CN110992048A

Movatterモバイル変換

Info

Publication number: CN110992048A
Application number: CN201911205868.4A
Authority: CN
Inventors: 张雅媛; 冯毅; 盛煜; 李萌; 黄倩
Original assignee: China United Network Communications Group Co Ltd
Current assignee: China United Network Communications Group Co Ltd
Priority date: 2019-11-29
Filing date: 2019-11-29
Publication date: 2020-04-10

Abstract

The embodiment of the application provides a transaction fraud determination method and device, and relates to the field of electronic financial security. The method comprises the following steps: firstly, transaction information sent by transaction receiving equipment is received, wherein the transaction information comprises position information of the transaction receiving equipment and user information of a payer; secondly, acquiring pre-stored current position information of the payer equipment according to the payer user information; and finally, if the position information of the transaction receiving equipment and the current position information of the payer equipment are determined not to meet the preset condition, determining that the transaction is fraudulent, and therefore, obtaining the position information of the payer equipment in advance can be achieved, the time for judging the transaction fraud of the financial institution is reduced, and the transaction experience of the user is improved.

Description

Translated fromChinese

一种交易欺诈判定方法及装置A transaction fraud determination method and device

技术领域technical field

本申请涉及电子金融安全领域，尤其涉及一种交易欺诈判定方法及装置。The present application relates to the field of electronic financial security, and in particular, to a method and device for determining transaction fraud.

背景技术Background technique

随着互联网的发展，电子金融的发展也越来越广泛，为了维护用户交易过程的安全，金融机构需要根据自身拥有的交易数据、客户信息等进行欺诈建模与实施，同时还需要整合其它运营商渠道的信息，对用户交易过程进行更准确的欺诈判定。With the development of the Internet, the development of electronic finance has become more and more extensive. In order to maintain the security of users' transaction process, financial institutions need to conduct fraud modeling and implementation based on their own transaction data and customer information, and also need to integrate other operations. The information of the merchant channel can be used to make more accurate fraud determination on the user's transaction process.

目前，金融机构在欺诈判定上采用了多维度的字段进行建模处理，其中包括销售终端(point of sale，POS机)的所在城市与支付方设备(如用户手机)实时的定位城市是否匹配。销售终端(POS机)的位置信息包含在联机交易的信息内，金融机构服务器可以实时获取，而支付方设备(如用户手机)实时的定位城市信息需要从第三方运营商渠道进行整合。通常，在发生交易时，当金融机构服务器需要对销售终端(point of sale，POS机)的所在城市与支付方设备(如用户手机)实时的定位城市进行匹配时，才会向第三方运营商渠道获取支付方设备(如用户手机)位置，这一过程金融机构服务器至少需要等待200ms以上来等待第三方运营商渠道反馈支付方设备(如用户手机)位置信息，这将导致欺诈判定严重超时，降低了用户的交易体验。At present, financial institutions use multi-dimensional fields for modeling processing in fraud determination, including whether the city where the point of sale (POS machine) is located matches the real-time location city of the payer's device (such as the user's mobile phone). The location information of the point-of-sale terminal (POS machine) is included in the online transaction information, and the financial institution server can obtain it in real time, while the real-time location city information of the payer's device (such as the user's mobile phone) needs to be integrated from third-party operator channels. Usually, when a transaction occurs, when the financial institution server needs to match the city where the point of sale (POS machine) is located with the real-time location city of the payer's device (such as the user's mobile phone), the third-party operator will only be sent to the third-party operator. The channel obtains the location of the payer's device (such as the user's mobile phone). In this process, the financial institution server needs to wait at least 200ms for the third-party operator channel to feed back the location information of the payer's device (such as the user's mobile phone). This will lead to a serious timeout of fraud determination. Reduce the user's transaction experience.

发明内容SUMMARY OF THE INVENTION

本申请的实施例提供一种交易欺诈判定方法，能够提前获取支付方设备的位置信息，从而减少金融机构交易欺诈判定的时间，提升用户的交易体验。The embodiment of the present application provides a transaction fraud determination method, which can obtain the location information of the payer device in advance, thereby reducing the time for financial institution transaction fraud determination and improving the user's transaction experience.

第一方面，提供一种交易欺诈判定方法，该方法采用如下原理实现：首先，接收交易接收设备发送的交易信息，其中，交易信息包含交易接收设备的位置信息以及支付方用户信息；其次，根据支付方用户信息获取预先存储的支付方设备的当前位置信息；最后，若确定交易接收设备的位置信息与支付方设备的当前位置信息不满足预定条件，则确定交易存在欺诈。这样，由于该交易欺诈判定方法中提前获取了支付方设备的当前位置信息，因此金融机构在交易欺诈判定过程中能够快速查询到支付方设备的当前位置信息，进而减少交易过程中交易欺诈判定的时间，提升用户的交易体验。A first aspect provides a transaction fraud determination method, which is implemented by the following principles: first, receiving transaction information sent by a transaction receiving device, wherein the transaction information includes location information of the transaction receiving device and user information of a payer; The user information of the payer acquires the pre-stored current location information of the payer device; finally, if it is determined that the location information of the transaction receiving device and the current location information of the payer device do not meet predetermined conditions, it is determined that the transaction is fraudulent. In this way, since the current location information of the payer's device is obtained in advance in the transaction fraud determination method, the financial institution can quickly query the current location information of the payer's device in the process of transaction fraud determination, thereby reducing the number of times in the transaction fraud determination process. time and improve the user's trading experience.

