TRANSACTIONS CROSS REFERENCE TO RELATED APPLICATION

[001 ] The present application claims the benefits of priority to Chinese Application No. 201510019448.2, filed January 14, 2015, the entire contents of which are incorporated herein by reference.

TECHNICAL FIELD

[001] The present application relates to computer network technologies, and more particularly, to methods, systems, and apparatus for identifying risks in online transactions.

BACKGROUND

[002] Nowadays electronic commerce (e-commerce), as a new way of shopping, has been generally accepted and widely used. As a result, internet-based transactions have become more frequent. In addition, as smart mobile devices become popular, more people have started using internet-accessible (mobile) device terminals to perform transactions, which may become the most dominant way for payment in the near future.

[003] Meanwhile, as the total transaction amount conducted over the internet grows, transaction security becomes an issue. Due to possibilities of hacking or many other ways of illegally taking possession of other people's assets online, it has been extremely challenging for online payment and finance service providers to preemptively identify all potential threats. It is therefore important to develop technologies that can secure online transactions and eliminate potential breaches. [004] Existing online transaction security practices of traditional financial organizations usually involve authenticating an identification of an account by using a security digital certificate. This causes burden to users and is often user unfriendly.

SUMMARY

[005] One aspect of the present disclosure is directed to a method for identifying risks in online transactions. The method includes recording a

corresponding relation between an identification of a terminal device and an account after the terminal device logs in the account, calculating a total number of different accounts logged in by the terminal device within a first predetermined period of time, based on the corresponding relation, and calculating, based on the total number of different accounts, a transaction risk value representing a transaction risk of using the terminal device to perform an online transaction.

[006] Another aspect of the present disclosure is directed to an apparatus for identifying risks in online transactions. The apparatus includes a recording module configured to record an identification of the terminal device and a corresponding relation between the identification and an account after the terminal device logs in the account, a total number of different accounts statistic module configured to calculate a total number of different accounts logged in by the terminal device within a first predetermined period of time, based on the corresponding relation, and a transaction risk calculation module configured to calculate, based on the total number of different accounts, a transaction risk value representing a transaction risk of using the terminal device to perform an online transaction.

[007] Additional objects and advantages of the present disclosure will be set forth in part in the following detailed description, and in part will be obvious from the description, or may be learned by practice of the present disclosure. The objects and advantages of the present disclosure will be realized and attained by means of the elements and combinations particularly pointed out in the appended claims.

[008] It is to be understood that the foregoing general description and the following detailed description are exemplary and explanatory only, and are not restrictive of the invention, as claimed.

BRIEF DESCRIPTION OF THE DRAWINGS

[009] The accompanying drawings, which constitute a part of this

specification, illustrate several embodiments and, together with the description, serve to explain the disclosed principles.

[010] FIG. 1 is a flow diagram illustrating a method for identifying risks in online transactions, according to an exemplary embodiment.

[01 1] FIG. 2 is a flow diagram illustrating another method for identifying risks in online transactions according to an exemplary embodiment.

[012] FIG. 3 is a graphical representation illustrating a function for identifying risks in online transactions, according to an exemplary embodiment.

[013] FIG. 4 is a graphical representation illustrating another function for identifying risks in online transactions, according to an exemplary embodiment.

[014] FIG. 5 is a graphical representation illustrating another function for identifying risks in online transactions, according to an exemplary embodiment.

[015] FIG. 6 is a flow diagram illustrating another method for identifying risks in online transactions, according to an exemplary embodiment.

[016] FIG. 7 is a block diagram illustrating an apparatus for identifying risks in online transactions, according to an exemplary embodiment.

[017] FIG. 8 is a block diagram illustrating another apparatus for identifying risks in online transactions, according to an exemplary embodiment. [018] Fig. 9 is a block diagram illustrating another apparatus for identifying risks in online transactions, according to an exemplary embodiment.

