[go: up one dir, main page]

CN111915316B - A method, device, computer equipment and storage medium for monitoring suspicious transactions - Google Patents

A method, device, computer equipment and storage medium for monitoring suspicious transactions Download PDF

Info

Publication number
CN111915316B
CN111915316B CN202010829394.7A CN202010829394A CN111915316B CN 111915316 B CN111915316 B CN 111915316B CN 202010829394 A CN202010829394 A CN 202010829394A CN 111915316 B CN111915316 B CN 111915316B
Authority
CN
China
Prior art keywords
transaction
monitoring
data
service
suspicious
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010829394.7A
Other languages
Chinese (zh)
Other versions
CN111915316A (en
Inventor
李晖
赵东生
蔡捷飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Southern Power Grid Digital Grid Group Co ltd
Southern Power Grid Digital Grid Research Institute Co Ltd
CSG Finance Co Ltd
Original Assignee
Southern Power Grid Digital Grid Research Institute Co Ltd
CSG Finance Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Southern Power Grid Digital Grid Research Institute Co Ltd, CSG Finance Co Ltd filed Critical Southern Power Grid Digital Grid Research Institute Co Ltd
Priority to CN202010829394.7A priority Critical patent/CN111915316B/en
Publication of CN111915316A publication Critical patent/CN111915316A/en
Application granted granted Critical
Publication of CN111915316B publication Critical patent/CN111915316B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2282Tablespace storage structures; Management thereof
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Human Resources & Organizations (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • General Business, Economics & Management (AREA)
  • General Engineering & Computer Science (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Finance (AREA)
  • Economics (AREA)
  • Data Mining & Analysis (AREA)
  • Marketing (AREA)
  • Computing Systems (AREA)
  • Development Economics (AREA)
  • Educational Administration (AREA)
  • Signal Processing (AREA)
  • Game Theory and Decision Science (AREA)
  • Computer Hardware Design (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • Software Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Databases & Information Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application relates to a suspicious transaction monitoring method, a suspicious transaction monitoring device, computer equipment and a storage medium. The method comprises the following steps: acquiring business transaction data from a big data platform; the business transaction data includes a plurality of data tables having a plurality of fields; acquiring a monitoring request aiming at the business transaction data, and determining a data table associated with the monitoring request from the plurality of data tables; in a plurality of micro-services corresponding to the suspicious transaction monitoring platform, determining a target micro-service corresponding to the monitoring request, triggering the target micro-service to process a data table associated with the monitoring request, generating a monitoring result of the suspicious transaction, realizing monitoring of the suspicious transaction by using different micro-services according to different monitoring requirements, avoiding false alarm missing report caused by manual monitoring of the suspicious transaction, effectively improving monitoring efficiency and accuracy, and providing an omnibearing and multi-view comprehensive analysis platform for monitoring work of the suspicious transaction.

