WO1999052261A1 - Automated and selective authentication in transaction-based networks - Google Patents

Automated and selective authentication in transaction-based networks Download PDF

Info

Publication number
WO1999052261A1
WO1999052261A1 PCT/US1999/007442 US9907442W WO9952261A1 WO 1999052261 A1 WO1999052261 A1 WO 1999052261A1 US 9907442 W US9907442 W US 9907442W WO 9952261 A1 WO9952261 A1 WO 9952261A1
Authority
WO
WIPO (PCT)
Prior art keywords
fraud
call
authentication
subscriber
network
Prior art date
Application number
PCT/US1999/007442
Other languages
French (fr)
Inventor
Gerald Donald Baulier
Michael H. Cahill
Virginia Kay Ferrara
Diane Lambert
Original Assignee
Lucent Technologies Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation
First worldwide family litigation filed litigation Critical https://patents.darts-ip.com/?family=26762716&utm_source=google_patent&utm_medium=platform_link&utm_campaign=public_patent_search&patent=WO1999052261(A1) "Global patent litigation dataset” by Darts-ip is licensed under a Creative Commons Attribution 4.0 International License.
Application filed by Lucent Technologies Inc. filed Critical Lucent Technologies Inc.
Priority to EP99915269A priority Critical patent/EP1068715B1/en
Priority to CA002327338A priority patent/CA2327338C/en
Priority to BR9909163-1A priority patent/BR9909163A/en
Priority to AU33823/99A priority patent/AU3382399A/en
Priority to JP2000542900A priority patent/JP4251521B2/en
Priority to DE69942789T priority patent/DE69942789D1/en
Publication of WO1999052261A1 publication Critical patent/WO1999052261A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • H04M15/47Fraud detection or prevention means
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • H04M15/58Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP based on statistics of usage or network monitoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/22Arrangements for supervision, monitoring or testing
    • H04M3/36Statistical metering, e.g. recording occasions when traffic exceeds capacity of trunks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/38Graded-service arrangements, i.e. some subscribers prevented from establishing certain connections
    • H04M3/382Graded-service arrangements, i.e. some subscribers prevented from establishing certain connections using authorisation codes or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/065Continuous authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2203/00Aspects of automatic or semi-automatic exchanges
    • H04M2203/60Aspects of automatic or semi-automatic exchanges related to security aspects in telephonic communication systems
    • H04M2203/6027Fraud preventions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2215/00Metering arrangements; Time controlling arrangements; Time indicating arrangements
    • H04M2215/01Details of billing arrangements
    • H04M2215/0148Fraud detection or prevention means
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2215/00Metering arrangements; Time controlling arrangements; Time indicating arrangements
    • H04M2215/01Details of billing arrangements
    • H04M2215/0188Network monitoring; statistics on usage on called/calling number

