CN102194177A

Movatterモバイル変換

Info

Publication number: CN102194177A
Application number: CN 201110126617
Authority: CN
Inventors: 周从华; 马士昆; 范根胜; 周晖
Original assignee: NANJING COFREE SOFTWARE TECHNOLOGY Co Ltd
Current assignee: NANJING COFREE SOFTWARE TECHNOLOGY Co Ltd
Priority date: 2011-05-13
Filing date: 2011-05-13
Publication date: 2011-09-21

Abstract

The invention discloses a system for risk control over online payment. An electronic commerce website is subjected to data connection with an online payment gateway through the system; the system comprises a data receiving port, a risk pattern identifying and automatic screening module, a risk control core module, a payment processing module, a data synchronizing port and an RPC (Remote Procedure Call) server side and is used for finishing the payment risk control and online payment flow. After a user order is generated, the system can be used for automatically analyzing and distinguishing the user order and then determining whether the user order belongs to high-risk orders, suspicious orders or trust orders by integrating various elements. Aiming at credit-card fraud, order cancel and the like in the current electronic commerce transaction process, particularly in the foreign trade B2C (Business to Customer) industry, the risk control system disclosed by the invention establishes an identification model, can carry out automatic identification and screening and can be used for effectively controlling the online payment so as to reduce the collection risk of online payment.

Description

A kind of system that is used for the on-line payment risk control

Technical field

The present invention relates to network information checking, be used for the on-line payment risk control of e-commerce website, be a kind of system that is used for the on-line payment risk control.

Background technology

Along with the prosperity and development of online ecommerce,, suffer the risk of payment fraud also more and more especially at the B2C businessman of e-tail.Some sharpers are proficient in computer network very much, produce senior compellent fraudulent mean and obtain credit card information.Such as utilizing phishing and phishing, forge the Email or the phone that come from bank or supplier and obtain account and encrypted message.These fraudulent means load in their ingenious puppet and make a lot of variety, and allow the people be difficult to distinguish truth from false from the simplest to the most complicated hoax, finally have dust thrown into the eyes.Sometimes make in a large number the people of (thousands of sometimes) all become the victim by trojan horse program and pharm, because radix is huge, so very little success ratio all means a lot of people all be stolen credit card information even subsidiary password.The online credit card that uses down; need to use the plastics matter card that has chip and password; and be under holder's environment on the scene, to sign in businessman; this time, transaction had huge protection behind; but in the internet shopping, carry out online payment and do not need to use chip, password and signature; sharper only need be stolen the information of credit card, promptly can launch fraud, so aiming consumer's identity theft is also just becoming more and more general.Shopping website may run into sharper suddenly to be attempted to use next steathily identity, accounts information or even password on its website, and owing to be virtual environment all, these protections have not existed.

And external third party's payment software such as Paypal etc. support that for the situation of " buyer's credit number is stolen or being subjected to swindle uses " buyer carries out Chargeback, promptly can require seller's reimbursement, great like this interests of losing businessman.In addition, some payment gateways can compare severe punishment for the account that too much Chargeback takes place, and seal and stop etc. such as freezing of funds, account, have a strong impact on the smooth and easy of online sales and carry out.

Summary of the invention

The problem to be solved in the present invention is: in the on-line payment of existing e-commerce website, do not have effective network payment monitoring, can't discern there being deceptive information, there are risk in the security and the reliability of network payment.

