantages previously described for systems 400, 500, and 600 may be realized in combination.
As detailed herein, customers of systems and services that monitor for identity theft, the use of personal information, and credit score changes may benefit, in new and advantageous ways, from implementing antivirus and security services software on their authorized devices. For example, these customers may receive rapid alerts about any transactions undertaken using their financial accounts that were not initiated from a trusted device on which anti-virus and security software has correlated reported financial transactions to website purchases observed by network traffic monitoring. Users may receive such alerts by installing the anti-virus and security software on devices from which they regularly make financial transactions. The advantages may be realized by implementing three components: tracking of web-based financial transactions in network telemetry, identification of card-not-present reported financial transactions that correspond to online transactions, and the correlation of financial events tracked in network telemetry with reported financial transactions monitored by systems and services that monitor for identity theft, the use of personal information, and credit score changes.
Computing system 810 broadly represents any single or multi-processor computing device or system capable of executing computer-readable instructions. Examples of computing system 810 include, without limitation, workstations, laptops, client-side terminals, servers, distributed computing systems, handheld devices, or any other computing system or device. In its most basic configuration, computing system 810 may include at least one processor 814 and a system memory 816.
Processor 814 generally represents any type or form of physical processing unit (e.g., a hardware-implemented central processing unit) capable of processing data or interpreting and executing instructions. In certain embodiments, processor 814 may receive instructions from a software application or module. These instructions may cause processor 814 to perform the functions of one or more of the example embodiments described and/or illustrated herein.
System memory 816 generally represents any type or form of volatile or non-volatile storage device or medium capable of storing data and/or other computer-readable instructions. Examples of system memory 816 include, without limitation, Random Access Memory (RAM), Read Only Memory (ROM), flash memory, or any other suitable memory device. Although not required, in certain embodiments computing system 810 may include both a volatile memory unit (such as, for example, system memory 816) and a non-volatile storage device (such as, for example, primary storage device 832, as described in detail below). In one example, one or more of modules 102 from
In some examples, system memory 816 may store and/or load an operating system 840 for execution by processor 814. In one example, operating system 840 may include and/or represent software that manages computer hardware and software resources and/or provides common services to computer programs and/or applications on computing system 810. Examples of operating system 840 include, without limitation, LINUX, JUNOS, MICROSOFT WINDOWS, WINDOWS MOBILE, MAC OS, APPLE'S IOS, UNIX, GOOGLE CHROME OS, GOOGLE'S ANDROID, SOLARIS, variations of one or more of the same, and/or any other suitable operating system.
In certain embodiments, example computing system 810 may also include one or more components or elements in addition to processor 814 and system memory 816. For example, as illustrated in
Memory controller 818 generally represents any type or form of device capable of handling memory or data or controlling communication between one or more components of computing system 810. For example, in certain embodiments memory controller 818 may control communication between processor 814, system memory 816, and I/O controller 820 via communication infrastructure 812.
I/O controller 820 generally represents any type or form of module capable of coordinating and/or controlling the input and output functions of a computing device. For example, in certain embodiments I/O controller 820 may control or facilitate transfer of data between one or more elements of computing system 810, such as processor 814, system memory 816, communication interface 822, display adapter 826, input interface 830, and storage interface 834.
As illustrated in
As illustrated in
Additionally or alternatively, example computing system 810 may include additional I/O devices. For example, example computing system 810 may include I/O device 836. In this example, I/O device 836 may include and/or represent a user interface that facilitates human interaction with computing system 810. Examples of I/O device 836 include, without limitation, a computer mouse, a keyboard, a monitor, a printer, a modem, a camera, a scanner, a microphone, a touchscreen device, variations or combinations of one or more of the same, and/or any other I/O device.