Definitions

  • This invention relates generally to transaction-based networks and, more specifically, to an automated approach for selectively invoking processes in transaction-based networks based on automated analysis of usage such as, for example, selectively invoking automated authentication mechanisms based on analysis of usage to determine the likelihood of fraud in communication networks.
  • Fraudulent use of communication networks is a problem of staggering proportions. Using telecommunication networks as an example, costs associated with fraud are estimated at billions of dollars a year and growing. Given the tremendous financial liability, the telecommunication industry continues to seek ways for reducing the occurrence of fraud while at the same time minimizing disruption of service to legitimate subscribers.
  • theft-of-service fraud may involve the illegitimate use of calling cards, cellular phones, or telephone lines
  • subscription fraud may occur when a perpetrator who never intends to pay for a service poses as a new customer.
  • Subscription fraud has been particularly difficult to detect and prevent because of the lack of any legitimate calling activity in the account that could otherwise be used as a basis for differentiating the fraudulent activity. In either case, losses attributable to these types of fraud are a significant problem.
  • thresholding typically involves aggregating traffic over time (e.g., days, weeks, months), establishing profiles for subscribers (e.g., calling patterns), and applying thresholds to identify fraud.
  • thresholding typically involves aggregating traffic over time (e.g., days, weeks, months), establishing profiles for subscribers (e.g., calling patterns), and applying thresholds to identify fraud.
  • a system may generate an alert to an investigator in a fraud, network monitoring or operations center. However, an alert becomes part of an investigation queue and will generally not be examined or acted upon immediately, thereby resulting in a significant amount of latency in responding to the detected fraud.
  • Voice verification is one such authentication technique in which a caller's voice sample is compared with a previously stored voice print.
  • voice verification may meet some of service providers' requirements for reducing fraud
  • the prior art systems implementing this type of authentication technique have significant disadvantages in terms of the disruption in service to legitimate subscribers. In particular, interrupting each call during call setup to perform voice verification is a nuisance to legitimate subscribers and an unnecessary waste of call processing and fraud prevention resources.
  • this type of authentication scheme can introduce a substantial amount of costs and unnecessary delay in processing calls in the network.
  • a line is constantly monitored, transparent to the users, and voice signal analysis is used to determine whether at least one participant in the telephone conversation is legitimate. More specifically, voice signal analysis is used to segregate speech information of the parties and compare this information with stored voice print information.
  • this system is also highly impractical both in terms legal and social aspects (e.g., invasion of privacy) as well as technical and operational issues (e.g., activated all the time, calls must already be in progress, etc.).
  • RVR Roamer Verification Reinstatement
  • Fraud losses in a communication network are substantially reduced according to the principles of the invention by automatically and selectively invoking one or more authentication measures on a particular call as a function of scoring calls for the likelihood of fraud.
  • fraud prevention can be achieved in a way that reduces fraud losses, reduces costs, and minimizes disruptions to legitimate subscribers.
  • selective authentication based on fraud scoring results in a more efficient use of call processing and fraud management resources.
  • a subscriber is registered in a system by collecting data on that subscriber based on the particular authentication method being used in the system.
  • the data to be collected for shared knowledge-type authentication may be passwords, while a voice print may be collected for a voice verification-type authentication.
  • the authentication function for the subscriber's account must be activated.
  • activation of authentication may be based on input from an integrated fraud management system which recommends authentication based on analysis of a suspected fraud case and/or call detail information or activation may be based on provisioning functions within the network. Subsequent calls are then scored for the likelihood of fraud during the call setup request phase.
  • fraud scoring estimates the probability of fraud for each call based on the learned behavior of an individual subscriber and the learned behavior of fraud perpetrators. If the usage is not indicative of fraud based on the analysis and the resulting fraud score, then normal call processing can resume without the need for authentication. If fraud is suspected based on the fraud score, then the system automatically invokes authentication. If authentication indicates suspicion of fraud, e.g., voice prints do not match, then the call may be either blocked or referred for other appropriate prevention measures, e.g., intercepted by operator or customer service representative. If fraud is not indicated by authentication, then normal call processing may resume.
  • FIG. 1 is a simplified flowchart of the method according to one illustrative embodiment of the invention.
  • FIG. 2 is a simplified block diagram illustrating how call scoring is implemented according to one embodiment of the invention
  • FIG. 3 is a simplified block diagram of a system according to one illustrative embodiment of the invention.
  • FIGS. 4 and 5 are simplified block diagrams that show exemplary network configurations in which the principles of the invention may be used.
  • inventive principles are described in the context of fraud prevention systems in a telecommunications network, wherein automated authentication mechanisms are selectively invoked based on analysis of usage to determine the likelihood of fraud, the principles of the invention can be applied to any type of automated approach for selectively invoking processes in transaction-based networks based on automated analysis of usage. Accordingly, the embodiments shown and described herein are only meant to be illustrative and not limiting.
  • FIG. 1 shows an exemplary method for preventing fraud in a communication network according to one embodiment of the invention.
  • registration step 101 involves the collection of data that is needed to support the particular authentication method being used in the system.
  • the particular authentication technique may be a shared knowledge type (e.g., passwords) or biometric validation type (e.g., speaker verification, retinal scanning, fingerprinting, etc.).
  • the registration step 101 would involve the collection of appropriate data such as a voice print if speaker verification is used for authentication, passwords or passcodes if shared knowledge authentication is used, and so on.
  • the data collected in registration step 101 may be unique for a single subscriber or may support multiple legitimate subscribers associated with the account.
  • registration 101 may be invoked as a result of establishment of a new account or as a result of changes in the account that are monitored by an external process.
  • the data needed for authentication may be collected as a result of a subscriber dialing a registration number that connects to an authentication server or platform, for example.
  • the registration process (step 101) would be carried out by the authentication server or platform.
  • data needed for authentication may be collected by an external system, in which case, provisioning functions in the network would invoke the registration process (step 101) and provide the required data.
  • activation triggers 103 may originate from two sources, such as a fraud management system or provisioning functions in a network.
  • a fraud management system such as that disclosed in related U.S. Application Serial No. (Baulier 1-1-1-4), the subject matter of which is incorporated by reference herein in its entirety, may be used to trigger the activation of the selective authentication function. Briefly, this fraud management system analyzes cases of suspected fraudulent activity and automatically generates recommendations for responding to the suspected fraud.
  • one of the recommended responses may be to invoke authentication on subsequent calls before allowing those calls to be processed.
  • This type of output from a fraud management system can thus be used as an activation trigger 103 according to the principles of the present invention.
  • the exemplary system described in the aforementioned patent application is only meant to be illustrative and not limiting in any way. Accordingly, output supplied by other fraud management systems could also be used as activation triggers 103.
  • the accuracy (e.g., selectivity) of the authentication scheme is a function of the accuracy of the fraud management system. As such, an accurate fraud management system will result in authentication being invoked in a highly targeted manner.
  • Provisioning functions in a network may also supply activation trigger 103 to activate the authentication function according to the principles of the invention. More specifically, the authentication function may be activated for a particular account in response to a provisioning request that is implemented for that account in the network. A provisioning request may or may not be based on fraud-related determinations. For example, a service provider may decide that the authentication function should be activated based on a non-payment status in the account.
  • Various techniques for provisioning services and functions within a network such as a telecommunication network, are well known to those skilled in the art.
  • step 105 When a call is received after activation in step 104, selective authentication can be implemented in one of two ways according to the exemplary embodiment shown in FIG. 1. More specifically, a determination is made in step 105 as to whether authentication should be automatically invoked regardless of subsequent call scoring.
  • the aforementioned fraud management system may recommend automatic authentication based on a case analysis which shows the likelihood of subscription type fraud.
  • subscription fraud occurs where a new account is established for fraudulent use from the outset.
  • the ability to differentiate fraudulent use from legitimate use is complicated by the fact that all calling activity on the newly opened account is fraudulent.
  • a voice print from a suspected subscription fraud perpetrator could be matched with a previously stored voice print associated with a previous known subscription fraud case.
  • Other techniques may also be employed to better detect and prevent subscription type fraud.
  • automatic authentication may be desirable for reasons other than for subscription fraud cases. Therefore, the automatic authentication feature gives a service provider further control of when and how authentication is invoked in the system.
  • step 105 Following with the scenario where a determination is made in step 105 to automatically authenticate subsequent calls, appropriate controls are effected so that the system enters active authentication state 107. Subsequent calls 109 are then authenticated in step 112 using the authentication method of choice. If fraud is suspected based on the results of authentication in step 112, then appropriate prevention measures can be implemented as shown in step 114, e.g., block call, route call to attendant, etc. If fraud is not suspected based on the results of authentication, then normal call processing can resume as shown in step 115. If automatic authentication is not desired as determined in step 105, then appropriate controls are effected so that the system enters active scoring state 108. In this state, all calls 109 will be scored for the likelihood of fraud in step 110.
  • step 105 If automatic authentication is not desired as determined in step 105, then appropriate controls are effected so that the system enters active scoring state 108. In this state, all calls 109 will be scored for the likelihood of fraud in step 110.
  • FIG. 2 is a simplified block diagram showing one illustrative embodiment for scoring calls according to step 110 from FIG. 1.
  • call scoring is based on profiling wherein a signature (202) representative of a subscriber's calling pattern and a fraud profile (211) representative of a fraudulent calling pattern are used to determine the likelihood of fraud on a particular call. Scored call information is then stored (201) for later retrieval and used in the iterative and continuous updating process as well as forwarded to call control (220) which will be described in more detail below.
  • call detail records are supplied from network 200 to call scoring function 210.
  • the generation of call detail records in telecommunications networks is well known to those skilled in the art.
  • a subscriber's signature may be initialized as shown in block 203 using scored call detail records from calls that have not been confirmed or suspected as fraudulent. Initialization may occur, for example, when a subscriber initially places one or more calls.
  • stored subscriber signatures from block 202 can then be updated using newly scored call detail records from subsequent calls that are not confirmed or suspected as fraudulent. As such, a subscriber's signature can adapt to the subscriber's behavior over time. 10
  • initialization of a subscriber's signature can also be based on predefined attributes of legitimate calling behavior which may be defined by historical call records and the like.
  • subscription fraud can be detected more readily because a legitimate subscriber's signature, even at the very early stages of calling activity, can be correlated with the expected (or predicted) behavior of legitimate callers.
  • any immediate fraudulent calling behavior on a new account for example, will not provide the sole basis for initializing the subscriber signature.
  • a subscriber signature may monitor many aspects of a subscriber's calling behavior including, but not limited to: calling rate, day of week timing, hour of day timing, call duration, method of billing, geography, and so on. Consequently, a signature may be derived from information that is typically contained within the call detail records, such as: originating number; terminating number; billed number; start time and date; originating location; carrier selection; call waiting indicators; call forwarding indicators; three-way calling/transfer indicators; operator assistance requests; and network security failure indicators, to name a few.