Description

Method and device for monitoring suspicious transactions, computer equipment and storage medium
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and apparatus for monitoring suspicious transactions, a computer device, and a storage medium.
Background
Illegal transactions through a financial network are a means for criminals to disguise or conceal illegal benefits, and are extremely dangerous, seriously threatening the stability of society and economy. In real life, criminals have strong concealment in the manipulation of criminals when performing illegal transactions through financial institutions.
In the prior art, when illegal suspicious transactions are identified, related data is collected, counted and monitored mainly manually. However, the money laundering is monitored manually, so that the working efficiency is low, and the missing report is easy to report.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a method, apparatus, computer device, and storage medium for monitoring suspicious transactions.
A method of monitoring suspicious transactions, the method comprising:
acquiring business transaction data from a big data platform; the business transaction data includes a plurality of data tables having a plurality of fields;
Acquiring a monitoring request aiming at the business transaction data, and determining a data table associated with the monitoring request from the plurality of data tables;
And determining a target micro-service corresponding to the monitoring request in a plurality of micro-services corresponding to the suspicious transaction monitoring platform, and triggering the target micro-service to process a data table associated with the monitoring request to generate a monitoring result of the suspicious transaction.
Optionally, each micro-service is associated with a corresponding database, each micro-service having access rights to its corresponding database and not having access rights to other databases;
The method further comprises the steps of:
determining a target database corresponding to the target micro-service, and storing a data table associated with the monitoring request into the target database;
the triggering of the target micro-service processes the data table associated with the monitoring request to generate a monitoring result of suspicious transaction, which comprises the following steps:
Triggering the target micro-service to acquire a data table associated with the monitoring request from the target database;
acquiring suspicious transaction screening rules corresponding to the monitoring request;
And triggering the target micro-service to match the data in the data table associated with the monitoring request according to the suspicious transaction screening rule, and generating a monitoring result of the suspicious transaction.
Optionally, when the target micro-service is a risk level determination micro-service, the suspicious transaction screening rule is a risk level determination rule, and the step of triggering the target micro-service to match data in the data table associated with the monitoring request according to the suspicious transaction screening rule to generate a monitoring result of the suspicious transaction includes:
Triggering the risk level judging micro-service to acquire a client list corresponding to the risk level and the risk level judging rule in the associated data list and service transaction data corresponding to clients in the client list, so as to obtain a monitoring result of suspicious transactions;
when the target micro-service is a list client screening micro-service, the suspicious transaction screening rule is a blacklist client list, and the step of triggering the target micro-service to match data in a data table associated with the monitoring request according to the suspicious transaction screening rule to generate a monitoring result of suspicious transaction comprises the following steps:
triggering the list client screening micro-service to acquire blacklist clients corresponding to the blacklist clients in the associated data table and service transaction data corresponding to the blacklist clients, and obtaining a monitoring result of suspicious transactions.
Optionally, the acquiring business transaction data from the big data platform includes:
acquiring transaction subjects and transaction values corresponding to a plurality of transaction information from a big data platform;
determining suspicious transaction information in the transaction information according to the transaction main body and the transaction numerical value;
and acquiring transaction data of the suspicious transaction information to obtain the business transaction data.
Optionally, the determining suspicious transaction information in the plurality of transaction information according to the transaction main body and the transaction amount includes:
Inputting a plurality of transaction subjects and transaction values into a graphic database to generate a transaction network structure diagram; the transaction network structure diagram comprises a transaction main body, a transaction numerical value and flow information thereof;
and determining suspicious transaction information in the transaction information according to the transaction network structure diagram.
The determining suspicious transaction information in the transaction information according to the transaction network structure diagram includes:
Determining client relationship information among a plurality of transaction subjects according to the transaction subjects in the transaction network structure diagram;
And when the client relation information, the transaction value and the flow direction information thereof meet the preset identification conditions, determining the corresponding transaction information as suspicious transaction information.
Optionally, the acquiring the monitoring request for the service transaction data and determining a data table associated with the monitoring request from the plurality of data tables includes:
responding to a monitoring request aiming at the business transaction data, wherein the monitoring request carries monitoring field information selected by a user in a visual task scheduling interface;
And acquiring a data table corresponding to the monitoring field information from a plurality of data tables.
A device for monitoring suspicious transactions, the device comprising:
The transaction data acquisition module is used for acquiring business transaction data from the big data platform; the business transaction data includes a plurality of data tables having a plurality of fields;
The monitoring request determining module is used for acquiring a monitoring request aiming at the business transaction data and determining a data table associated with the monitoring request from the plurality of data tables;
And the monitoring result generation module is used for determining a target micro-service corresponding to the monitoring request in a plurality of micro-services corresponding to the suspicious transaction monitoring platform, triggering the target micro-service to process a data table associated with the monitoring request, and generating a monitoring result of the suspicious transaction.
A computer device comprising a memory storing a computer program and a processor implementing the steps of the method of monitoring suspicious transactions as described above when the computer program is executed.
A computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of a method of monitoring suspicious transactions as described above.
According to the method, the device, the computer equipment and the storage medium for monitoring the suspicious transaction, the monitoring request for the business transaction data is determined by acquiring the business transaction data, the data table associated with the monitoring request is determined from the data tables, the target micro-service corresponding to the monitoring request is determined in the micro-services of the suspicious transaction monitoring platform, the target micro-service is adopted to process the data table associated with the monitoring request, the monitoring result of the suspicious transaction is generated, the suspicious transaction is monitored by using different micro-services according to different monitoring requirements, the false report and report caused by manual monitoring of the suspicious transaction are avoided, the monitoring efficiency and accuracy are effectively improved, and an omnibearing and multi-view comprehensive analysis platform is provided for the monitoring work of the suspicious transaction.
Drawings
FIG. 1 is a flow diagram of a method of monitoring suspicious transactions according to one embodiment;
FIG. 2 is an application environment diagram of a method of monitoring suspicious transactions in one embodiment;
FIG. 3 is a technical architecture diagram of a suspicious transaction monitoring platform in one embodiment;
FIG. 4 is a data architecture diagram of a suspicious transaction monitoring platform according to one embodiment;
FIG. 5 is a deployment diagram of micro-services in a suspicious transaction monitoring platform according to one embodiment;
FIG. 6 is a distributed architecture deployment diagram of a suspicious transaction monitoring platform in one embodiment;
FIG. 7 is a flow diagram of data processing for a suspicious transaction monitoring platform in one embodiment;
FIG. 8 is a diagram of a transaction network architecture in one embodiment;
FIG. 9 is an application architecture diagram of a suspicious transaction monitoring platform in one embodiment;
FIG. 10 is another data processing flow diagram of a suspicious transaction monitoring platform in one embodiment;
FIG. 11 is a background call logic diagram of a suspicious transaction monitoring platform in one embodiment;
FIG. 12 is a diagram of the physical deployment of software modules of a suspicious transaction monitoring platform according to one embodiment;
FIG. 13 is a block diagram of a suspicious transaction monitoring device in one embodiment;
Fig. 14 is an internal structural diagram of a computer device in one embodiment.
Detailed Description
The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
In one embodiment, as shown in fig. 1, a method for monitoring suspicious transactions is provided, and the method is applied to a server for illustration, and the method can also be applied to a system including a terminal and a server, and implemented through interaction between the terminal and the server, and specifically includes the following steps:
Step 101, acquiring business transaction data from a big data platform; the business transaction data includes a plurality of data tables having a plurality of fields.
Specifically, the suspicious transaction monitoring platform may acquire service transaction data from the big data platform, where the service transaction data may include a data table having a plurality of fields; the business transaction data may be transaction data of a financial business.
In practical application, the suspicious transaction monitoring platform can be communicated with a big data platform, and the big data platform can comprise a plurality of peripheral systems, wherein the peripheral systems can be divided into a peripheral business system and a peripheral management system, and the peripheral business system can comprise a core system, a credit card system, a fund financial system, a silver-linked preposition system and a derivative system and an international settlement system; the peripheral management system may include a post-hoc supervision system, an intelligent account system, a customer relationship system, a human resource management system, a credit management system, a customer information integration system, an influence platform, an accounting internal control platform, and a networking check system.
After the suspicious transaction monitoring platform is in communication connection with the peripheral business system, basic data related to financial transactions can be extracted from the suspicious transaction monitoring platform, after the basic data is obtained, information corresponding to the fields can be extracted from the basic data into corresponding data tables according to different fields, and each data table can comprise a plurality of fields. The extracted plurality of data tables may be stored in a database. In practical applications, the business transaction data may be from data in a data resource layer, such as a data warehouse or a database of a suspicious transaction monitoring platform or other systems, and three-party data acquired through an API interface.
Step 102, a monitoring request for the business transaction data is obtained, and a data table associated with the monitoring request is determined from the plurality of data tables.
After the business transaction data is obtained, a monitoring request for the business transaction data may be determined, and a data table associated with the monitoring request may be determined from the plurality of data tables.
And step 103, determining a target micro-service corresponding to the monitoring request in a plurality of micro-services corresponding to the suspicious transaction monitoring platform, and triggering the target micro-service to process a data table associated with the monitoring request to generate a monitoring result of the suspicious transaction.
In practical application, after the monitoring request is determined, a target micro-service corresponding to the monitoring request can be determined in a plurality of micro-services of the suspicious transaction monitoring platform, and the target micro-service is triggered to process a data table associated with the monitoring request, so that a monitoring result of the suspicious transaction is generated.
In the embodiment, the service transaction data is acquired, the monitoring request for the service transaction data is determined, the data table associated with the monitoring request is determined from a plurality of data tables, the target micro-service corresponding to the monitoring request is determined in a plurality of micro-services of the suspicious transaction monitoring platform, the target micro-service is adopted to process the data table associated with the monitoring request, the monitoring result of the suspicious transaction is generated, the suspicious transaction is monitored by using different micro-services according to different monitoring requirements, the false report caused by manually monitoring the suspicious transaction is avoided, the monitoring efficiency and accuracy are effectively improved, and an omnibearing and multi-view comprehensive analysis platform is provided for the monitoring work of the suspicious transaction.
In one embodiment, this may be applied in an application environment as shown in FIG. 2. The money back-flushing monitoring and reporting system in fig. 2 may also be referred to as a suspicious transaction monitoring platform, which may be in communication connection with other service systems, internal networks and external networks; the suspicious transaction monitoring platform can be implemented by an independent server or a server cluster formed by a plurality of servers.
In order to enable those skilled in the art to better understand the present application, the following describes the general technical architecture of the present application, the design concept of the suspicious transaction monitoring platform, and the data architecture, but it should be understood that the embodiments of the present application are not limited thereto.
