Currently, several bill payment systems are available to help a bill payment system user, or any authorized party acting on behalf of a bill payment system user, pay bills and invoices from various merchants, and/or other payee parties, using one or more user computing systems, including, but not limited to, mobile computing systems, such as smart phones.
Currently, bill payment systems typically obtain electronic bill payment transaction data, herein referred to as bill payment transaction data, including, but not limited to, payee data, payment amount data, and payment date data, from the bill payment system user, and/or a user version/portion of the bill payment system implemented on a user computing system. In addition, the bill payment system user also typically provides payment source data, such as account/card identification data and user access data associated with one or more payment sources, such as a credit card or bank account associated with the user. In some cases, the payment source data is provided at the time the bill payment transaction is being requested/sent, through the bill payment system, in other cases the payment source data is provided to the bill payment system in advance of the particular bill payment transaction being conducted and then the pre-registered payment source is simply designated by the user.
When used correctly, and by properly authorized parties using properly authorized payment sources, bill payment systems represent a significant convenience to both the bill payment system user, i.e., the payor, and the merchant, or payee party, receiving the bill payments through the bill payment system. However, as with all remote funds transfer/payment systems, and particularly electronic payment systems using the Internet and multiple remote and/or mobile computing systems, there is ample opportunity for various types of fraud.
In the bill payment system environment, bill payment transaction fraud typically involves a fraudulent bill payment system user, or “fraudster,” who uses the bill payment system, and/or payment sources and payment source data that the fraudulent bill payment system user is not authorized to use, to make unauthorized bill payments, i.e. conduct fraudulent bill payment transactions. As one common example, the fraudulent bill payment system user obtains stolen credit card and/or identity information belonging to an authorized owner of the credit card and/or identity information and then the fraudulent bill payment system user utilizes this payment source data to pay his or her bills through the bill payment system.
These types of fraudulent bill payment transactions account for significant amounts of money being fraudulently transferred to merchants to pay fraudster bills. Typically, the bill payment system provider, and/or credit card payment source provider, must then reimburse the innocent authorized credit card holder. To make matters worse, the bill payment system provider, and/or credit card payment source provider, must then spend significant resources trying, often unsuccessfully, to track down the fraudulent bill payment system user.
To try and avoid this result, some credit card and payment source providers implement currently available fraud “prevention” systems. However, current methods for identifying potential fraud used in these currently available fraud prevention systems are typically just “static bright line” parameters/rules based systems that are ineffective at accurately detecting/predicting fraud and, in operation, are really just fraud mitigation systems designed to minimize the liability incurred by the bill payment system provider, or credit card payment source provider, as opposed to actually detecting, predicting, and preventing fraudulent transactions.
More problematic is the fact that using currently available static bright line parameters/rules based fraud prevention systems results in a significant percentage of false positive results, i.e., the incorrect identification of legitimate transactions as being potential fraudulent transactions. This large rate of false positives arises because the currently used fraud detection parameters are simplistically and statically defined with the result that, in operation, the static bright line parameters/rules based fraud prevention systems only focus on fraud mitigation, as opposed to fraud detection and prediction.
As a specific illustrative example, a typical static bright line parameter/rule used with currently available fraud prevention systems is to label all transactions involving a transaction amount above a defined value, such as $500, as potentially fraudulent and requiring investigation by a fraud avoidance and mitigation team or system. It is obvious on its face that using this type of static bright line approach will result in many legitimate transactions, i.e., any transaction having an amount of $500 or more, being deemed a potentially fraudulent transaction.
Clearly this type of static bright line parameter/rule based approach is far more reflective of the credit card provider's dollar amount risk tolerance than any empirically based prediction or indication of actual fraud. However, currently, the prevailing theory is that it is better to have overkill, i.e., more false positives, than under kill, i.e., more high value fraudulent transactions. However, it is often the case that the implementation of this overkill theory is deceptive in terms of the actual cost associated with using these currently available fraud prevention systems.
For instance, each false positive result identified by currently available fraud prevention systems must be investigated, often manually, and therefore the cost associated with providing investigators, and investigative systems, can be significant. As a result, due to the need to provide standing resources to accommodate large numbers of false positives, the cost of currently available fraud prevention systems can potentially outweigh actual losses incurred if no fraud prevention system were in place at all, at least until the fraudsters figured out there was no fraud prevention system in place.
Another problem with the static bright line parameters/rules used in currently available fraud prevention systems, and the resulting large number of false positive results, is that greater numbers of legitimate users of the bill payment/payment source will have their transactions declined, or at least delayed. This, in turn, inevitably leads to frustrated users, and eventually decreased business and revenue. Again, this loss of revenue can potentially outweigh actual loses if no fraud prevention system were in place.
One other problem with currently used fraud prevention systems is that the static bright line parameters/rules are typically hard-coded so that, once deployed, the parameters/rules can only be modified through patches and/or revised versions of the fraud prevention system. Consequently, when the fraudulent activity environment changes, as it always does, or there is a desire to change parameters/risk tolerance levels, the fraud prevention system must be modified by producing patches and/or new versions, i.e., re-writing the code. This re-writing of the code is done by highly trained, and expensive, personnel, such as coders, computer scientists, and engineers. Consequently, keeping currently available static bright line parameters/rules based fraud prevention systems up to date, and ready to face new threats and conditions, which inevitably arise in the real world, involves the significant expense of using highly paid specialists on a regular basis.
As a result of at least the issues discussed above associated with currently available fraud prevention systems, the inherent inaccuracy and static nature of currently available methods for preventing fraudulent bill payment transactions represents a long standing technical problem in the bill payment industry.
What is needed is a method and system for detecting fraudulent bill payment transactions more accurately that is capable of self-learning and dynamically adapting to new data and/or a changing threat environment.