  • the particular elements to be used for establishing and updating a subscriber signature may depend on the type of network (e.g., wireline, wireless, calling card, non-telecommunication, etc.), the particular scoring method being used, as well as other factors that would be apparent to those skilled in the art.
  • each call will be scored depending on how the call compares to the subscriber's signature retrieved from block 202 and how it compares to a fraud profile retrieved from block 211.
  • fraud profiles can be initialized and updated (block 212) using scored call detail records from confirmed or suspected fraudulent calls.
  • a high fraud score is generated if the call details represent a suspicious deviation from known behavior and a low fraud score is generated if the call details represent highly typical behavior for the subscriber account in question.
  • the relative contributions of various elements of the call to the fraud score should also be included for case analysis purposes, which is described in further detail in related 11
  • call scoring is carried out on a customer-specific and call-by-call basis, a more precise fraud score can be obtained that is more indicative of the likelihood of fraud while reducing the amount of false alarms (i.e., "false positives").
  • a more precise fraud score can be obtained that is more indicative of the likelihood of fraud while reducing the amount of false alarms (i.e., "false positives").
  • a real-time processing platform is Lucent Technologies' QTMTM real-time transaction processing platform, which is described in an article by J. Baulier et al., "Sunrise: A Real-Time Event- Processing Framework" , Bell Labs Technical Journal, November 24, 1997, and which is herein incorporated by reference.
  • call scoring techniques may be suitable for implementing the functionality of call scoring function 210 as described above.
  • call scoring techniques based on statistical analysis, probabilistic scoring, memory-based reasoning, data mining, neural networking, and other methodologies are known and are contemplated for use in conjunction with the illustrative embodiments of the invention described herein. Some examples of these methods and techniques are described in Fawcett et al., "Adaptive Fraud Detection", Data Mining and Knowledge Discovery 1, 291-316 (1997) and U.S. Patent No. 5,819,226, 'Fraud Detection Using Predictive Modeling", issued Oct. 6, 1998, each of which is herein incorporated by reference.
  • FIG. 3 is a simplified block diagram showing one illustrative embodiment of a system for controlling fraud in a typical telecommunication network 12
  • system 300 includes call control function 220 coupled to call scoring function 210 and authentication function 225.
  • System 300 is further coupled to network 200, which services a number of subscribers, such as subscriber 224.
  • Provisioning function 250 is coupled to and communicates with each of network 200, call control function 220, call scoring function 210, and authentication function 225. It will be appreciated that the functions described herein may be implemented using computer hardware and software programmed to carry out the associated functions and operations.
  • call control 220 In operation, origination of a call by subscriber 224 in a telecommunications network 200 will cause several actions to occur.
  • a request for call setup is issued to call control 220.
  • Call control 220 carries out several functions in response to the call setup request. For example, call control 220 analyzes the call setup request, conditionally invokes call scoring 210 and/or conditionally invokes authentication 225, and may subsequently complete the call and/or generate appropriate call detail record(s). In particular, call control 220 operates in conjunction with call scoring 210 and authentication 225 to carry out the steps previously described in the flowchart of FIG. 1.
  • call scoring function 210 when invoked or otherwise activated, scores calls based on the call detail records supplied by call control function 220 and provides the basis for a decision as to whether authentication needs to be invoked for the particular call.
  • Authentication function 225 receives data about or from user 224 either directly via a connection established by call control 220 or indirectly via services provided by call control 220. The type of data supplied to authentication function 225 will vary depending on the type of authentication method being used, e.g., voice print analysis, other biometric analysis, password, and so on.
  • Provisioning function 250 changes the state of information in call control 220, call scoring 210, and authentication function 225 based on requests generated by any one of those systems or by an external system (not shown). Additionally, provisioning function 250 may be used to implement appropriate actions in conjunction with network 200 for a particular call based on the call scoring and authentication processes. 13
  • FIGS. 4 and 5 show an Intelligent Network (IN)-based architecture and an adjunct-based architecture, respectively, in which the principles of the invention may be used. It should be noted that the principles of the invention can be used in many different types of network architectures. As such, the exemplary network architectures shown and described herein are meant to be illustrative only and not limiting in any way.
  • call control 420 is implemented in three nodes in the Intelligent Network (IN) architecture, those being Service Switching Point (SSP) 421, Signal Transfer Point (STP) 422, and Service Control Point (SCP) 423.
  • SSP Service Switching Point
  • STP Signal Transfer Point
  • SCP Service Control Point
  • Service Switching Point 421 provides basic analysis of call set-up requests, routes calls, and sends requests for service processing guidance to Service Control Point 423.
  • Service Control Point 423 makes service decisions, requests call scoring support from call scoring function 410, and instructs Service Switching Point 421 to route calls to authentication function 425 when appropriate.
  • Service Switching Point 421, Service Control Point 423, and, if desired, authentication function 425 is supported by a common channel signaling network in which messages may be routed by one or more of Signal Transfer Points 422.
  • Call scoring function 410 could be implemented in a separate operations system.
  • the interface between call scoring function 410 and call control 420 is Service Control Point 423 via an operations interface capable of call processing speeds and reliability.
  • Authentication function 425 can be supported either in a separate services node, e.g., an authentication server as shown, or within Service Control Point 423. Provisioning is carried out in Service Management System 450.
  • adjunct 520 In one possible adjunct implementation shown in FIG. 5, all call control is implemented within a switching element 510, while fraud management (e.g., scoring) and authentication services are supported out of a common adjunct 520.
  • the interface between switching element 510 and adjunct 520 may be any link supporting call set-up signaling, service signaling and voice trunking, such as the Integrated Services Digital Network (ISDN) Basic Rate Interface (BRI) or 14
  • ISDN Integrated Services Digital Network
  • BBI Basic Rate Interface
  • switching element 510 provides analysis of call set-up requests, makes service decisions, requests call scoring support from adjunct 520, determines whether to route calls to adjunct 520 for authentication and routes those calls.
  • Adjunct 520 provides call scoring and authentication. Provisioning, again, is carried out in a separate provisioning system 530 that is connected to all elements.
  • the basic flow described above can be applied to a variety of telecommunications services.
  • One illustrative but not limiting example is calling card.
  • a brief description of the processing performed by typical calling card services in the absence of in-call fraud prevention is first provided to assist in understanding how the principles of the invention can then be applied in the calling card context.
  • FIG. 4 which provides one of many possible network implementations supporting calling card services, can illustrate both provisioning and call processing.
  • SCP 423 When a new account is opened, information on the account is loaded from service management system 450 into SCP 423. The subscriber 424 of the service is then able to use his/her card. The subscriber 424 dials a call which is interpreted by SSP 421 as requiring additional services. This is usually based on the dialing of the call, such as the dialing of a 0+ prefix or a toll-free number associated with operator services. Through interaction with SSP 421, the subscriber identifies that calling card services are requested and enters his/her card number.
  • the card number is validated by SCP 423, which instructs the SSP 421 to complete the call, re-prompt for card information, route the call to an operator or deny service. In-call prevention may be applied to this service flow.
  • SCP 423 which instructs the SSP 421 to complete the call, re-prompt for card information, route the call to an operator or deny service. In-call prevention may be applied to this service flow.
  • authenticating information is collected either by an external system and loaded by the service management system 450 into authentication 425, or is entered directly by the subscriber into authentication 425. In the latter case, the subscriber is instructed to dial a particular number which is interpreted by call control 420 as a request for connection into the authentication system 425.
  • the authentication system 425 recognizes the call as a registration and collects 15
  • service management system loads the account information in SCP 423 and the service is ready for use.
  • scoring 410 will determine that authentication should be activated, based on call detail records. Scoring 410 will issue a request via service management system 450 to activate authentication. In this example, assume that score-based authentication is requested.
  • subsequent calls are processed as follows. The subscriber 424 dials a call which is interpreted by SSP 421 as requiring additional services. This is usually based on the dialing of the call, such as the dialing of a 0+ prefix or a toll-free number associated with operator services. Through interaction with SSP 421, the subscriber identifies that calling card services are requested and enters his/her card number.
  • the card number is transmitted to SCP 423 for validation, which also recognizes that scoring and authentication have been activated on this account. While validating the card, SCP 423 also transmits a scoring request to scoring 410 which will respond with an instruction to either authenticate the call, process the call according to SCP validation (without authentication), route the call to an attendant, or deny the call entirely. If the response is to authenticate, the SCP 423 will send an instruction to the SSP 421 to route the call to authentication 425. Authentication will then challenge the subscriber 424 using whatever authentication technique(s) it employs. The result of authentication (pass, fail, ambiguous) is returned to the SCP 423 via the SSP 421. The SCP then decides whether the call should be allowed, denied or routed to an attendant and instructs SSP 421 accordingly. Optionally, the SCP 423 will provide information on authentication to scoring 410 for case management purposes.
  • the present invention can be embodied in the form of methods and apparatuses for practicing those methods.
  • the invention can also be embodied in the form of program code embodied in tangible media, such as floppy diskettes, CD-ROMs, hard drives, or any other machine-readable storage medium, wherein, when the program code is loaded into and executed by a machine, such as a computer, the machine becomes an apparatus for practicing the invention.
  • the present invention can also be embodied in the form of program code, for example, whether stored in a storage medium, loaded into and/or executed by a machine, or transmitted over some transmission medium, such as over electrical wiring or cabling, through fiber optics, or via electromagnetic radiation, wherein, when the program code is loaded into and executed by a machine, such as a computer, the machine becomes an apparatus for practicing the invention.
  • program code When implemented on a general-purpose processor, the program code segments combine with the processor to provide a unique device that operates analogously to specific logic circuits.
  • any switches shown in the drawing may be provided through the use of dedicated hardware as well as hardware capable of executing software in association with appropriate software.
  • the functions may be provided by a single dedicated processor, by a single shared processor, or by a plurality of individual processors, some of which may be shared.
  • a "processor” or “controller” should not be construed to refer exclusively to hardware capable of executing software, and may implicitly include, without limitation, digital signal processor (DSP) hardware, read-only memory (ROM) for storing software, random access memory (RAM), and non-volatile storage. Other hardware, conventional and/or custom, may also be included.
  • any switches shown in the drawing are conceptual only. Their function may be carried out through the operation of program logic, through dedicated logic, through the interaction of program control and dedicated logic, or even manually, the particular technique being selectable by the implementor as more specifically understood from the context.
  • any element expressed as a means for performing a specified function is intended to encompass any way of performing that function including, for example, a) a combination of circuit elements which performs that function or b) software in any form, including, therefore, firmware, microcode or the like, combined with appropriate circuitry for executing that software to perform the function.
  • the invention as defined by such claims resides in the fact that the functionalities provided by the various recited means are combined and brought together in the manner which the claims call for. Applicants thus regard any means which can provide those functionalities as equivalent to those shown herein.