第二方面，提供一种交易欺诈判定装置，包括：获取模块和处理模块。其中，获取模块用于接收交易接收设备发送的交易信息，该交易信息包含交易接收设备的位置信息以及支付方用户信息；处理模块用于根据获取模块获取的支付方用户信息获取预先存储的支付方设备的当前位置信息；处理模块还用于若确定所述获取模块获取的所述交易接收设备的位置信息与所述支付方设备的当前位置信息不满足预定条件，则确定交易存在欺诈。In a second aspect, a transaction fraud determination device is provided, comprising: an acquisition module and a processing module. Wherein, the acquiring module is used for receiving transaction information sent by the transaction receiving device, and the transaction information includes the location information of the transaction receiving device and the user information of the payer; the processing module is used for acquiring the pre-stored payer according to the user information of the payer acquired by the acquiring module The current location information of the device; the processing module is further configured to determine that the transaction is fraudulent if it is determined that the location information of the transaction receiving device acquired by the acquiring module and the current location information of the payer device do not meet a predetermined condition.

第三方面，提供一种交易欺诈判定装置，包括处理器，该处理器用于执行程序指令，以实现如第一方面的交易欺诈判定方法。In a third aspect, a transaction fraud determination device is provided, including a processor for executing program instructions to implement the transaction fraud determination method of the first aspect.

第四方面，提供一种计算机存储介质，包括指令，当所述指令在计算机上运行时，使得该计算机执行如第一方面的交易欺诈判定方法。In a fourth aspect, a computer storage medium is provided, comprising instructions that, when executed on a computer, cause the computer to perform the transaction fraud determination method of the first aspect.

第五方面，提供一种计算机程序产品，计算机程序产品包括指令代码，该指令代码用于执行如第一方面的交易欺诈判定方法。In a fifth aspect, a computer program product is provided, the computer program product includes instruction code for executing the transaction fraud determination method of the first aspect.

可以理解的是，上述提供的任一种交易欺诈判定装置、计算机存储介质或计算机程序产品均用于执行上文所提供的方法，因此，其所能达到的有益效果可参考上文中的方法以及下文具体实施方式中对应的方案的有益效果，此处不再赘述。It can be understood that any transaction fraud determination device, computer storage medium or computer program product provided above is used to execute the method provided above, therefore, the beneficial effect that can be achieved can refer to the above method and The beneficial effects of the corresponding solutions in the following specific implementation manner will not be repeated here.

附图说明Description of drawings

图1为本申请的实施例提供的一种系统架构的结构示意图；FIG. 1 is a schematic structural diagram of a system architecture provided by an embodiment of the present application;

图2为本申请的实施例提供的另一种系统架构的结构示意图；2 is a schematic structural diagram of another system architecture provided by an embodiment of the present application;

图3为本申请的实施例提供的一种交易欺诈判定方法的流程示意图；3 is a schematic flowchart of a transaction fraud determination method provided by an embodiment of the present application;

图4为本申请的实施例提供的一种交易欺诈判定装置的结构示意图；4 is a schematic structural diagram of an apparatus for determining transaction fraud provided by an embodiment of the present application;

图5为本申请的另一实施例提供的一种交易欺诈判定装置的结构示意图。FIG. 5 is a schematic structural diagram of an apparatus for determining transaction fraud provided by another embodiment of the present application.

具体实施方式Detailed ways

下面结合附图对本申请的实施例进行详细地描述。The embodiments of the present application will be described in detail below with reference to the accompanying drawings.

本文中术语“和/或”，仅仅是一种描述关联对象的关联关系，表示可以存在三种关系，例如，A和/或B，可以表示：单独存在A，同时存在A和B，单独存在B这三种情况。The term "and/or" in this article is only an association relationship to describe the associated objects, indicating that there can be three kinds of relationships, for example, A and/or B, it can mean that A exists alone, A and B exist at the same time, and A and B exist independently B these three cases.

本申请的说明书以及附图中的术语“第一”和“第二”等是用于区别不同的对象，或者用于区别对同一对象的不同处理，而不是用于描述对象的特定顺序。The terms "first" and "second" in the description and drawings of the present application are used to distinguish different objects, or to distinguish different processing of the same object, rather than to describe a specific order of the objects.

此外，本申请的描述中所提到的术语“包括”和“具有”以及它们的任何变形，意图在于覆盖不排他的包含。例如包含了一系列步骤或单元的过程、方法、系统、产品或设备没有限定于已列出的步骤或单元，而是可选地还包括其他没有列出的步骤或单元，或可选地还包括对于这些过程、方法、产品或设备固有的其它步骤或单元。Furthermore, references to the terms "comprising" and "having" in the description of this application, and any variations thereof, are intended to cover non-exclusive inclusion. For example, a process, method, system, product or device comprising a series of steps or units is not limited to the listed steps or units, but optionally also includes other unlisted steps or units, or optionally also Include other steps or units inherent to these processes, methods, products or devices.

需要说明的是，本申请实施例中，“示例性的”或者“例如”等词用于表示作例子、例证或说明。本申请实施例中被描述为“示例性的”或者“例如”的任何实施例或设计方案不应被解释为比其它实施例或设计方案更优选或更具优势。确切而言，使用“示例性的”或者“例如”等词旨在以具体方式呈现相关概念。It should be noted that, in the embodiments of the present application, words such as "exemplary" or "for example" are used to represent examples, illustrations, or illustrations. Any embodiments or designs described in the embodiments of the present application as "exemplary" or "such as" should not be construed as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present the related concepts in a specific manner.

在本申请的描述中，除非另有说明，“多个”的含义是指两个或两个以上。In the description of this application, unless otherwise stated, the meaning of "plurality" refers to two or more.