In the application, the user demand is used as a guide, the structural design is carried out by adopting the design thought of the component, the recombination and the expansion of each function in the suspicious transaction monitoring platform are facilitated, the strategy of overall planning and step-by-step implementation can be adopted in the design process, and the development of a background service program is carried out after the design of the platform control page is completed, so that the aim of realizing a quality system is finally achieved. In a specific application, an overall technical architecture as shown in fig. 3 may be employed, in which a business service layer, a standard component support layer, a data storage layer, a data acquisition layer, and an infrastructure layer may be included.
The suspicious transaction monitoring platform adopts a modularized development thought, a system is developed according to modules, the normal operation of other modules is not affected by the fault of any one module, the upgrading maintenance is executed according to the modules, the whole system is not required to be upgraded, the maintenance cost is reduced, and the development efficiency is improved. Meanwhile, a plurality of modules in suspicious transaction monitoring adopt a micro-service architecture, and an operation module in a suspicious transaction monitoring platform can be built and operated as micro-service, for example, a plurality of modules such as a platform front page, data report, risk rating, client identity recognition, list management, model management, parameter setting, statistics report, task scheduling, system management and the like generate corresponding micro-service, and through the micro-service architecture, functional overlapping does not exist among all subsystems in the suspicious transaction monitoring platform and among all service components in the subsystems, and the normal operation of other subsystems is not affected by the fault of any subsystem.
Aiming at the inside of the same system module, after the functional points of the system module are determined, the system module does not provide other functions except the present function, and further, the system module can have higher readability, expandability, reusability and maintainability. The system module may provide interface-oriented programming to external services.
For the system module and the system module, the coupling degree should be lower, which is specifically expressed as follows: the dependence, perception and connection between the system modules are as low as possible; the combination variability among the system modules is high, and the system can adapt to technical changes, such as changes of technical development; the functions of the system modules are independent; communication among the system modules is mainly called interfaces, and the object combination can be preferentially used for object combination and inheritance.
The suspicious transaction monitoring platform can adopt a service-oriented architecture, namely an SOA (service oriented architecture), and the SOA is an architecture which is directly thought from a service level, can adapt to continuously changing service requirements, and has higher stability. In particular, the creation of service oriented architecture is adapted to the flexible changes of the traffic and the changing requirements of the system. Along with the increase of the service flexibility, the SOA can achieve the effects of rapidly generating the service flow and assembling the application to timely respond to the application change by increasing the granularity of the flow. In addition, in the system development process, developers pursue system simplification, and the SOA realizes system flexibility and simplification through methods of technical independence of service generation, maximized reuse of existing services and the like.
The multiple systems can adopt a multi-layer structure design, and multiple layers such as a data layer, a middle layer, a component layer, an application layer, a presentation layer and the like can be independently upgraded by adopting modular development, and the upgrading of each layer does not affect other layers.
When the system is developed, the system can be developed according to an object-oriented programming framework, all the functions of a subsystem or each part in a module are abstracted into objects, classes and messages, each object can receive information, process data and send information to other objects, and the reusability, flexibility and expansibility of the system in the suspicious transaction monitoring platform can be effectively improved according to the object-oriented programming framework.
For the data architecture, the suspicious transaction monitoring platform can adopt a data architecture as shown in fig. 4, and in the data architecture, the suspicious transaction monitoring platform can be divided into four parts of data resources, data acquisition, a data platform and data application. The data collection may be performed by various components, for example, by using an open source tool such as flume, sqoop, kettle to collect and store business transaction data.
In the data platform portion, data query services (e.g., regular queries, massive data real-time queries, data loading), data analysis processing services (e.g., index calculations, rule calculations, model matching, customer ratings, report calculations, inspection data extraction, customer portraits) and data warehouses may be provided. The data warehouse may include, among other things, a data operations layer (ODS), a dimension layer DIM (Dimension), a data detail layer DWD (Data Warehouse Detail), and a data services layer DWS (Data Ware House Service). Any one or more of structured data, semi-structured data and unstructured data can be included in the data operation layer. The data platform provides a scheduling management function and a data management function, wherein the scheduling management function comprises task management, task dependency design, scheduling service and monitoring service; the data management functions include data instruction control, metadata management, data lifecycle management, and data blood-edge relationship analysis.
In the data application section, a rules engine application, a flow engine application, an information reporting application, a risk rating application, a due diligence application, a list management application, a model factory application, a BI report application, a system monitoring application, and a field investigation application may be provided. The model factory application can be used for customizing the money laundering model, and can be used for performing verification, auditing, release and other management on the money laundering model. The user can send different types of monitoring requests to the system by calling different data applications, and can call a data table associated with the monitoring requests aiming at the different monitoring requests.
In the Data architecture, after the Data resource (Data Source) is acquired, the Data resource can be stored and processed through components (HIVE MR SPARK, HDFS Parquet Kudu Hbase) of the big Data platform, and the Data is queried by using an application programming interface (Java api) provided by a query system (Impala), so that Data support is provided for result service (result service).
In practical application, as shown in fig. 5, the suspicious transaction monitoring platform may be an application cluster including a plurality of micro services, for example, data report, list management, statistics query, report Wen Jiaoyan and the like in the figure are deployed by adopting a micro service mode, each micro service is deployed by adopting a high-availability cluster deployment mode, and dynamic expansion of the micro service can be performed on the platform according to the requirement.
When the suspicious transaction monitoring platform is started, as the running of other micro-services depends on basic services, the basic services such as a database, a message service and the like are started first, then an application service (such as a Java application service) is started, and after the application service is started successfully, an nginx service can be started to provide an access entry for external requests. Specifically, when the application service is started, the registry service (eureka) is started first, and then the micro services are started, so that the micro services are sequentially registered in the registry service. The registry services may include one or more of, for example, registry service eureka, registry service eureka, and the like, among others.
Each system module in the suspicious transaction monitoring platform can be deployed in a distributed structure, as shown in fig. 6, where the suspicious transaction monitoring platform is divided into a platform application layer, a service gateway layer, a business service layer, a support service layer and a resource service layer. The platform application layer can comprise one or more of an HTML/JS service interface layer, an HTML/AJAX service interface layer and an HTML/VUE service interface layer; the service gateway layer may include ZUUL service gateways; various forms of message services can be deployed in the business service layer; in the support service layer, a base support service, as well as other application services, may be deployed, streaming data access services, security services, unstructured data management services, unified organization and entitlement services, blacklist services, risk rating services, autonomous detection services, and data reporting services.
In one embodiment, each micro-service is associated with a corresponding database, each micro-service having access to its corresponding database and no access to other databases. As shown in fig. 7, in the function support block, a plurality of oracle databases, such as an admin management platform database, a flow workflow database, a list management database, a basic service database, a report database, and the like, may be included, and a correspondence exists between the databases and micro services, for example, a risk rating micro service in the data calculation block may correspond to a risk rating database in the function support block.
The method further comprises the steps of:
and determining a target database corresponding to the target micro-service, and storing a data table associated with the monitoring request into the target database.
In practical application, a target database corresponding to the target micro-service can be determined, and the access of the micro-service to other databases is limited by the access authority of the database, so that after the target database is determined, a data table associated with the monitoring request can be stored in the target database. For example, as shown in fig. 7, in response to a monitoring request, after the data calculation block performs filtering, a plurality of data tables may obtain a calculation data result, that is, a data table associated with the monitoring request in the present application, and the calculation data result may be pushed to a corresponding database in the functional support block.
In this embodiment, the data table associated with the monitoring request is stored in the target database, and access of the target micro service to other databases is limited, so that the coupling degree between the micro services can be effectively reduced, and the independence of different functional modules in the suspicious transaction monitoring platform is improved.
In one embodiment, the triggering the target micro-service processes the data table associated with the monitoring request to generate a monitoring result of the suspicious transaction, which includes the following steps:
Triggering the target micro-service to acquire a data table associated with the monitoring request from the target database; acquiring suspicious transaction screening rules corresponding to the monitoring request; and triggering the target micro-service to match the data in the data table associated with the monitoring request according to the suspicious transaction screening rule, and generating a monitoring result of the suspicious transaction.
As an example, the suspicious transaction screening rules may be rules, metrics, or models for identifying suspicious transactions, and the monitoring results of the suspicious transactions may be one or more business transactions screened from the transaction business data that satisfy the suspicious transaction screening rules, and/or transaction principals associated with the suspicious transactions.
Specifically, since the data table associated with the monitoring request is pushed to the target database corresponding to the target micro-service, after the target micro-service corresponding to the monitoring request is determined, the data table associated with the monitoring request can be obtained from the target database corresponding to the target micro-service, accordingly, the suspicious transaction screening rule corresponding to the monitoring request can be obtained, and further, the target micro-service can be triggered to match the data in the data table associated with the monitoring request according to the suspicious transaction screening rule, so that the monitoring result of the suspicious transaction is generated.
In practical application, the monitoring result can be displayed in a report form, when the target micro-service comprises a report generation micro-service, the report generation micro-service can call a preset report template, and relevant fields and data are extracted from the business transaction data of the identified suspicious transaction and filled into the report template, so that the suspicious transaction monitoring platform can automatically generate a report file meeting the supervision requirement according to a correct file format, and timely submit the suspicious transaction report to a supervision organization.
In one example, the suspicious transaction monitoring platform may also provide a message verification micro-service that may verify a suspicious transaction case report generated by a user, so that the user may report according to a correct file format, thereby avoiding multiple repeated labor of the user due to a report format error.
In this embodiment, the suspicious transaction screening rule corresponding to the monitoring request is obtained, and the target microservice is triggered to match the data in the data table according to the suspicious transaction screening rule, so that different suspicious transaction screening rules can be adopted to monitor the business transaction according to various business scenes, the comprehensiveness and flexibility of the money laundering transaction supervision are effectively improved, and the hit rate of the money laundering transaction identification can be effectively improved by screening according to the matched suspicious transaction screening rule.
In one embodiment, when the target micro-service is a risk level determination micro-service, the suspicious transaction screening rule is a risk level determination rule, and the step of triggering the target micro-service to match data in the data table associated with the monitoring request according to the suspicious transaction screening rule to generate a monitoring result of the suspicious transaction may include the following steps:
triggering the risk level judging micro-service to acquire a client list corresponding to the risk level and the risk level judging rule in the associated data list, service transaction data corresponding to clients in the client list and transaction data corresponding to the client list, and obtaining suspicious transaction monitoring results;