Abstract

Fraud losses in a communication network are substantially reduced by automatically and selectively invoking one or more authentication measures based on a fraud score that indicates the likelihood of fraud for that particular call or previously scored calls. By selectively invoking authentication on only those calls that are suspected or confirmed to be fraudulent, fraud prevention can be achieved in a way that both reduced fraud losses and minimizes disruptions to legitimate subscribers. Using telecommunication fraud as an example, a subscriber is registered in a system by collecting data on that subscriber based on the particular authentication method being used, such as shared knowledge (e.g., passwords), biometric validation (e.g., voice verification), and the like. Once registered, the authentication function for the subscriber's account is activated and subsequent calls are then scored for the likelihood of fraud during the call setup request phase. Fraud scoring estimates the probability of fraud for each call based on the learned behavior of an individual subscriber and the learned behavior of fraud perpetrators. If fraud is not suspected based on the fraud score, then normal call processing can resume without the need for authentication. if fraud is suspected based on the fraud score, then the system automatically invokes authentication. If authentication indicates suspicion of fraud, e.g., voice prints do not match, then the call may either be blocked or referred for other appropriate prevention measures, e.g., intercepted by an operator. If fraud is not indicated by authentication, then normal call processing may resume.

Description

AUTOMATED AND SELECTIVE AUTHENTICATION IN TRANSACTION-BASED NETWORKS
CROSS-REFERENCE TO RELATED APPLICATIONS This application claims the benefit of U.S. Provisional Application Serial
No. 60/080,006 filed on April 3, 1998, which is herein incorporated by reference. This application is also related to U.S. Application Serial No. (Baulier 1-1-1-4), concurrently filed herewith, which is incorporated by reference herein. TECHNICAL FIELD
This invention relates generally to transaction-based networks and, more specifically, to an automated approach for selectively invoking processes in transaction-based networks based on automated analysis of usage such as, for example, selectively invoking automated authentication mechanisms based on analysis of usage to determine the likelihood of fraud in communication networks. BACKGROUND OF THE INVENTION
Fraudulent use of communication networks is a problem of staggering proportions. Using telecommunication networks as an example, costs associated with fraud are estimated at billions of dollars a year and growing. Given the tremendous financial liability, the telecommunication industry continues to seek ways for reducing the occurrence of fraud while at the same time minimizing disruption of service to legitimate subscribers.
Although there are many forms of telecommunication fraud, two of the most prevalent types or categories of fraud in today's networks are theft-of- service fraud and subscription fraud. For example, theft-of-service fraud may involve the illegitimate use of calling cards, cellular phones, or telephone lines, while subscription fraud may occur when a perpetrator who never intends to pay for a service poses as a new customer. Subscription fraud has been particularly difficult to detect and prevent because of the lack of any legitimate calling activity in the account that could otherwise be used as a basis for differentiating the fraudulent activity. In either case, losses attributable to these types of fraud are a significant problem. Many companies boast of superior fraud detection in their product offerings; however, the fact remains that a comprehensive fraud management system does not exist which addresses the operational and economic concerns of service providers and customers alike. For example, a common disadvantage of most systems is that detection of fraud occurs after a substantial amount of fraudulent activity has already occurred on an account. Moreover, some fraud prevention measures implemented in today's systems, which are based solely on inaccurate detection mechanisms, can be quite disruptive to the legitimate customer. As a result, customer "churn" may result as customers change service providers in search of a more secure system.
In general, the shortcomings of prior systems are readily apparent in terms of the amount of time that is required to detect and respond to fraud. For example, fraud detection based on customer feedback from monthly bills is not an acceptable approach to either service providers or customers. Automated fraud detection systems based on "thresholding" techniques are also not particularly helpful in managing fraud on a real-time or near real-time basis. For example, thresholding typically involves aggregating traffic over time (e.g., days, weeks, months), establishing profiles for subscribers (e.g., calling patterns), and applying thresholds to identify fraud. These systems are not viewed as being particularly effective because legitimate users can generate usage that exceeds the thresholds and the amount of fraud that can occur prior to detection and prevention is high (see, e.g., U.S. Patent No. 5,706,338, "Real-Time Communications Fraud Monitoring System" and U.S. Patent No. 5,627,886, "System and Method for Detecting Fraudulent Network Usage Patterns Using Real-Time Network Monitoring").
Although speed in detecting fraud may be improved by using technologies such as neural networking, statistical analysis, memory-based reasoning, genetic algorithms, and other data mining techniques, improved fraud detection alone does not completely solve the problem. In particular, even though systems incorporating these techniques may receive and process individual call data on a near real-time basis in an attempt to detect fraud, these systems still do not respond to the detected fraud on a real-time or near real-time basis. In one example, a system may generate an alert to an investigator in a fraud, network monitoring or operations center. However, an alert becomes part of an investigation queue and will generally not be examined or acted upon immediately, thereby resulting in a significant amount of latency in responding to the detected fraud. Because of the reactive nature of these systems in responding to detected fraud, a considerable amount of financial loss is still incurred by service providers and customers after the alert is generated. Furthermore, automated prevention based on inaccurate detection will result in the disruption of service to legitimate subscribers. Various forms of authentication-based systems have also been proposed for use in combating fraud. Voice verification is one such authentication technique in which a caller's voice sample is compared with a previously stored voice print. Although voice verification may meet some of service providers' requirements for reducing fraud, the prior art systems implementing this type of authentication technique have significant disadvantages in terms of the disruption in service to legitimate subscribers. In particular, interrupting each call during call setup to perform voice verification is a nuisance to legitimate subscribers and an unnecessary waste of call processing and fraud prevention resources. Furthermore, this type of authentication scheme can introduce a substantial amount of costs and unnecessary delay in processing calls in the network.
One specific example of a fraud prevention system employing voice verification is described in U.S. Patent No. 5,623,539. In this example, a line is constantly monitored, transparent to the users, and voice signal analysis is used to determine whether at least one participant in the telephone conversation is legitimate. More specifically, voice signal analysis is used to segregate speech information of the parties and compare this information with stored voice print information. In addition to the above shortcomings, this system is also highly impractical both in terms legal and social aspects (e.g., invasion of privacy) as well as technical and operational issues (e.g., activated all the time, calls must already be in progress, etc.).
Another example of an authentication-based system is the Roamer Verification Reinstatement (RVR) feature in wireless networks. Some RVR implementations use voice verification when a caller attempts to use service outside of his or her home calling area. Although this authentication technique is less intrusive than the previous example, RVR cannot effectively address fraudulent use of the system within the home area because it is based on initial startup conditions (e.g., outside home area) instead of some form of fraud scoring. SUMMARY OF THE INVENTION
Fraud losses in a communication network are substantially reduced according to the principles of the invention by automatically and selectively invoking one or more authentication measures on a particular call as a function of scoring calls for the likelihood of fraud. By selectively invoking authentication on only those calls that are suspected or confirmed to be fraudulent, fraud prevention can be achieved in a way that reduces fraud losses, reduces costs, and minimizes disruptions to legitimate subscribers. Moreover, selective authentication based on fraud scoring results in a more efficient use of call processing and fraud management resources.
In one illustrative embodiment for reducing telecommunication fraud, a subscriber is registered in a system by collecting data on that subscriber based on the particular authentication method being used in the system. For example, the data to be collected for shared knowledge-type authentication may be passwords, while a voice print may be collected for a voice verification-type authentication. Once registered, the authentication function for the subscriber's account must be activated. By way of example only, activation of authentication may be based on input from an integrated fraud management system which recommends authentication based on analysis of a suspected fraud case and/or call detail information or activation may be based on provisioning functions within the network. Subsequent calls are then scored for the likelihood of fraud during the call setup request phase. In general, fraud scoring estimates the probability of fraud for each call based on the learned behavior of an individual subscriber and the learned behavior of fraud perpetrators. If the usage is not indicative of fraud based on the analysis and the resulting fraud score, then normal call processing can resume without the need for authentication. If fraud is suspected based on the fraud score, then the system automatically invokes authentication. If authentication indicates suspicion of fraud, e.g., voice prints do not match, then the call may be either blocked or referred for other appropriate prevention measures, e.g., intercepted by operator or customer service representative. If fraud is not indicated by authentication, then normal call processing may resume. In sum, selective authentication according to the principles of the invention can be invoked on either a per-call or per-account basis, that is, based on current call score or based on a previous fraud case being managed by an integrated fraud management system. BRIEF DESCRIPTION OF THE DRAWING A more complete understanding of the present invention may be obtained from consideration of the following detailed description of the invention in conjunction with the drawing, with like elements referenced with like reference numerals, in which:
FIG. 1 is a simplified flowchart of the method according to one illustrative embodiment of the invention;
FIG. 2 is a simplified block diagram illustrating how call scoring is implemented according to one embodiment of the invention;
FIG. 3 is a simplified block diagram of a system according to one illustrative embodiment of the invention; and FIGS. 4 and 5 are simplified block diagrams that show exemplary network configurations in which the principles of the invention may be used. DETAILED DESCRIPTION OF THE INVENTION
Although the illustrative embodiments described herein are particularly well-suited for managing fraud in a telecommunication network, and shall be described in this exemplary context, those skilled in the art will understand from the teachings herein that the principles of the invention may also be employed in other non-telecommunication transaction-based networks. For example, the principles of the invention may be applied in networks that support on-line credit card transactions, internet-based transactions, and the like. Consequently, references to "calls" and "call detail records" in a telecommunication example could be equated with "transactions" and "transaction records", respectively, in a non-telecommunication example, and so on. Moreover, although the inventive principles are described in the context of fraud prevention systems in a telecommunications network, wherein automated authentication mechanisms are selectively invoked based on analysis of usage to determine the likelihood of fraud, the principles of the invention can be applied to any type of automated approach for selectively invoking processes in transaction-based networks based on automated analysis of usage. Accordingly, the embodiments shown and described herein are only meant to be illustrative and not limiting.
FIG. 1 shows an exemplary method for preventing fraud in a communication network according to one embodiment of the invention. In general, registration step 101 involves the collection of data that is needed to support the particular authentication method being used in the system. As previously described, the particular authentication technique may be a shared knowledge type (e.g., passwords) or biometric validation type (e.g., speaker verification, retinal scanning, fingerprinting, etc.). As such, the registration step 101 would involve the collection of appropriate data such as a voice print if speaker verification is used for authentication, passwords or passcodes if shared knowledge authentication is used, and so on. Furthermore, the data collected in registration step 101 may be unique for a single subscriber or may support multiple legitimate subscribers associated with the account. For a more detailed description of some exemplary authentication techniques which may be used in conjunction with the principles of the invention, see, e.g., U.S. Patent No. 5,502,759, U.S. Patent No. 5,675,704, U.S. Patent No. 4,363,102, and U.S. Patent No.5,677,989, each of which is herein incorporated by reference in its entirety. It should be noted, however, that these exemplary authentication techniques are only meant to be illustrative and not hmiting in any way. As such, many other authentication techniques and systems suitable for use with the present invention will be apparent to those skilled in the art and are contemplated by the teachings herein.
By way of example, registration 101 may be invoked as a result of establishment of a new account or as a result of changes in the account that are monitored by an external process. Moreover, the data needed for authentication may be collected as a result of a subscriber dialing a registration number that connects to an authentication server or platform, for example. In this case, the registration process (step 101) would be carried out by the authentication server or platform. Alternatively, data needed for authentication may be collected by an external system, in which case, provisioning functions in the network would invoke the registration process (step 101) and provide the required data.
After registration is completed in step 101, the authentication function enters registered state 102 and is then available for use on that subscriber account. Once in registered state 102, the authentication function on the account must then be activated as shown in step 104. In general, activation triggers 103 may originate from two sources, such as a fraud management system or provisioning functions in a network. In the first example, a fraud management system such as that disclosed in related U.S. Application Serial No. (Baulier 1-1-1-4), the subject matter of which is incorporated by reference herein in its entirety, may be used to trigger the activation of the selective authentication function. Briefly, this fraud management system analyzes cases of suspected fraudulent activity and automatically generates recommendations for responding to the suspected fraud. As such, one of the recommended responses may be to invoke authentication on subsequent calls before allowing those calls to be processed. This type of output from a fraud management system can thus be used as an activation trigger 103 according to the principles of the present invention. It should be noted that the exemplary system described in the aforementioned patent application is only meant to be illustrative and not limiting in any way. Accordingly, output supplied by other fraud management systems could also be used as activation triggers 103. It is important to note that the accuracy (e.g., selectivity) of the authentication scheme is a function of the accuracy of the fraud management system. As such, an accurate fraud management system will result in authentication being invoked in a highly targeted manner.
Provisioning functions in a network may also supply activation trigger 103 to activate the authentication function according to the principles of the invention. More specifically, the authentication function may be activated for a particular account in response to a provisioning request that is implemented for that account in the network. A provisioning request may or may not be based on fraud-related determinations. For example, a service provider may decide that the authentication function should be activated based on a non-payment status in the account. Various techniques for provisioning services and functions within a network, such as a telecommunication network, are well known to those skilled in the art.
When a call is received after activation in step 104, selective authentication can be implemented in one of two ways according to the exemplary embodiment shown in FIG. 1. More specifically, a determination is made in step 105 as to whether authentication should be automatically invoked regardless of subsequent call scoring. For example, the aforementioned fraud management system may recommend automatic authentication based on a case analysis which shows the likelihood of subscription type fraud. As previously described, subscription fraud occurs where a new account is established for fraudulent use from the outset. As such, the ability to differentiate fraudulent use from legitimate use is complicated by the fact that all calling activity on the newly opened account is fraudulent. By automatically authenticating subsequent calls in this case, a voice print from a suspected subscription fraud perpetrator could be matched with a previously stored voice print associated with a previous known subscription fraud case. Other techniques may also be employed to better detect and prevent subscription type fraud. Moreover, automatic authentication may be desirable for reasons other than for subscription fraud cases. Therefore, the automatic authentication feature gives a service provider further control of when and how authentication is invoked in the system.
Following with the scenario where a determination is made in step 105 to automatically authenticate subsequent calls, appropriate controls are effected so that the system enters active authentication state 107. Subsequent calls 109 are then authenticated in step 112 using the authentication method of choice. If fraud is suspected based on the results of authentication in step 112, then appropriate prevention measures can be implemented as shown in step 114, e.g., block call, route call to attendant, etc. If fraud is not suspected based on the results of authentication, then normal call processing can resume as shown in step 115. If automatic authentication is not desired as determined in step 105, then appropriate controls are effected so that the system enters active scoring state 108. In this state, all calls 109 will be scored for the likelihood of fraud in step 110. The particular scoring technique used will be described below in more detail. If fraud is suspected based on the fraud score, as shown in step 111, then the system automatically invokes authentication step 112 and subsequent steps as previously described. If fraud is not suspected based on the fraud score, then normal call processing can resume as shown in step 115. By selectively and automatically invoking authentication as a function of call scoring according to the principles of the invention, suspected fraud can be effectively detected, prevented, or otherwise managed while minimizing the intrusion and disruption to legitimate subscribers. Moreover, by triggering selective and targeted authentication as a function of suspicious fraud scores during call processing, service providers can more effectively respond to fraud as it occurs. FIG. 2 is a simplified block diagram showing one illustrative embodiment for scoring calls according to step 110 from FIG. 1. In general, call scoring is based on profiling wherein a signature (202) representative of a subscriber's calling pattern and a fraud profile (211) representative of a fraudulent calling pattern are used to determine the likelihood of fraud on a particular call. Scored call information is then stored (201) for later retrieval and used in the iterative and continuous updating process as well as forwarded to call control (220) which will be described in more detail below.
