Prosecution Insights
Last updated: July 17, 2026
Application No. 18/189,952

SYSTEMS AND METHODS FOR TRAINING AND APPLYING MACHINE LEARNING SYSTEMS IN FRAUD DETECTION

Final Rejection §101§103§112
Filed
Mar 24, 2023
Priority
Sep 08, 2022 — provisional 63/404,868
Examiner
PINSKY, DOUGLAS W
Art Unit
3626
Tech Center
3600 — Transportation & Electronic Commerce
Assignee
The Pnc Financial Services Group Inc.
OA Round
4 (Final)
25%
Grant Probability
At Risk
5-6
OA Rounds
0m
Est. Remaining
42%
With Interview

Examiner Intelligence

Grants only 25% of cases
25%
Career Allowance Rate
30 granted / 119 resolved
-26.8% vs TC avg
Strong +17% interview lift
Without
With
+16.8%
Interview Lift
resolved cases with interview
Typical timeline
3y 3m
Avg Prosecution
22 currently pending
Career history
152
Total Applications
across all art units

Statute-Specific Performance

§101
9.2%
-30.8% vs TC avg
§103
73.6%
+33.6% vs TC avg
§102
12.7%
-27.3% vs TC avg
§112
3.4%
-36.6% vs TC avg
Black line = Tech Center average estimate • Based on career data from 119 resolved cases

Office Action

§101 §103 §112
Detailed Action Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Acknowledgments The submission filed on 02/02/26 is acknowledged. Status of Claims Claims 1-35 are pending. In the Response filed on 02/02/26, claims 1, 11, 21, 25 and 26 were amended, claims 30-35 were added, and no claims were cancelled. Claims 1-35 are rejected. Lack of Priority Applicant’s claim for the benefit of a prior-filed application under 35 U.S.C. 119(e) or under 35 U.S.C. 120, 121, 365(c), or 386(c) is acknowledged. Applicant has not complied with one or more conditions for receiving the benefit of an earlier filing date under 35 U.S.C. 119(e) as follows: The later-filed application must be an application for a patent for an invention which is also disclosed in the prior application (the parent or original nonprovisional application or provisional application). The disclosure of the invention in the parent application and in the later-filed application must be sufficient to comply with the requirements of 35 U.S.C. 112(a) or the first paragraph of pre-AIA 35 U.S.C. 112, except for the best mode requirement. See Transco Products, Inc. v. Performance Contracting, Inc., 38 F.3d 551, 32 USPQ2d 1077 (Fed. Cir. 1994). The disclosure of the prior-filed application, Provisional Application No. 63/404,868, fails to provide adequate support or enablement in the manner provided by 35 U.S.C. 112(a) or pre-AIA 35 U.S.C. 112, first paragraph for the claims of this application, for example, for previously added dependent claims 25 and 26. No mention of the terminology "suspicious mark on a check deposit" or "suspicious change on a check deposit" and no discussion of the substance of those words in other terminology is found in the provisional application. Accordingly, at least claims 25 and 26 of the instant application are not entitled to the benefit of Provisional Application No. 63/404,868. It is reiterated that the subject matter indicated here is merely exemplary; it is not to be deemed to constitute an exhaustive listing of subject matter/claims lacking support in the Provisional Application. Response to Arguments Regarding the lack of priority The previous Office Action found inadequate support in the priority document for claims 25 and 26. Applicant traverses the lack of priority, but does not provide any argument in that respect. The amendments do not overcome the lack of priority. As best understood, the content in Provisional Application No. 63/404,868 that is closest to the claimed subject matter in question is at 004, which reads as follows: In some embodiments, a deposit and fraud machine learning model is created to highlight suspicious deposits, among other financial transactions, and generate alerts corresponding to the suspicious deposits or transactions. In some embodiments, financial transactions are rated with a three-digit risk score by the model. In some embodiments, alerts may be generated based on the risk score and queued according to the risk score. In some embodiments the three-digit risk score is derived from a model probability. In some embodiments, a higher risk score corresponds to a higher likelihood of fraud. In some embodiments, the probability is multiplied by 100 to generate the risk score. In some embodiments, decisions responsive to the alerts are generated automatically. In some embodiments, the alerts are forwarded for manual review by, for example, an analyst. However, the disclosure of a genus ("suspicious deposits") does not necessarily provide support for every species or for any particular given species. The reader is referred to the drawings in the provisional application. The drawings include 2 sheets entitled "Feature Engineering" (pages 6-7 of the PDF as filed; internal page numbers 4-5) and 2 sheets entitled "Detailed Feature List" (pages 17-18 of the PDF as filed; internal page numbers 16-17). The sheet "Feature Engineering (1/2)" shows several categories of features. The category closest to the content of claims 25 and 26 would appear to be "Transactional Data." The sheet "Feature Engineering (2/2)" shows several categories of data sources. The category closest to the content of claims 25 and 26 would appear to be "Deposit Variables." The sheet "Detailed Feature List (1/2)" shows 36 detailed features. The features closest to the content of claims 25 and 26 would appear to be "Propensity Variable of Cashing of Check," "Fraud propensity of Maker X Routing # of as Teller Dep," and "Ever Frauds from Maker X Routing #." The sheet "Detailed Feature List (2/2)" shows 36 additional detailed features. None of these features appears to be close to the content of claims 25 and 26. In view of the figures described above, Applicant has provided in the provisional application extensive description of the features that may be used to determine the risk indicator. However, the content of claims 25 and 26, although now deemed significant enough to claim, was at the time of filing the provisional somehow not included in this extensive description of features. It beggars the imagination to suppose that (1) Applicant was sufficiently diligent and proactive to invent and include 72 (mostly unclaimed) features in the provisional application, (2) Applicant foresaw the significance of other features, namely, those of claims 25 and 26 (which are not generally found among the most common features), and (3) for some reason Applicant chose not to include those other features in the provisional application but rather to rely on the supposition/assumption that a PHOSITA would infer those other (not the most common) features from the general description in the specification that alerts are generated based on, in Applicant's words, "suspicious deposits or transactions." Response filed 07/28/25, p. 9. Rather, given Applicant's painstaking and seemingly exhaustive list of 72 (in some cases minutely) detailed features, following upon its lists of categories of features, the absence of yet other features in the provisional application suggests that Applicant did not have possession of such other features at the time of filing the provisional application. Again, Applicant's extensive disclosure of features does not suggest that Applicant invented a number of other features, but chose not to explicitly mention them in the provisional application and instead to provide a minimal, high-level, general description, knowing it could rely on a PHOSITA's inference of those other features from the minimal description. In view of the disclosed list of 72 features, at least most of which are not even claimed, the Office finds it more plausible that if, at the time of filing the provisional application, Applicant was aware of yet other features significant enough that they might eventually be claimed, then those other features would have been significant enough to Applicant to have been individually enumerated and explicitly disclosed in the provisional application. Regarding the rejection under 35 U.S.C. 112 Applicant's traverses the rejection, but does not provide any argument in that respect. The amendments overcome the rejection in part but not in its entirety. The limitation in question is "transmitting the alert to the database in real time." The instant amendments delete the phrase "in real time." However, the rejection was based on both the phrase "in real time" and the remainder of the limitation. The amendments do not address the remainder of the limitation. As indicated, no argument is provided regarding the remainder of the limitation. Therefore, while the "in real time" basis for the rejection is overcome, the other basis for the rejection remains. Accordingly, the rejection remains in force. Regarding the rejection under 35 U.S.C. 101 Applicant's arguments have been fully considered but are not persuasive. Below, the Office responds to Applicant's arguments, organized as per Applicant's headings. In the discussion below, page numbers refer to Applicant's Response unless otherwise indicated. Step 1 (p. 13) The Office agrees that the claims fall within one of the 4 statutory categories. Step 2A, Prong One (pp. 13-15) Contrary to Applicant's argument, the Office does not assert that "any technology associated with financial, commercial, or legal transactions would automatically constitute ineligible subject matter" (p. 14). However, subject matter such as receiving a processed action from a transaction channel device, enriching the information with transactional/user account data, determining a risk of the transaction, generating an alert indicating probability of an unauthorized transaction, and processing the transaction according to a generated risk result so as to block the action, flag the action, or allow the action, recites (not merely involves) an abstract idea.1 In addition, the recited enriching and encrypting constitute part of the abstract idea. See Response, p. 14. Addressing (e.g., mitigating) risk is a part of "fundamental economic practices" and "fundamental economic principles" and of "commercial interactions" and "legal interactions." Regarding "fundamental economic practices" and "fundamental economic principles," the MPEP states: Fundamental economic principles or practices include hedging, insurance, and mitigating risks. … An example of a case identifying a claim as reciting a fundamental economic practice is Bilski v. Kappos, 561 U.S. 593, 609, 95 USPQ2d 1001, 1009 (2010). The fundamental economic practice at issue was hedging or protecting against risk. The applicant in Bilski claimed "a series of steps instructing how to hedge risk," i.e., how to protect against risk. 561 U.S. at 599, 95 USPQ2d at 1005. The method allowed energy suppliers and consumers to minimize the risks resulting from fluctuations in market demand for energy. The Supreme Court determined that hedging is "fundamental economic practice" and therefore is an "unpatentable abstract idea." 561 U.S. at 611-12, 95 USPQ2d at 1010. Other examples of "fundamental economic principles or practices" include: i. mitigating settlement risk, Alice Corp. v. CLS Bank,573 U.S. 208, 218, 110 USPQ2d 1976, 1982 (2014); … iii. financial instruments that are designed to protect against the risk of investing in financial instruments, In re Chorna, 656 Fed. App'x 1016, 1021 (Fed. Cir. 2016) (non-precedential); (MPEP 2106.04(a)(2)II.A.) Regarding "commercial interactions" and "legal interactions," the MPEP states: "Commercial interactions" or "legal interactions" include agreements in the form of contracts, legal obligations, advertising, marketing or sales activities or behaviors, and business relations. An example of a claim reciting a commercial or legal interaction, where the interaction is an agreement in the form of contracts, is found in buySAFE, Inc. v. Google, Inc., 765 F.3d. 1350, 112 USPQ2d 1093 (Fed. Cir. 2014). The agreement at issue in buySAFE was a transaction performance guaranty, which is a contractual relationship. 765 F.3d at 1355, 112 USPQ2d at 1096. The patentee claimed a method in which a computer operated by the provider of a safe transaction service receives a request for a performance guarantee for an online commercial transaction, the computer processes the request by underwriting the requesting party in order to provide the transaction guarantee service, and the computer offers, via a computer network, a transaction guaranty that binds to the transaction upon the closing of the transaction. 765 F.3d at 1351-52, 112 USPQ2d at 1094. The Federal Circuit described the claims as directed to an abstract idea because they were "squarely about creating a contractual relationship--a ‘transaction performance guaranty’." 