DETAILED DESCRIPTION

[019] Reference will now be made in detail to exemplary embodiments of the invention, examples of which are illustrated in the accompanying drawings. The following description refers to the accompanying drawings in which the same numbers in different drawings represent the same or similar elements unless otherwise represented. The implementations set forth in the following description of exemplary embodiments consistent with the present invention do not represent all implementations consistent with the invention. Instead, they are merely examples of systems and methods consistent with aspects related to the invention as recited in the appended claims.

[020] Consistent with some embodiments, the present disclosure provides a method for online transaction risk identification based on a computer system. FIG. 1 is a flow diagram of the method 100 for online transaction risk identification based on a computer system.

[021 ] As shown in FIG. 1 , for example, the method for online transaction risk identification based on a computer system includes the following steps:

[022] Step 101 : collect and/or record a corresponding relation between an identification of a terminal device and an account after the terminal device logs in the account. The recording may be achieved via a webpage (e.g., a browser) or a mobile device.

[023] The identification of the terminal device may be implemented in various forms, as long as it can uniquely identify one terminal device, for example, a Media Access Control (MAC) address, a User Machine Identification (UMID) code, a Terminal Identification (TID) code, an identifier allocated to the terminal device by an application (APP) installed on the terminal device, a Subscriber Identity Module (SIM) card number, a processor identifier, a main board identifier, etc..

[024] The terms of the MAC address, the UMID code, and the TID code are explained as follows:

[025] MAC Address: Media Access Control address, or called a hardware address, is used for defining a location of a network device. In a network protocol OSI model, the Layer 3 Network Layer is responsible for IP address, whereas the Layer 2 Data Link Layer is responsible for MAC address. Thus, one host has one IP address, whereas each network location has a unique MAC address.

[026] UMID Code: User Machine Identification code is used for providing an accurate authentication service on an identification of a user machine.

[027] TID Code: Terminal Identification is used for providing an accurate identification service on a user's App environment.

[028] For example, to control risks, web browsers or cell phone clients can collect user device's finger print information, and encode the information for storage and recording (in which the internet generally uses, for example, MAC address, UMID code, TID code, etc.). The user's operation (which is not limited to a transaction) corresponding to an event in a system, and all relevant information involved in the event, such as a user name, an operation name, a device code of the device used (such as MAC address, UMID code, or TID code, etc.), and so on, can be recorded and stored.

[029] Step 102: calculate a total number of different accounts logged in by the terminal device within a first predetermined period of time, based on the corresponding relation(s). [030] Step 103: calculate, based on the total number of different accounts, a transaction risk value representing a transaction risk of using the terminal device to perform an online transaction.

[031 ] Once the transaction risk value is calculated, it not only can be used for online transaction, but also can be used for creating an online transaction blacklist, making credit assessment, and so on. For example, when the transaction risk value is used for creating an online transaction blacklist, for a plurality of terminal devices, a transaction risk value is respectively calculated for each of the terminal devices by using the method disclosed in the embodiments of the present disclosure; next, an identification of each terminal device with a transaction risk value higher than a preset threshold is obtained; and then, an online transaction blacklist is created. Thus, the terminal devices listed in the backlist will be rejected when performing online transactions.

[032] In this embodiment, by means of information analysis and data modeling on internet terminal devices used in online transactions, the system can identify a risk value in the online transactions and fund management, and that can help guarantee users' fund security in online shopping or financing during the users' normal usage.

[033] Consistent with some other embodiments, the present disclosure provides a method for online transaction risk identification based on a computer system. FIG. 2 is a flow diagram of the method 200 for online transaction risk identification based on a computer system.

[034] In these embodiments, besides a total number of different accounts, the computer system may further analyze a total number of logins of the terminal device within one time period, a total transaction amount, a time duration from the first login to a current time, thereby obtaining a more accurate transaction risk value. For example:

[035] Before Step 103, the method further includes the following steps:

[036] Step 1021 : calculate a total number of logins at the terminal device within a second predetermined period of time;

[037] Step 1022: acquire a time duration between a first login at the terminal device and a current time;

[038] Step 1023: calculate a total transaction amount within a third predetermined period of time.