As shown, call detail records are supplied from network 200 to call scoring function 210. The generation of call detail records in telecommunications networks is well known to those skilled in the art. A subscriber's signature may be initialized as shown in block 203 using scored call detail records from calls that have not been confirmed or suspected as fraudulent. Initialization may occur, for example, when a subscriber initially places one or more calls. As further shown in block 203, stored subscriber signatures from block 202 can then be updated using newly scored call detail records from subsequent calls that are not confirmed or suspected as fraudulent. As such, a subscriber's signature can adapt to the subscriber's behavior over time. 10
It should be noted that initialization of a subscriber's signature can also be based on predefined attributes of legitimate calling behavior which may be defined by historical call records and the like. In this way, subscription fraud can be detected more readily because a legitimate subscriber's signature, even at the very early stages of calling activity, can be correlated with the expected (or predicted) behavior of legitimate callers. As such, any immediate fraudulent calling behavior on a new account, for example, will not provide the sole basis for initializing the subscriber signature.
It should also be noted that a subscriber signature may monitor many aspects of a subscriber's calling behavior including, but not limited to: calling rate, day of week timing, hour of day timing, call duration, method of billing, geography, and so on. Consequently, a signature may be derived from information that is typically contained within the call detail records, such as: originating number; terminating number; billed number; start time and date; originating location; carrier selection; call waiting indicators; call forwarding indicators; three-way calling/transfer indicators; operator assistance requests; and network security failure indicators, to name a few. The particular elements to be used for establishing and updating a subscriber signature may depend on the type of network (e.g., wireline, wireless, calling card, non-telecommunication, etc.), the particular scoring method being used, as well as other factors that would be apparent to those skilled in the art.
Generally, each call will be scored depending on how the call compares to the subscriber's signature retrieved from block 202 and how it compares to a fraud profile retrieved from block 211. By way of example, fraud profiles can be initialized and updated (block 212) using scored call detail records from confirmed or suspected fraudulent calls. In a simplified example, a high fraud score is generated if the call details represent a suspicious deviation from known behavior and a low fraud score is generated if the call details represent highly typical behavior for the subscriber account in question. In addition to providing an overall fraud score as output from call scoring function 210, the relative contributions of various elements of the call to the fraud score should also be included for case analysis purposes, which is described in further detail in related 11
U.S. Application Serial No. For example, contributions of the following elements may be included for subsequent case analysis: day of week; time of day; duration; time between consecutive calls; destination; use of call waiting; use of call forwarding; use of three-way calling; use of operator services; origination point; use of roaming services (wireless only); number of handoffs during call (wireless only); appearance of network security alert; carrier selection; and use of international completion services. Again, this listing is meant to be illustrative only and not limiting in any way.
Because call scoring is carried out on a customer-specific and call-by-call basis, a more precise fraud score can be obtained that is more indicative of the likelihood of fraud while reducing the amount of false alarms (i.e., "false positives"). Furthermore, to accurately perform call scoring on a call-by-call basis, those skilled in the art will recognize that one suitable implementation would be to execute the above-described functions using a real-time processing platform. One such exemplary real-time processing platform is Lucent Technologies' QTM™ real-time transaction processing platform, which is described in an article by J. Baulier et al., "Sunrise: A Real-Time Event- Processing Framework" , Bell Labs Technical Journal, November 24, 1997, and which is herein incorporated by reference. It will be apparent to those skilled in the art that many different call scoring techniques may be suitable for implementing the functionality of call scoring function 210 as described above. In particular, call scoring techniques based on statistical analysis, probabilistic scoring, memory-based reasoning, data mining, neural networking, and other methodologies are known and are contemplated for use in conjunction with the illustrative embodiments of the invention described herein. Some examples of these methods and techniques are described in Fawcett et al., "Adaptive Fraud Detection", Data Mining and Knowledge Discovery 1, 291-316 (1997) and U.S. Patent No. 5,819,226, 'Fraud Detection Using Predictive Modeling", issued Oct. 6, 1998, each of which is herein incorporated by reference.
FIG. 3 is a simplified block diagram showing one illustrative embodiment of a system for controlling fraud in a typical telecommunication network 12
according to the principles of the invention. As shown, system 300 includes call control function 220 coupled to call scoring function 210 and authentication function 225. System 300 is further coupled to network 200, which services a number of subscribers, such as subscriber 224. Provisioning function 250 is coupled to and communicates with each of network 200, call control function 220, call scoring function 210, and authentication function 225. It will be appreciated that the functions described herein may be implemented using computer hardware and software programmed to carry out the associated functions and operations.
In operation, origination of a call by subscriber 224 in a telecommunications network 200 will cause several actions to occur. First, a request for call setup is issued to call control 220. Call control 220 carries out several functions in response to the call setup request. For example, call control 220 analyzes the call setup request, conditionally invokes call scoring 210 and/or conditionally invokes authentication 225, and may subsequently complete the call and/or generate appropriate call detail record(s). In particular, call control 220 operates in conjunction with call scoring 210 and authentication 225 to carry out the steps previously described in the flowchart of FIG. 1.
In sum, call scoring function 210, when invoked or otherwise activated, scores calls based on the call detail records supplied by call control function 220 and provides the basis for a decision as to whether authentication needs to be invoked for the particular call. Authentication function 225 receives data about or from user 224 either directly via a connection established by call control 220 or indirectly via services provided by call control 220. The type of data supplied to authentication function 225 will vary depending on the type of authentication method being used, e.g., voice print analysis, other biometric analysis, password, and so on. Provisioning function 250 changes the state of information in call control 220, call scoring 210, and authentication function 225 based on requests generated by any one of those systems or by an external system (not shown). Additionally, provisioning function 250 may be used to implement appropriate actions in conjunction with network 200 for a particular call based on the call scoring and authentication processes. 13
FIGS. 4 and 5 show an Intelligent Network (IN)-based architecture and an adjunct-based architecture, respectively, in which the principles of the invention may be used. It should be noted that the principles of the invention can be used in many different types of network architectures. As such, the exemplary network architectures shown and described herein are meant to be illustrative only and not limiting in any way.
Referring to FIG. 4, user 424 may be supported by any type of customer premise equipment or mobile transmitter. In this illustrative embodiment, call control 420 is implemented in three nodes in the Intelligent Network (IN) architecture, those being Service Switching Point (SSP) 421, Signal Transfer Point (STP) 422, and Service Control Point (SCP) 423. Service Switching Point 421 provides basic analysis of call set-up requests, routes calls, and sends requests for service processing guidance to Service Control Point 423. Service Control Point 423 makes service decisions, requests call scoring support from call scoring function 410, and instructs Service Switching Point 421 to route calls to authentication function 425 when appropriate. Communication among Service Switching Point 421, Service Control Point 423, and, if desired, authentication function 425, is supported by a common channel signaling network in which messages may be routed by one or more of Signal Transfer Points 422. Call scoring function 410 could be implemented in a separate operations system. As such, the interface between call scoring function 410 and call control 420 is Service Control Point 423 via an operations interface capable of call processing speeds and reliability. Authentication function 425 can be supported either in a separate services node, e.g., an authentication server as shown, or within Service Control Point 423. Provisioning is carried out in Service Management System 450.
In one possible adjunct implementation shown in FIG. 5, all call control is implemented within a switching element 510, while fraud management (e.g., scoring) and authentication services are supported out of a common adjunct 520. The interface between switching element 510 and adjunct 520 may be any link supporting call set-up signaling, service signaling and voice trunking, such as the Integrated Services Digital Network (ISDN) Basic Rate Interface (BRI) or 14
Primary Rate Interface (PRI). In this illustrative implementation, switching element 510 provides analysis of call set-up requests, makes service decisions, requests call scoring support from adjunct 520, determines whether to route calls to adjunct 520 for authentication and routes those calls. Adjunct 520 provides call scoring and authentication. Provisioning, again, is carried out in a separate provisioning system 530 that is connected to all elements.
The basic flow described above can be applied to a variety of telecommunications services. One illustrative but not limiting example is calling card. A brief description of the processing performed by typical calling card services in the absence of in-call fraud prevention is first provided to assist in understanding how the principles of the invention can then be applied in the calling card context.
FIG. 4, which provides one of many possible network implementations supporting calling card services, can illustrate both provisioning and call processing. When a new account is opened, information on the account is loaded from service management system 450 into SCP 423. The subscriber 424 of the service is then able to use his/her card. The subscriber 424 dials a call which is interpreted by SSP 421 as requiring additional services. This is usually based on the dialing of the call, such as the dialing of a 0+ prefix or a toll-free number associated with operator services. Through interaction with SSP 421, the subscriber identifies that calling card services are requested and enters his/her card number. The card number is validated by SCP 423, which instructs the SSP 421 to complete the call, re-prompt for card information, route the call to an operator or deny service. In-call prevention may be applied to this service flow. Again, as an illustrative but not limiting example, consider FIG. 4. When new service on the card is opened, authenticating information is collected either by an external system and loaded by the service management system 450 into authentication 425, or is entered directly by the subscriber into authentication 425. In the latter case, the subscriber is instructed to dial a particular number which is interpreted by call control 420 as a request for connection into the authentication system 425. The authentication system 425 recognizes the call as a registration and collects 15
required information from the subscriber. Once the authentication system is properly loaded, service management system loads the account information in SCP 423 and the service is ready for use.
At some point in the history of the account, scoring 410 will determine that authentication should be activated, based on call detail records. Scoring 410 will issue a request via service management system 450 to activate authentication. In this example, assume that score-based authentication is requested. Once activated, subsequent calls are processed as follows. The subscriber 424 dials a call which is interpreted by SSP 421 as requiring additional services. This is usually based on the dialing of the call, such as the dialing of a 0+ prefix or a toll-free number associated with operator services. Through interaction with SSP 421, the subscriber identifies that calling card services are requested and enters his/her card number. The card number is transmitted to SCP 423 for validation, which also recognizes that scoring and authentication have been activated on this account. While validating the card, SCP 423 also transmits a scoring request to scoring 410 which will respond with an instruction to either authenticate the call, process the call according to SCP validation (without authentication), route the call to an attendant, or deny the call entirely. If the response is to authenticate, the SCP 423 will send an instruction to the SSP 421 to route the call to authentication 425. Authentication will then challenge the subscriber 424 using whatever authentication technique(s) it employs. The result of authentication (pass, fail, ambiguous) is returned to the SCP 423 via the SSP 421. The SCP then decides whether the call should be allowed, denied or routed to an attendant and instructs SSP 421 accordingly. Optionally, the SCP 423 will provide information on authentication to scoring 410 for case management purposes.
It should also be noted that implementation of in-call prevention for calling card services can also be carried out using multiple platforms. Accordingly, various modifications to the implementation details of the principles of the invention based on particular services (e.g., calling card) and particular network configurations will be apparent to those skilled in the art in view of the teachings herein. 16
As described herein, the present invention can be embodied in the form of methods and apparatuses for practicing those methods. The invention can also be embodied in the form of program code embodied in tangible media, such as floppy diskettes, CD-ROMs, hard drives, or any other machine-readable storage medium, wherein, when the program code is loaded into and executed by a machine, such as a computer, the machine becomes an apparatus for practicing the invention. The present invention can also be embodied in the form of program code, for example, whether stored in a storage medium, loaded into and/or executed by a machine, or transmitted over some transmission medium, such as over electrical wiring or cabling, through fiber optics, or via electromagnetic radiation, wherein, when the program code is loaded into and executed by a machine, such as a computer, the machine becomes an apparatus for practicing the invention. When implemented on a general-purpose processor, the program code segments combine with the processor to provide a unique device that operates analogously to specific logic circuits.
It should also be noted that the foregoing merely illustrates the principles of the invention. It will thus be appreciated that those skilled in the art will be able to devise various arrangements which, although not explicitly described or shown herein, embody the principles of the invention and are included within its spirit and scope. Furthermore, all examples and conditional language recited herein are principally intended expressly to be only for pedagogical purposes to aid the reader in understanding the principles of the invention and the concepts contributed by the inventor(s) to furthering the art, and are to be construed as being without limitation to such specifically recited examples and conditions. Moreover, all statements herein reciting principles, aspects, and embodiments of the invention, as well as specific examples thereof, are intended to encompass both structural and functional equivalents thereof. Additionally, it is intended that such equivalents include both currently known equivalents as well as equivalents developed in the future, i.e., any elements developed that perform the same function, regardless of structure.
Thus, for example, it will be appreciated by those skilled in the art that the block diagrams herein represent conceptual views of illustrative circuitry 17
embodying the principles of the invention. Similarly, it will be appreciated that any flow charts, flow diagrams, state transition diagrams, pseudocode, and the like represent various processes which may be substantially represented in computer readable medium and so executed by a computer or processor, whether or not such computer or processor is explicitly shown.
The functions of the various elements shown in the drawing may be provided through the use of dedicated hardware as well as hardware capable of executing software in association with appropriate software. When provided by a processor, the functions may be provided by a single dedicated processor, by a single shared processor, or by a plurality of individual processors, some of which may be shared. Moreover, a "processor" or "controller" should not be construed to refer exclusively to hardware capable of executing software, and may implicitly include, without limitation, digital signal processor (DSP) hardware, read-only memory (ROM) for storing software, random access memory (RAM), and non-volatile storage. Other hardware, conventional and/or custom, may also be included. Similarly, any switches shown in the drawing are conceptual only. Their function may be carried out through the operation of program logic, through dedicated logic, through the interaction of program control and dedicated logic, or even manually, the particular technique being selectable by the implementor as more specifically understood from the context.
In the claims hereof any element expressed as a means for performing a specified function is intended to encompass any way of performing that function including, for example, a) a combination of circuit elements which performs that function or b) software in any form, including, therefore, firmware, microcode or the like, combined with appropriate circuitry for executing that software to perform the function. The invention as defined by such claims resides in the fact that the functionalities provided by the various recited means are combined and brought together in the manner which the claims call for. Applicants thus regard any means which can provide those functionalities as equivalent to those shown herein.