Communication interface 822 broadly represents any type or form of communication device or adapter capable of facilitating communication between example computing system 810 and one or more additional devices. For example, in certain embodiments communication interface 822 may facilitate communication between computing system 810 and a private or public network including additional computing systems. Examples of communication interface 822 include, without limitation, a wired network interface (such as a network interface card), a wireless network interface (such as a wireless network interface card), a modem, and any other suitable interface. In at least one embodiment, communication interface 822 may provide a direct connection to a remote server via a direct link to a network, such as the Internet. Communication interface 822 may also indirectly provide such a connection through, for example, a local area network (such as an Ethernet network), a personal area network, a telephone or cable network, a cellular telephone connection, a satellite data connection, or any other suitable connection.
In certain embodiments, communication interface 822 may also represent a host adapter configured to facilitate communication between computing system 810 and one or more additional network or storage devices via an external bus or communications channel. Examples of host adapters include, without limitation, Small Computer System Interface (SCSI) host adapters, Universal Serial Bus (USB) host adapters, Institute of Electrical and Electronics Engineers (IEEE) 1394 host adapters, Advanced Technology Attachment (ATA), Parallel ATA (PATA), Serial ATA (SATA), and External SATA (eSATA) host adapters, Fibre Channel interface adapters, Ethernet adapters, or the like. Communication interface 822 may also allow computing system 810 to engage in distributed or remote computing. For example, communication interface 822 may receive instructions from a remote device or send instructions to a remote device for execution.
In some examples, system memory 816 may store and/or load a network communication program 838 for execution by processor 814. In one example, network communication program 838 may include and/or represent software that enables computing system 810 to establish a network connection 842 with another computing system (not illustrated in
Although not illustrated in this way in
As illustrated in
In certain embodiments, storage devices 832 and 833 may be configured to read from and/or write to a removable storage unit configured to store computer software, data, or other computer-readable information. Examples of suitable removable storage units include, without limitation, a floppy disk, a magnetic tape, an optical disk, a flash memory device, or the like. Storage devices 832 and 833 may also include other similar structures or devices for allowing computer software, data, or other computer-readable instructions to be loaded into computing system 810. For example, storage devices 832 and 833 may be configured to read and write software, data, or other computer-readable information. Storage devices 832 and 833 may also be a part of computing system 810 or may be a separate device accessed through other interface systems.
Many other devices or subsystems may be connected to computing system 810. Conversely, all of the components and devices illustrated in
The computer-readable medium containing the computer program may be loaded into computing system 810. All or a portion of the computer program stored on the computer-readable medium may then be stored in system memory 816 and/or various portions of storage devices 832 and 833. When executed by processor 814, a computer program loaded into computing system 810 may cause processor 814 to perform and/or be a means for performing the functions of one or more of the example embodiments described and/or illustrated herein. Additionally or alternatively, one or more of the example embodiments described and/or illustrated herein may be implemented in firmware and/or hardware. For example, computing system 810 may be configured as an Application Specific Integrated Circuit (ASIC) adapted to implement one or more of the example embodiments disclosed herein.
Client systems 910, 920, and 930 generally represent any type or form of computing device or system, such as example computing system 810 in
As illustrated in
Servers 940 and 945 may also be connected to a Storage Area Network (SAN) fabric 980. SAN fabric 980 generally represents any type or form of computer network or architecture capable of facilitating communication between a plurality of storage devices. SAN fabric 980 may facilitate communication between servers 940 and 945 and a plurality of storage devices 990(1)-(N) and/or an intelligent storage array 995. SAN fabric 980 may also facilitate, via network 950 and servers 940 and 945, communication between client systems 910, 920, and 930 and storage devices 990(1)-(N) and/or intelligent storage array 995 in such a manner that devices 990(1)-(N) and array 995 appear as locally attached devices to client systems 910, 920, and 930. As with storage devices 960(1)-(N) and storage devices 970(1)-(N), storage devices 990(1)-(N) and intelligent storage array 995 generally represent any type or form of storage device or medium capable of storing data and/or other computer-readable instructions.