[039] Correspondingly, Step 103 further includes a Sub-step 1031 : calculate a transaction risk value representing a transaction risk of using the terminal device to perform an online transaction, based on the total number of different accounts and at least one of the total number of logins, the time duration, or the total transaction amount.

[040] For example, the above Step 1021 to Step 1023 are not indispensable. Instead, they may be executed depending upon the total number of logins, the time duration, or the total transaction amount selected in any combination with the total number of different accounts. Moreover, the sequence thereof may not be fixed either. Therefore, any combination of the above steps and the execution sequence thereof all fall within the protection scope of the present application.

[041] In this embodiment, besides the total number of different accounts, the system may further analyze the total number of logins of the terminal device within one time period, the total transaction amount, and the time duration from the first login to a current time, so that the obtained transaction risk value is more accurate. [042] In addition, the method can further control the risks by performing a short message service (SMS) code authentication on each transaction, or making strict authority control on the terminal devices without installing digital certificates.

[043] Consistent with some other embodiments, the present disclosure provides another method for online transaction risk identification based on a computer system. In these embodiments, the computer system may

comprehensively consider the total number of different accounts of the terminal device, the total number of logins and the total transaction amount circulated within one time period, and the time duration from the first login to a current time, and may further considering a different weight of each of the above factors in calculating the transaction risk value, so that the calculated transaction risk value is more proper for the actual situation. For example:

[044] In Step 1031 , calculate a transaction risk value based on Equation (1 ).

[046] In Equation (1 ), / _j (F) and <¾ respectively represent a function of a total number of logins F and a weight thereof, / ₂ (R) and a ₂ respectively represent a function of a time duration R and a weight thereof , / ₃ (M) and <¾ respectively represent a function of a total transaction amount M and a weight thereof, and 0(U)and b respectively represent a function of a total number of different accounts

U and a weight thereof. In applications, when a certain factor is more important compared with the other factors, its weight can be set correspondingly. In one exemplary embodiment, <¾ , a ₂ , <¾ , and b are all 1 , and ₁ (F) , ₂ (R) , and / ₃ (M) are all normalization functions. [047] For example, the total number of different accounts on a certain device is can be for example 1 to 2, which is reasonable. If the device has too many accounts, it indicates that the device has a poor privacy feature, and even has a risk of being used maliciously.

[048] For example, in the step of calculating the transaction risk value based on Equation (1 ), / ₀ (U) is an exponential function / ₀ (U) = pow (1.2, U-l) , in which

U represents a total number of different accounts, 1.2 is a base of the exponential function, and U-l is an exponent of the exponential function.

[049] As an example, ₀ (U) may also be represented in other ways, which can also represent that the device has a lower risk when the total number of different accounts falls within a certain scope, for example, but not limited to, f ₀ (U) = ax ² + bx + c .

[050] In addition, the statistic data shows, the login activities of terminal devices fall within a certain scope; if the terminal device has a too low total number of logins, it implies that the terminal device is not frequently used, and if the terminal device has a too high total number of logins, it implies that the terminal device may be maliciously used.

[051 ] Considering the above situations, for example, the step of calculating the transaction risk value based on Equation (1 ) may further include a following sub- step:

[052] using a Chi-square distribution density curve function

(l/2) ^k/2

f _k (x) = x ^{k/2 x} e ^x/2 to perform normalization on the total number of logins. [053] In this case, in Equation (1 ), /,(F) is f _lk (F) = ;

[054] wherein, k represents a degree of freedom, F represents a total number of logins, and Γ represents Gamma function.

[055] In one embodiment, it sets the degree of freedom k=3, and statistically collects a total number of logins on the terminal device by users within 90 days, and a normalization curve is shown in FIG. 3. When the users' total number of logins reaches about 90 times, the normalization risk value approaches 1 .0, whereas when the total number of logins becomes lower or higher, the corresponding normalization risk value becomes smaller.

[056] The normalization of the total number of logins may be performed in

₁ (F-μ) ¹

other ways, for example, but not limited to, f _X (F) =— j=e ^{2t l} .