随着社会信息化的发展，人们在行动时通常是带有用于通信的电子设备的。而在支付场景中，用户可以采用携带的电子设备或者不采用携带的电子设备进行支付，但是由于用户携带电子设备时，电子设备的位置反映了用户交易时的位置，通常都可以使用电子设备的位置进行交易欺诈的判断。通常，交易的支付方可以直接使用电子设备(如手机、掌上电脑等)进行支付，例如通过POS扫描支付方设备出示的支付码进行支付；或者，不使用电子设备进行支付，例如通过其他方式支付(例如刷卡、扫脸支付等等)。而无论哪种场景，只要用户携带有电子设备，均支持使用电子设备的位置进行交易欺诈的判断。With the development of social informatization, people usually carry electronic devices for communication when they act. In the payment scenario, the user can use the electronic device to carry or not to use the electronic device to pay. However, when the user carries the electronic device, the position of the electronic device reflects the position of the user at the time of the transaction. Location for transaction fraud judgments. Usually, the payer of the transaction can directly use electronic devices (such as mobile phones, PDAs, etc.) to pay, for example, by scanning the payment code presented by the payer's device at the POS for payment; or, without using electronic devices, such as paying by other methods (For example, swipe card, scan face to pay, etc.). Regardless of the scenario, as long as the user carries an electronic device, it is supported to use the location of the electronic device to determine transaction fraud.

目前，金融机构在欺诈判定上采用了多维度的字段进行建模处理，其中包括销售终端(point of sale，POS机)的所在城市与支付方设备(如用户手机)实时的定位城市是否匹配。销售终端(POS机)的位置信息包含在联机交易的信息内，金融机构的服务器可以实时获取，而支付方设备(如用户手机)实时的定位城市信息需要从第三方运营商渠道进行整合。通常，在发生交易时，当金融机构的服务器需要对销售终端(point of sale，POS机)的所在城市与支付方设备(如用户手机)实时的定位城市进行匹配时，才会向第三方运营商渠道获取支付方设备(如用户手机)位置，这一过程金融机构的服务器至少需要等待200ms以上等待第三方运营商渠道反馈支付方设备(如用户手机)位置，这将导致欺诈判定严重超时，降低了用户的交易体验。At present, financial institutions use multi-dimensional fields for modeling processing in fraud determination, including whether the city where the point of sale (POS machine) is located matches the real-time location city of the payer's device (such as the user's mobile phone). The location information of the point-of-sale terminal (POS machine) is included in the online transaction information, and the server of the financial institution can obtain it in real time, while the real-time location city information of the payer device (such as the user's mobile phone) needs to be integrated from the third-party operator channels. Usually, when a transaction occurs, the financial institution's server needs to match the city where the point of sale (POS machine) is located with the real-time location city of the payer's device (such as the user's mobile phone), and will only operate to a third party. In this process, the server of the financial institution needs to wait at least 200ms for the third-party operator channel to feed back the location of the payer’s device (such as the user’s mobile phone), which will lead to a serious timeout of fraud determination. Reduce the user's transaction experience.

为了解决上述问题，本申请的实施例提供一种交易欺诈判定方法及装置，首先，接收交易接收设备发送的交易信息，其中，交易信息包含交易接收设备的位置信息以及支付方用户信息；其次，根据支付方用户信息获取预先存储的支付方设备的当前位置信息；最后，若确定交易接收设备的位置信息与支付方设备的当前位置信息不满足预定条件，则确定交易存在欺诈。这样，由于该交易欺诈判定方法中提前获取了支付方设备的当前位置信息，因此金融机构在交易欺诈判定过程中能够快速查询到支付方设备的当前位置信息，进而减少交易过程中交易欺诈判定的时间，提升用户的交易体验。In order to solve the above problems, the embodiments of the present application provide a method and device for determining transaction fraud. First, the transaction information sent by the transaction receiving device is received, wherein the transaction information includes the location information of the transaction receiving device and the user information of the payer; secondly, Obtain the pre-stored current location information of the payer device according to the payer user information; finally, if it is determined that the location information of the transaction receiving device and the current location information of the payer device do not meet the predetermined conditions, it is determined that the transaction is fraudulent. In this way, since the current location information of the payer's device is obtained in advance in the transaction fraud determination method, the financial institution can quickly query the current location information of the payer's device in the process of transaction fraud determination, thereby reducing the number of times in the transaction fraud determination process. time and improve the user's trading experience.

本申请的实施例可以应用于运营商等的第三方服务器(以下以运营商服务器为例进行说明)与金融机构服务器组成的系统，如图1所示，其中运营商服务器12用于获取支付方设备11(如手机、平板电脑、智能手环等具有定位功能的终端)的当前位置信息，并将支付方设备11的当前位置信息发送给金融机构服务器13进行存储。当用户通过交易接收设备14进行交易时，金融机构服务器13获取交易接收设备14(如POS机等具有交易功能的终端)的位置信息，并将运营商服务器12发送的支付方设备11的当前位置信息和交易接收设备14的位置信息进行处理，用来判定交易接收设备14处是否发生交易欺诈。The embodiments of the present application can be applied to a system composed of a third-party server of an operator (the operator server is taken as an example for description below) and a financial institution server. As shown in FIG. 1 , theoperator server 12 is used to obtain the payment party. The current location information of the device 11 (such as a mobile phone, a tablet computer, a terminal with a positioning function, etc.) is sent, and the current location information of thepayer device 11 is sent to thefinancial institution server 13 for storage. When the user conducts a transaction through thetransaction receiving device 14, thefinancial institution server 13 obtains the location information of the transaction receiving device 14 (such as a terminal with transaction functions such as a POS machine), and transmits the current location of thepayer device 11 sent by theoperator server 12. The information and the location information of thetransaction receiving device 14 are processed to determine whether transaction fraud has occurred at thetransaction receiving device 14 .

