Data processing: artificial intelligence – Plural processing systems
Reexamination Certificate
1998-12-15
2004-05-04
Starks, Jr., Wilbert L. (Department: 2122)
Data processing: artificial intelligence
Plural processing systems
C706S062000, C379S111000
Reexamination Certificate
active
06732082
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to processing event records, such as telecommunications network event records.
2. Related Art
As the telecommunications industry rapidly grows, telecommunications fraud also grows. In the United States alone, telecommunication fraud is estimated to have cost three billion dollars in 1995. Telecommunications service providers have experienced difficulty in keeping up with new methods of fraud. As soon as service providers implement new systems to detect current methods of fraud, criminals devise new methods.
Current methods of fraud are targeted at all types of services. Such services and corresponding fraud include use of calling cards, credit cards, customer premise equipment (CPE), including private branch exchanges (PBX), dial 1+, 800 inbound, and cellular calls. In addition, international dialing is a frequent target of fraud because of its high price of service. Subscription fraud, where a customer subscribes to a service, such as 800 or Dial 1, and then never pays, is also a frequent target of fraud.
Existing methods of detecting fraud are based primarily on setting predetermined thresholds and then monitoring service records to detect when a threshold has been exceeded. Parameters for such thresholds include total number of calls in a day, number of calls less than one minute in duration, number of calls more than one hour in duration, calls to specific telephone numbers, calls to specific countries, calls originating from specific telephone numbers, etc. Many parameters can be used to tailor a particular thresholding system for certain customers or services.
These thresholds are typically manually programmed, which is labor intensive and time consuming. Moreover, these thresholds are generally subjective and not directly based upon empirical data. In addition, manually programmed thresholds are static and thus do not adjust to changing patterns of fraud. They are therefore easy for criminals to detect and circumvent. Also, since such thresholds must be set conservatively in order to detect most fraud, they are frequently exceeded by non-fraudulent calls, contributing to high rates of false alarms.
When a threshold is exceeded, an alarm is triggered and presented to an analyst, who must then analyze the alarm to determine if it properly reflects fraud. The analyst must query many sources of data, such as customer payment history and service provisioning data, to assess the probability of fraud. The analyst must also assess several different alarms and correlate them to determine if a case of fraud is spanning across services. This manual process of analyzing and correlating is time consuming, labor intensive, highly subjective and prone to error.
When it is determined that fraud has occurred, the analyst must then select an appropriate action and then initiate it. Such actions can include deactivating a calling card or blocking an (Automatic Number Identifier) ANI from originating calls.
Because current systems of fraud management are rigid and generally not configurable for other service providers or industries, new rules, algorithms, routines, and thresholds must constantly be re-programmed.
What is needed is a configurable system, method and computer program product for detecting and automatically acting upon new and evolving patterns and that can be implemented in a variety of applications such as telecommunications fraud, credit card and debit card fraud, data mining, etc.
SUMMARY OF THE INVENTION
In accordance with one aspect, the present invention is directed to a multi-layer fraud detection system for a telecommunications system. The telecommunications system comprises a network layer having at least one telecommunications network, a service control layer for managing the network layer and for generating service records, including data representing instances of telecommunications in the network layer, and a data management layer for receiving the service records from various components and processes of the service control layer and for reducing data by eliminating redundancy and consolidating multiple records into network event records. The multi-layer fraud detection system comprises a detection layer, an analysis layer and an expert system layer. The detection layer receives network event records from the data management layer to test the network event records for possible fraud and to generate alarms indicating incidences of suspected fraud. The analysis layer receives alarms generated by the detection layer and consolidates the alarms into fraud cases. The expert system layer receives fraud cases from the analysis layer and acts upon certain of the fraud cases. The expert system layer comprises a core infrastructure and a configurable, domain-specific implementation.
The present invention is a system, method and computer program product for processing event records. The present invention includes a detection layer for detecting certain types of activity, such as thresholds and profiles, for generating alarms therefrom and for analyzing event records for new patterns. The present invention also includes an analysis layer for consolidating alarms into cases, an expert systems layer for automatically acting upon certain cases and a presentation layer for presenting cases to human operators and for permitting a human operator to initiate additional actions.
The present invention combines a core infrastructure with configurable, user-specific, or domain-specific implementation rules. The core infrastructure is generically employed regardless of the actual type of network being monitored. The domain-specific implementation is provided with user-specific data and thus provides configurability to the system.
The domain-specific implementation may include a user-configurable database for storing domain-specific data. The user-configurable database may include one or more databases including, for example, flat-files databases, object-oriented databases, relational database, etc. User-configurable data may include conversion formats for normalizing and enhancing records and dispatch data for specifying which fields of normalized network event records are to be sent to different processing engines.
In one embodiment, the present invention is implemented as a telecommunications fraud detection system in which the detection layer receives network event records from a telecommunications network and detects possible fraudulent use of the telecommunications network. In another embodiment, the present invention is implemented in a credit card and/or debit card fraud detection system. In yet another embodiment, the present invention is implemented in a data mining system or a market analysis system.
Regardless of the implementation-specific embodiment, event records can come from a variety of sources. Thus, event records are preferably normalized event records prior to acting upon them. Normalized event records are dispatched to one or more processing engines in the detection layer, depending upon the specific embodiment employed. The normalizing and dispatching functions include a core infrastructure and a configurable, domain-specific implementation.
The detection layer may employ a plurality of detection engines, such as a thresholding engine, a profiling engine and a pattern recognition engine. One or more of the detection engines can enhance event records prior to acting upon them. Enhancement may include accessing external databases for additional information related to a network event record. For example, in a telecommunications fraud detection system, enhancement data may include, for example, bill paying history data for a particular caller.
A thresholding engine constantly monitors normalized event records to determine when thresholds have been exceeded. When a threshold is exceeded, an alarm is generated. In a telecommunications fraud detection implementation, thresholding may be based on pre-completion call data, call in progress data, as well as conventional post-call data.
T
Arkel Hans Van
Curtis Terrill J.
Dallas Charles A.
Gavan John
Herrington Cheryl
Starks, Jr. Wilbert L.
WorldCom, Inc.
LandOfFree
System, method and computer program product for processing... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System, method and computer program product for processing..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System, method and computer program product for processing... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3214865