Technical scheme of the present invention is: a kind of system that is used for the on-line payment risk control, e-commerce website carries out data by described system with the on-line payment gateway and is connected, described system comprises Data Receiving port, risk pattern-recognition and automatic screening module, risk control nucleus module, payment processes module, timed task processing module, data sync port and RPC service end, finish payment risk control and on-line payment flow process, wherein:

The Data Receiving port is used to obtain user's order payment data of sending of e-commerce website;

In risk pattern-recognition and the automatic screening module vulnerability database is set, store the risk information corresponding and the division rule information of risk class in the described vulnerability database with on-line payment, the user's order payment data obtained and the checking of the information comparison in the vulnerability database, discern and screen, if user's order payment data is in delegatable risk class, risk pattern-recognition and automatic screening module invokes payment processes module are carried out Authorized operation to payment, if be judged to be the payment of high-risk grade, then refuse to pay and the user of correspondence added the blacklist list of vulnerability database, if can not carry out risk identification to user's order payment data, then forward the data to artificial verification module, wait for manual examination and verification;

The payment processes module communicates by the api interface and the payment gateway of on-line payment gateway, and operation is authorized, caught to user's order payment data of passing through of checking, finishes payment flow, describedly catches operation and refers to notify payment gateway to collect money;

The risk control nucleus module is followed the tracks of risk identification to the user's order payment data after authorizing, the risk control nucleus module calls the Statking monitoring module data analysis is carried out in user's website behavior, the behavior of described website refers to the user capture track that the Statking monitoring module presents, comprise all website behaviors of payment front and back, and every information of user's order payment data carried out logic verify, described logic verify refers to whether every information meets convention, judge its risk class according to the risk rule of setting, corresponding each user's order generates risk information, offers e-commerce website and risk pattern-recognition and automatic screening module;

The timed task processing module is regularly called the module of required automatic operation according to the time of setting, and realizes the timing automatic operation of task;

The data sync port reports to e-commerce website with the pay status and the risk information of user's order;

The RPC service end is used to support e-commerce website by the remote procedure call visit and the order payment data of operating its submission.

The identification and the screening of risk pattern-recognition and automatic screening module comprise:

1) screening rule: the screening rule that relates to the numerical range of concrete risk delimitation is provided with according to actual conditions by the user, and risk pattern-recognition and automatic screening module are carried out preliminary screening according to the rule of setting to user's order payment data;

2) check user profile: whether the record that comprises IP address, Shipping Address, Billing Address, user time zone, the employed language of user consistent with historical service recorder, Billing Address and credit card registered address whether unanimity, whether be positioned at high-risk country or area;

3) check behavioural information: whether whether user's payment exists is repeatedly attempted, repeatedly consume in the short time, whether uses other country's credit card purchase, and the user has used different IP addresses when whether attempting repeatedly paying;

4) check to use historical: the contrast blacklist checks that this user is whether in blacklist;

5) artificial investigation: for the user's order payment data that can not carry out risk identification, then forward the data to artificial verification module, carry out manual examination and verification, if confirm as the high-risk grade user, refuse its payment and charge to blacklist list, by then calling the payment processes module Authorized operation is carried out in payment as audit.

Risk control system of the present invention, in current e-commerce transaction process, especially the credit card fraud of foreign trade B2C industry appearance, Chargeback (cancelling the order) etc. set up model of cognition, by system's identification and screening automatically, payment process is carried out effective monitoring, to guarantee the security and the reliability of network payment, reduce on-line payment gathering risk.The rational Chargeback of present network payment (cancelling the order) rate general standard is one of percentage, and control system of the present invention is in the payment information processing procedure of network payment, statistics according to the above time of half a year, can control Chargeback (cancelling the order) rate is between 3/1000ths to 5/1000ths, far below existing standard, on-line payment has been realized effective control.

Description of drawings

Fig. 1 is a system architecture synoptic diagram of the present invention.