例如，用户所在的城市发生变化时，用户的支付方设备11(如手机)向运营商服务器12上报新的位置信息，当然该位置信息可以是具体的地理坐标或者区域信息(例如行政区划编码或者地理网格信息)，运营商服务器12将用户新的位置信息发送到金融机构服务器13，此时，金融机构服务器13更新用户的位置信息。如图2所示，运营商服务器12可以具备位置数据采集模块，用来采集手机的位置信息，通常手机是通过基站EnB连接运营商服务器，这样，针对金融机构中的特定用户群，运营商服务器可以通过手机连接的基站的信息，实现收集用户所在城市的信息。此外，运营商服务器还维护具有存储功能的数据库，当用户所在的城市信息发生变动时，触发位置数据采集模块，将用户的手机号、变动前的城市编码、变动后的城市编码、变动的时间等信息，进行处理加工，存储到运营商服务器的数据库中。然后通过采用专线/5G/4G/3G网络等高速可靠方式，调用约定好的接口，将信息传送给金融机构服务器的接口。运营商服务器与金融机构服务器间通信可以进行加密，例如：两者可以通过基于传输控制协议(transmission control protocol，TCP)协议，JSON(Javascript object notation,JS对象简谱)报文格式，国密加密标准的短链接实时同步通信方式，保证位置信息，高可靠地传送到金融机构服务器。金融机构服务器接收到信息后，第一时间更新数据库内的数据，以用户为单位记录最新的手机的位置信息(例如将用户手机号或者用户支付账号与手机的位置信息建立映射关系进行存储)，以备查询。当交易接收设备14(如POS机)处发生交易时，交易接收设备14向金融机构服务器13发送自身的位置信息，例如：金融机构服务器13通过交易信息采集模块接收到交易接收设备14发送的携带交易接收设备的位置信息的交易信息；然后将交易信息进行入库处理存储到数据库，为了实现交易欺诈的判定，金融机构服务器13可以通过位置整合模块在数据库读取交易接收设备的位置信息以及运营商服务器发送的手机的位置信息，并发送至欺诈判定模块进行位置匹配，若确定交易接收设备的位置信息以及手机的位置信息不满足预定条件，则确定存在交易欺诈。当然后续还可以将结果返回拦截预警模块；拦截预警模块将欺诈判定结果，返回与其对接的授权系统，通过授权系统完成欺诈交易的实时管控。For example, when the city where the user is located changes, the user's payer device 11 (such as a mobile phone) reports new location information to the operator'sserver 12. Of course, the location information may be specific geographic coordinates or regional information (such as administrative division codes or Geographic grid information), theoperator server 12 sends the user's new location information to thefinancial institution server 13, and at this time, thefinancial institution server 13 updates the user's location information. As shown in FIG. 2 , theoperator server 12 may have a location data collection module for collecting the location information of the mobile phone. Usually, the mobile phone is connected to the operator server through the base station EnB. The information of the city where the user is located can be collected through the information of the base station connected to the mobile phone. In addition, the operator server also maintains a database with storage function. When the city information of the user changes, the location data collection module is triggered to record the user's mobile phone number, the city code before the change, the city code after the change, and the time of the change. and other information, process it, and store it in the database of the operator's server. Then, by using high-speed and reliable methods such as dedicated line/5G/4G/3G network, call the agreed interface to transmit the information to the interface of the financial institution server. The communication between the operator server and the financial institution server can be encrypted. For example, the two can use the transmission control protocol (TCP) protocol, JSON (Javascript object notation, JS object notation) message format, national encryption standard The short link real-time synchronization communication method ensures that the location information is transmitted to the financial institution server with high reliability. After the financial institution server receives the information, it updates the data in the database as soon as possible, and records the latest location information of the mobile phone in units of users (for example, establishes a mapping relationship between the user's mobile phone number or the user's payment account and the location information of the mobile phone for storage), for inquiries. When a transaction occurs at the transaction receiving device 14 (such as a POS machine), thetransaction receiving device 14 sends its own location information to thefinancial institution server 13 , for example, thefinancial institution server 13 receives the data sent by thetransaction receiving device 14 through the transaction information collection module. The transaction information of the location information of the transaction receiving device; then the transaction information is stored in the database for warehousing processing. In order to realize the determination of transaction fraud, thefinancial institution server 13 can read the location information and operation of the transaction receiving device in the database through the location integration module. The location information of the mobile phone sent by the merchant server is sent to the fraud determination module for location matching. If it is determined that the location information of the transaction receiving device and the location information of the mobile phone do not meet the predetermined conditions, it is determined that there is transaction fraud. Of course, the result can also be returned to the interception early warning module in the future; the interception early warning module returns the fraud judgment result to the authorization system connected to it, and completes the real-time management and control of fraudulent transactions through the authorization system.

此外，本申请的实施例还提供交易欺诈判定的装置用于实施交易欺诈判定方法，该交易欺诈判定装置可以是单独设置的设备，即将该交易欺诈判定方法可以通过接口写入金融机构服务器，或者交易欺诈判定装置可以为金融机构服务器中的本身或其中的芯片。参考图2示出的架构，交易欺诈判定装置所能实现的功能可以直接在金融机构服务器上实现，其实现方式可以是直接复用如图2中提供的功能模块。In addition, the embodiments of the present application also provide a transaction fraud determination device for implementing a transaction fraud determination method. The transaction fraud determination device may be a separately set device, that is, the transaction fraud determination method may be written into a financial institution server through an interface, or The transaction fraud determination device may be itself or a chip in the server of the financial institution. Referring to the architecture shown in FIG. 2 , the functions that can be implemented by the device for determining transaction fraud can be directly implemented on the financial institution server, and the implementation mode can be to directly reuse the functional modules provided in FIG. 2 .