765 F.3d at 1355, 112 USPQ2d at 1096.2 Other examples of subject matter where the commercial or legal interaction is an agreement in the form of contracts include: … ii. processing insurance claims for a covered loss or policy event under an insurance policy (i.e., an agreement in the form of a contract), Accenture Global Services v. Guidewire Software, Inc., 728 F.3d 1336, 1338-39, 108 USPQ2d 1173, 1175-76 (Fed. Cir. 2013). … Other examples of subject matter where the commercial or legal interaction is a legal obligation include: i. hedging, Bilski v. Kappos, 561 U.S. 593, 595, 95 USPQ2d 1001, 1004 (2010); ii. mitigating settlement risk, Alice Corp. Pty. Ltd. v. CLS Bank Int'l, 573 U.S. 208, 218, 110 USPQ2d 1976, 1979 (2014); (MPEP 2106.04(a)(2)II.B.) As seen from the above, mitigating risk is a basic and central element in "fundamental economic practices" and "fundamental economic principles" and in "commercial interactions" and "legal interactions." While Applicant refers to the claimed subject matter as "security technology" (pp. 13-14), in fact it is about mitigating risks. The claims include no improvement in technology or computer functioning. The "executing … a model fit" and "tuning" steps are merely basic elements of machine learning. See Response, pp. 14-15. That is to say, machine learning is used off-the-shelf in its ordinary capacity; these machine learning limitations are recited at a high level of generality and amount to merely applying the abstract idea using the additional elements. Step 2A, Prong Two (pp. 15-17) Regarding the recited encrypting and queuing: except for the generic computer elements involved therein (network, database), these recitations are part of the abstract idea. See Response, p. 16. Contrary to Applicant's argument, the Office does not evaluate the additional elements in a vacuum. See Response, pp. 16-17. Rather, the Office considers the additional elements together with the rest of the claim, considering the claim as a whole. However, the claim as a whole contains no synergism or the like; rather, it is merely the sum of its individual elements. Applicant does not offer any substantive argument or account as to what the claim as a whole provides that goes beyond a mere sum or additive combination of its parts. Applicant's assertion ("Viewing the claim as a whole, the additional elements, when considered in interaction with the alleged judicial exception, integrate the judicial exception into a practical application." (pp. 16-17)) is merely conclusory. Again, the steps of "enriching," "executing … a model fit," and "tuning" (see Response, p. 17) have already been addressed above. As indicated, the "enriching" is part of the abstract idea, except for the "network," and the "executing … a model fit" and "tuning" are merely generic computer elements that apply the abstract idea. Step 2B (pp. 17-20) In this part of the argument, Applicant invokes the "generating" step and the same claimed subject matter that was already argued above, namely, the steps of "enriching," "executing … a model fit," and "tuning." See Response, p. 19. The "generating" step constitutes part of the abstract idea, except for the machine learning model and the processor, which are generic computer elements, recited at a high level of generality and not described, and accordingly which merely apply the abstract idea. The steps of "enriching," "executing … a model fit," and "tuning" have already been addressed above. As indicated, the "enriching" is part of the abstract idea, except for the "network," and the "executing … a model fit" and "tuning" are merely generic computer elements that apply the abstract idea. Again, Applicant's description of the claimed invention as "a technological improvement in advanced predictive modeling and transactional analysis, such as real-time data enrichment, data encryption, machine learning model training, validating machine learning model accuracy, and refining machine learning model hyperparameters" (p. 19) reconfirms that the claims constitute merely abstract idea (namely, advanced predictive modeling and transactional analysis, such as real-time data enrichment, data encryption) applied using generic computer elements (namely, machine learning model training, validating machine learning model accuracy, and refining machine learning model hyperparameters). As no improvement in technology is seen, any alleged improvement would appear to be an alleged improvement in the abstract idea. Regarding the rejections under 35 U.S.C. 103 Applicant's arguments have been fully considered but are not persuasive or are moot in view of the new combinations of prior art, including newly cited references (Faibish and Petersen) and additional portions of pre-existing prior art references, currently cited as teaching the amended and newly claimed subject matter. Regarding Applicant's argument in support of independent claims 1, 11 and 21 (see Response, pp. 21-22), new references have been cited as teaching the amended claim language. Therefore, this part of Applicant's argument is moot. Regarding Applicant's argument in support of claims 6, 16 and 29 (see Response, p. 23), Pavlovic was not cited as teaching the entirety of what Applicant alleges Pavlovic does not teach. Applicant has not offered substantive argument that Pavlovic does not teach what it was cited as teaching. Therefore, this part of Applicant's argument is not persuasive. Claim Rejections - 35 U.S.C. § 112 The following is a quotation of the first paragraph of 35 U.S.C. 112(a): (a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention. The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112: The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention. Claims 1-35 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA the inventor(s), at the time the application was filed, had possession of the claimed invention. Lack of Written Description/Not in Specification Claims 1, 11 and 21 recite: tuning, by the at least one processor, at least one hyperparameter of the machine learning model based on the determined accuracy metric to improve machine learning model performance. Support in the disclosure is not found for this recitation. Note the "hyperparameter" is set forth in the originally filed disclosure solely at 0071, and the "tuning" is set forth in the originally filed disclosure solely at 0071 and original claims 2 and 12. 0071 reads: In some embodiments, the machine learning model is trained to retain information associated with one or more previously generated indicators to tune a currently generated indicator. The information may be used to tune the information used to generate the previous indicator. Tuning as used herein may refer to an experimental process of finding optimal values of hyperparameters to maximize model performance. As used herein and generally understood in the art, hyperparameters are values selected to control a learning process of a model. The tuning occurs once the model receives relevant additional information that may include transactional data, customer characteristics, and historical data to optimize the performance of the model to correctly detect fraudulent transactions. Original claims 2 and 12 read: wherein the machine learning model is trained to retain information associated with one or more previously generated indicators to tune a currently generated indicator. As seen from 0071 and claims 2 and 12 above, no support is found, e.g., for the language "based on the determined accuracy metric" in the above-quoted recitation. Nor is any other portion of the disclosure seen to teach or suggest this subject matter. Accordingly, support is not found for above-quoted recitation of claims 1, 11 and 21. Claims 1, 11 and 21 recite: transmitting the alert to the database. Support in the disclosure is not found for this recitation. As best understood, although a database is mentioned at 0043, 0068 and Fig. 12, the portions of the original disclosure as filed that are most closely related to the recitation are 0005, 0006 or original claims 1, 11 and 21, all of which set forth equivalent content in this regard. Thus, original claim 1, as a representative portion, reads, in pertinent part: storing, the generated indicator in a database; responsive to a determination that the indicator exceeds a predetermined threshold, generating an alert indicating a probability of an unauthorized action; queuing an ordered list of generated alerts; retrieving the processed action from the database based on an order in which the alert is placed in the ordered list; As per the above portion of original claim 1, the indicator, not the alert, is stored in a database. The claim queues the alert in an ordered list, and retrieves an action (not an alert) from the database based on the order in which the alert is placed in the ordered list. The above portion of original claim 1 does not require that the queued ordered list of alerts is stored in the database. An action (corresponding to an alert) may be retrieved from the database based on an order in which the (corresponding) alert is placed in the list, where the alerts (or list of alerts) are (is) not in fact stored in the database. Accordingly, this portion of original claim 1 does not teach or suggest "transmitting the alert to the database." Nor is any other portion of the disclosure seen to teach or suggest this subject matter. Accordingly, support is not found for above-quoted recitation of claims 1, 11 and 21. Claim 25 recites: wherein the risk indicator is assigned based on at least one suspicious mark on a check deposit. Support in the disclosure is not found for this recitation. As for related subject matter in the originally filed application, the following language is found in the originally filed specification: "suspicious deposits or transactions" (0003-0004, 0032) "suspicious check deposit" (0018) "suspicious deposits or withdrawals" (0049) "deposit activity is suspicious or fraudulent" 0056 "suspicion of fraudulent activity" (0091) The above-indicated subject matter teaches a genus (suspicious check deposit or the like) but this genus does not provide support for every species of suspicious check deposit or the like. In particular, it does not provide support for "a suspicious mark on a check deposit." Further, 0033 mentions "unnecessary erasures on a check deposit and changes in user 201's handwriting" as factors used by the Deposit Fraud Model to assess risk of a deposit. An erasure is not a suspicious mark, but rather the absence of any mark, and as such does not provide support for "a suspicious mark on a check deposit." A change in handwriting teaches a species but this species does not provide support for the different species, or the genus, of "a suspicious mark on a check deposit." Accordingly, support is not found for claim 25. Claim 26 recites: wherein the risk indicator is assigned based on at least one suspicious change on a check deposit. Support in the disclosure is not found for this recitation. As for related subject matter in the originally filed application, the following language is found in the originally filed specification: "suspicious deposits or transactions" (0003-0004, 0032) "suspicious check deposit" (0018) "suspicious deposits or withdrawals" (0049) "deposit activity is suspicious or fraudulent" 0056 "suspicion of fraudulent activity" (0091) The above-indicated subject matter teaches a genus (suspicious check deposit or the like) but this genus does not provide support for every species of suspicious check deposit or the like. In particular, it does not provide support for "a suspicious change on a check deposit." Further, 0033 mentions "unnecessary erasures on a check deposit and changes in user 201's handwriting" as factors used by the Deposit Fraud Model to assess risk of a deposit. An erasure teaches a species but this species does not provide support for the genus of "a suspicious change on a check deposit." A change in handwriting teaches a species but this species does not provide support for the genus of "a suspicious change on a check deposit." Accordingly, support is not found for claim 26. Claim 30 recites: recording, in the database, a trigger variable associated with the processed action, wherein the trigger variable is determined based on a likelihood of return of the processed action; and transmitting the trigger variable to a financial institution endpoint device. Support in the disclosure is not found for this recitation. Note the "trigger variable" is set forth in the originally filed disclosure solely at 0069 and Fig. 13, 1307. 0069 reads: FIG. 13 depicts an exemplary process flow diagram for an analytic workflow of the Deposit Fraud Model. In process flow 1300, an indicator 1301 corresponds to the associated risk indicators of risk indicators 1006. An alert 1303 may be generated based on indicator 1301 as described with reference to FIG. 10 . The output of the alert 1303 causes one of those risk result of auto-hold, or analyst review for hold 1305. Hold 1305 can trigger a variety of further actions including a trigger variable 1307. Trigger variable 1307 includes data relating to the Deposit Fraud Model 1005 for representing transactions that are returned to the financial institution within 90 days of a user's profile being processed as having high risk, e.g., based on log-scaling the user's profile, as described above. Trigger variable 1307 may provide information relating to unauthorized transactions flowing through the at least one or more channels such as the ATM, Mobile and Teller channels as it indicates which unauthorized devices are attempting to defraud accounts through the user's account. As seen from 0069 above, no support is found, e.g., for "recording, in the database, a trigger variable" and for "transmitting the trigger variable to a financial institution endpoint device." Nor is any other portion of the disclosure seen to teach or suggest this subject matter. Accordingly, support is not found for claim 30. Claims 2-10, 12-20 and 22-35 are (also) rejected by virtue of their dependency from a rejected claim. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-35 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more. Claims 1-35 are directed to a method, system, or product, which are/is one of the statutory categories of invention. (Step 1: YES) Claims 1, 11 and 21 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claims recite a method, system, and computer-readable medium for detecting and preventing fraud. For claims 1, 11 and 21 (claim 1 being deemed representative), the limitations (indicated below in bold) of: receiving, via a network, information corresponding to a processed action of a user from a transaction channel device; enriching, using the network, the information in real time by appending to the information at least one of transactional data, customer characteristic data, or historical data associated with a user account associated with the user to form enriched information; encrypting, using the network, the enriched information corresponding to the processed action of the user; generating, by a machine learning model executed by the at least one processor, a risk indicator that is expressed as a severity associated with unauthorized activity for the processed action of the user, the machine learning model being trained to predict a likelihood of unauthorized activity for the processed action based on a plurality of inputs, the plurality of inputs including at least one past return; executing, by the at least one processor, a model fit operation to determine an accuracy metric to represent how accurately the machine learning model adapts to the plurality of inputs; tuning, by the at least one processor, at least one hyperparameter of the machine learning model based on the determined accuracy metric to improve machine learning model performance; storing, the generated risk indicator in a database; responsive to a determination that the generated risk indicator exceeds a predetermined threshold, generating an alert indicating a probability of an unauthorized action and transmitting the alert to the database; queuing an ordered list of generated alerts in the database, wherein the generated alerts are ordered based on severity of the corresponding risk indicator to facilitate prioritized processing; retrieving, by the at least one processor via the network, the processed action from the database based on an order in which the alert is placed in the ordered list; and generating a risk result from the machine learning model to determine whether the processed action is determined to be unauthorized, wherein the generated risk result includes the at least one processor: automatically stopping, at the transaction channel device, the processed action; flagging, at the transaction channel device, the processed action for review; or automatically allowing, at the transaction channel device, the processed action. as drafted, constitute a process that, under the broadest reasonable interpretation, covers "certain methods of organizing human activity," specifically, "fundamental economic practices or principles" and/or "commercial or legal interactions,” but for recitation of generic computer components. The Examiner notes that "fundamental economic practices" or "fundamental economic principles" describe concepts relating to the economy and commerce, including hedging, insurance, and mitigating risks, and "commercial interactions" or "legal interactions" include agreements in the form of contracts, legal obligations, advertising, marketing or sales activities or behaviors, and business relations. MPEP 2106.04(a)(2)II.A.,B. If a claim limitation, under its broadest reasonable interpretation, covers “mathematical relationships, mathematical formulas or equations, mathematical calculations” or "fundamental economic practices or principles" and/or "commercial or legal interactions," but for recitation of generic computer components, then it falls within the "certain methods of organizing human activity" grouping of abstract ideas. Accordingly, claims 1, 11 and 21 recite an abstract idea. (Step 2A - Prong 1: YES. Claims 1, 11 and 21 recite an abstract idea.) This judicial exception is not integrated into a practical application. Claims 1, 11 and 21 recite the additional elements of a network; a transaction channel device; a machine learning model executed by the at least one processor; the machine learning model being trained; executing, by the at least one processor, a model fit operation to determine an accuracy metric to represent how accurately the machine learning model adapts to the plurality of inputs; tuning, by the at least one processor, at least one hyperparameter of the machine learning model based on the determined accuracy metric to improve machine learning model performance; a database; the at least one processor; automatically (all the foregoing elements recited in claims 1, 11 and 21); one or more processors (claim 11); and a non-transitory computer-readable medium storing a set of instructions for identifying unauthorized actions in a computing system including at least one processor (claim 21), that implement the abstract idea. These additional elements are not described by the applicant and they are recited at a high level of generality (i.e., one or more generic computer elements performing generic computer functions), such that they amount to no more than mere instructions to apply the exception using generic computer elements. Accordingly, even in combination these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. (Step 2A - prong 2: NO. The additional elements do not integrate the abstract idea into a practical application.) The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception itself. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements of a network; a transaction channel device; a machine learning model executed by the at least one processor; the machine learning model being trained; executing, by the at least one processor, a model fit operation to determine an accuracy metric to represent how accurately the machine learning model adapts to the plurality of inputs; tuning, by the at least one processor, at least one hyperparameter of the machine learning model based on the determined accuracy metric to improve machine learning model performance; a database; the at least one processor; automatically (all the foregoing elements recited in claims 1, 11 and 21); one or more processors (claim 11); and a non-transitory computer-readable medium storing a set of instructions for identifying unauthorized actions in a computing system including at least one processor (claim 21), to perform the noted steps amount to no more than mere instructions to apply the exception using generic computer elements. Mere instructions to apply an exception using generic computer elements cannot provide an inventive concept ("significantly more"). Accordingly, even in combination, these additional elements do not provide significantly more. As such, claims 1, 11 and 21 are not patent eligible. (Step 2B: NO. The claims do not provide significantly more.) Dependent claims 2-10, 12-20 and 22-35 are similarly rejected because they further define/narrow the abstract idea of independent claims 1, 11 and 21 as discussed above, and/or do not integrate the abstract idea into a practical application or provide an inventive concept such as would render the claims eligible, whether each is considered individually or as an ordered combination. As for further defining/narrowing the abstract idea: Claims 2 and 12 merely describe wherein … to retain information associated with one or more previously generated risk indicators to tune a currently generated risk indicator. Claims 3 and 13 merely describe merely describes wherein the alert is generated at a set interval to periodically monitor and detect for unauthorized activity. Claims 4 and 14 merely describe wherein the risk indicator is a two-digit number that indicates a probability of unauthorized activity. Claims 5 and 15 merely describe wherein the risk indicator is assigned based on proprietary knowledge. Claims 6 and 16 merely describe wherein the risk indicator is further generated based in part on a log-norm scaling of a user's profile against the user's profile. Claims 7 and 17 merely describe wherein stopping the processed action comprises automatically holding the processed action if the risk indicator exceeds the predetermined threshold. Claims 8 and 18 merely describe wherein the queuing of generated alerts includes ordering the generated alerts according to their respective probabilities of unauthorized activity. Claims 9 and 19 merely describe wherein allowing the processed action comprises automatically allowing one or more processed actions associated with ones of the generated risk indicators that are below the predetermined threshold. Claims 10 and 20 merely describe wherein flagging the processed action, comprises flagging for review by an analyst, if the risk indicator is between a first predetermined threshold and a second predetermined threshold. Claim 22 merely describes wherein … based on at least one charge-off. Claim 23 merely describes wherein … based on an aggregated sum of previous returns. Claim 24 merely describes wherein the risk indicator is assigned based on a Virtual Private Network (VPN) indicator. Claim 25 merely describes wherein the risk indicator is assigned based on at least one suspicious mark on a check deposit. Claim 26 merely describes wherein the risk indicator is assigned based on at least one suspicious change on a check deposit. Claim 27 merely describes wherein the risk indicator is assigned based on at least one signature verification on a check deposit. Claim 28 merely describes wherein the risk indicator is derived based on a model probability. Claim 29 merely describes wherein the risk indicator is further generated based in part on a log-norm scaling of a processed action against a plurality of previous processed actions. Claim 30 merely describes recording a trigger variable associated with the processed action, wherein the trigger variable is determined based on a likelihood of return of the processed action, and transmitting the trigger variable to a financial institution endpoint. Claim 31 merely describes transmitting the generated alerts … associated with a financial institution based on the severity of the corresponding risk indicator to facilitate prioritized processing. Claim 32 merely describes transmitting each generated alert to an associated transaction channel …. Claim 33 merely describes wherein the transaction channel … is selected from one of an ATM channel, a mobile channel, or a teller channel. Claim 34 merely describes wherein the generating includes: computing a … probability that the processed action belongs to a class indicating a likelihood of fraudulent activity; computing a log-normal probability density score based on a deposit amount associated with the processed action, wherein computing the log-normal probability density score includes using a first parameter and a second parameter; and computing a probability value indicative of whether the processed action is an unauthorized action, wherein the probability value is used to generate the risk indicator. Claim 35 merely describes wherein the plurality of inputs include: processed action data, unauthorized device propensity, past statistics, the at least one past return, a user relationship, and unauthorized instrument data. As for additional elements: Claims 2 and 12 recite "… the machine learning model is trained …." These additional elements are recited at a high level of generality such that they amount to no more than mere instructions to apply the exception using a generic computer element. Even in combination these additional elements do not integrate the abstract idea into a practical application and do not amount to significantly more than the abstract idea itself. Therefore, the claim(s) is/are ineligible. Claim 22 recites "… the machine learning model is trained …." These additional elements are recited at a high level of generality such that they amount to no more than mere instructions to apply the exception using a generic computer element. Even in combination these additional elements do not integrate the abstract idea into a practical application and do not amount to significantly more than the abstract idea itself. Therefore, the claim(s) is/are ineligible. Claim 23 recites "… the machine learning model is trained …." These additional elements are recited at a high level of generality such that they amount to no more than mere instructions to apply the exception using a generic computer element. Even in combination these additional elements do not integrate the abstract idea into a practical application and do not amount to significantly more than the abstract idea itself. Therefore, the claim(s) is/are ineligible. Claim 30 recites "in the database" and "device." These additional elements are recited at a high level of generality such that they amount to no more than mere instructions to apply the exception using a generic computer element. Even in combination these additional elements do not integrate the abstract idea into a practical application and do not amount to significantly more than the abstract idea itself. Therefore, the claim(s) is/are ineligible. Claim 31 recites "a mobile banking application." These additional elements are recited at a high level of generality such that they amount to no more than mere instructions to apply the exception using a generic computer element. Even in combination these additional elements do not integrate the abstract idea into a practical application and do not amount to significantly more than the abstract idea itself. Therefore, the claim(s) is/are ineligible. Claim 32 recites "device." These additional elements are recited at a high level of generality such that they amount to no more than mere instructions to apply the exception using a generic computer element. Even in combination these additional elements do not integrate the abstract idea into a practical application and do not amount to significantly more than the abstract idea itself. Therefore, the claim(s) is/are ineligible. Claim 33 recites "device." These additional elements are recited at a high level of generality such that they amount to no more than mere instructions to apply the exception using a generic computer element. Even in combination these additional elements do not integrate the abstract idea into a practical application and do not amount to significantly more than the abstract idea itself. Therefore, the claim(s) is/are ineligible. Claim 34 recites "model." These additional elements are recited at a high level of generality such that they amount to no more than mere instructions to apply the exception using a generic computer element. Even in combination these additional elements do not integrate the abstract idea into a practical application and do not amount to significantly more than the abstract idea itself. Therefore, the claim(s) is/are ineligible. Claims 3-10, 13-20, 24-29 and 35 do not recite any additional elements, and accordingly, for the reasons provided above with respect to the independent claims, are not patent eligible. Therefore, dependent claims 2-10, 12-20 and 22-35 are not patent eligible. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 1-3, 5, 7-13, 15, 17-21, 23, 25-28, 30-33 and 35 are rejected under 35 U.S.C. 103 as being unpatentable over Comeaux et al. (U.S. Patent No. 11,669,844), hereafter Comeaux, in view of Petersen et al. (U.S. Patent Application Publication No. 2020/0125725 A1), hereafter Petersen, further in view of Faibish (U.S. Patent Application Publication No. 2021/0125053 A1), and further in view of Shevyrev et al. (U.S. Patent Application Publication No. 2023/0281629 A1), hereafter Shevyrev. Regarding Claims 1, 11 and 21 Comeaux teaches: receiving, via a network (Fig. 1, 112), information corresponding to a processed action of a user from a transaction channel device; (Fig. 2, 204, 16:40-17:19, 11:14-20, 12:21-27; transaction channel device may be any of 106, 108, 110a or 110b in Fig. 1) … encrypting, using the network, the enriched information corresponding to the processed action of the user; (14:46-50; regarding using the network: since the database can be in communication with the alert-generating server 102 and hence the information can be transmitted to the database via the network, therefore under the broadest reasonable interpretation the network is used in the encrypting; alternatively, the "encrypted version [of the events being stored] contain[s] data fields that are associated with a communication channel," thus under the broadest reasonable interpretation the communication channel and hence the network that instantiates the communication channel is used in encrypting the data.; note although 14:46-50 pertains to the fraudulent events and not to the enriched version thereof, it would be obvious to combine embodiments so as to apply the encryption to the enriched version thereof because it would provide for more comprehensive data security) generating, by a machine learning model executed by the at least one processor (processor of alert-generating server 102, Fig. 1), a risk indicator (alert probability score) that is expressed as a severity associated with unauthorized activity for the processed action of the user, the machine learning model being trained to predict a likelihood of unauthorized activity for the processed action based on a plurality of inputs, the plurality of inputs including at least one past …; (2:26-49, 4:31-5:11, 17:60-18:14, Fig. 2, 210, claim 1 generates alert probability score (risk indicator) based on past actions/events of/associated with user (based on a plurality of inputs including at least one past …); regarding machine learning limitations, note especially 4:42-64 and see also 7:34-50, 8:4-28, 9:7-28) …; storing, the generated risk indicator in a database (Fig. 1, 104); (4:40-41, 7:28-30; 14:46-49) responsive to a determination that the generated risk indicator exceeds a predetermined threshold, generating an alert indicating a probability of an unauthorized action and (2:49-53, 18:21-33, 18:43-50, Fig. 2, 212, claim 1; for context see prior art cited for "generating" step above) transmitting the alert to the database; (4:40-41; 14:46-50, 14:59-63) queuing an ordered list of generated alerts in the database, (18:62-19:11, 5:8-11; regarding "in the database": 5:8-9, 14:46-50, 14:59-63, 15:27-29) wherein the generated alerts are ordered based on severity of the corresponding risk indicator to facilitate prioritized processing; (4:65-67, 18:62-19:11, 5:8-11) retrieving, by the at least one processor via the network, the processed action from the database based on an order in which the alert is placed in the ordered list; and (5:8-11, 14:59-15:3) generating a risk result (instructions) from the machine learning model to determine whether the processed action is determined to be unauthorized, wherein the generated risk result includes the at least one processor: (2:53-58, 18:51-19:11, Fig. 2, 214, claim 1) automatically stopping, at the transaction channel device, the processed action; (2:53-58, 5:5-8, 18:43-19:11, Fig. 2, 214, claims 1, 3) …; or automatically allowing, at the transaction channel device, the processed action. (18:33-42) Comeaux does not explicitly disclose but Petersen teaches: enriching, using the network, the information in real time by appending to the information at least one of transactional data, customer characteristic data, or historical data associated with a user account associated with the user to form enriched information; (0004, 0006, 0010, 0029, 0032, 0060, 0067, 0086, and 0090 teach enriching log message data (e.g., re financial transaction) by appending thereto an identity profile key or identity profile information during processing; note the identity profile key (or per 0032 identity profile information) appended is customer characteristic data; note although Petersen 0007 initially presents transmission of an email as an exemplary occurrence (event) triggering generation of a log message, per 0041 the event/ occurrence can also be a financial transaction (see 0036 for clarification of the term "baseline behavior"); regarding in real time: the appending of the key occurs during the processing of the transaction, hence in real time) It would have been obvious to one of ordinary skill in the art not later than the effective filing date of the claimed invention to have modified Comeaux's systems and methods for detecting and preventing fraudulent events, by incorporating therein these teachings of Petersen regarding enriching log message data (e.g., re financial transaction) by appending thereto an identity profile key or identity profile information during processing, because Petersen's teachings represent a known way of accessing user profile information that is to be used in conjunction with information about an event (e.g., a triggering event) in order to determine whether the event information represents fraudulent activity, and this (Petersen's) way of accessing user profile information either (i) can be substituted for Comeaux's way of doing the same, MPEP 2143.I.B., or (ii) is just another way of describing Comeaux's way of doing the same. Comeaux's way of doing the same is presented, e.g., as Fig. 2, 206, as described at 17:20-35: "In a next step 206, the alert-generating server determine a user identifier associated with a fraud event of the one or more fraud events based on the data associated with the fraudulent activity. The data associated the fraudulent activity may include details such as money transfers or transaction requests, account identifiers, user identifiers, a timestamp, an amount of money at issue, location of event, and source device identifier. Based on the data, the alert-generating server generate a query using the data as inputs, and transmit the query to a database to determine identification details of a user whose account is undergoing a fraudulent activity. Upon obtaining the identification details of the user, in a next step 208, the alert-generating server may determine an alert-generation model applicable to the fraud event based on the identification information of the user associated with the fraud event." Note Petersen 0010, 0029, 0060, 0067 suggests there are other equivalents or substitutions that can be performed instead of his appending of information, for example, associating the information, e.g., via a table. These equivalents/substitutions are the same as or similar to Comeaux's teachings on this point, e.g., 17:20-35 (set forth above), 10:21-50, 11:26-32, 16:11-24 and 16:53-17:6. Thus, Petersen's teachings may be combined with Comeaux as a substitution, MPEP 2143.I.B., or Petersen is merely making explicit what Comeaux already teaches. Comeaux does not explicitly disclose but Shevyrev teaches: … return; (Abstract, 0017, 0024 (“historical returned … checks”), Fig. 4 (described at 0076-0082) system trains machine learning model (Fig. 4, 308) to predict fraudulent check deposit based on training features (Fig. 4, 402) including historical returned checks (Fig. 4, 404f)) It would have been obvious to one of ordinary skill in the art not later than the effective filing date of the claimed invention to have modified the combination of Comeaux's systems and methods for detecting and preventing fraudulent events, as modified by Petersen's teachings regarding enriching log message data (e.g., re financial transaction) by appending thereto an identity profile key or identity profile information during processing, by incorporating therein these teachings of Shevyrev, specifically, identifying returns as a risk factor (the machine learning (ML) model being trained to predict a likelihood of unauthorized activity for the processed action based on inter alia a past return), because Comeaux teaches training the ML model based on a “behavior profile of the user based on … financial data of the user that may include … credit score [and] any known flag for activity [sic] or known fraud” (9:58-63), and Shevyrev teaches that returns is a known flag for fraud (see citations given above). Therefore, although Comeaux does not explicitly/specifically mention returns, Comeaux effectively includes returns as a risk factor for predicting likelihood of fraud. Therefore, Shevyrev’s teachings are effectively within the scope of Comeaux, and Shevyrev is merely making explicit what Comeaux teaches. Likewise, for this reason Shevyrev is aligned with Comeaux in approach and may be understood as complementing Comeaux / making Comeaux more comprehensive/complete. As such, by explicitly including/naming this additional risk factor of returns, Shevyrev serves to make Comeaux more comprehensive, robust, and accurate, see Comeaux, 1:23-56 (“organizations that are especially vulnerable to fraudulent activity, such as the banking and insurance industries, need tools to detect, investigate, analyze, and prevent fraud as accurately and efficiently as possible … Based on the afore-mentioned reasons, it is clear that the current fraud analytics techniques are neither efficient nor accurate enough.”), see Shevyrev, 0001-0003 (“Without more granular identification capabilities, conventional network-transaction-security systems perpetuate inaccuracies of check-return identification” (0003)), MPEP 2143.I.B.,G. Comeaux teaches that if the probability alert score exceeds a certain threshold then stopping the action (a first outcome), and if the probability alert score does not exceed a certain threshold then allowing the action (a second outcome), as per above, but Comeaux does not explicitly disclose a third, intermediate outcome of flagging the action for review if the probability alert score falls between a first threshold and a second threshold. However, Shevyrev teaches such a third intermediate outcome. Specifically, Shevyrev teaches: automatically stopping (316), at the transaction channel device, the processed action; flagging (312), at the transaction channel device, the processed action for review; or automatically allowing (314), at the transaction channel device, the processed action. (0019-0020, 0024, Fig. 3, 312, 314, 316, 0066-0070, 0074-0075) It would have been obvious to one of ordinary skill in the art not later than the effective filing date of the claimed invention to have modified the combination of Comeaux's systems and methods for detecting and preventing fraudulent events, as modified by Petersen's teachings regarding enriching log message data (e.g., re financial transaction) by appending thereto an identity profile key or identity profile information