Claims

18WHAT IS CLAIMED IS:
1. A method for reducing fraudulent activity in a telecommunication network, comprising the step of: automatically and selectively invoking at least one authentication measure during a call processing state for a particular call as a function of scoring calls for the likelihood of fraud, such that fraudulent activity in the network is reduced and disruptions to legitimate activity in the network are reduced.
2. The method of claim 1, wherein the at least one authentication measure comprises voice verification.
3. The method of claim 1, wherein the at least one authentication measure comprises a biometric validation process.
4. The method of claim 1, wherein the at least one authentication measure comprises a shared knowledge-based process.
5. The method of claim 1, wherein scoring is done on a call-by-call basis using a real-time transaction processing platform.
6. The method of claim 1, wherein a fraud score of an individual call is representative of the Ukelihood of fraud based on learned behavior of a subscriber comprising a subscriber signature and learned behavior of fraudulent calling activity comprising a fraud signature.
7. A method for controlling a network where transactions occur, comprising the step of: automatically and selectively invoking at least one process during a particular transaction based on automated analysis of usage in the network.
8. A method for reducing fraudulent activity in a telecommunication network, comprising the steps of: registering a subscriber by collecting data on that subscriber, wherein the data corresponds to a prescribed authentication measure; 19
activating the prescribed authentication measure for that subscriber's account; scoring a call for the likelihood of fraud during a call setup request phase; if fraud is not suspected based on the scoring step, resuming normal call processing for the call; and if fraud is suspected based on the scoring step, automatically invoking authentication for the call.
9. The method of claim 8, further comprising the step of, if authentication indicates suspicion of fraud, initiating one or more prescribed call processing measures.
10. The method of claim 9, wherein the step of initiating one or more prescribed call processing measures includes the step of blocking the call.
11. The method of claim 8, wherein the prescribed authentication measure is voice verification, and wherein the step of registering includes the step of collecting a voice print for the subscriber.
12. The method of claim 8, wherein the step of activating includes the step of receiving input from an external fraud management system that recommends authentication based on analysis of a suspected fraud case.
13. The method of claim 8, wherein a fraud score of an individual call is representative of the likelihood of fraud based on the learned behavior of a subscriber comprising a subscriber signature and the learned behavior of fraudulent calling activity comprising a fraud profile.
14. A system for preventing fraud in a network, comprising: means for scoring calls in the network for the likelihood of fraud; and means for automatically and selectively invoking at least one authentication measure during a call processing state for a particular call as a function of output supplied by the means for scoring, 20
such that fraudulent activity in the network is reduced and disruptions to legitimate activity in the network are reduced.
PCT/US1999/007442 1998-04-03 1999-04-05 Automated and selective authentication in transaction-based networks WO1999052261A1 (en)

Priority Applications (6)

Application Number Priority Date Filing Date Title
EP99915269A EP1068715B1 (en) 1998-04-03 1999-04-05 Automated and selective authentication in transaction-based networks
CA002327338A CA2327338C (en) 1998-04-03 1999-04-05 Automated and selective authentication in transaction-based networks
BR9909163-1A BR9909163A (en) 1998-04-03 1999-04-05 Automated and selective intervention in transaction-based networks
AU33823/99A AU3382399A (en) 1998-04-03 1999-04-05 Automated and selective authentication in transaction-based networks
JP2000542900A JP4251521B2 (en) 1998-04-03 1999-04-05 Automated selective intervention in transaction-based networks
DE69942789T DE69942789D1 (en) 1998-04-03 1999-04-05 AUTOMATED AND SELECTIVE AUTHENTICATION FOR TRANSACTIONS

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US8000698P 1998-04-03 1998-04-03
US60/080,006 1998-04-03
US09/283,673 1999-04-02
US09/283,673 US6157707A (en) 1998-04-03 1999-04-02 Automated and selective intervention in transaction-based networks

Publications (1)

Publication Number Publication Date
WO1999052261A1 true WO1999052261A1 (en) 1999-10-14

Family

ID=26762716

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1999/007442 WO1999052261A1 (en) 1998-04-03 1999-04-05 Automated and selective authentication in transaction-based networks

Country Status (9)

Country Link
US (1) US6157707A (en)
EP (1) EP1068715B1 (en)
JP (1) JP4251521B2 (en)
CN (1) CN1295753A (en)
AU (1) AU3382399A (en)
BR (1) BR9909163A (en)
CA (1) CA2327338C (en)
DE (1) DE69942789D1 (en)
WO (1) WO1999052261A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001177520A (en) * 1999-10-29 2001-06-29 Alcatel Method, communication system and device for authorizing communication between at least two devices
AU2001258665B2 (en) * 2000-03-08 2006-06-01 Aurora Wireless Technologies, Ltd. Method and apparatus for reducing on-line fraud using personal digital identification
CN103685613A (en) * 2013-12-05 2014-03-26 江苏大学 Telephone-fraud-resistant system based on voice recognition and method thereof