[057] The step of calculating the transaction risk value based on Equation (1 ) may further include the following sub-step:

2

using a logic equation f(x) = ₌ — 1 to perform normalization on the time l + e ^ax

duration.

[058] In this case, in Equation (1 ), / ₂ (R) is / ₂ (R) =— 1 ;

l + e ^a where, a parameter ^a is determined by f ₂ (R = 0) = K * f ₂ (R = R _ P) , R _ P = 15 quantile, and K = 100 .

[059] In one embodiment, a normalization curve of the time duration is shown in FIG. 4, and as the time duration from the first login of the terminal device to a current time increases, the normalization risk value presents a growing trend. [060] In addition, in some embodiments of the present disclosure, the normalization of the time duration may be performed in other ways, for example, but not limited to, /, (R) = ^{R ~ R} ™ ^« .

R max— R min

[061] The step of calculating the transaction risk value based on Equation (1 ) may further include the following sub-step:

2

using a logic equation f(x) = _: — 1 to perform normalization on the total

\ + e ^ax

transaction amount.

[062] In this case, in Equation (1 ), / ₃ (M) is ₃ (M) = - ° where, a parameter ^a is determined by f ₃ (M = 0) = K * f ₃ (M = M _ p) , M _ P = 99 quantile, and K = 100 .

[063] In one embodiment, a normalization curve of the total transaction amount is shown in FIG. 5, and as the total transaction amount circulating in the terminal device increases, the normalization risk value presents a growing trend.

[064] In addition, in some embodiments of the present disclosure, the normalization of the total transaction amount may be performed in other ways, for

M- M

example, but not limited to, f M) = ^ ¹² — .

M _MAX - M _MIN

[065] Consistent with some other embodiments of the present disclosure, an online transaction method is provided. FIG. 6 is a flow diagram of the online transaction method 600.

[066] For example, as shown in FIG. 6, the online transaction method includes the following steps: [067] Step 601 : calculate a transaction risk value of each terminal device involved in one transaction by using the methods provided in the above-described embodiments.

[068] Step 602: if the transaction risk value of one terminal device is higher than a preset threshold, reject the online transaction; otherwise, proceed the online transaction.

[069] As an example, the calculated transaction risk value may fall within a scope of 0-3. If the calculated transaction risk value is 3, the transaction is permitted. If the calculated transaction risk value is 2, other additional authentication modes can be added. If the calculated transaction risk value is 1 , manual auditing may be requested. If the calculated transaction risk value is 0, the transaction may be rejected. The relation between the score of the transaction risk value and its corresponding operation authority can be set in other ways depending upon the requirements of the actual situations, which is not limited herein.

[070] In this embodiment, based on the transaction risk value of each terminal device, the computer system controls the authority of the terminal device in performing online transactions, and that can effectively control the risks.

[071 ] The method embodiments of the present disclosure can be implemented in a form of software, hardware, firmware, and so on. Regardless that the present disclosure is implemented in a form of software, hardware, or firmware, instruction codes can be stored in any type of computer accessible storage (for example, permanent or erasable, volatile or non-volatile, solid or non-solid, fixed or replaceable medium, etc.). Similarly, the storage may be, for example,

Programmable Array Logic (PAL), Random Access Memory (RAM), Programmable Read Only Memory (PROM), Read-Only Memory (ROM), Electrically Erasable Programmable ROM (EEPROM), magnetic disc, optical disc, Digital Versatile Disc, (DVD), etc.

[072] Consistent with some embodiments of the present disclosure, an apparatus for online transaction risk identification based on a computer system is provided. FIG. 7 is a block diagram of the apparatus 700 for online transaction risk identification based on a computer system. For example, as shown in FIG. 7, the apparatus for online transaction risk identification based on a computer system may include a recording module 701 , for recording a corresponding relation between an identification of a terminal device and an account after the terminal device logs in the account, a total number of different accounts statistic module 702, for calculating a total number of different accounts logged in by the terminal device within a first predetermined period of time, based on the corresponding relation, and a transaction risk calculation module 703, for calculating, based on the total number of different accounts, a transaction risk value representing a transaction risk of using the terminal device to perform an online transaction. The apparatus 700 can implement the above-described methods. The detailed steps of the methods are not repeated here.