基于上述的系统，本申请的实施例提供一种交易欺诈判定的方法。应用于交易欺诈判定装置，以下以在金融机构服务器上实施该交易欺诈判定方法进行说明。参照图3所示，包括如下步骤：Based on the above system, the embodiments of the present application provide a method for determining transaction fraud. Applied to a transaction fraud determination device, the following description will be given by implementing the transaction fraud determination method on a financial institution server. Referring to Figure 3, it includes the following steps:

301、金融机构服务器接收交易接收设备发送的交易信息，交易信息包含交易接收设备的位置信息以及支付方用户信息。301. The financial institution server receives transaction information sent by the transaction receiving device, where the transaction information includes location information of the transaction receiving device and user information of the payer.

在实际应用的过程中，由于用户不止一个，因此上述提到的交易接收设备数量不止一个，为了将交易接收设备的位置信息和用户对应，本实施例中以支付方用户信息作为联系，因此，交易接收设备还需要发送支付方用户信息，其中支付方用户信息包括以下一项或多项：支付用户手机号码、用户支付账号等，用以唯一识别用户。当然实际的交易中，交易信息还可以包含交易金额、交易币种、物品信息等，但是本申请的实施例主要涉及交易欺诈的判定，并不涉及对交易本身的处理，因此并不对交易金额、交易币种、物品信息等信息的处理进行说明。在获取交易信息后，可以经过校验处理后，存储到金融机构服务器的数据库中。In the process of practical application, since there are more than one user, the number of transaction receiving devices mentioned above is more than one. In order to correspond the location information of the transaction receiving device to the user, the user information of the payer is used as the contact in this embodiment. Therefore, The transaction receiving device also needs to send the user information of the payer, where the user information of the payer includes one or more of the following: the mobile phone number of the payment user, the user payment account number, etc., to uniquely identify the user. Of course, in an actual transaction, the transaction information may also include transaction amount, transaction currency, item information, etc., but the embodiment of this application mainly involves the determination of transaction fraud, and does not involve the processing of the transaction itself. The processing of information such as transaction currency and item information will be explained. After the transaction information is acquired, it can be stored in the database of the financial institution server after verification processing.

302、金融机构服务器根据支付方用户信息获取预先存储的支付方设备的当前位置信息。302. The financial institution server acquires pre-stored current location information of the payer device according to the payer user information.

此处，预先存储支付方设备的当前位置信息的过程，发生在步骤301之前，其中，参照图2的说明，当支付方设备的位置发生变化时，运营商服务器可以将支付方设备的当前位置信息推送至金融机构服务器，此时通过接收运营商服务器发送的支付方设备位置信息同步请求获取支付方设备的当前位置。具体的，支付方设备位置信息同步请求包含支付方设备的当前位置信息，运营商服务器在确定支付方设备的位置发生变化时，生成支付方设备位置信息同步请求。Here, the process of pre-storing the current location information of the payer device occurs before step 301, wherein, referring to the description of FIG. 2 , when the location of the payer device changes, the operator server may store the current location of the payer device The information is pushed to the financial institution server, and at this time, the current location of the payer's device is obtained by receiving a synchronization request for the location of the payer's device sent by the operator's server. Specifically, the payer device location information synchronization request includes the current location information of the payer device, and the operator server generates the payer device location information synchronization request when determining that the payer device location changes.

同样的，由于用户不止一个，因此上述提到的支付方设备数量不止一个，为了将支付方设备和用户对应，本实施例中以支付方用户信息作为联系。因此，支付方设备在发送支付方设备位置信息同步请求时，还包括支付用户手机号码，用以唯一识别用户。Similarly, since there are more than one user, there are more than one payer device mentioned above. In order to correspond the payer device and the user, in this embodiment, the payer user information is used as the connection. Therefore, when the payer device sends the request for synchronization of the location information of the payer device, it also includes the mobile phone number of the paying user to uniquely identify the user.

由于支付方设备位置信息同步请求中的支付用户手机号码能够唯一识别用户，因此，需要提前将支付用户手机号码与支付方设备的当前位置信息生成映射关系并存储，或者获取支付用户手机号码绑定的用户支付账号，将用户支付账号与支付方设备的当前位置信息生成映射关系并存储。这样存储之后，就能根据支付用户手机号码或者用户支付账号唯一查询支付方设备的当前位置信息。Since the mobile phone number of the paying user in the synchronization request for the location information of the payer device can uniquely identify the user, it is necessary to generate and store the mapping relationship between the mobile phone number of the paying user and the current location information of the device of the payer in advance, or obtain the binding of the mobile phone number of the paying user. The user payment account of the user's payment account, and the mapping relationship between the user's payment account and the current location information of the payer's device is generated and stored. After being stored in this way, the current location information of the payer's device can be uniquely queried according to the mobile phone number of the paying user or the user's payment account.

由于支付方设备位置信息同步请求中的支付用户手机号码和交易接收设备发送的交易信息中的支付方用户信息是一致的，因此，对于交易接收设备来说，支付方用户信息与支付方设备的当前位置信息的映射关系是提前存储在预定数据表中的。因此，使用交易接收设备发送的支付方用户信息可以在预定数据表中唯一查询到对应的支付方设备的当前位置信息。Since the mobile phone number of the paying user in the synchronization request for the location information of the payer device is consistent with the payer user information in the transaction information sent by the transaction receiving device, for the transaction receiving device, the user information of the payer is the same as that of the payer device. The mapping relationship of the current location information is stored in a predetermined data table in advance. Therefore, the current location information of the corresponding payer device can be uniquely queried in the predetermined data table using the payer user information sent by the transaction receiving device.