during processing, by incorporating therein these teachings of Shevyrev (specifically, substituting Shevyrev’s tripartite decision/outcome structure for Comeaux's bipartite decision/outcome structure) because it provides for more nuanced/fine-tuned decision-making/outcomes, thereby increasing accuracy, e.g., providing for more thorough review/analysis where the probability of fraud lies in an intermediate range, and thus preventing more fraud. See Shevyrev, 0001-0003 (“Without more granular identification capabilities, conventional network-transaction-security systems perpetuate inaccuracies of check-return identification” (0003)), 0069 (“By suspending [flagging] the transfer of funds to the recipient account, the mobile check deposit system 102 can avoid a risk of loss to a financial institution and/or a check maker account.”), see Comeaux, 1:23-56 (“organizations that are especially vulnerable to fraudulent activity, such as the banking and insurance industries, need tools to detect, investigate, analyze, and prevent fraud as accurately and efficiently as possible … Based on the afore-mentioned reasons, it is clear that the current fraud analytics techniques are neither efficient nor accurate enough.”), MPEP 2143.I.B.,G. Comeaux (8:39-61, 19:12-35) teaches retraining the machine learning model based on new data, including reconfiguring the model using a variety of methods. Shevyrev (0081) teaches the "tuning" step set forth below. But Comeaux in view of Shevyrev does not explicitly disclose the entirety of the model fit limitations set forth below. However, Faibish teaches: executing, by the at least one processor, a model fit operation to determine an accuracy metric to represent how accurately the machine learning model adapts to the plurality of inputs; (0088-0100, with reference to Fig. 12; executing a model fit operation is taught by the training 1206 described in 0091 ("The model fitting" refers to the preceding content of 0091), the validation 1208 described in 0092 ("The fitness or goodness of the current neural network model may be evaluated"), the confirmation/evaluation using test data 1212 described in 0094, or any repeat performance or the like of these processes, such as described in 0092, 0094, 0095, 0098, and 0099; the recited accuracy metric is taught by the "cost or loss function" (0091), the "error function [that] generate[s] a measured error rate" (0092), the "criteria … where the error rate obtained with the test data set may be compared with the prior error rate" (0094), or the "specified criteria" (0096, 0098); executing … a model fit operation to determine an accuracy metric to represent how accurately the machine learning model adapts to the plurality of inputs is taught, e.g., by 0092 ("The fitness or goodness of the current neural network model may be evaluated, for example, using an error function and the result of the comparison (e.g., of the result generated by the neural network during the validation to the expected output of the validation data set). For example, the error function may generate a measured error rate obtained based on the result of the comparison.") but also by other portions of 0088-0100; the machine learning model is taught by, e.g., 0088 ("model of a machine learning system … neural network or model"); the at least one processor is taught by, e.g., 0051 ("The processors included in the host computer systems 14 a-14 n and management system 16"), 0061, Fig. 2, processor 202, 0222 ("processors"), claim 18 ("one or more processors")) tuning, by the at least one processor, at least one hyperparameter of the machine learning model based on the determined accuracy metric to improve machine learning model performance; (0088-0100, with reference to Fig. 12, e.g., 0094 "If the validity of the final neural network model is not confirmed, one or more actions may be taken. The one or more actions may include, for example, repeating the training and validation as described above. The one or more actions may include further evaluating the neural network model to try an alternative neural network model structure, arrangement or architecture by modifying one or more of the hyper-parameters (e.g., return to the first step as described above)." -- this is to be read/ understood in the context of 0088-0100 and the explanations provided in the immediately preceding bullet point above) It would have been obvious to one of ordinary skill in the art not later than the effective filing date of the claimed invention to have modified the combination of Comeaux's systems and methods for detecting and preventing fraudulent events, as modified by Petersen's teachings regarding enriching log message data (e.g., re financial transaction) by appending thereto an identity profile key or identity profile information during processing, and as further modified by Shevyrev's teachings regarding (i) identifying returns as a risk factor and (ii) a tripartite decision/outcome structure (both as explained above), by incorporating therein these teachings of Faibish regarding executing a model fit to evaluate accuracy of a machine learning model during/after training and tuning hyperparameters of the model based on the determined accuracy metric to improve model performance, because Faibish's teachings are consistent with Comeaux's and Shevyrev's approach of improving performance by retraining/tuning (as explained above, in the introduction to Faibish's teachings) but provide a more comprehensive account of such retraining/ tuning and as such would further improve model performance/results (Faibish's more comprehensive teachings may be substituted for Comeaux's and Shevyrev's teachings in this regard, so as to effectively fill any gaps in Comeaux's and Shevyrev's teachings), MPEP 2143.I.A.,B.,C.,D. Regarding Claims 2 and 12 Comeaux in view of Petersen, Faibish and Shevyrev teaches the limitations of base claims 1 and 11 as set forth above. Comeaux further teaches: wherein the machine learning model is trained to retain information associated with one or more previously generated risk indicators to tune a currently generated risk indicator. (2:58-62, 4:42-5:4, 8:39-61, 19:12-35, claim 1) Regarding Claims 3 and 13 Comeaux in view of Petersen, Faibish and Shevyrev teaches the limitations of base claims 1 and 11 as set forth above. Comeaux further teaches: wherein the alert is generated at a set interval to periodically monitor and detect for unauthorized activity. (4:67-5:4; 7:26-50) Regarding Claims 5 and 15 Comeaux in view of Petersen, Faibish and Shevyrev teaches the limitations of base claims 1 and 11 as set forth above. Comeaux further teaches: wherein the risk indicator is assigned based on proprietary knowledge. (As per Fig. 2 (or, e.g., 2:26-62), score (indicator) is determined (210) based on model (208), which in turn is based on user profile (202), where user profile (9:29-10:20) includes personal data, financial data and social network data, at least some of which data is proprietary knowledge, e.g., social security number, mother's maiden name and place of birth, GUID, account balance, credit score) Regarding Claim 7 and 17 Comeaux in view of Petersen, Faibish and Shevyrev teaches the limitations of base claims 1 and 11 as set forth above. Comeaux further teaches: wherein stopping the processed action comprises automatically holding the processed action if the risk indicator exceeds the predetermined threshold. (2:53-58, 5:5-8,18:43-19:11, Fig. 2, 214, claims 1, 3) Note: Shevyrev (0066-0067, 0074-0075) also teaches claims 7 and 17. Regarding Claims 8 and 18 Comeaux in view of Petersen, Faibish and Shevyrev teaches the limitations of base claims 1 and 11 as set forth above. Comeaux further teaches: wherein the queuing of generated alerts includes ordering the generated alerts according to their respective probabilities of unauthorized activity. (4:65-67, 18:62-19:11, 5:8-11) Regarding Claims 9 and 19 Comeaux in view of Petersen, Faibish and Shevyrev teaches the limitations of base claims 1 and 11 as set forth above. Comeaux further teaches: wherein allowing the processed action comprises automatically allowing one or more processed actions associated with ones of the generated risk indicators that are below the predetermined threshold. (2:53-58, 18:33-42) Note: Shevyrev (0066-0067, 0074-0075) also teaches claims 9 and 19. Note regarding the use of the plural "ones of the generated indicators," if the plurality is deemed not taught by Comeaux or Shevyrev, then it is obvious based on MPEP 2144.04.VI.B. (Duplication of Parts). Regarding Claims 10 and 20 Comeaux in view of Petersen, Faibish and Shevyrev teaches the limitations of base claims 1 and 11 as set forth above. Shevyrev further teaches: wherein flagging the processed action, comprises flagging for review by an analyst, if the risk indicator is between a first predetermined threshold and a second predetermined threshold. (0066-0067, 0074-0075) It would have been obvious to one of ordinary skill in the art not later than the effective filing date of the claimed invention to have modified the combination of Comeaux's systems and methods for detecting and preventing fraudulent events, as modified by Petersen's teachings regarding enriching log message data (e.g., re financial transaction) by appending thereto an identity profile key or identity profile information during processing, as further modified by Shevyrev's teachings regarding (i) identifying returns as a risk factor and (ii) a tripartite decision/outcome structure (both as explained above), and as further modified by Faibish's teachings regarding executing a model fit to evaluate accuracy of a machine learning model during/after training and tuning hyperparameters of the model based on the determined accuracy metric to improve model performance, by incorporating therein these further teachings of Shevyrev regarding holding a transaction based on a threshold, because it provides for more nuanced/fine-tuned decision-making/outcomes, thereby increasing accuracy, e.g., providing for more thorough review/analysis where the probability of fraud lies in an intermediate range, and thus preventing more fraud. See Shevyrev, 0001-0003 (“Without more granular identification capabilities, conventional network-transaction-security systems perpetuate inaccuracies of check-return identification” (0003)), 0069 (“By suspending [flagging] the transfer of funds to the recipient account, the mobile check deposit system 102 can avoid a risk of loss to a financial institution and/or a check maker account.”), see Comeaux, 1:23-56 (“organizations that are especially vulnerable to fraudulent activity, such as the banking and insurance industries, need tools to detect, investigate, analyze, and prevent fraud as accurately and efficiently as possible … Based on the afore-mentioned reasons, it is clear that the current fraud analytics techniques are neither efficient nor accurate enough.”), MPEP 2143.I.B.,G. Regarding Claim 23 Comeaux in view of Petersen, Faibish and Shevyrev teaches the limitations of base claim 1 as set forth above. Shevyrev further teaches: wherein the machine learning model is trained based on an aggregated sum of previous returns. (0024 "combinations of … historical returned … checks"; 0077, Table 1 "(returned_checks_total_amount) Total amount … of returned checks") It would have been obvious to one of ordinary skill in the art not later than the effective filing date of the claimed invention to have modified the combination of Comeaux's systems and methods for detecting and preventing fraudulent events, as modified by Petersen's teachings regarding enriching log message data (e.g., re financial transaction) by appending thereto an identity profile key or identity profile information during processing, as further modified by Shevyrev's teachings regarding (i) identifying returns as a risk factor and (ii) a tripartite decision/outcome structure (both as explained above), and as further modified by Faibish's teachings regarding executing a model fit to evaluate accuracy of a machine learning model during/after training and tuning hyperparameters of the model based on the determined accuracy metric to improve model performance, by incorporating therein these further teachings of Shevyrev regarding an aggregated sum of previous returns as a fraud risk factor, because this is a known fraud risk factor, and accordingly the incorporation of these further teachings of Shevyrev into the combination of Comeaux as modified by Shevyrev would cause the heretofore combination to take into account a greater range of known fraud risk factors, and thus would render the heretofore combination more comprehensive, robust and accurate, see Comeaux, 1:23-56 (“organizations that are especially vulnerable to fraudulent activity, such as the banking and insurance industries, need tools to detect, investigate, analyze, and prevent fraud as accurately and efficiently as possible … Based on the afore-mentioned reasons, it is clear that the current fraud analytics techniques are neither efficient nor accurate enough.”), see Shevyrev, 0001-0003 (“Without more granular identification capabilities, conventional network-transaction-security systems perpetuate inaccuracies of check-return identification” (0003)), MPEP 2143.I.A.,G. Regarding Claim 25 Comeaux in view of Petersen, Faibish and Shevyrev teaches the limitations of base claim 