[073] By means of information analysis and data modeling on terminal devices on the Internet used in online transactions, the apparatus can identify a risk value in the online transactions and fund management, and that can help guarantee users' fund security in online shopping or financing during the users' normal usage.

[074] Consistent with some other embodiments of the present disclosure, an apparatus for online transaction risk identification based on a computer system is provided. FIG. 8 is a block diagram of the apparatus 800 for online transaction risk identification. [075] According to some embodiments, the apparatus 800, as shown in FIG. 8, besides a total number of different accounts, can further analyze a total number of logins of the terminal device within one time period, a total transaction amount, and a time duration from the first login to a current time, thereby obtaining a more accurate transaction risk value.

[076] To implement these functions, the apparatus 800 may further include the following modules:

a total number of logins statistic module 801 , for calculating a total number of logins at the terminal device within a second predetermined period of time; a time duration acquisition module 802, for acquiring a time duration between a first login at the terminal device and a current time; and

a total transaction amount statistic module 803, for calculating a total transaction amount within a third predetermined period of time.

[077] Correspondingly, the transaction risk calculation module 703 may calculate a transaction risk value based on the total number of different accounts and at least one of the total number of logins, the time duration, or the total transaction amount.

[078] The apparatus 800 can implement the above-described methods. The detailed steps of the methods are not repeated here.

[079] In some other embodiments, the apparatus 700 and 800 described above may comprehensively consider the total number of different accounts of the terminal device, the total number of logins within one time period, the time duration from the first login to a current time, and the total transaction amount circulating within one time period, and further consider a different weight of each of the above factors in calculating the transaction risk value, so that the calculated transaction risk value is more proper for the actual situation.

[080] For example, the transaction risk value may be calculated in the transaction risk calculation module based on Equation (1 ).

[082] _j CF) and a respectively represent a function of a total number of logins F and a weight thereof, / ₂ (R) and a ₂ respectively represent a function of a time duration R and a weight thereof, / ₃ (M) and <¾ respectively represent a function of a total transaction amount M and a weight thereof, and / ₀ (U) and b respectively represent a function of a total number of different accounts U and a weight thereof.

[083] For example, in the step of calculating the transaction risk value based on Equation (1 ), / ₀ (U) is an exponential function / ₀ (U) = pow (l.2, U-l) , in which

U represents the total number of different accounts, 1.2 is a base of the exponential function, and U-l is an exponent of the exponential function.

[084] The transaction risk calculation module may further include a total number of logins normalization sub-module, which uses a Chi-square distribution density curve function to perform normalization on the total number of logins.

( /2) ^k/2

[085] In Equation (1 ), /,(F) is f _u (F) = ' ' F ^kll~x e , where k represents

T(k/2) a degree of freedom, F represents a total number of logins, and Γ represents Gamma function. [086] The transaction risk calculation module may further include a time

2

duration normalization sub-module, for using a logic equation f(x) = _: — 1 to

\ + e ^ax perform normalization on the time duration.

2

[087] In Equation (1 ), / ₂ (R) is / ₂ (R) = Γ Γ ^{- 1 ,} where a parameter ^a is

\ + e " determined by: f ₂ (R = 0) = K * f ₂ (R = R _ P) , R _ P = 75 quantile, and AT = 100 .

[088] The transaction risk calculation module may further include a total transaction amount normalization sub-module, which uses a logic equation

2

f(x) = :— 1 to perform normalization on the total transaction amount.

\ + e ^ax

2

[089] In Equation (1 ), / ₃ (M) is / ₃ (M) = -—— --1 , where a parameter ^a is determined by f ₃ (M = 0) = K * f ₃ (M = M _ P) , M _ P = 99 quantile, and = 100 .

[090] FIG. 9 is a block diagram of an online transaction apparatus 900 according to some other embodiments of the present disclosure.