303、金融机构服务器若确定交易接收设备的位置信息与支付方设备的当前位置信息不满足预定条件，则确定交易存在欺诈。303. If the financial institution server determines that the location information of the transaction receiving device and the current location information of the payer device do not meet the predetermined condition, determine that the transaction is fraudulent.

其中，若交易接收设备的位置信息与支付方设备的当前位置信息均为区域信息，在此基础上，判定交易非欺诈的预定条件是交易接收设备的位置信息与支付方设备的当前位置信息相同，区域信息可以包括行政区划编码或者地理网格信息。其中区域信息可以重新规划，也可以使用现有已经成熟的规划。Wherein, if the location information of the transaction receiving device and the current location information of the payer device are both regional information, on this basis, the predetermined condition for determining that the transaction is not fraudulent is that the location information of the transaction receiving device is the same as the current location information of the payer device. , the regional information may include administrative division codes or geographic grid information. The regional information can be re-planned, or an existing mature plan can be used.

若交易接收设备的位置信息与支付方设备的当前位置信息均为地理坐标，在此基础上，判定交易非欺诈的预定条件包括：根据交易接收设备的位置信息与支付方设备的当前位置信息确定的交易接收设备与支付方设备的距离小于或等于预设距离阈值。其中地理坐标可以是相对的，也可以是绝对的，对此不做限制，此处说明的距离阈值根据实际情况设置，距离阈值可以是覆盖某城市面积的圆的半径，也可以是考虑交易场景时，能够容忍的交易接收设备和支付方设备可能的定位误差距离。If the location information of the transaction receiving device and the current location information of the payer device are both geographic coordinates, on this basis, the predetermined conditions for determining that the transaction is not fraudulent include: determining according to the location information of the transaction receiving device and the current location information of the payer device The distance between the transaction receiving device and the payer device is less than or equal to the preset distance threshold. The geographic coordinates can be relative or absolute, and there is no restriction on this. The distance threshold described here is set according to the actual situation. The distance threshold can be the radius of a circle covering a certain city area, or it can be considered a transaction scenario. When , the possible positioning error distance between the transaction receiving device and the payer device can be tolerated.

作为行政区划编码的一种示例，交易接收设备的位置信息与支付方设备的当前位置信息可以均采用城市编码，当确定交易接收设备的城市编码与支付方设备的城市编码不一致时，则可以直接认定交易存在欺诈。为了更精确的判定交易欺诈，交易接收设备的位置信息与支付方设备的当前位置信息也可以采用更具体的地理坐标，考虑交易场景下交易接收设备与用户支付方设备的实际位置可以设定距离阈值，例如：在以固定的ATM机为交易接收设备时，该距离阈值可以设置为ATM机附近的一定范围内。As an example of the administrative division code, the location information of the transaction receiving device and the current location information of the payer device may both use the city code. When it is determined that the city code of the transaction receiving device is inconsistent with the city code of the payer device, you can The transaction is determined to be fraudulent. In order to more accurately determine transaction fraud, the location information of the transaction receiving device and the current location information of the payer device can also adopt more specific geographic coordinates. Considering the actual location of the transaction receiving device and the user's payer device in the transaction scenario, the distance can be set The threshold value, for example: when a fixed ATM machine is used as the transaction receiving device, the distance threshold value can be set within a certain range near the ATM machine.

当然，在通过步骤303确定不存在交易欺诈时，可以继续通过交易欺诈模型评分对是否存在交易欺诈作进一步判断。当确定存在交易欺诈后，后续还可以将结果返回图2示出的拦截预警模块；拦截预警模块将欺诈判定结果，返回与其对接的授权系统，通过授权系统完成欺诈交易的实时管控。Of course, when it is determined through step 303 that there is no transaction fraud, further judgment may be made on whether there is transaction fraud through the score of the transaction fraud model. When it is determined that there is transaction fraud, the result can be returned to the interception early warning module shown in FIG. 2; the interception early warning module returns the fraud judgment result to the authorization system connected to it, and completes the real-time management and control of fraudulent transactions through the authorization system.

这样，由于该交易欺诈的判定方法提前获取了支付方设备的当前位置信息，因此金融机构在交易欺诈判定过程中能够快速查询到支付方设备的当前位置信息，进而减少交易过程中交易欺诈判定的时间，提升用户的交易体验。In this way, since the transaction fraud determination method obtains the current location information of the payer's device in advance, the financial institution can quickly query the current location information of the payer's device in the process of transaction fraud determination, thereby reducing the risk of transaction fraud determination during the transaction process. time and improve the user's trading experience.

本申请实施例可以根据上述方法示例对其对应的装置进行功能模块或者功能单元的划分，例如，可以对应各个功能划分各个功能模块或者功能单元，也可以将两个或两个以上的功能集成在一个处理模块中。上述集成的模块既可以采用硬件的形式实现，也可以采用软件功能模块或者功能单元的形式实现。其中，本申请实施例中对模块或者单元的划分是示意性的，仅仅为一种逻辑功能划分，实际实现时可以有另外的划分方式。In this embodiment of the present application, the corresponding apparatus may be divided into functional modules or functional units according to the foregoing method examples. For example, each functional module or functional unit may be divided into corresponding functions, or two or more functions may be integrated in in a processing module. The above-mentioned integrated modules can be implemented in the form of hardware, and can also be implemented in the form of software function modules or functional units. Wherein, the division of modules or units in the embodiments of the present application is schematic, and is only a logical function division, and there may be other division manners in actual implementation.

参照图4所示，提供一种交易欺诈判定装置，包括：获取模块41、处理模块42。Referring to FIG. 4 , a transaction fraud determination device is provided, which includes: an acquisition module 41 and a processing module 42 .