1 as set forth above. Shevyrev further teaches: wherein the risk indicator is assigned based on at least one suspicious mark on a check deposit. (0056 identifying suspicious signature as fraud risk feature/factor; under broadest reasonable interpretation, a signature is a mark) It would have been obvious to one of ordinary skill in the art not later than the effective filing date of the claimed invention to have modified the combination of Comeaux's systems and methods for detecting and preventing fraudulent events, as modified by Petersen's teachings regarding enriching log message data (e.g., re financial transaction) by appending thereto an identity profile key or identity profile information during processing, as further modified by Shevyrev's teachings regarding (i) identifying returns as a risk factor and (ii) a tripartite decision/outcome structure (both as explained above), and as further modified by Faibish's teachings regarding executing a model fit to evaluate accuracy of a machine learning model during/after training and tuning hyperparameters of the model based on the determined accuracy metric to improve model performance, by incorporating therein these further teachings of Shevyrev regarding a suspicious signature on a check as a fraud risk factor, because this is a known fraud risk factor, and accordingly the incorporation of these teachings into the combination would result in taking into account a greater range of known fraud risk factors, and thus would render the combination more comprehensive, robust and accurate, see Shevyrev, 0002-0003, 0006, see Comeaux, 1:23-56 (“organizations that are especially vulnerable to fraudulent activity, such as the banking and insurance industries, need tools to detect, investigate, analyze, and prevent fraud as accurately and efficiently as possible … Based on the afore-mentioned reasons, it is clear that the current fraud analytics techniques are neither efficient nor accurate enough.”), MPEP 2143.I.A.,G. Regarding Claim 26 Comeaux in view of Petersen, Faibish and Shevyrev teaches the limitations of base claim 1 as set forth above. Shevyrev further teaches: wherein the risk indicator is assigned based on at least one suspicious change on a check deposit. (0056 identifying alteration as fraud risk feature/factor) It would have been obvious to one of ordinary skill in the art not later than the effective filing date of the claimed invention to have modified the combination of Comeaux's systems and methods for detecting and preventing fraudulent events, as modified by Petersen's teachings regarding enriching log message data (e.g., re financial transaction) by appending thereto an identity profile key or identity profile information during processing, as further modified by Shevyrev's teachings regarding (i) identifying returns as a risk factor and (ii) a tripartite decision/outcome structure (both as explained above), and as further modified by Faibish's teachings regarding executing a model fit to evaluate accuracy of a machine learning model during/after training and tuning hyperparameters of the model based on the determined accuracy metric to improve model performance, by incorporating therein these further teachings of Shevyrev regarding an alteration on a check as a fraud risk factor, because this is a known fraud risk factor, and accordingly the incorporation of these teachings into the combination would result in taking into account a greater range of known fraud risk factors, and thus would render the combination more comprehensive, robust and accurate, see Shevyrev, 0002-0003, 0006, see Comeaux, 1:23-56 (“organizations that are especially vulnerable to fraudulent activity, such as the banking and insurance industries, need tools to detect, investigate, analyze, and prevent fraud as accurately and efficiently as possible … Based on the afore-mentioned reasons, it is clear that the current fraud analytics techniques are neither efficient nor accurate enough.”), MPEP 2143.I.A.,G. Regarding Claim 27 Comeaux in view of Petersen, Faibish and Shevyrev teaches the limitations of base claim 1 as set forth above. Shevyrev further teaches: wherein the risk indicator is assigned based on at least one signature verification on a check deposit. (per Abstract, 0006, 0017, features are used to predict fraudulent check deposit, hence features constitute risk indicators; per Fig. 3, 304a, 0055-0056, features include check features 304a, which include signature/signature analysis) It would have been obvious to one of ordinary skill in the art not later than the effective filing date of the claimed invention to have modified the combination of Comeaux's systems and methods for detecting and preventing fraudulent events, as modified by Petersen's teachings regarding enriching log message data (e.g., re financial transaction) by appending thereto an identity profile key or identity profile information during processing, as further modified by Shevyrev's teachings regarding (i) identifying returns as a risk factor and (ii) a tripartite decision/outcome structure (both as explained above), and as further modified by Faibish's teachings regarding executing a model fit to evaluate accuracy of a machine learning model during/after training and tuning hyperparameters of the model based on the determined accuracy metric to improve model performance, by incorporating therein these further teachings of Shevyrev regarding signature verification in light of forgery being a risk factor, because forgery is a known risk factor and signature verification is a known fraud detection/preventive measure to address forgery, and accordingly these further teachings of Shevyrev would cause the heretofore combination to take into account a greater range of known fraud risk factors, and thus would render the heretofore combination more comprehensive, robust and accurate, see Comeaux, 1:23-56 (“organizations that are especially vulnerable to fraudulent activity, such as the banking and insurance industries, need tools to detect, investigate, analyze, and prevent fraud as accurately and efficiently as possible … Based on the afore-mentioned reasons, it is clear that the current fraud analytics techniques are neither efficient nor accurate enough.”), see Shevyrev, 0001-0003 (“Without more granular identification capabilities, conventional network-transaction-security systems perpetuate inaccuracies of check-return identification” (0003)), 0006, MPEP 2143.I.A.,G. Regarding Claim 28 Comeaux in view of Petersen, Faibish and Shevyrev teaches the limitations of base claims 1 and 11 as set forth above. Comeaux further teaches: wherein the risk indicator is derived based on a model probability. (7:34-50, Fig. 2, 210, 2:43-49, 4:46-52 alert probability score determined by/based on model) Regarding Claim 30 Comeaux in view of Petersen, Faibish and Shevyrev teaches the limitations of base claim 1 as set forth above. Shevyrev further teaches: recording, in the database, a trigger variable (0030) associated with the processed action, (0030 "For example, identifying that a check maker account is false (e.g., synthetic) can trigger a check-return. As another example, identifying insufficient funds in a check maker account can trigger a check-return. In yet another example, identifying a disputed or unauthorized check (e.g., a stolen/forged check) that the account holder corresponding to the check maker account did not authorize to be executed can trigger a check-return" -- the underlined items constitute factors indicating that the associated transaction is potentially/likely fraudulent and consequently will potentially/likely result in a return of the check/transaction, i.e., trigger variables; regarding recording, in the database: 0052 "the mobile check deposit system 102 generates a data structure (e.g., a digital table stored in a memory device) comprising features associated with prior network transactions and network account data for a plurality of network accounts" (0097 provides similar teaching); note the description of the "features" in 0052 and 0046 (as per quotation below for last step of claim 30) encompasses the trigger variable as per 0030; as per 0122, the data structure/table of 0052 is stored in a database ("Data stores may be used to store various types of information. In particular embodiments, the information stored in data stores may be organized according to specific data structures. In particular embodiments, each data store may be a relational, columnar, correlation, or other suitable database. … Particular embodiments may provide interfaces that enable a client device 906, or an inter-network facilitation system 104 to manage, retrieve, modify, add, or delete, the information stored in data store."); see also 0125 ("In particular embodiments, the inter-network facilitation system 104 may include a variety of servers, sub-systems, programs, modules, logs, and data stores. In particular embodiments, the inter-network facilitation system 104 may include … user-profile (e.g., provider profile or requester profile) store, …. In particular embodiments, the inter-network facilitation system 104 may include one or more user-profile stores for storing user profiles …. A user profile may include, for example, biographic information, demographic information, financial information, behavioral information, social information, or other types of descriptive information, such as interests, affinities, or location.")) wherein the trigger variable is determined based on a likelihood of return of the processed action; and (0030 see explanation above) transmitting the trigger variable to a financial institution endpoint device (administrative device 114). (0037 "The mobile check deposit system 102 can also communicate with the administrator device 114 to provide information relating to a check-return prediction. In some embodiments, the mobile check deposit system 102 causes the administrator device 114 to display, on a per-transaction basis, whether a network transaction between a check maker account and a recipient account has triggered (or will likely trigger) a check-return. Additionally or alternatively, the mobile check deposit system 102 can graphically flag certain mobile check deposits (e.g., via a visual indicator) for a certain class or type of check-return prediction [trigger variable, as per 0030] within a graphical user interface on the administrator device 114."; 0046 "It will be appreciated that the mobile check deposit system 102 can perform additional or alternative acts based on the check-return prediction. For example, in one or more embodiments, the mobile check deposit system 102 uses feature scores from the check-return machine-learning model to generate a recommendation or graphical indicator for display on an administrator device. Such a recommendation or graphical indicator can flag one or more features [trigger variable, as per 0037] associated with the mobile check deposit as suspicious of fraud or otherwise indicative of a potential check-return."; note, as per 0027, "features" (0046) encompasses both features of/on a check and related data such as transaction data, account data, and profile data and the like, as described in 0043 (" Additionally or alternatively, the mobile check deposit system 102 identifies recipient historical account data, recipient payment schedule data, check maker historical return/posted check data, etc.") and 0052 ("the mobile check deposit system 102 generates a data structure (e.g., a digital table stored in a memory device) comprising features associated with prior network transactions and network account data for a plurality of network accounts")) It would have been obvious to one of ordinary skill in the art not later than the effective filing date of the claimed invention to have modified the combination of Comeaux's systems and methods for detecting and preventing fraudulent events, as modified by Petersen's teachings regarding enriching log message data (e.g., re financial transaction) by appending thereto an identity profile key or identity profile information during processing, as further modified by Shevyrev's teachings regarding (i) identifying returns as a risk factor and (ii) a tripartite decision/outcome structure (both as explained above), and as further modified by Faibish's teachings regarding executing a model fit to evaluate accuracy of a machine learning model during/after training and tuning hyperparameters of the model based on the determined accuracy metric to improve model performance, by incorporating therein these further teachings of Shevyrev regarding trigger variables, including storing and transmitting them, (i) because trigger variables constitute significant causal information that is highly useful for fraud determinations and accordingly trigger variables should be retained and financial entities that are involved in fraud determination and that are subject to fraud losses / that need to protect against fraud losses should be informed of trigger variables, and (ii) also because the combination is merely a matter of combining prior art elements according to known methods to yield predictable results, MPEP 2143.I.A. Regarding Claim 31 Comeaux in view of Petersen, Faibish and Shevyrev teaches the limitations of base claim 1 as set forth above. Comeaux further teaches: transmitting the generated alerts to a mobile … application associated