When the target micro-service is a list client screening micro-service and the suspicious transaction screening rule is a blacklist client list, triggering the target micro-service to match data in a data table associated with the monitoring request according to the suspicious transaction screening rule to generate a monitoring result of suspicious transaction, wherein the method comprises the following steps:
triggering the list client to screen micro-services to acquire blacklist clients corresponding to the blacklist clients in the associated data table and service transaction data corresponding to the blacklist clients, and obtaining a monitoring result of suspicious transactions.
In practical application, when the monitoring request is to perform risk rating on the client, the target micro-service corresponding to the monitoring request is a risk level judging micro-service, and the corresponding suspicious transaction screening rule is a risk level judging rule, wherein in the risk level judging rule, identification standards of clients with different risk levels, such as transaction times, transaction amount, nationality and the like, can be recorded; the suspicious transaction monitoring platform can trigger the risk level judging micro-service to match the data in the data table according to the risk level judging rule, obtain a client list corresponding to the risk level and the risk level judging rule and service transaction data corresponding to clients in the client list, and determine the client list and the service transaction data as monitoring results of suspicious transactions.
When the monitoring request is a blacklist client identification request, the target micro-service corresponding to the monitoring request is a blacklist client screening micro-service, the corresponding suspicious transaction screening rule is a blacklist client, wherein the blacklist client can record information such as names, nationalities and certificate types of clients, and when the suspicious transaction monitoring platform can trigger the blacklist client screening micro-service to match data in a data table associated with the monitoring request during monitoring, and determine blacklist clients corresponding to the blacklist client and business transaction data corresponding to the blacklist clients, so that a monitoring result of suspicious transactions is obtained.
In this embodiment, the risk level determination micro-service may be triggered to obtain the client list and the business transaction data corresponding to the risk level and the risk level determination rule, and the blacklist client and the business transaction data corresponding to the blacklist client list may be determined by triggering the list client screening micro-service, so that the corresponding target micro-service may be invoked to monitor the money laundering transaction according to the unused business scenario, thereby realizing flexible configuration of the micro-service.
In one embodiment, the acquiring business transaction data from the big data platform includes:
Acquiring transaction subjects and transaction values corresponding to a plurality of transaction information from a big data platform; determining suspicious transaction information in the transaction information according to the transaction main body and the transaction numerical value; and acquiring transaction data of the suspicious transaction information to obtain the business transaction data.
As an example, the transaction information may correspond to a transaction, and the transaction information may include a transaction body and a transaction value, wherein the transaction body includes a transaction body from which funds flow out, and a transaction body from which funds flow in; the transaction data may include a plurality of data associated with a transaction, such as nationality of a transaction principal, identity information, transaction value, transaction time, transaction style, and the like.
In practice, suspicious transactions may have associated suspicious transaction characteristics, such as, for example, scatter-in, gather-out of funds in the short term; the fund receiving and paying frequency and the amount are not consistent with the enterprise operation scale, and the fund receiving and paying flow direction is obviously not consistent with the enterprise operation range; funds collection and payment frequently occur in a short period of time between the same payers; the daily payouts of enterprises are obviously inconsistent with the business operation characteristics of enterprises. Based on the above, the transaction subjects and the transaction values of a plurality of transaction information can be obtained in the big data platform of the financial business, and the transaction characteristics between related transactions are identified according to the transaction subjects and the transaction values of the plurality of transactions, so that suspicious transaction information is determined from the plurality of transaction information. After the suspicious transaction information is determined, transaction data for the suspicious transaction may be obtained and determined as business transaction data.
In this embodiment, the transaction main body and the transaction value corresponding to the transaction information may be obtained from the big data platform, and the suspicious transaction information may be determined according to the transaction main body and the transaction value, so that after the comprehensive and overall analysis of the multi-service transaction, the suspicious transaction may be determined, and a comprehensive and omnibearing information clue may be provided for the money-back monitoring work.
In one embodiment, the determining suspicious transaction information from the plurality of transaction information according to the transaction body and the transaction value includes:
Inputting a plurality of transaction subjects and transaction values into a graphic database to generate a transaction network structure diagram; the transaction network structure diagram comprises a transaction main body, a transaction numerical value and flow information thereof; and determining suspicious transaction information in the transaction information according to the transaction network structure diagram.
As an example, the graph database application graph theory stores relationship information between entities, which is a non-relational database.
In practical applications, transaction subjects and transaction values corresponding to a plurality of transactions may be input into the graphic database, for example, data may be imported into the Neo4j graphic database. After the transaction network structure diagram is generated, suspicious transaction information can be determined from a plurality of transaction information according to the transaction network structure diagram, so that transaction data of the suspicious transaction information can be obtained, and the data can be determined as business transaction data.
As shown in fig. 8, the fund exchange relationship between the personal account and the enterprise account may be displayed in a transaction network structure diagram, which may be displayed at the front end.
In the embodiment, a plurality of transaction objects and transaction values are input into a graphic database to generate a transaction network structure diagram, so that the fund flow direction information among transaction subjects can be intuitively represented, a comprehensive analysis information chain is provided, and the monitoring accuracy is effectively provided for the situation that multiple layers of funds are collected or money is washed in other concealed modes.
In one embodiment, the determining suspicious transaction information in the plurality of transaction information according to the transaction network structure diagram includes the following steps:
Determining client relationship information among a plurality of transaction subjects according to the transaction subjects in the transaction network structure diagram; and when the client relation information, the transaction value and the flow direction information thereof meet the preset identification conditions, determining the corresponding transaction information into suspicious transaction information.
As an example, customer relationship information is used to characterize whether there is a benefit relationship, such as an investment relationship, an associative relationship, or a relationship between business associates, between the trading entity and the trading entity.
In particular, suspicious transactions of the money laundering category may be conducted between businesses or natural persons having associations, such as businesses that frequently send funds to the parties associated with the business. Based on this, after the transaction network structure diagram is obtained, the customer relationship between the transaction subjects can be determined, and when the customer relationship information, the transaction value and the flow direction information satisfy the preset recognition conditions, the corresponding transaction information can be determined as suspicious transaction information, for example, the transaction information is determined as money laundering transaction information.
In one embodiment, the determining suspicious transaction information in the plurality of transaction information according to the transaction network structure diagram includes:
Determining transaction relation information among a plurality of transaction subjects according to the transaction subjects in the transaction network structure diagram; and when the transaction relation information, the transaction numerical value and the flow direction information thereof meet the preset identification conditions, determining the corresponding transaction information as suspicious transaction information.
As an example, the transaction relationship information is used to characterize transaction relationships between one transaction partner and other transaction partners, such as transaction frequency, number of transactions between transaction partners, and transaction objects involved by the transaction partner.
In practical application, in suspicious transactions of money laundering category, abnormal characteristics of trade opponents often appear, for example, the trade opponents involved are numerous, trade opponents are multi-straddling, a large number of companies registered all over the country are involved, and the industry span is large and the registration time is short. Based on the above, after the transaction network structure diagram is obtained, the transaction relation information among a plurality of transaction subjects can be determined, and when the transaction relation information, the transaction numerical value and the flow direction information thereof meet the preset identification conditions, the corresponding transaction can be determined as suspicious transaction of money laundering type.
In this embodiment, suspicious transactions are identified according to customer relationship information and/or customer relationship information among a plurality of transaction subjects, so that effective monitoring of money laundering transactions in a multi-layer money laundering scenario is realized, and monitoring accuracy is improved.
In one embodiment, the acquiring the monitoring request for the business transaction data and determining a data table associated with the monitoring request from the plurality of data tables includes the steps of:
Responding to a monitoring request aiming at the business transaction data, wherein the monitoring request carries monitoring field information selected by a user in a visual task scheduling interface; and acquiring a data table corresponding to the monitoring field information from a plurality of data tables.
Specifically, the suspicious transaction monitoring platform may provide a visual task scheduling interface, a plurality of optional monitoring fields may be provided in the task scheduling interface, a user may select one or more monitoring fields and generate a monitoring request, and then the suspicious transaction monitoring platform may receive the monitoring request including information of the monitoring fields, for example, for a monitoring request of a customer risk rating, and if monitoring is performed from two aspects of transaction frequency and transaction amount, the monitoring field corresponding to the transaction frequency and the transaction amount may be selected. In response to the monitoring request, the suspicious transaction monitoring platform can adopt the monitoring field information to screen a plurality of data tables to obtain the data tables matched with the monitoring field information.
In this embodiment, by determining the monitoring field, the data table matched with the monitoring field is obtained from the multiple data tables, and the data table associated with the monitoring request can be screened from the multiple data tables, so that all the data tables are prevented from being pushed to the target micro service for processing.
In order that those skilled in the art may better understand the above steps, an embodiment of the present application will be described below by way of an example, but it should be understood that the embodiment of the present application is not limited thereto.
In practical applications, as shown in fig. 9, the suspicious transaction monitoring platform may perform data interaction with a peripheral system, where the peripheral system may include a peripheral business system and a peripheral management system. In the suspicious transaction monitoring platform, large-amount transactions and suspicious transactions can be reported, for example, matched transactions can be screened and reported according to large-amount transaction rules (namely, large-amount rules in fig. 9), or suspicious transactions can be screened according to a suspicious transaction model and reported after manual screening; for another example, business transaction data may be traced back in combination with the list library to determine blacklisted clients, and new blacklisted clients may be added to the list library according to the currently determined suspicious transactions. The large transaction rules, the suspicious transaction models and the list library are suspicious transaction screening rules in the application. After obtaining the monitoring result of the suspicious transaction (e.g., the suspicious transaction master graph, the customer rating result, the backtracking result), the monitoring result may be stored in a corresponding system, and further, updated data, such as an updated list library, may be imported into the backwash money database.
As shown in fig. 7, after data is extracted from a data source (e.g., a service system), the extracted data may be stored in an ODS of a data preparation block (i.e., a region a in fig. 10), when a preset user event is detected, basic data to be preprocessed in the ODS may be sent to a basic data market, and after data is extracted according to related fields, service transaction data may be obtained, where the service transaction data includes a plurality of data tables having different fields.