获取模块41用于接收交易接收设备发送的交易信息，交易信息包含交易接收设备的位置信息以及支付方用户信息。The acquiring module 41 is configured to receive transaction information sent by the transaction receiving device, where the transaction information includes location information of the transaction receiving device and user information of the payer.

处理模块42用于根据获取模块获取的支付方用户信息获取预先存储的支付方设备的当前位置信息。The processing module 42 is configured to acquire the pre-stored current location information of the payer device according to the payer user information acquired by the acquiring module.

处理模块42还用于若确定获取模块获取的交易接收设备的位置信息与支付方设备的当前位置信息不满足预定条件，则确定交易存在欺诈。The processing module 42 is further configured to determine that the transaction is fraudulent if it is determined that the location information of the transaction receiving device acquired by the acquiring module and the current location information of the payer device do not meet a predetermined condition.

可选的，获取模块41获取的交易接收设备的位置信息与处理模块42获取的支付方设备的当前位置信息均为区域信息，预定条件包括：交易接收设备的位置信息与支付方设备的当前位置信息相同，区域信息包括行政区划编码或者地理网格信息。Optionally, the location information of the transaction receiving device acquired by the acquisition module 41 and the current location information of the payer device acquired by the processing module 42 are both regional information, and the predetermined conditions include: the location information of the transaction receiving device and the current location of the payer device. The information is the same, and the regional information includes administrative division codes or geographic grid information.

可选的，获取模块41获取的交易接收设备的位置信息与处理模块42获取的支付方设备的当前位置信息均为地理坐标，预定条件包括：根据交易接收设备的位置信息与支付方设备的当前位置信息确定的交易接收设备与支付方设备的距离小于或等于预设距离阈值。Optionally, the location information of the transaction receiving device acquired by the acquisition module 41 and the current location information of the payer device acquired by the processing module 42 are both geographic coordinates, and the predetermined conditions include: according to the location information of the transaction receiving device and the current location of the payer device. The distance between the transaction receiving device determined by the location information and the payer device is less than or equal to a preset distance threshold.

可选的，获取模块41获取的支付方用户信息包括以下一项或多项：支付用户手机号码、用户支付账号。Optionally, the user information of the payer acquired by the acquiring module 41 includes one or more of the following: the mobile phone number of the paying user, and the user's payment account.

可选的，处理模块42还用于根据获取模块41获取的支付方用户信息获取预先存储的支付方设备的当前位置信息，包括：根据获取模块41获取的支付方用户信息在预定数据表中查询所述支付方设备的当前位置信息，其中预定数据表中存储有支付方用户信息与支付方设备的当前位置信息的映射关系。Optionally, the processing module 42 is further configured to obtain the pre-stored current location information of the payer device according to the payer user information obtained by the obtaining module 41, including: querying the predetermined data table according to the payer user information obtained by the obtaining module 41. The current location information of the payer device, wherein the predetermined data table stores the mapping relationship between the payer user information and the current location information of the payer device.

可选的，获取模块41还用于接收运营商服务器发送的支付方设备位置信息同步请求，支付方设备位置信息同步请求包含支付方设备的当前位置信息，其中，运营商服务器在确定支付方设备的位置发生变化时，生成所述支付方设备位置信息同步请求。Optionally, the acquiring module 41 is further configured to receive a request for synchronizing the location information of the payer's device sent by the operator server, where the request for synchronizing the location information of the payer's device includes the current location information of the payer's device. When the location of the payer changes, a synchronization request for the location information of the payer device is generated.

可选的，获取模块41获取的支付方设备位置信息同步请求还包括：支付用户手机号码；Optionally, the synchronization request for the location information of the payer device acquired by the acquiring module 41 further includes: the mobile phone number of the paying user;

处理模块42还用于将支付用户手机号码与支付方设备的当前位置信息生成映射关系并存储；The processing module 42 is also used to generate and store the mapping relationship between the mobile phone number of the paying user and the current location information of the payer's device;

或者，or,

处理模块42还用于获取支付用户手机号码绑定的用户支付账号，将用户支付账号与支付方设备的当前位置信息生成映射关系并存储。The processing module 42 is further configured to acquire the user payment account bound to the mobile phone number of the payment user, and generate and store a mapping relationship between the user payment account and the current location information of the payer's device.

当然在采用其他的功能划分形式时，获取模块的功能可以由图2中交易信息采集模块以及金融机构服务器13中的接口完成，处理模块的功能也可以由图2中的位置整合模块和欺诈判定模块完成。该交易欺诈判定装置所能解决的技术问题，以及实现的技术效果可以参照交易欺诈判定方法的描述，此处不再赘述。Of course, when other functional division forms are adopted, the function of the acquisition module can be completed by the transaction information acquisition module in FIG. 2 and the interface in thefinancial institution server 13, and the function of the processing module can also be performed by the location integration module in FIG. 2 and the fraud determination module. Module is complete. The technical problems that can be solved by the transaction fraud determination device and the technical effects achieved can be referred to the description of the transaction fraud determination method, which will not be repeated here.

在另一种方案中，上述交易欺诈判定装置的获取模块41可以采用通信接口实现，处理模块42可以采用一个或者多个处理器实现；此时参照图5所示，提供一种交易欺诈判定装置，包括：处理器51，其中处理器51用于执行程序或指令，以实现上述方法实施例提供的交易欺诈判定装置。还包括通信接口52，其中通信接口52和处理器51耦合，示例性的通信接口52和处理器51可以通过总线53耦合。In another solution, the acquisition module 41 of the above transaction fraud determination device can be implemented by a communication interface, and the processing module 42 can be implemented by one or more processors; at this time, referring to FIG. 5, a transaction fraud determination device is provided. , including: a processor 51, where the processor 51 is configured to execute a program or an instruction to implement the transaction fraud determination device provided by the above method embodiments. Acommunication interface 52 is also included, wherein thecommunication interface 52 and the processor 51 are coupled, anexemplary communication interface 52 and the processor 51 may be coupled through a bus 53 .

处理器51可以是一个通用中央处理器(central processing unit，CPU)，控制器MCU，特定应用集成电路(application-specific integrated circuit，ASIC)，或一个或多个用于控制本申请提供的交易欺诈判定方法程序执行的集成电路。在具体的实现中，作为一种实施例，处理器51(51-1和51-2)可以包括一个或多个中央处理器，例如图5中所示的CPU0和CPU1。且作为一种实施例，交易欺诈判定装置可以包括多个处理器51，例如图5中所示的处理器51-1和处理器51-2。这些处理器51中的每一个CPU可以是一个单核处理器(single-CPU)，也可以是一个多核处理器(multi-CPU)。这里的处理器51可以指一个或多个设备、电路、和/或用于处理数据(例如计算机程序指令)的处理核。The processor 51 may be a general-purpose central processing unit (CPU), a controller MCU, an application-specific integrated circuit (ASIC), or one or more of them for controlling transaction fraud provided by the present application. The integrated circuit on which the program of the determination method is executed. In a specific implementation, as an embodiment, the processors 51 ( 51 - 1 and 51 - 2 ) may include one or more central processing units, such as CPU0 and CPU1 shown in FIG. 5 . And as an embodiment, the transaction fraud determination apparatus may include a plurality of processors 51, such as the processor 51-1 and the processor 51-2 shown in FIG. 5 . Each of these processors 51 may be a single-core processor (single-CPU) or a multi-core processor (multi-CPU). Processor 51 herein may refer to one or more devices, circuits, and/or processing cores for processing data (eg, computer program instructions).

当然，处理器51上还可以集成有交易欺诈判定方法程序或指令的存储装置，或者也可以将存储装置单独设置，例如如图5中示出的，单独设置存储器54。存储器54可以是只读存储器(read-only memory，ROM)或可存储静态信息和指令的其他类型的静态存储设备，随机存取存储器(random access memory，RAM)或者可存储信息和指令的其他类型的动态存储设备，也可以是电可擦可编程只读存储器(electrically erasable programmableread-only memory，EEPROM)、只读光盘(compact disc read-only memory，CD-ROM)或其他光盘存储、光碟存储(包括压缩光碟、激光碟、光碟、数字通用光碟、蓝光光碟等)、磁盘存储介质或者其他磁存储设备、或者能够用于携带或存储具有指令或数据结构形式的期望的程序代码并能够由计算机存取的任何其他介质，但不限于此。处理器51执行程序或指令，以控制通信接口52获取交易欺诈判定方法，并以使交易欺诈判定装置执行如上述的交易欺诈判定方法。Of course, the processor 51 may also be integrated with a storage device for the program or instruction of the transaction fraud determination method, or the storage device may also be set separately, for example, as shown in FIG. 5 , thememory 54 is set separately. Thememory 54 may be read-only memory (ROM) or other type of static storage device that can store static information and instructions, random access memory (RAM), or other type of static storage device that can store information and instructions It can also be an electrically erasable programmable read-only memory (EEPROM), a compact disc read-only memory (CD-ROM), or other optical disk storage, optical disk storage ( including compact discs, laser discs, compact discs, digital versatile discs, Blu-ray discs, etc.), magnetic disk storage media or other magnetic storage devices, or capable of carrying or storing desired program code in the form of instructions or data structures and capable of being stored by a computer any other medium taken, but not limited to this. The processor 51 executes programs or instructions to control thecommunication interface 52 to obtain the transaction fraud determination method, and to cause the transaction fraud determination device to execute the transaction fraud determination method as described above.

通信接口52，使用任何收发器一类的装置，用于与其他设备或通信网络通信，如控制系统、无线接入网(radio access network，RAN)，无线局域网(wireless local areanetworks，WLAN)、服务器等。通信接口52可以包括接收单元实现接收功能，以及发送单元实现发送功能。Communication interface 52, using any transceiver-like device, for communicating with other devices or communication networks, such as control systems, radio access networks (RAN), wireless local area networks (WLAN), servers Wait. Thecommunication interface 52 may include a receiving unit to implement a receiving function, and a transmitting unit to implement a transmitting function.

总线53，可以是工业标准体系结构(industry standard architecture，ISA)总线、外部设备互连(peripheral component interconnect，PCI)总线或扩展工业标准体系结构(extended industry standard architecture，EISA)总线等。该总线53可以分为地址总线、数据总线、控制总线等。为便于表示，图5中仅用一条粗线表示，但并不表示仅有一根总线或一种类型的总线。The bus 53 may be an industry standard architecture (ISA) bus, a peripheral component interconnect (PCI) bus, or an extended industry standard architecture (EISA) bus, or the like. The bus 53 can be divided into an address bus, a data bus, a control bus, and the like. For ease of presentation, only one thick line is used in FIG. 5, but it does not mean that there is only one bus or one type of bus.

上面结合附图对本申请的实施例进行了描述，但是本申请并不局限于上述的具体实施方式，上述的具体实施方式仅仅是示意性的，而不是限制性的，本领域的普通技术人员在本申请的启示下，在不脱离本申请宗旨和权利要求所保护的范围情况下，还可做出很多形式，均属于本申请的保护之内。The embodiments of the present application have been described above in conjunction with the accompanying drawings, but the present application is not limited to the above-mentioned specific embodiments, which are merely illustrative rather than restrictive. Under the inspiration of this application, without departing from the scope of protection of the purpose of this application and the claims, many forms can be made, which all fall within the protection of this application.