The present invention relates generally to data processing and more specifically to an OLAP-based customer behavior profiling method and system.
Telecommunication fraud is a major problem that costs the telephone service providers many millions of dollars annually. There are generally two types of telecommunication fraud: fake identity and real identity fraud. In fake identity fraud, the impostor uses another's access code to access telephone services (e.g., local or long distance access). In a real identity fraud, the perpetrator uses a real identity, but fails to pay the telephone service providers for services. When the telephone company stops providing service to a real identity fraud perpetrator, the perpetrator either applies for a new number or switches service providers, thereby continuing to defraud the telephone service providers.
To counteract these problems, telephone service providers currently hire consultants and provide them with past calling records, which typically include all the calling records for a previous year. The consultants then take six months or more to sort through the many millions of records and to generate a report that describes any suspicious activity for the past year. Unfortunately, the prior art tools for fraud detection utilized by the consultants to analyze the records are very limited and employ very crude or coarse threshold detection methods to detect the fraudulent behavior.
For example, one prior art threshold detection method is based solely on the length of the telephone call. When a particular call exceeds a particular length (e.g., 24 hours), the method informs the consultant that the call is probably fraudulent. Another prior art threshold detection method is based on both the length of the call and the time when the call occurred. When a particular call is more than a particular length of time (e.g., 4 hours), and the call occurs in the evening (e.g., after 10 PM), then this prior art method classifies the call as “fraudulent.”
These current methods suffer from several disadvantages. First, these tools do not have the ability to generate a specific and personalized caller profile and to use that profile to detect suspicious calling activity that corresponds to a unique calling behavior. As noted, only very coarse threshold can be established. Personalized profiles are important because calling behavior that may considered to be abnormal calling behavior (e.g., phone calls in the evening that last more than four hours) for a first caller, who normally makes no calls in the evenings, may be normal activity for a second caller, who only makes calls in the evenings that average between five and six hours. Thus, it is desirable to have a mechanism that can establish a personalized threshold or baseline that differs among different callers thereby accommodating different callers, who inevitably have different calling behaviors and patterns. Such a mechanism could then determine what is abnormal calling activity as measure to a baseline of that caller's previous calling behavior.
Second, the prior art approaches consume much time. Because of the time needed by the consultants to perform the analysis and generate the report, the impostor or perpetrator of telephone fraud will more than likely have moved onto a different telephone service provider or to new telephone number by the time any fraud has been detected. In addition, there will always be six months to a year or more of unrecoverable profits lost to fraudulent behavior before that behavior is detected, if at all. It is desirable to have a mechanism that reduces the time needed between the fraudulent activity and the detection thereof.
Third, the prior art methods are also poor at handling the volume of calls. Even if more consultants were hired, and these consultants worked around the clock, they would be unable to handle the sheer volume of calls that are continuously generated. The volume of call data is in the order of millions of call records per day for a particular local geographic area. It is desirable to have a mechanism that can incrementally update an existing profile to reflect information from the new call records.
Furthermore, the prior art methods are limited to analyzing past calling records and are unable to provide up-to-date reports that reflect current call records and trends. In this regard, it is desirable to develop a system that is scaleable (i.e., that can automatically process new records on a periodic basis and generate reports that reflect new information provided by the new records).
Fourth, these prior art methods use volume data, which is difficult to compare across different time periods. For example, the number of calls made in a single month (e.g., January) cannot be compared to the total number of calls made for an entire year (e.g., 1999). Similarly, a weekly measure of the number of calls made by a particular caller makes cannot be compared to a monthly measure of the number of calls made by the same caller. In the example given above, suppose the consultant studies the past six months of call records and determines that it is likely that any caller who makes more than 100 calls for a duration of more than 24 hours in six months is likely to be fraudulent. This information is not useful for determining if a caller over a time frame different from six months is perpetrating telephone fraud. In addition, It is desirable instead to have a mechanism that generates values that can be compared easily across different time periods.
Accordingly, there remains a need for a method for generating and using caller profiles to detect telecommunication fraud that overcomes the disadvantages set forth previously.