Embodiment

As Fig. 1, e-commerce website carries out data by system of the present invention with the on-line payment gateway and is connected, system of the present invention comprises Data Receiving port, risk pattern-recognition and automatic screening module, risk control nucleus module, payment processes module, data sync port and RPC service end, finish payment risk control and on-line payment flow process, wherein:

The payment processes module communicates by the api interface and the payment gateway of on-line payment gateway, and operation is authorized, caught to user's order payment data that checking is passed through, and finishes payment flow;

The risk control nucleus module is followed the tracks of risk identification to the user's order payment data after authorizing, the risk control nucleus module calls the Statking monitoring module data analysis is carried out in user's website behavior, the Statking monitoring module is the traffic statistics monitoring module, be used for the source page of track user, accession page, access time, stop duration, the browser language, the IP address, time zone etc., the user website behavior refers to the user capture track that the Statking monitoring module presents, comprise all website behaviors of payment front and back, and every information of user's order payment data carried out logic verify, be whether every information meets convention, such as whether having used many credits card with a user, if many credits card are arranged then might be the credit card of having usurped other people, this order just has certain risk; Whether the user repeatedly consumed in the short time for another example, whether use other country's credit card purchase, whether the card number of this order has a plurality of users to use, whether the address of this order has a plurality of users to use or the like, there is corresponding risk class in the capital, judge its risk class according to the risk rule of setting, corresponding each user's order generates risk information, offers B2C website and risk pattern-recognition and automatic screening module;

System of the present invention just analyzes automatically, differentiates after user's order produces, and comprehensive then multiple factor determines whether belong to excessive risk order, suspicious order or trust order.If estimate of situation is the trust order then authorizes automatically, enters payment process; If be judged as suspicious order, then give the decision of artificial further investigation and whether refuse its payment; If excessive risk perhaps has the previously user of swindle record, direct filtration is refused its payment and is added client's blacklist for future use.In addition, wind control system supports the round-the-clock condition monitoring in website, write down each user's website behavior, such as browser type, language, time zone, IP address, credit card place, Transaction Information or the like, thereby form huge customer data database, in order to reference data as the order risk.

1) screening rule: the screening rule that relates to the numerical range of concrete risk delimitation is provided with according to actual conditions by the user, for example how many times the order number of certain series products reaches and is considered as suspicious order or excessive risk order, and risk pattern-recognition and automatic screening module are carried out preliminary screening according to the rule of setting to user's order payment data;

2) check user profile: whether the record that comprises IP address, Shipping Address, Billing Address, user time zone, the employed language of user consistent with historical service recorder, Billing Address and credit card registered address whether unanimity, whether be positioned at high-risk country or area; Judge active user's the whether stolen possibility of user profile with this;

3) check behavioural information: whether whether user's payment exists is repeatedly attempted, repeatedly consume in the short time, whether uses other country's credit card purchase, and whether the user has change IP address; Because fraudster's use is not the credit card of oneself, make them in the shopping custom, action, with some difference of normal consumer, for example the card information grasp is incomplete, will repeatedly attempt in the behavior; Repeatedly consumption in short time; Use other country's credit card purchase; For the imitation cardholder information, change IP address of oneself or the like;

4) check to use historical: the contrast blacklist checks that this user is whether in blacklist; Vulnerability database is set up blacklist list, and constantly expands, and identified fraudster can be added into blacklist in each transaction;

5) artificial investigation: for the user's order payment data that can not carry out risk identification, then forward the data to artificial verification module, carry out manual examination and verification, if confirm as the high-risk grade user, refuse its payment and charge to blacklist list, by then calling the payment processes module Authorized operation is carried out in payment as audit.Here mainly be for avoiding judging by accident normal consumer, the buffering risk class that between controlled grade of risk and high-risk grade, is provided with, this part user is manually investigated, if confirming as the fraudster will refuse its payment and charge to system's blacklist, the staff can so also can further guarantee consumer's user information safety by phone or mail and customer contact affirmation.

Claims

1. system that is used for the on-line payment risk control, it is characterized in that e-commerce website carries out data by described system with the on-line payment gateway and is connected, described system comprises Data Receiving port, risk pattern-recognition and automatic screening module, risk control nucleus module, payment processes module, timed task processing module, data sync port and RPC service end, finish payment risk control and on-line payment flow process, wherein:

2. a kind of system that is used for the on-line payment risk control according to claim 1 is characterized in that the identification and the screening of risk pattern-recognition and automatic screening module comprises: