An approach is provided in which the approach generates anomaly score variables using multiple unsupervised models based on a set of data records. The approach normalizes the anomaly score variables into multiple normalized variables, and constructs at least one interaction based on a first one of the normalized variables and a second one of the normalized variables. The first normalized variable corresponds to a first one of the anomaly score variables and the second normalized variable corresponds to a second one of the anomaly score variables. The approach detects a set of anomalies based on the at least one interaction and transmits the set of anomalies to a user.

A method of generating an input for a machine learning algorithm may include collecting data records. Each data record may include a plurality of categories of data. The method may include using vector quantization to partition the plurality of data records into a plurality of groupings. Each of the groupings may be based on one or more of the plurality of categories of data. The method may include generating a correlation score for each of the plurality of groupings. The correlation score may be indicative of whether a particular group is indicative of a given outcome.

A computerized method of a canvas system comprising: providing the canvas system, wherein the canvas system comprises a multimedia media content tool/platform that provides a set of functionalities of a user interface; providing a set of canvas-system based media content; organizing the canvas-system based media content in a plurality of blocks, wherein each block comprises a set of digital assets on a block level with a set of specified integrations and engagements; with the plurality of blocks: provide a set of block-level interactions, nest one block into another, put a block behind a paywall (e.g. as a fiat/crypto currency or as an NFT, etc.), visually represent the blocks in different parts of the block, create relations between a set of different blocks, add one or more tags to each block, and enable one or more micro-interactions/transactions for the canvas-system based media content among a plurality of users.

The present disclosure involves systems, software, and computer implemented methods for providing user interface (UI)-based modifications to adjust and interact with data exchange splits. An example client device can include can identify a data exchange (DE) associated with at least three entities, the DE associated with a total value. A visualization representing the DE can be presented via a UI and can include a chart comprising the total value of the DE exchange divided into value areas that are each associated with a particular entity. In response to a detection of input associated with a selection of an edge between a first and second value area, the combined value area associated with the first and second value areas can be locked. In response to detected movement input associated with the edge, the relative values of the first and second inside the combined value area can be adjusted in the visualization.

A method for identifying identity information includes: acquiring user data, the user data including identity information and account information of a user; establishing an association relationship between account information and identity information that are bound in the user data, and establishing an association relationship between two pieces of account information having common features in the user data; and determining a risk value of target identity information in the user data according to the established association relationships, and determining, according to the determined risk value, whether the target identity information has a risk of being used fraudulently.

A method of verifying the destination of a transaction between nodes in a network includes receiving transaction information corresponding to a transaction between the nodes, where the transaction information comprises a unique destination identifier and a destination name and where the unique destination identifier defines a destination account of the transaction; obtaining from a storage unit a set of names used in previous transactions to that destination account; determining at least one disparity value between the destination name and the set of names; and producing a destination verification value based on the at least one disparity value, wherein the destination verification value is used to verify whether the transaction between nodes should proceed.

An electronic device is provided. The electronic device includes a camera, a memory configured to store a model learned to determine whether a user performing authentication for a financial service is in a threat situation, and a processor configured to perform authentication for the financial service based on biometrics information of the user performing authentication for the financial service. The processor may acquire an image by photographing the user performing authentication through the camera, acquire information on whether the user performing authentication is in a threat situation from the learned model, with information acquired from the image as input of the learned model, and perform authentication for the financial service according to the acquired information. At least a part of the learned model is an artificial intelligent algorithm, which may be performed according to at least one of machine learning, neural network, or deep learning algorithm.

Disclosed herein are systems and methods executing a security server that perform various processes using alert elements containing various data fields indicating threats of fraud or attempts to penetrate an enterprise network. Using alert elements, the security server generate integrated alerts that are associated with customers of the system and assign a risk score for the integrated alerts, which the security server uses to store and sort the integrated alerts according to a priority, based on the relative risk scores. Analyst computers may query and fetch integrated alerts from an integrate alert database, and then present the integrate alerts to be addressed by an analyst according to the priority level of the respective integrated alerts. This allows to ensure that the right customer, is worked by the right analyst, at the right time, to maximize fraud prevention and minimize customer impact.

Methods and systems are presented for providing concurrent data retrieval and risk processing while evaluating a risk source of an online service provider. Upon receiving a request to evaluate the risk source, a risk analysis module may initiate one or more risk evaluation sub-processes to evaluate the risk source. Each risk evaluation sub-process may require different data related to the risk source to perform the evaluation. The risk analysis module may simultaneously retrieve the data related to the risk source and perform the one or more risk evaluation sub-processes such that the risk analysis module may complete a risk evaluation sub-process whenever the data required by the risk evaluation sub-process is made available.

This application relates to apparatus and methods for identifying fraudulent transactions. A computing device receives return data identifying the return of at least one item. The computing device obtains modified strategy data identifying at least one rule of a modified strategy. The rule may be based on the application of at least one discrete stochastic gradient descent algorithm to an initial strategy. The computing device applies the modified strategy to the received return data identifying the return of the at least one item, and determines whether the return of the at least one item is fraudulent based on the application of the modified strategy. The computing device generates fraud data identifying whether the return of the at least one item is fraudulent based on the determination, and may transmit the fraud data to another computing device to indicate whether the return is fraudulent.