In certain embodiments, and with reference to example computing system 810 of
In at least one embodiment, all or a portion of one or more of the example embodiments disclosed herein may be encoded as a computer program and loaded onto and executed by server 940, server 945, storage devices 960(1)-(N), storage devices 970(1)-(N), storage devices 990(1)-(N), intelligent storage array 995, or any combination thereof. All or a portion of one or more of the example embodiments disclosed herein may also be encoded as a computer program, stored in server 940, run by server 945, and distributed to client systems 910, 920, and 930 over network 950.
As detailed above, computing system 810 and/or one or more components of network architecture 900 may perform and/or be a means for performing, either alone or in combination with other elements, one or more steps of an example method for detecting unauthorized online transactions.
While the foregoing disclosure sets forth various embodiments using specific block diagrams, flowcharts, and examples, each block diagram component, flowchart step, operation, and/or component described and/or illustrated herein may be implemented, individually and/or collectively, using a wide range of hardware, software, or firmware (or any combination thereof) configurations. In addition, any disclosure of components contained within other components should be considered example in nature since many other architectures can be implemented to achieve the same functionality.
In some examples, all or a portion of example system 100 in
In various embodiments, all or a portion of example system 100 in
According to various embodiments, all or a portion of example system 100 in
In some examples, all or a portion of example system 100 in
In addition, all or a portion of example system 100 in
In some embodiments, all or a portion of example system 100 in
According to some examples, all or a portion of example system 100 in
The process parameters and sequence of steps described and/or illustrated herein are given by way of example only and can be varied as desired. For example, while the steps illustrated and/or described herein may be shown or discussed in a particular order, these steps do not necessarily need to be performed in the order illustrated or discussed. The various example methods described and/or illustrated herein may also omit one or more of the steps described or illustrated herein or include additional steps in addition to those disclosed.
While various embodiments have been described and/or illustrated herein in the context of fully functional computing systems, one or more of these example embodiments may be distributed as a program product in a variety of forms, regardless of the particular type of computer-readable media used to actually carry out the distribution. The embodiments disclosed herein may also be implemented using software modules that perform certain tasks. These software modules may include script, batch, or other executable files that may be stored on a computer-readable storage medium or in a computing system. In some embodiments, these software modules may configure a computing system to perform one or more of the example embodiments disclosed herein.
In addition, one or more of the modules described herein may transform data, physical devices, and/or representations of physical devices from one form to another. For example, one or more of the modules recited herein may receive financial activity data to be transformed, transform the financial activity data, output a result of the transformation to provide correlation results, use the result of the transformation to identify transactions initiated on unauthorized devices, and store the result of the transformation to trigger a security action. Additionally or alternatively, one or more of the modules recited herein may transform a processor, volatile memory, non-volatile memory, and/or any other portion of a physical computing device from one form to another by executing on the computing device, storing data on the computing device, and/or otherwise interacting with the computing device.
The preceding description has been provided to enable others skilled in the art to best utilize various aspects of the example embodiments disclosed herein. This example description is not intended to be exhaustive or to be limited to any precise form disclosed. Many modifications and variations are possible without departing from the spirit and scope of the present disclosure. The embodiments disclosed herein should be considered in all respects illustrative and not restrictive. Reference should be made to the appended claims and their equivalents in determining the scope of the present disclosure.
Unless otherwise noted, the terms “connected to” and “coupled to” (and their derivatives), as used in the specification and claims, are to be construed as permitting both direct and indirect (i.e., via other elements or components) connection. In addition, the terms “a” or “an,” as used in the specification and claims, are to be construed as meaning “at least one of.” Finally, for ease of use, the terms “including” and “having” (and their derivatives), as used in the specification and claims, are interchangeable with and have the same meaning as the word “comprising.”
Number | Date | Country | Kind |
---|---|---|---|
22386031.3 | May 2022 | EP | regional |