Families Citing this family (119)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6763098B1 (en) * 1998-06-01 2004-07-13 Mci Communications Corporation Call blocking based on call properties
US6356630B1 (en) * 1999-07-09 2002-03-12 Lucent Technologies, Inc. Telephone calling card service system integrating virtual destination numbers
KR100384943B1 (en) * 1999-12-30 2003-06-18 엘지전자 주식회사 Method For Intelligent Network Processing Of Authentication Failure or Authorization Denied Subscriber
US6779120B1 (en) 2000-01-07 2004-08-17 Securify, Inc. Declarative language for specifying a security policy
US8074256B2 (en) * 2000-01-07 2011-12-06 Mcafee, Inc. Pdstudio design system and method
AU2656500A (en) * 2000-02-29 2001-09-12 Swisscom Mobile Ag Transaction confirmation method, authentication server and wap server
US6570968B1 (en) * 2000-05-22 2003-05-27 Worldcom, Inc. Alert suppression in a telecommunications fraud control system
US7917647B2 (en) * 2000-06-16 2011-03-29 Mcafee, Inc. Method and apparatus for rate limiting
US20030208689A1 (en) * 2000-06-16 2003-11-06 Garza Joel De La Remote computer forensic evidence collection system and process
US20020161711A1 (en) * 2001-04-30 2002-10-31 Sartor Karalyn K. Fraud detection method
DE60237833D1 (en) * 2001-07-18 2010-11-11 Daon Holdings Ltd DISTRIBUTED NETWORK SYSTEM WITH BIOMETRIC ACCESS TESTING
US7149296B2 (en) * 2001-12-17 2006-12-12 International Business Machines Corporation Providing account usage fraud protection
US6804331B1 (en) 2002-03-27 2004-10-12 West Corporation Method, apparatus, and computer readable media for minimizing the risk of fraudulent receipt of telephone calls
US6937702B1 (en) 2002-05-28 2005-08-30 West Corporation Method, apparatus, and computer readable media for minimizing the risk of fraudulent access to call center resources
US9710852B1 (en) 2002-05-30 2017-07-18 Consumerinfo.Com, Inc. Credit report timeline user interface
US9400589B1 (en) 2002-05-30 2016-07-26 Consumerinfo.Com, Inc. Circular rotational interface for display of consumer credit information
US7403967B1 (en) 2002-06-18 2008-07-22 West Corporation Methods, apparatus, and computer readable media for confirmation and verification of shipping address data associated with a transaction
GB2391373A (en) * 2002-07-31 2004-02-04 David Toms A system for the automatic detection of a fraudulent transaction
US7817791B2 (en) * 2003-05-15 2010-10-19 Verizon Business Global Llc Method and apparatus for providing fraud detection using hot or cold originating attributes
US7971237B2 (en) * 2003-05-15 2011-06-28 Verizon Business Global Llc Method and system for providing fraud detection for remote access services
US7761374B2 (en) * 2003-08-18 2010-07-20 Visa International Service Association Method and system for generating a dynamic verification value
US7740168B2 (en) 2003-08-18 2010-06-22 Visa U.S.A. Inc. Method and system for generating a dynamic verification value
US8712919B1 (en) 2003-10-03 2014-04-29 Ebay Inc. Methods and systems for determining the reliability of transaction
US20050125226A1 (en) * 2003-10-29 2005-06-09 Paul Magee Voice recognition system and method
US20050125280A1 (en) * 2003-12-05 2005-06-09 Hewlett-Packard Development Company, L.P. Real-time aggregation and scoring in an information handling system
US7313575B2 (en) * 2004-06-14 2007-12-25 Hewlett-Packard Development Company, L.P. Data services handler
US20060041464A1 (en) * 2004-08-19 2006-02-23 Transunion Llc. System and method for developing an analytic fraud model
US7653742B1 (en) 2004-09-28 2010-01-26 Entrust, Inc. Defining and detecting network application business activities
DE102005007802A1 (en) * 2005-02-21 2006-08-24 Robert Bosch Gmbh Method for object plausibility in driver assistance systems
JP2006259836A (en) * 2005-03-15 2006-09-28 Oki Consulting Solutions Co Ltd Unauthorized use monitoring system and method
US7783745B1 (en) 2005-06-27 2010-08-24 Entrust, Inc. Defining and monitoring business rhythms associated with performance of web-enabled business processes
US8082349B1 (en) 2005-10-21 2011-12-20 Entrust, Inc. Fraud protection using business process-based customer intent analysis
US8234494B1 (en) * 2005-12-21 2012-07-31 At&T Intellectual Property Ii, L.P. Speaker-verification digital signatures
US9065643B2 (en) 2006-04-05 2015-06-23 Visa U.S.A. Inc. System and method for account identifier obfuscation
US7818264B2 (en) 2006-06-19 2010-10-19 Visa U.S.A. Inc. Track data encryption
US8495231B1 (en) * 2006-05-16 2013-07-23 Cisco Technology, Inc. System and method for remote call control
US7657497B2 (en) * 2006-11-07 2010-02-02 Ebay Inc. Online fraud prevention using genetic algorithm solution
US8542802B2 (en) 2007-02-15 2013-09-24 Global Tel*Link Corporation System and method for three-way call detection
US8285656B1 (en) 2007-03-30 2012-10-09 Consumerinfo.Com, Inc. Systems and methods for data verification
US8010502B2 (en) * 2007-04-13 2011-08-30 Harris Corporation Methods and systems for data recovery
WO2008147918A2 (en) 2007-05-25 2008-12-04 Experian Information Solutions, Inc. System and method for automated detection of never-pay data sets
US8121942B2 (en) * 2007-06-25 2012-02-21 Visa U.S.A. Inc. Systems and methods for secure and transparent cardless transactions
US7739169B2 (en) 2007-06-25 2010-06-15 Visa U.S.A. Inc. Restricting access to compromised account information
CN100566251C (en) 2007-08-01 2009-12-02 西安西电捷通无线网络通信有限公司 A kind of trusted network connection method that strengthens fail safe
US8127986B1 (en) 2007-12-14 2012-03-06 Consumerinfo.Com, Inc. Card registry systems and methods
US9990674B1 (en) 2007-12-14 2018-06-05 Consumerinfo.Com, Inc. Card registry systems and methods
US8312033B1 (en) 2008-06-26 2012-11-13 Experian Marketing Solutions, Inc. Systems and methods for providing an integrated identifier
US9256904B1 (en) 2008-08-14 2016-02-09 Experian Information Solutions, Inc. Multi-bureau credit file freeze and unfreeze
US8060424B2 (en) 2008-11-05 2011-11-15 Consumerinfo.Com, Inc. On-line method and system for monitoring and reporting unused available credit
BRPI0921124A2 (en) 2008-11-06 2016-09-13 Visa Int Service Ass system for authenticating a consumer, computer implemented method, computer readable medium, and server computer.
US9225838B2 (en) 2009-02-12 2015-12-29 Value-Added Communications, Inc. System and method for detecting three-way call circumvention attempts
US20110022518A1 (en) * 2009-07-22 2011-01-27 Ayman Hammad Apparatus including data bearing medium for seasoning a device using data obtained from multiple transaction environments
US9396465B2 (en) * 2009-07-22 2016-07-19 Visa International Service Association Apparatus including data bearing medium for reducing fraud in payment transactions using a black list
US20110106579A1 (en) * 2009-11-04 2011-05-05 Sapience Technology, Inc. System and Method of Management and Reduction of Subscriber Churn in Telecommunications Networks
US9652802B1 (en) 2010-03-24 2017-05-16 Consumerinfo.Com, Inc. Indirect monitoring and reporting of a user's credit data
US8725613B1 (en) * 2010-04-27 2014-05-13 Experian Information Solutions, Inc. Systems and methods for early account score and notification
US9118669B2 (en) 2010-09-30 2015-08-25 Alcatel Lucent Method and apparatus for voice signature authentication
US8930262B1 (en) 2010-11-02 2015-01-06 Experian Technology Ltd. Systems and methods of assisted strategy design
US9147042B1 (en) 2010-11-22 2015-09-29 Experian Information Solutions, Inc. Systems and methods for data verification
US9058607B2 (en) * 2010-12-16 2015-06-16 Verizon Patent And Licensing Inc. Using network security information to detection transaction fraud
EP2676197B1 (en) 2011-02-18 2018-11-28 CSidentity Corporation System and methods for identifying compromised personally identifiable information on the internet
US9558519B1 (en) 2011-04-29 2017-01-31 Consumerinfo.Com, Inc. Exposing reporting cycle information
US9665854B1 (en) 2011-06-16 2017-05-30 Consumerinfo.Com, Inc. Authentication alerts
US9483606B1 (en) 2011-07-08 2016-11-01 Consumerinfo.Com, Inc. Lifescore
US9106691B1 (en) 2011-09-16 2015-08-11 Consumerinfo.Com, Inc. Systems and methods of identity protection and management
US8738516B1 (en) 2011-10-13 2014-05-27 Consumerinfo.Com, Inc. Debt services candidate locator
US11030562B1 (en) 2011-10-31 2021-06-08 Consumerinfo.Com, Inc. Pre-data breach monitoring
US8458090B1 (en) * 2012-04-18 2013-06-04 International Business Machines Corporation Detecting fraudulent mobile money transactions
US9853959B1 (en) 2012-05-07 2017-12-26 Consumerinfo.Com, Inc. Storage and maintenance of personal data
US9654541B1 (en) 2012-11-12 2017-05-16 Consumerinfo.Com, Inc. Aggregating user web browsing data
US9916621B1 (en) 2012-11-30 2018-03-13 Consumerinfo.Com, Inc. Presentation of credit score factors
US10255598B1 (en) 2012-12-06 2019-04-09 Consumerinfo.Com, Inc. Credit card account data extraction
US9143506B2 (en) 2013-02-13 2015-09-22 Daniel Duncan Systems and methods for identifying biometric information as trusted and authenticating persons using trusted biometric information
US8572398B1 (en) 2013-02-13 2013-10-29 Daniel Duncan Systems and methods for identifying biometric information as trusted and authenticating persons using trusted biometric information
US8914645B2 (en) 2013-02-13 2014-12-16 Daniel Duncan Systems and methods for identifying biometric information as trusted and authenticating persons using trusted biometric information
US9697263B1 (en) 2013-03-04 2017-07-04 Experian Information Solutions, Inc. Consumer data request fulfillment system
US8812387B1 (en) 2013-03-14 2014-08-19 Csidentity Corporation System and method for identifying related credit inquiries
US9406085B1 (en) 2013-03-14 2016-08-02 Consumerinfo.Com, Inc. System and methods for credit dispute processing, resolution, and reporting
US9870589B1 (en) 2013-03-14 2018-01-16 Consumerinfo.Com, Inc. Credit utilization tracking and reporting
US10102570B1 (en) 2013-03-14 2018-10-16 Consumerinfo.Com, Inc. Account vulnerability alerts
US9633322B1 (en) 2013-03-15 2017-04-25 Consumerinfo.Com, Inc. Adjustment of knowledge-based authentication
US10664936B2 (en) 2013-03-15 2020-05-26 Csidentity Corporation Authentication systems and methods for on-demand products
US10685398B1 (en) 2013-04-23 2020-06-16 Consumerinfo.Com, Inc. Presenting credit score information
US9721147B1 (en) 2013-05-23 2017-08-01 Consumerinfo.Com, Inc. Digital identity
US9443268B1 (en) 2013-08-16 2016-09-13 Consumerinfo.Com, Inc. Bill payment and reporting
JP2014027671A (en) * 2013-09-13 2014-02-06 Fujitsu Ltd Radio base station, communication system, and communication control method
US10325314B1 (en) 2013-11-15 2019-06-18 Consumerinfo.Com, Inc. Payment reporting systems
US10102536B1 (en) 2013-11-15 2018-10-16 Experian Information Solutions, Inc. Micro-geographic aggregation system
US9477737B1 (en) 2013-11-20 2016-10-25 Consumerinfo.Com, Inc. Systems and user interfaces for dynamic access of multiple remote databases and synchronization of data based on user rules
US9529851B1 (en) 2013-12-02 2016-12-27 Experian Information Solutions, Inc. Server architecture for electronic data quality processing
US10262362B1 (en) 2014-02-14 2019-04-16 Experian Information Solutions, Inc. Automatic generation of code for attributes
USD759689S1 (en) 2014-03-25 2016-06-21 Consumerinfo.Com, Inc. Display screen or portion thereof with graphical user interface
USD760256S1 (en) 2014-03-25 2016-06-28 Consumerinfo.Com, Inc. Display screen or portion thereof with graphical user interface
USD759690S1 (en) 2014-03-25 2016-06-21 Consumerinfo.Com, Inc. Display screen or portion thereof with graphical user interface
US9892457B1 (en) 2014-04-16 2018-02-13 Consumerinfo.Com, Inc. Providing credit data in search results
US10373240B1 (en) 2014-04-25 2019-08-06 Csidentity Corporation Systems, methods and computer-program products for eligibility verification
US9996837B2 (en) 2014-06-06 2018-06-12 Visa International Service Association Integration of secure protocols into a fraud detection system
US10339527B1 (en) 2014-10-31 2019-07-02 Experian Information Solutions, Inc. System and architecture for electronic fraud detection
US9641680B1 (en) * 2015-04-21 2017-05-02 Eric Wold Cross-linking call metadata
US11151468B1 (en) 2015-07-02 2021-10-19 Experian Information Solutions, Inc. Behavior analysis using distributed representations of event data
US10757154B1 (en) 2015-11-24 2020-08-25 Experian Information Solutions, Inc. Real-time event-based notification system
US20180089688A1 (en) * 2016-09-27 2018-03-29 Mastercard International Incorporated System and methods for authenticating a user using biometric data
US11227001B2 (en) 2017-01-31 2022-01-18 Experian Information Solutions, Inc. Massive scale heterogeneous data ingestion and user resolution
US9930088B1 (en) 2017-06-22 2018-03-27 Global Tel*Link Corporation Utilizing VoIP codec negotiation during a controlled environment call
US10735183B1 (en) 2017-06-30 2020-08-04 Experian Information Solutions, Inc. Symmetric encryption for private smart contracts among multiple parties in a private peer-to-peer network
US10616411B1 (en) 2017-08-21 2020-04-07 Wells Fargo Bank, N.A. System and method for intelligent call interception and fraud detecting audio assistant
US10699028B1 (en) 2017-09-28 2020-06-30 Csidentity Corporation Identity security architecture systems and methods
US10896472B1 (en) 2017-11-14 2021-01-19 Csidentity Corporation Security and identity verification system and architecture
US10911234B2 (en) 2018-06-22 2021-02-02 Experian Information Solutions, Inc. System and method for a token gateway environment
CN109003181B (en) * 2018-08-17 2022-05-13 腾讯科技(深圳)有限公司 Suspicious user determination method, device, equipment and computer readable storage medium
US10901757B1 (en) * 2018-08-29 2021-01-26 West Corporation System and method for assisting an agent during a client interaction
US20200074541A1 (en) 2018-09-05 2020-03-05 Consumerinfo.Com, Inc. Generation of data structures based on categories of matched data items
US10963434B1 (en) 2018-09-07 2021-03-30 Experian Information Solutions, Inc. Data architecture for supporting multiple search models
US10951635B2 (en) * 2018-09-20 2021-03-16 Cisco Technology, Inc. System and method to estimate network disruption index
US11315179B1 (en) 2018-11-16 2022-04-26 Consumerinfo.Com, Inc. Methods and apparatuses for customized card recommendations
WO2020146667A1 (en) 2019-01-11 2020-07-16 Experian Information Solutions, Inc. Systems and methods for secure data aggregation and computation
US11238656B1 (en) 2019-02-22 2022-02-01 Consumerinfo.Com, Inc. System and method for an augmented reality experience via an artificial intelligence bot
US11880377B1 (en) 2021-03-26 2024-01-23 Experian Information Solutions, Inc. Systems and methods for entity resolution
US11463574B1 (en) * 2021-06-07 2022-10-04 Capital One Services, Llc Restricting access based on voice communication parameters