with a financial institution based on the severity of the corresponding risk indicator to facilitate prioritized processing. (4:65-5:11, 18:62-19:11 sorting alerts based on fraud probability score (priority) and presenting alerts to administrator device in order of this priority teaches transmitting the generated alerts to a mobile … based on the severity of the corresponding risk indicator to facilitate prioritized processing (under broadest reasonable interpretation, the value of the score teaches severity); 15:18-44 "administrator device 108 may be … smartphones," which have software and receive alerts (note a smartphone performs all operations via mobile application(s)) (note administrator device is associated with financial institution, e.g., bank (1:26 "banking; 2:20 "financial institution") administering ATM (7:6-10) -- this teaches transmitting the generated alerts to a mobile … application associated with a financial institution) Shevyrev further teaches: transmitting the generated alerts to a mobile banking application associated with a financial institution …. (regarding mobile banking application associated with a financial institution: 0001, 0026, 0036, 0042 and 0048 teach mobile/client application used for mobile check and other financial transactions; 0120 "the inter-network facilitation system 104 can facilitate access to, and transactions to and from, the bank account of the third-party system 908 via a client application of the inter-network facilitation system 104 on the client device 906."; regarding transmitting the generated alerts: 0037 "The mobile check deposit system 102 can also communicate with the administrator device 114 to provide information relating to a check-return prediction. In some embodiments, the mobile check deposit system 102 causes the administrator device 114 to display, on a per-transaction basis, whether a network transaction between a check maker account and a recipient account has triggered (or will likely trigger) a check-return [alert]. Additionally or alternatively, the mobile check deposit system 102 can graphically flag certain mobile check deposits (e.g., via a visual indicator) for a certain class or type of check-return prediction within a graphical user interface on the administrator device 114 [alert]."; 0046 "It will be appreciated that the mobile check deposit system 102 can perform additional or alternative acts based on the check-return prediction. For example, in one or more embodiments, the mobile check deposit system 102 uses feature scores from the check-return machine-learning model to generate a recommendation or graphical indicator for display on an administrator device. Such a recommendation or graphical indicator can flag one or more features associated with the mobile check deposit as suspicious of fraud or otherwise indicative of a potential check-return [alert].") It would have been obvious to one of ordinary skill in the art not later than the effective filing date of the claimed invention to have modified the combination of Comeaux's systems and methods for detecting and preventing fraudulent events, as modified by Petersen's teachings regarding enriching log message data (e.g., re financial transaction) by appending thereto an identity profile key or identity profile information during processing, as further modified by Shevyrev's teachings regarding (i) identifying returns as a risk factor and (ii) a tripartite decision/outcome structure (both as explained above), and as further modified by Faibish's teachings regarding executing a model fit to evaluate accuracy of a machine learning model during/after training and tuning hyperparameters of the model based on the determined accuracy metric to improve model performance, by incorporating therein these further teachings of Shevyrev regarding a mobile banking application of a mobile device, to which alerts are transmitted, because the combination is merely a matter of combining prior art elements according to known methods to yield predictable results, MPEP 2143.I.A. Regarding Claim 32 Comeaux in view of Petersen, Faibish and Shevyrev teaches the limitations of base claims 1 and 11 as set forth above. Comeaux further teaches: transmitting each generated alert to an associated transaction channel device. (15:30 "The administrator device 108 GUI [an associated transaction channel device] may receive alerts"; 17:7-16 "Upon detecting fraudulent and/or malicious events, the fraud detection devices transmit a notification message to the alert-generating server indicating details of the fraudulent and/or malicious events. The notification … may be transmitted to the alert-generating server and any number of devices of the system through the associated networks and channels."; 18:58-61) Regarding Claim 33 Comeaux in view of Petersen, Faibish and Shevyrev teaches the limitations of base claims 1 and 11 as set forth above. Comeaux further teaches: wherein the transaction channel device is selected from one of an ATM channel, a mobile channel, or a teller channel. (Regarding ATM channel and teller channel: 7:6-10 one scenario handled by Comeaux is suspicious ATM withdrawal, indicating that such transaction is received from ATM (see 7:26-28), and that such transaction is allowed or stopped at ATM, depending on generated alert (fraud) probability score (see 7:34-42, 18:33-19:11); note, under broadest reasonable interpretation, an ATM (automated teller machine) channel is a kind of, and hence teaches, a teller channel) Regarding Claim 35 Comeaux in view of Petersen, Faibish and Shevyrev teaches the limitations of base claims 1 and 11 as set forth above. Comeaux further teaches: wherein the plurality of inputs include: processed action data, unauthorized device propensity, past statistics, …, a user relationship, and unauthorized instrument data. (Regarding processed action data: e.g., per 8:4-20 training data (plurality of inputs) includes attributes including "number of transactions per month, time and date associated with transactions, amount of transactions" (8:18-19); regarding unauthorized device propensity: e.g., per 8:4-20 training data (plurality of inputs) includes attributes including "number of login attempts" (8:17-18); per 10:32-33 input data, hence also training data (plurality of inputs), of fraudulent events includes "remote network logon logs of a user for suspicious access attempts"; per 10:54-11:13 input data, hence also training data (plurality of inputs), of fraudulent events includes multiple failed authentication attempts; the number of log-in attempts/failed authentication events indicates the likelihood that the login/authentication attempt is by an unauthorized device (unauthorized device propensity); regarding past statistics: e.g., per 8:4-20 training data (plurality of inputs) includes attributes including "number of login attempts, number of transactions per month, time and date associated with transactions, amount of transactions" (8:18-19); 10:62-11:35 "historical data" is input to alert-generation model, hence also used as training data (plurality of inputs); 13:23-26; regarding a user relationship: per 19:19-35 the behavior profile is used as training data (plurality of inputs); per 9:29-37 the behavior profile includes "user social network data" (9:37) which, in turn, per 9:64-10:3 includes "number and types of relationships of the user"; regarding unauthorized instrument data: per 11:14-15 "the alert-generating server 102 may receive a record of a fraudulent transaction event associated with a user from a system server 106"; this fraudulent event data may include "account identifiers" (11:62), data indicating that "a user [opened] multiple new accounts" (which data would include account numbers) (13:17-18), data indicating "account takeover fraud," including stolen "account access credentials such as username, password, PIN, etc. … account identifiers"; under broadest reasonable interpretation, account identifiers/numbers teaches instrument data; finally, note also that behavior profile may include "any known flag for activity or known fraud" (9:62-63)) Shevyrev further teaches: wherein the plurality of inputs include: … the at least one past return …. (Abstract, 0017, 0024 (“historical returned … checks”), Fig. 4 (described at 0076-0082) system trains machine learning model (Fig. 4, 308) to predict fraudulent check deposit based on training features (Fig. 4, 402) including historical returned checks (Fig. 4, 404f)) Note: this limitation taught by Shevyrev is the same as the corresponding limitation in base claim 1 taught by Shevyrev. Accordingly, the motivation/rationale for combining this teaching of Shevyrev with the combination of other references is the same as the motivation/rationale given for this limitation in claim 1 above. Claims 4 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Comeaux et al. (U.S. Patent No. 11,669,844), hereafter Comeaux, in view of Petersen et al. (U.S. Patent Application Publication No. 2020/0125725 A1), hereafter Petersen, further in view of Faibish (U.S. Patent Application Publication No. 2021/0125053 A1), further in view of Shevyrev et al. (U.S. Patent Application Publication No. 2023/0281629 A1), hereafter Shevyrev, and further in view of Abifaker et al. (U.S. Patent Application Publication No. 2015/0278817 A1), hereafter Abifaker. Regarding Claims 4 and 14 Comeaux in view of Petersen, Faibish and Shevyrev teaches the limitations of base claims 1 and 11 as set forth above. Comeaux in view of Petersen, Faibish and Shevyrev does not explicitly disclose but Abifaker teaches: wherein the risk indicator is a two-digit number that indicates a probability of unauthorized activity. (Fig. 3, 0067-0070) It would have been obvious to one of ordinary skill in the art not later than the effective filing date of the claimed invention to have modified the combination of Comeaux's systems and methods for detecting and preventing fraudulent events, as modified by Petersen's teachings regarding enriching log message data (e.g., re financial transaction) by appending thereto an identity profile key or identity profile information during processing, as further modified by Shevyrev's teachings regarding (i) identifying returns as a risk factor and (ii) a tripartite decision/outcome structure (both as explained above), and as further modified by Faibish's teachings regarding executing a model fit to evaluate accuracy of a machine learning model during/after training and tuning hyperparameters of the model based on the determined accuracy metric to improve model performance, by incorporating therein these teachings of Abifaker because, even though Comeaux does not specify the format of the alert probability score (indicator), inasmuch as Comeaux requires that this score be compared to a threshold, this score necessarily has numeric content (e.g., this score is a number or some other quantifier/metric), and thus Abifaker's teachings merely flesh out (an example of) implementation detail necessary for Comeaux's invention to be operable. Note that the particular format of the score/indicator, as a two-digit number or as another quantifier/metric, is obvious based on MPEP 2144.07 (selection of format, viz., two-digit number, known in the prior art (e.g., Abifaker) to be suitable for performing the same function in the same/similar context (Comeaux)), 2144.06 (use of format, viz., two-digit number, known in prior art to be useful for same purpose; substitution of equivalents), 2144.04.I (design choice). Claims 6, 16, 29 and 34 are rejected under 35 U.S.C. 103 as being unpatentable over Comeaux et al. (U.S. Patent No. 11,669,844), hereafter Comeaux, in view of Petersen et al. (U.S. Patent Application Publication No. 2020/0125725 A1), hereafter Petersen, further in view of Faibish (U.S. Patent Application Publication No. 2021/0125053 A1), further in view of Shevyrev et al. (U.S. Patent Application Publication No. 2023/0281629 A1), hereafter Shevyrev, and further in view of Pavlovic ("Log-normal Distribution - A simple explanation”). Regarding Claims 6 and 16 Comeaux in view of Petersen, Faibish and Shevyrev teaches the limitations of base claims 1 and 11 as set forth above. Comeaux further teaches wherein the risk indicator (alert probability score) is further generated based in part on … a user's profile (behavior profile of a user) … the user's profile. (2:26-62 generates alert probability score (2:44) based on alert generation model (2:46) which is based on a behavior profile of a user (2:26-31); 9:29-1020 describes the behavior profile) Comeaux in view of Petersen, Faibish and Shevyrev does not explicitly disclose but Pavlovic teaches: … a log-norm scaling of … against …. (Note Applicant’s specification (0045) defines “log-norm scaling” thus: “Log-norm scaling may refer to applying a logarithmic transformation to values, which transforms the values onto a scale that approximates the normality”; Pavlovic, p. 3, teaches the same thing: “Let’s say your data [values] fits a log-normal distribution. If you then take the logarithm of [applying a logarithmic transformation to] all your data points [values], the newly transformed [logarithmically transformed] points [values] will now fit a normal distribution [a scale that approximates the normality].”) It would have been obvious to one of ordinary skill in the art not later than the effective filing date of the claimed invention