System and methods for detection of fraudulent online transactions

摘要

Disclosed are some aspects of systems and methods for providing security for online transactions. An example method includes determining, at a security service, that an online transaction related to a payment service has been initiated at a computer by a user of the computer, collecting first information from the computer and second information from the payment service, and determining, based on the collected information, whether the online transaction is suspicious These aspects further include, when the online transaction is determined to be suspicious, determining whether a malicious program can be identified on the computer and when the malicious program is identified, performing corresponding remedial actions with respect to the detected malicious program.

主权项

1. A method for providing security for online transactions, comprising:
determining, by a computer processor, that an online transaction related to a payment service has been initiated by a user computer; collecting, by the computer processor, first information from the user computer and second information from the payment service, where the first information includes: (1) capabilities of an antivirus program installed on the user computer based on at least a current version of the antivirus program, and (2) a status of the antivirus program indicating at least a date of a last scan of the user computer by the antivirus program and an identification of prior malicious programs found by the last scan; determining, by the computer processor, based on both the first information from the user computer and the second information from the payment service, whether the online transaction is suspicious and processing the online transaction when the online transaction is not determined to be suspicious, including a determination that no prior malicious programs were found by the last scan of the user computer; when the computer processor determines that the online transaction is suspicious, analyzing, by the computer processor, the capabilities and the status of the antivirus program to determine whether the antivirus program is currently configured to detect one or more malicious programs on the user computer; when the computer processor determines that the antivirus program is currently configured to detect the one or more malicious programs and the one or more malicious programs is detected by the antivirus program, performing, by the computer processor, one or more remedial actions with respect to the detected one or more malicious programs, including cancelling the online transaction; when the computer processor determines that the antivirus program is not currently configured to detect the one or more malicious programs, performing additional actions to detect the one or more malicious programs on the user computer, the additional actions including downloading a latest version of the antivirus program to perform an updated scan of the user computer and rebooting the user computer with checks for rootkits and bootkits; if the one or more malicious programs is detected in response to the additional actions, performing, by the computer processor, one or more remedial actions of the detected one or more malicious programs; and cancelling the online transaction if the additional actions do not identify the one or more malicious programs.