[091 ] The online transaction apparatus may include an online transaction risk identification module 901 and a transaction determination module 902. The online transaction risk identification module 901 calculates a transaction risk value of each terminal device involved in a transaction by using the apparatus described above.

[092] The transaction determination module 902 determines whether to proceed with the transaction. For example, the transaction determination module 902 may reject the online transaction, if the transaction risk value of one terminal device is higher than a preset threshold; otherwise, proceed the online transaction. [093] In addition, in some embodiments, the calculated transaction risk value may be set with a range of 0-3. If the calculated transaction risk value is 3, the transaction is permitted. If the calculated transaction risk value is 2, other additional authentication mode may be added. If the calculated transaction risk value is 1 , manual auditing may be requested. If the calculated transaction risk value is 0, the transaction may be rejected. The relation between the score of the transaction risk value and its corresponding operation authority can be set in other ways depending upon the requirements of the actual situations, which is not limited herein.

[094] In this embodiment, based on the transaction risk value of each terminal device, the apparatus controls the authority of the terminal device in performing online transactions, thereby effectively controlling the risks.

[095] The embodiments of the present disclosure use big data technologies to analyze history operation records made by thousands of network subscribers in daily shopping payment and fund management on terminal devices on the Internet, build data modeling, identify potential risks in online transactions and fund management, and provide a score associated with the risk, to guarantee network subscribers' fund security in online shopping or financing.

[096] The modules described in the apparatus embodiments of the present disclosure may be logic modules. One logic module may be one physical module, a part of one physical module, or a combination of a plurality of physical modules. In some other embodiments, the modules/units may be implemented in a form of software, hardware, firmware, or any combination of software, hardware, and firmware. For examples, the modules/units may be implemented by a processor executing software instructions stored in computer readable memories. [097] The specification has described methods, systems, and apparatus for identifying risks in online transactions. The illustrated steps are set out to explain the exemplary embodiments shown, and it should be anticipated that ongoing technological development will change the manner in which particular functions are performed. Thus, these examples are presented herein for purposes of illustration, and not limitation. For example, steps or processes disclosed herein are not limited to being performed in the order described, but may be performed in any order, and some steps may be omitted, consistent with disclosed embodiments. Further, the boundaries of the functional building blocks have been arbitrarily defined herein for the convenience of the description. Alternative boundaries can be defined so long as the specified functions and relationships thereof are appropriately performed. Alternatives (including equivalents, extensions, variations, deviations, etc., of those described herein) will be apparent to persons skilled in the relevant art(s) based on the teachings contained herein. Such alternatives fall within the scope and spirit of the disclosed embodiments.

[098] While examples and features of disclosed principles are described herein, modifications, adaptations, and other implementations are possible without departing from the spirit and scope of the disclosed embodiments. Also, the words "comprising," "having," "containing," and "including," and other similar forms are intended to be equivalent in meaning and be open ended in that an item or items following any one of these words is not meant to be an exhaustive listing of such item or items, or meant to be limited to only the listed item or items. It must also be noted that as used herein and in the appended claims, the singular forms "a," "an," and "the" include plural references unless the context clearly dictates otherwise. [099] Furthermore, one or more computer-readable storage media may be utilized in implementing embodiments consistent with the present disclosure. A computer-readable storage medium refers to any type of physical memory on which information or data readable by a processor may be stored. Thus, a computer- readable storage medium may store instructions for execution by one or more processors, including instructions for causing the processor(s) to perform steps or stages consistent with the embodiments described herein. The term "computer- readable medium" may include tangible items and exclude carrier waves and transient signals, i.e., be non-transitory. Examples include RAM, ROM, volatile memory, nonvolatile memory, hard drives, CD ROMs, DVDs, flash drives, disks, Programmable Array Logic (PAL), Programmable Read Only Memory (PROM), Electrically Erasable Programmable ROM (EEPROM), magnetic disc, optical disc, and any other known physical storage media.

[0100] It will be appreciated that the present invention is not limited to the exact construction that has been described above and illustrated in the

accompanying drawings, and that various modifications and changes can be made without departing from the scope thereof. It is intended that the scope of the invention should only be limited by the appended claims.