After a plurality of data tables are acquired, the plurality of data tables may be stored in a database corresponding to a data calculation block (B area in fig. 10), where the data calculation block is associated with a front-end application service, and when a monitoring request is received, the plurality of data tables may be screened according to a monitoring request field selected by a user to obtain a calculated data result (i.e., a data table associated with the monitoring request in the present application), and then the calculated data result may be pushed to a database corresponding to a target micro-service in a functional support block, where the database may be an oracle database. Specifically, the process of performing data calculation in the B area may also be referred to as model running, where in the process, one or more monitoring fields may be selected to screen a plurality of data tables in response to a monitoring request of a user, where the monitoring request may include one or more of the following: list matching, customer identification, abnormal index calculation, case model matching and field inspection. Taking customer identification as an example, after screening a plurality of data tables according to the monitoring field corresponding to the customer identification monitoring request, the data table (i.e. the result in fig. 10) obtained by screening and related to the monitoring request can be stored in the risk rating database, and the monitoring result of suspicious transactions can be obtained by processing the corresponding micro-services. Different monitoring requests can correspond to different suspicious transaction screening rules, and a plurality of data tables are matched by adopting the corresponding suspicious transaction screening rules, for example, the data tables can be matched according to backwashing report rules, risk level judging rules, blacklist client lists, client identity identification requirements, model matching rules and the like, so that corresponding calculation data results are obtained. Aiming at different suspicious transaction screening rules, the suspicious transaction monitoring platform can perform optimization adjustment by combining with manual examination to check the suspicious transaction screening rules after obtaining feedback information (such as whether suspicious transaction is determined to be money laundering transaction) corresponding to the monitoring result, so as to realize full life cycle management of the suspicious transaction screening rules, continuously analyze validity, authenticity, integrity and hit rate of the suspicious transaction screening rules, and improve money laundering work efficiency.
In addition, the user can set corresponding monitoring time intervals for different monitoring requests, so that the suspicious transaction monitoring platform can automatically call corresponding micro services to match business transaction data according to the monitoring time intervals, and manual intervention is effectively reduced. For example, generating reports for large suspicious transactions at preset time intervals, and performing grade determination on customer risks, wherein risk ratings of customers are completed within 10 working days for newly opened customers, the ratings are high risk for the stock customers, evaluation can be performed within each half year, evaluation reports are generated, and evaluation reports can be generated once a year for customers who risk suffering from a stroke; for low risk customers, the assessment report may be generated once every two years.
After reporting, approving or grading the monitoring result, the data table in the database can be returned to the area A. In the suspicious transaction monitoring platform, a data interaction interface can be provided, and data interaction between the suspicious transaction monitoring platform and a core system and data interaction between the suspicious transaction monitoring platform and other service systems and data interaction between all system modules in the suspicious transaction monitoring platform can be performed in an FTP mode.
When the suspicious transaction monitoring platform works, as shown in fig. 11, the call logic of the background is a gateway, aml-gate is aml-direct, amp-drop (rule engine service), aml-sumbit (datagram delivery service), aml-flow (workflow service), aml-risk (risk rating service), aml-model (model factory service), aml-basic (basic service), aml-identity (identity recognition service), aml-law (backwash report request service), aml-notify (message service), aml-list (management platform service), aml-auth (authentication service) and aml-admin (management platform service) are different micro services, taking datagram delivery audit as an example, when a user request is received, the request is sent to the gateway, and the gateway forwards the request to a corresponding target micro service aml-sub, after data processing, aml-flow can be called to determine the subsequent workflow flow, for example, manual flow audit service is carried out.
In this embodiment, the suspicious transaction monitoring platform may establish a comprehensive back-flushing reporting service flow, implement monitoring, early warning and reporting of suspicious transactions through a plurality of micro services deployed independently, and determine suspicious transactions from a plurality of transactions through data analysis, case analysis and supervision file interpretation.
In practical applications, the suspicious transaction monitoring platform may also employ a physical deployment architecture as shown in fig. 12: deploying services in a DMZ (space between two firewalls) in a device server and a blacklist FTP proxy server, wherein the blacklist FTP proxy server can communicate with a blacklist server of an external network; an application server and a shared file server are deployed in an application area, an application database is deployed in an application database area, a task submitting server is arranged in a submitting service area, a big data cluster is arranged in a big data platform area, and a production environment constructing server is arranged in an integrated environment.
It should be understood that, although the steps in the flowcharts of fig. 1-12 are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in FIGS. 1-12 may include multiple steps or stages that are not necessarily performed at the same time, but may be performed at different times, nor do the order in which the steps or stages are performed necessarily performed in sequence, but may be performed alternately or alternately with at least a portion of the steps or stages in other steps or other steps.
In one embodiment, as shown in FIG. 13, there is provided a suspicious transaction monitoring apparatus, the apparatus comprising:
A transaction data acquisition module 1301, configured to acquire service transaction data from a big data platform; the business transaction data includes a plurality of data tables having a plurality of fields;
A monitoring request determining module 1302, configured to obtain a monitoring request for the service transaction data, and determine a data table associated with the monitoring request from the plurality of data tables;
the monitoring result generating module 1303 is configured to determine a target micro-service corresponding to the monitoring request among a plurality of micro-services corresponding to the suspicious transaction monitoring platform, and trigger the target micro-service to process a data table associated with the monitoring request, so as to generate a monitoring result of the suspicious transaction.
In one embodiment, each micro-service associates a corresponding database, each micro-service having access rights to its corresponding database and not having access rights to other databases;
The apparatus further comprises:
and the target database determining module is used for determining a target database corresponding to the target micro-service and storing a data table associated with the monitoring request into the target database.
In one embodiment, the monitoring result generating module 1303 includes:
the data table acquisition sub-module is used for triggering the target micro-service to acquire the data table associated with the monitoring request from the target database;
the suspicious transaction screening rule determining submodule is used for acquiring suspicious transaction screening rules corresponding to the monitoring request;
And the matching sub-module is used for triggering the target micro-service to match the data in the data table associated with the monitoring request according to the suspicious transaction screening rule, so as to generate a monitoring result of the suspicious transaction.
In one embodiment, when the target micro-service is a risk level determination micro-service, the suspicious transaction screening rule is a risk level determination rule, and the matching sub-module includes:
The risk level judging unit is used for triggering the risk level judging micro-service to acquire a client list corresponding to the risk level and the risk level judging rule in the associated data list and service transaction data corresponding to clients in the client list, so as to obtain a monitoring result of suspicious transactions;
When the target micro-service is a list client screening micro-service, the suspicious transaction screening rule is a blacklist client list, and the matching submodule comprises:
And the blacklist client screening unit is used for triggering the blacklist client screening micro-service to acquire blacklist clients corresponding to the blacklist client list in the associated data table and service transaction data corresponding to the blacklist clients, so as to obtain a monitoring result of suspicious transactions.
In one embodiment, the transaction data acquisition module 1301 includes:
The big data acquisition sub-module is used for acquiring transaction subjects and transaction values corresponding to a plurality of transaction information from the big data platform;
A suspicious transaction determination sub-module for determining suspicious transaction information in the plurality of transaction information according to the transaction subject and the transaction value;
and the suspicious transaction data acquisition sub-module is used for acquiring the transaction data of the suspicious transaction information to acquire the business transaction data.
In one embodiment, the suspicious transaction determination submodule includes:
the transaction network structure diagram generating unit is used for inputting a plurality of transaction main bodies and transaction numerical values into the graphic database to generate a transaction network structure diagram; the transaction network structure diagram comprises a transaction main body, a transaction numerical value and flow information thereof;
And the suspicious transaction identification unit is used for determining suspicious transaction information in the transaction information according to the transaction network structure diagram.
In one embodiment, the suspicious transaction identification unit comprises:
A customer relationship information determining subunit, configured to determine customer relationship information between a plurality of transaction entities according to the transaction entities in the transaction network structure diagram;
and the customer relation information judging subunit is used for determining the corresponding transaction information as suspicious transaction information when the customer relation information, the transaction value and the flow direction information thereof meet the preset identification conditions.
In one embodiment, the obtaining the monitoring request for the business transaction data and determining a data table associated with the monitoring request from the plurality of data tables includes:
responding to a monitoring request aiming at the business transaction data, wherein the monitoring request carries monitoring field information selected by a user in a visual task scheduling interface;
And acquiring a data table corresponding to the monitoring field information from a plurality of data tables.
For a specific limitation of the monitoring device for a suspicious transaction, reference may be made to the limitation of the monitoring method for a suspicious transaction hereinabove, and the description thereof will not be repeated here. The modules in the suspicious transaction monitoring device may be implemented in whole or in part by software, hardware, or a combination thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In one embodiment, a computer device is provided, which may be a server, and the internal structure of which may be as shown in fig. 14. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is for storing business transaction data. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program, when executed by a processor, implements a method of monitoring suspicious transactions.
It will be appreciated by those skilled in the art that the structure shown in fig. 14 is merely a block diagram of a portion of the structure associated with the present inventive arrangements and is not limiting of the computer device to which the present inventive arrangements are applied, and that a particular computer device may include more or fewer components than shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided comprising a memory and a processor, the memory having stored therein a computer program, the processor when executing the computer program performing the steps of:
acquiring business transaction data from a big data platform; the business transaction data includes a plurality of data tables having a plurality of fields;
then monitoring requests aiming at the business transaction data are removed, and a data table associated with the monitoring requests is determined from the data tables;
And determining a target micro-service corresponding to the monitoring request in a plurality of micro-services corresponding to the suspicious transaction monitoring platform, and triggering the target micro-service to process a data table associated with the monitoring request to generate a monitoring result of the suspicious transaction.
In an embodiment, the steps of the method embodiments described above are also implemented when the processor executes the computer program.
In one embodiment, a computer readable storage medium is provided having a computer program stored thereon, which when executed by a processor, performs the steps of:
acquiring business transaction data from a big data platform; the business transaction data includes a plurality of data tables having a plurality of fields;
Acquiring a monitoring request aiming at the business transaction data, and determining a data table associated with the monitoring request from the plurality of data tables;
And determining a target micro-service corresponding to the monitoring request in a plurality of micro-services corresponding to the suspicious transaction monitoring platform, and triggering the target micro-service to process a data table associated with the monitoring request to generate a monitoring result of the suspicious transaction.
In an embodiment, the computer program, when executed by a processor, further implements the steps of the method embodiments described above.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, or the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory. By way of illustration, and not limitation, RAM can be in various forms such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), etc.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples illustrate only a few embodiments of the application, which are described in detail and are not to be construed as limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of protection of the present application is to be determined by the appended claims.