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5465387A (en) * 1993-10-08 1995-11-07 At&T Corp. Adaptive fraud monitoring and control
WO1996008907A2 (en) * 1994-09-16 1996-03-21 Mci Communications Corporation Method and system therefor of establishing an acceptance threshold for controlling fraudulent telephone calls
GB2303275A (en) * 1995-07-13 1997-02-12 Northern Telecom Ltd Detecting mobile telephone misuse

Family Cites Families (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4363102A (en) * 1981-03-27 1982-12-07 Bell Telephone Laboratories, Incorporated Speaker identification system using word recognition templates
US4799255A (en) * 1987-01-30 1989-01-17 American Telephone And Telegraph Company - At&T Information Systems Communication facilities access control arrangement
US5375244A (en) * 1992-05-29 1994-12-20 At&T Corp. System and method for granting access to a resource
US5357564A (en) * 1992-08-12 1994-10-18 At&T Bell Laboratories Intelligent call screening in a virtual communications network
US5819226A (en) * 1992-09-08 1998-10-06 Hnc Software Inc. Fraud detection using predictive modeling
CA2105034C (en) * 1992-10-09 1997-12-30 Biing-Hwang Juang Speaker verification with cohort normalized scoring
US5345595A (en) * 1992-11-12 1994-09-06 Coral Systems, Inc. Apparatus and method for detecting fraudulent telecommunication activity
US5506893A (en) * 1993-02-19 1996-04-09 At&T Corp. Telecommunication network arrangement for providing real time access to call records
TW225623B (en) * 1993-03-31 1994-06-21 American Telephone & Telegraph Real-time fraud monitoring system
US5677989A (en) * 1993-04-30 1997-10-14 Lucent Technologies Inc. Speaker verification system and process
US5602906A (en) * 1993-04-30 1997-02-11 Sprint Communications Company L.P. Toll fraud detection system
US5502759A (en) * 1993-05-13 1996-03-26 Nynex Science & Technology, Inc. Apparatus and accompanying methods for preventing toll fraud through use of centralized caller voice verification
US5448760A (en) * 1993-06-08 1995-09-05 Corsair Communications, Inc. Cellular telephone anti-fraud system
US5566234A (en) * 1993-08-16 1996-10-15 Mci Communications Corporation Method for controlling fraudulent telephone calls
US5504810A (en) * 1993-09-22 1996-04-02 At&T Corp. Telecommunications fraud detection scheme
US5495521A (en) * 1993-11-12 1996-02-27 At&T Corp. Method and means for preventing fraudulent use of telephone network
US5623539A (en) * 1994-01-27 1997-04-22 Lucent Technologies Inc. Using voice signal analysis to identify authorized users of a telephone system
US5627886A (en) * 1994-09-22 1997-05-06 Electronic Data Systems Corporation System and method for detecting fraudulent network usage patterns using real-time network monitoring
US5768354A (en) * 1995-02-02 1998-06-16 Mci Communications Corporation Fraud evaluation and reporting system and method thereof

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5465387A (en) * 1993-10-08 1995-11-07 At&T Corp. Adaptive fraud monitoring and control
WO1996008907A2 (en) * 1994-09-16 1996-03-21 Mci Communications Corporation Method and system therefor of establishing an acceptance threshold for controlling fraudulent telephone calls
GB2303275A (en) * 1995-07-13 1997-02-12 Northern Telecom Ltd Detecting mobile telephone misuse

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
HANAGANDI V ET AL: "DENSITY-BASED CLUSTERING AND RADIAL BASIS FUNCTION MODELING TO GENERATE CREDIT CARD FRAUD SCORES", 24 March 1996, PROCEEDINGS OF THE IEEE/IAFE CONFERENCE ON COMPUTATIONAL INTELLIGENCE FOR FINANCIAL ENGINEERING, PAGE(S) 247 - 251, XP000607379 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001177520A (en) * 1999-10-29 2001-06-29 Alcatel Method, communication system and device for authorizing communication between at least two devices
AU2001258665B2 (en) * 2000-03-08 2006-06-01 Aurora Wireless Technologies, Ltd. Method and apparatus for reducing on-line fraud using personal digital identification
CN103685613A (en) * 2013-12-05 2014-03-26 江苏大学 Telephone-fraud-resistant system based on voice recognition and method thereof

Also Published As

Publication number Publication date
CA2327338C (en) 2004-09-21
AU3382399A (en) 1999-10-25
EP1068715B1 (en) 2010-09-22
US6157707A (en) 2000-12-05
EP1068715A1 (en) 2001-01-17
DE69942789D1 (en) 2010-11-04
CA2327338A1 (en) 1999-10-14
BR9909163A (en) 2000-12-05
JP2002510941A (en) 2002-04-09
JP4251521B2 (en) 2009-04-08
CN1295753A (en) 2001-05-16

Similar Documents

Publication Publication Date Title
US6157707A (en) Automated and selective intervention in transaction-based networks
US6163604A (en) Automated fraud management in transaction-based networks
EP1527552B1 (en) A system and method for the detection and termination of fraudulent services
US5566234A (en) Method for controlling fraudulent telephone calls
US7698182B2 (en) Optimizing profitability in business transactions
US8654948B2 (en) Systems and methods of detecting communications fraud
US9191351B2 (en) Real-time fraudulent traffic security for telecommunication systems
US20080101571A1 (en) Call routing method
US8243896B1 (en) Selection of a particular communication carrier from a plurality of communication carriers in a secure environment
JPH07500955A (en) Device for detecting and preventing cloning of subscriber numbers in cellular mobile telephone systems
EP3577886B1 (en) Detection and prevention of unwanted calls in a telecommunications system
US6396915B1 (en) Country to domestic call intercept process (CIP)
US8355492B1 (en) Systems and methods for remote call redirection detection and treatment
JP2003534731A (en) System and method for detecting fraudulent activity based on call attempt speed on calling number
US6856982B1 (en) System, intelligent network service engine and method for detecting a fraudulent call using real time fraud management tools
US20120099711A1 (en) Telecommunication fraud prevention system and method
US7372949B1 (en) System and method for call redirect detection and treatment
US6636592B2 (en) Method and system for using bad billed number records to prevent fraud in a telecommunication system
US6442265B1 (en) Method for detecting and reducing fraudulent telephone calls
US6801607B1 (en) System and method for preventing fraudulent calls using a common billing number
US6590967B1 (en) Variable length called number screening
MXPA00009425A (en) Automated and selective authentication in transaction-based networks
MXPA00009409A (en) Automated fraud management in transaction-based networks

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 99804522.5

Country of ref document: CN

AK Designated states

Kind code of ref document: A1

Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG UZ VN YU ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 1999915269

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: PA/a/2000/009425

Country of ref document: MX

ENP Entry into the national phase

Country of ref document: CA

Ref document number: 2327338

Country of ref document: CA

Kind code of ref document: A

Ref document number: 2000 542900

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: KR

WWE Wipo information: entry into national phase

Ref document number: IN/PCT/2000/465/CHE

Country of ref document: IN

WWP Wipo information: published in national office

Ref document number: 1999915269

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642