Claims (10)

1. A method of monitoring suspicious transactions, the method comprising:
Acquiring business transaction data from a big data platform; the big data platform comprises a plurality of peripheral systems related to different financial transactions; the business transaction data includes a plurality of data tables associated with the financial transactions;
Acquiring a monitoring request aiming at the business transaction data, and determining a data table associated with the monitoring request from the plurality of data tables; the monitoring request includes at least one of: list matching, customer identification, abnormal index calculation, case model matching and field inspection, wherein different monitoring requests correspond to different suspicious transaction screening rules;
Determining a target micro-service corresponding to the monitoring request from a plurality of micro-services corresponding to the suspicious transaction monitoring platform, and storing the associated data table into a target database corresponding to the target micro-service; each micro-service has access rights to its corresponding target database and does not have access rights to other databases;
When the target micro-service is a risk level judging micro-service, triggering the risk level judging micro-service to acquire the associated data table from a target database corresponding to the risk level judging micro-service, acquiring a client list corresponding to a risk level and a risk level judging rule in the associated data table and business transaction data corresponding to clients in the client list, and acquiring a monitoring result of suspicious transactions;
And when the target micro-service is a list client screening micro-service, triggering the list client screening micro-service to acquire the associated data table from a target database corresponding to the list client screening micro-service, acquiring a blacklist client corresponding to a blacklist client in the associated data table and service transaction data corresponding to the blacklist client, and acquiring a monitoring result of suspicious transactions.
2. The method of claim 1, wherein the method is applied to a suspicious transaction monitoring platform that is an application cluster comprising a plurality of micro-services.
3. The method of claim 1, wherein the peripheral systems include a core system, a credit card system, a funding financing system, a banking front end system, a derivative system versus international settlement system, a post-mortem system, an intelligent account system, a customer relationship system, a human resource management system, a credit management system, a customer information integration system, an impact platform, an accounting internal control platform, and a networking verification system.
4. The method of claim 1, wherein the obtaining business transaction data from the big data platform comprises:
acquiring transaction subjects and transaction values corresponding to a plurality of transaction information from a big data platform;
determining suspicious transaction information in the transaction information according to the transaction main body and the transaction numerical value;
and acquiring transaction data of the suspicious transaction information to obtain the business transaction data.
5. The method of claim 4, wherein determining suspicious ones of the plurality of transaction information based on the transaction principal and a transaction value comprises:
Inputting a plurality of transaction subjects and transaction values into a graphic database to generate a transaction network structure diagram; the transaction network structure diagram comprises a transaction main body, a transaction numerical value and flow information thereof;
and determining suspicious transaction information in the transaction information according to the transaction network structure diagram.
6. The method of claim 5, wherein said determining suspicious ones of said plurality of transaction information from said transaction network structure map comprises:
Determining client relationship information among a plurality of transaction subjects according to the transaction subjects in the transaction network structure diagram;
And when the client relation information, the transaction value and the flow direction information thereof meet the preset identification conditions, determining the corresponding transaction information as suspicious transaction information.
7. The method of claim 1, wherein the obtaining the monitoring request for the business transaction data and determining a data table associated with the monitoring request from the plurality of data tables comprises:
Responding to a monitoring request aiming at the business transaction data, wherein the monitoring request carries a monitoring field selected by a user in a visual task scheduling interface;
and acquiring a data table corresponding to the monitoring field from a plurality of data tables.
8. A device for monitoring suspicious transactions, the device comprising:
The transaction data acquisition module is used for acquiring business transaction data from the big data platform; the big data platform comprises a plurality of peripheral systems related to different financial transactions; the business transaction data includes a plurality of data tables associated with the financial transactions;
The monitoring request determining module is used for acquiring a monitoring request aiming at the business transaction data and determining a data table associated with the monitoring request from the plurality of data tables; the monitoring request includes at least one of: list matching, customer identification, abnormal index calculation, case model matching and field inspection, wherein different monitoring requests correspond to different suspicious transaction screening rules;
The monitoring result generation module is used for determining a target micro-service corresponding to the monitoring request in a plurality of micro-services corresponding to the suspicious transaction monitoring platform, and storing the associated data table into a target database corresponding to the target micro-service; each micro-service has access rights to its corresponding target database and does not have access rights to other databases; when the target micro-service is a risk level judging micro-service, triggering the risk level judging micro-service to acquire the associated data table from a target database corresponding to the risk level judging micro-service, acquiring a client list corresponding to a risk level and a risk level judging rule in the associated data table and business transaction data corresponding to clients in the client list, and acquiring a monitoring result of suspicious transactions; and when the target micro-service is a list client screening micro-service, triggering the list client screening micro-service to acquire the associated data table from a target database corresponding to the list client screening micro-service, acquiring a blacklist client corresponding to a blacklist client in the associated data table and service transaction data corresponding to the blacklist client, and acquiring a monitoring result of suspicious transactions.
9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor, when executing the computer program, implements the steps of the method for monitoring suspicious transactions according to any one of claims 1 to 7.
10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the suspicious transaction monitoring method according to any one of claims 1 to 7.
CN202010829394.7A 2020-08-18 2020-08-18 A method, device, computer equipment and storage medium for monitoring suspicious transactions Active CN111915316B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010829394.7A CN111915316B (en) 2020-08-18 2020-08-18 A method, device, computer equipment and storage medium for monitoring suspicious transactions

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010829394.7A CN111915316B (en) 2020-08-18 2020-08-18 A method, device, computer equipment and storage medium for monitoring suspicious transactions

Publications (2)

Publication Number Publication Date
CN111915316A CN111915316A (en) 2020-11-10
CN111915316B true CN111915316B (en) 2024-08-13

Family

ID=73279375

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010829394.7A Active CN111915316B (en) 2020-08-18 2020-08-18 A method, device, computer equipment and storage medium for monitoring suspicious transactions

Country Status (1)

Country Link
CN (1) CN111915316B (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114581226A (en) * 2020-12-01 2022-06-03 腾讯科技(深圳)有限公司 Information processing method, information processing device, server, terminal and storage medium
CN114764700A (en) * 2021-01-12 2022-07-19 腾讯科技(深圳)有限公司 Data processing method and device
CN112883313B (en) * 2021-02-24 2022-07-19 上海浦东发展银行股份有限公司 Intelligent monitoring system for business data of credit card
CN113326319B (en) * 2021-06-03 2025-09-12 深圳前海微众银行股份有限公司 Data processing method, device and system
TWI767765B (en) * 2021-06-24 2022-06-11 中國信託商業銀行股份有限公司 Suspicious Cash Flow Detection System
CN114511403A (en) * 2022-02-16 2022-05-17 中银金融科技有限公司 Method and device for generating supervision report, electronic equipment and storage medium
CN114492359A (en) * 2022-02-16 2022-05-13 中银金融科技有限公司 Method and device for generating large-data-volume file, electronic equipment and storage medium
CN114820165A (en) * 2022-04-20 2022-07-29 浪潮工业互联网股份有限公司 Flow monitoring method, equipment and medium based on identification analysis
CN114549212B (en) * 2022-04-25 2022-08-02 武汉墨仗信息科技股份有限公司 Intelligent transaction management method and system
CN115131145A (en) * 2022-06-27 2022-09-30 度小满科技(北京)有限公司 Suspicious transaction monitoring method, device, electronic device and storage medium
CN115099936B (en) * 2022-06-27 2023-08-01 长安汽车金融有限公司 Transaction monitoring system
CN116128640A (en) * 2022-11-29 2023-05-16 中国银行股份有限公司 Real-time transaction data processing method and device

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108230151A (en) * 2018-01-16 2018-06-29 平安科技(深圳)有限公司 A kind of suspicious transaction detection method, apparatus, equipment and storage medium
CN110851278A (en) * 2019-11-08 2020-02-28 南京国电南自电网自动化有限公司 Distribution network automation master station mobile application service management method and system based on micro-service architecture

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103049851A (en) * 2012-12-27 2013-04-17 中国建设银行股份有限公司 Transaction data-based anti-fraud monitoring method and device
US20170104756A1 (en) * 2015-10-13 2017-04-13 Secupi Security Solutions Ltd Detection, protection and transparent encryption/tokenization/masking/redaction/blocking of sensitive data and transactions in web and enterprise applications
CN106649845A (en) * 2016-12-30 2017-05-10 上海富聪金融信息服务有限公司 Transaction information service platform and information processing method thereof
US10691514B2 (en) * 2017-05-08 2020-06-23 Datapipe, Inc. System and method for integration, testing, deployment, orchestration, and management of applications
US11057393B2 (en) * 2018-03-02 2021-07-06 Cloudentity, Inc. Microservice architecture for identity and access management
US10812680B2 (en) * 2018-06-04 2020-10-20 gabi Solutions, Inc. System and method for securely accessing, manipulating and controlling documents and devices using natural language processing
CN109240900A (en) * 2018-08-16 2019-01-18 北京京东尚科信息技术有限公司 Block chain network service platform and its intelligent contract detection method, storage medium
GB201813685D0 (en) * 2018-08-22 2018-10-03 Choice International Ltd Transaction system and method
CN109767327A (en) * 2018-12-20 2019-05-17 平安科技(深圳)有限公司 Anti-money laundering-based customer information collection and its use
CN109767322B (en) * 2018-12-20 2024-02-27 平安科技(深圳)有限公司 Suspicious transaction analysis method and device based on big data and computer equipment
CN109872234A (en) * 2019-01-24 2019-06-11 平安科技(深圳)有限公司 Transaction behavior monitoring method, device, computer equipment and medium
CN110619581B (en) * 2019-09-06 2024-03-22 北京神州同道智能信息技术有限公司 Full market multi-variety intelligent gold financing management system based on automatic quantification micro-service subsystem
CN110659989A (en) * 2019-09-10 2020-01-07 马洪富 Active exploration type compliance anti-money laundering method, device, system and storage medium
CN111127200A (en) * 2019-11-25 2020-05-08 中国建设银行股份有限公司 Method and device for monitoring suspicious transactions of anti-money laundering
CN111176955A (en) * 2020-01-07 2020-05-19 深圳壹账通智能科技有限公司 Monitoring method, device and equipment of microservice and computer readable storage medium

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108230151A (en) * 2018-01-16 2018-06-29 平安科技(深圳)有限公司 A kind of suspicious transaction detection method, apparatus, equipment and storage medium
CN110851278A (en) * 2019-11-08 2020-02-28 南京国电南自电网自动化有限公司 Distribution network automation master station mobile application service management method and system based on micro-service architecture

Also Published As

Publication number Publication date
CN111915316A (en) 2020-11-10

Similar Documents

Publication Publication Date Title
CN111915316B (en) A method, device, computer equipment and storage medium for monitoring suspicious transactions
US8751375B2 (en) Event processing for detection of suspicious financial activity
CA2978488C (en) Systems and methods for managing data
US20120259753A1 (en) System and method for managing collaborative financial fraud detection logic
CN112669039B (en) Knowledge graph-based customer risk management and control system and method
US20200242615A1 (en) First party fraud detection
US7853464B2 (en) Dynamic workflow architectures for loan processing
CN106656536A (en) Method and device for processing service invocation information
KR20180060044A (en) Security System for Cloud Computing Service
KR102058697B1 (en) Financial fraud detection system by deeplearning neural-network
CN114238414B (en) A method and device for monitoring suspicious transaction data for anti-money laundering
CN103765820A (en) Systems and methods for evaluation of events based on a reference baseline according to temporal position in a sequence of events
CN112612813A (en) Test data generation method and device
KR20180060005A (en) Security System for Cloud Computing Service
US20240235861A1 (en) System and method for machine learning based security incidents detection and classification in a blockchain ecosystem
CN111833182A (en) Method and device for identifying risk object
CN113327111B (en) A method and system for assessing network financial transaction risks
CN112581283B (en) Method and device for analyzing and warning transaction behavior of commercial bank employees
US9405531B2 (en) Methods for building application intelligence into event driven applications through usage learning, and systems supporting such applications
CN118429076A (en) Method, device, electronic equipment and medium for investigating due diligence
CN114282011A (en) Knowledge graph construction method and device, and graph calculation method and device
CN114328646B (en) Data detection method, device, computer equipment and storage medium
CN119887385A (en) Asset management system, method, computing device, storage medium, and program product
CN117474670A (en) Trusted processing method and device, storage medium and electronic equipment
CN113095676B (en) Method, device, equipment and medium for acquiring risk level of production event

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: Room 86, room 406, No.1, Yichuang street, Zhongxin Guangzhou Knowledge City, Huangpu District, Guangzhou City, Guangdong Province

Applicant after: Southern Power Grid Digital Grid Research Institute Co.,Ltd.

Applicant after: China Southern Power Grid Finance Co.,Ltd.

Address before: 511458 Room 1301, Chengtou Building, 106 Fengze East Road, Nansha District, Guangzhou City, Guangdong Province (self-compiled 1301-12159)

Applicant before: Southern Power Grid Digital Grid Research Institute Co.,Ltd.

Applicant before: China Southern Power Grid Finance Co.,Ltd.

GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address
CP03 Change of name, title or address

Address after: Room 86, room 406, No.1, Yichuang street, Zhongxin Guangzhou Knowledge City, Huangpu District, Guangzhou City, Guangdong Province

Patentee after: Southern Power Grid Digital Grid Research Institute Co.,Ltd.

Country or region after: China

Patentee after: China Southern Power Grid Finance Co.,Ltd.

Address before: Room 86, room 406, No.1, Yichuang street, Zhongxin Guangzhou Knowledge City, Huangpu District, Guangzhou City, Guangdong Province

Patentee before: Southern Power Grid Digital Grid Research Institute Co.,Ltd.

Country or region before: China

Patentee before: China Southern Power Grid Finance Co.,Ltd.

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20241204

Address after: Units 208-209, Unit 1, Building 2, Yunsheng Science Park, No. 11 Spectral Middle Road, Huangpu District, Guangzhou City, Guangdong Province 510700

Patentee after: Southern Power Grid Digital Grid Group Co.,Ltd.

Country or region after: China

Patentee after: China Southern Power Grid Finance Co.,Ltd.

Address before: Room 86, room 406, No.1, Yichuang street, Zhongxin Guangzhou Knowledge City, Huangpu District, Guangzhou City, Guangdong Province

Patentee before: Southern Power Grid Digital Grid Research Institute Co.,Ltd.

Country or region before: China

Patentee before: China Southern Power Grid Finance Co.,Ltd.