to have modified the combination of Comeaux's systems and methods for detecting and preventing fraudulent events, as modified by Petersen's teachings regarding enriching log message data (e.g., re financial transaction) by appending thereto an identity profile key or identity profile information during processing, as further modified by Shevyrev's teachings regarding (i) identifying returns as a risk factor and (ii) a tripartite decision/outcome structure (both as explained above), and as further modified by Faibish's teachings regarding executing a model fit to evaluate accuracy of a machine learning model during/after training and tuning hyperparameters of the model based on the determined accuracy metric to improve model performance, by incorporating therein these teachings of Pavlovic regarding log-norm scaling, because this is a known way to model various natural phenomena, see Pavlovic, p. 1, and has particular advantages under certain circumstances applicable to the combination, e.g., where the data cannot be negative, (e.g., data such as a probability of fraud / a risk value), where the data skews positive, with most values clustered near the low end and a long tail extending rightward to occasional high outliers (e.g., transaction data, which comprises mostly non-fraudulent transactions and a relatively small amount of fraudulent transactions), and where the data grows multiplicatively/cumulatively (e.g., a plurality of historical transaction data) -- by transforming such data with a logarithm, it can be normalized, allowing for easier analysis with powerful standard statistical techniques, such as calculating z-scores, performing linear regression, estimating parameters using Maximum Likelihood Estimation (MLE), etc. Regarding Claim 29 Comeaux in view of Petersen, Faibish and Shevyrev teaches the limitations of base claim 1 as set forth above. Comeaux further teaches wherein the risk indicator (alert probability score) is further generated based in part on … the processed action … a plurality of previous processed actions. (11:26-32 alert-generating server 102 evaluates the event (the processed action) to determine (generate) alert probability score (risk indicator) by using a model with (based in part on) historical data (plurality of previous processed actions); note that Comeaux's "historical data" (11:29-30) can be financial data (processed actions), because, as per 9:58-63, 16:11-24 (note the language: "financial data," e.g., "events" such as "transfer funds," etc.), the behavior profile (user data) used with the model to determine the alert probability score can include historical financial data) Comeaux in view of Petersen, Faibish and Shevyrev does not explicitly disclose but Pavlovic teaches: … a log-norm scaling of … against …. (Note Applicant’s specification (0045) defines “log-norm scaling” thus: “Log-norm scaling may refer to applying a logarithmic transformation to values, which transforms the values onto a scale that approximates the normality”; Pavlovic, p. 3, teaches the same thing: “Let’s say your data [values] fits a log-normal distribution. If you then take the logarithm of [applying a logarithmic transformation to] all your data points [values], the newly transformed [logarithmically transformed] points [values] will now fit a normal distribution [a scale that approximates the normality].”) It would have been obvious to one of ordinary skill in the art not later than the effective filing date of the claimed invention to have modified the combination of Comeaux's systems and methods for detecting and preventing fraudulent events, as modified by Petersen's teachings regarding enriching log message data (e.g., re financial transaction) by appending thereto an identity profile key or identity profile information during processing, as further modified by Shevyrev's teachings regarding (i) identifying returns as a risk factor and (ii) a tripartite decision/outcome structure (both as explained above), and as further modified by Faibish's teachings regarding executing a model fit to evaluate accuracy of a machine learning model during/after training and tuning hyperparameters of the model based on the determined accuracy metric to improve model performance, by incorporating therein these teachings of Pavlovic regarding log-norm scaling, because this is a known way to model various natural phenomena, see Pavlovic, p. 1, and has particular advantages under certain circumstances applicable to the combination, e.g., where the data cannot be negative, (e.g., data such as a probability of fraud / a risk value), where the data skews positive, with most values clustered near the low end and a long tail extending rightward to occasional high outliers (e.g., transaction data, which comprises mostly non-fraudulent transactions and a relatively small amount of fraudulent transactions), and where the data grows multiplicatively/cumulatively (e.g., a plurality of historical transaction data) -- by transforming such data with a logarithm, it can be normalized, allowing for easier analysis with powerful standard statistical techniques, such as calculating z-scores, performing linear regression, estimating parameters using Maximum Likelihood Estimation (MLE), etc. Regarding Claim 34 Comeaux in view of Petersen, Faibish and Shevyrev teaches the limitations of base claim 1 as set forth above. Shevyrev further teaches: wherein the generating includes: computing a model probability that the processed action belongs to a class indicating a likelihood of fraudulent activity; (0018 "In particular embodiments, the check-return machine-learning model generates a check-return prediction indicating a probability that the mobile check deposit corresponds to a certain class of mobile check deposit fraud (e.g., altered checks, forged checks, duplicate checks, etc.)."; see also 0029 and 0044 for similar teachings and 0003 for background) computing a … probability … score based on a deposit amount associated with the processed action, …; and (0017, 0051, 0055, 0061, 0077, Table 1 (e.g., "mobile check deposit amount" and numerous other deposit amounts), all teaching deposit amount as an input feature/factor for generating a fraud probability score for the transaction) computing a probability value indicative of whether the processed action is an unauthorized action, wherein the probability value (feature scores) is used to generate the risk indicator (check-return prediction score 310 comprising an aggregate of the feature scores). (0064 "In particular embodiments, the check-return machine-learning model 308 generates the check-return prediction score 310 [risk indicator] composed of or based on feature scores [probability value] (e.g., that indicate particular check-return scores for different features identified at the act 304). For instance, the check-return prediction score 310 may include an aggregate of the feature scores.") Comeaux in view of Petersen, Faibish and Shevyrev does not explicitly disclose a log-normal probability density score but Pavlovic teaches: computing a log-normal probability density score based on …, wherein computing the log-normal probability density score includes using a first parameter and a second parameter; and (e.g., pp. 1- 3; regarding the recited parameters, see also pp. 4-7) It would have been obvious to one of ordinary skill in the art not later than the effective filing date of the claimed invention to have modified the combination of Comeaux's systems and methods for detecting and preventing fraudulent events, as modified by Petersen's teachings regarding enriching log message data (e.g., re financial transaction) by appending thereto an identity profile key or identity profile information during processing, as further modified by Shevyrev's teachings regarding (i) identifying returns as a risk factor and (ii) a tripartite decision/outcome structure (both as explained above), and as further modified by Faibish's teachings regarding executing a model fit to evaluate accuracy of a machine learning model during/after training and tuning hyperparameters of the model based on the determined accuracy metric to improve model performance, by incorporating therein these teachings of Pavlovic regarding a log-norm probability density function, because this is a known way to model various natural phenomena, see Pavlovic, p. 1, and has particular advantages under certain circumstances applicable to the combination, e.g., where the data cannot be negative, (e.g., data such as a probability of fraud / a risk value), where the data skews positive, with most values clustered near the low end and a long tail extending rightward to occasional high outliers (e.g., transaction data, which comprises mostly non-fraudulent transactions and a relatively small amount of fraudulent transactions), and where the data grows multiplicatively/cumulatively (e.g., a plurality of historical transaction data) -- by transforming such data with a logarithm, it can be normalized, allowing for easier analysis with powerful standard statistical techniques, such as calculating z-scores, performing linear regression, estimating parameters using Maximum Likelihood Estimation (MLE), etc. Claim 22 is rejected under 35 U.S.C. 103 as being unpatentable over Comeaux et al. (U.S. Patent No. 11,669,844), hereafter Comeaux, in view of Petersen et al. (U.S. Patent Application Publication No. 2020/0125725 A1), hereafter Petersen, further in view of Faibish (U.S. Patent Application Publication No. 2021/0125053 A1), further in view of Shevyrev et al. (U.S. Patent Application Publication No. 2023/0281629 A1), hereafter Shevyrev, and further in view of Waters et al. (U.S. Patent Application Publication No. 2012/0246047 A1), hereafter Waters. Regarding Claim 22 Comeaux in view of Petersen, Faibish and Shevyrev teaches the limitations of base claim 1 as set forth above. Comeaux in view of Petersen, Faibish and Shevyrev does not explicitly disclose but Waters teaches: wherein the machine learning model is trained based on at least one charge-off. (Abstract, 0014, 0037-0039, Fig. 1, 0051, Table 1, 0056, Table 2, risk of fraud is determined (S114) based on metrics calculated (S104, S110) from initial data assessment (S100) and inputs (S108) (performance metrics/KPIs), which include various charge-off data, as per Tables 1 (items 3-4, 58-60) and 2 (items 7-10)) It would have been obvious to one of ordinary skill in the art not later than the effective filing date of the claimed invention to have modified the combination of Comeaux's systems and methods for detecting and preventing fraudulent events, as modified by Petersen's teachings regarding enriching log message data (e.g., re financial transaction) by appending thereto an identity profile key or identity profile information during processing, as further modified by Shevyrev's teachings regarding (i) identifying returns as a risk factor and (ii) a tripartite decision/outcome structure (both as explained above), and as further modified by Faibish's teachings regarding executing a model fit to evaluate accuracy of a machine learning model during/after training and tuning hyperparameters of the model based on the determined accuracy metric to improve model performance, by incorporating therein these teachings of Waters regarding charge-offs as a fraud risk factor, because charge-offs are a known fraud risk factor, and accordingly the incorporation of Waters' teachings into the combination would cause the heretofore combination to take into account a greater range of known fraud risk factors, and thus would render the heretofore combination more comprehensive, robust and accurate, see Waters, citations given, see Comeaux, 1:23-56 (“organizations that are especially vulnerable to fraudulent activity, such as the banking and insurance industries, need tools to detect, investigate, analyze, and prevent fraud as accurately and efficiently as possible … Based on the afore-mentioned reasons, it is clear that the current fraud analytics techniques are neither efficient nor accurate enough.”), MPEP 2143.I.A.,G. Claim 24 is rejected under 35 U.S.C. 103 as being unpatentable over Comeaux et al. (U.S. Patent No. 11,669,844), hereafter Comeaux, in view of Petersen et al. (U.S. Patent Application Publication No. 2020/0125725 A1), hereafter Petersen, further in view of Faibish (U.S. Patent Application Publication No. 2021/0125053 A1), further in view of Shevyrev et al. (U.S. Patent Application Publication No. 2023/0281629 A1), hereafter Shevyrev, and further in view of Karpovsky et al. (U.S. Patent Application Publication No. 2022/0191173 A1), hereafter Karpovsky. Regarding Claim 24 Comeaux in view of Petersen, Faibish and Shevyrev teaches the limitations of base claim 1 as set forth above. Comeaux in view of Petersen, Faibish and Shevyrev does not explicitly disclose but Karpovsky teaches: wherein the risk indicator is assigned based on a Virtual Private Network (VPN) indicator (0027) It would have been obvious to one of ordinary skill in the art not later than the effective filing date of the claimed invention to have modified the combination of Comeaux's systems and methods for detecting and preventing fraudulent events, as modified by Petersen's teachings regarding enriching log message data (e.g., re financial transaction) by appending thereto an identity profile key or identity profile information during processing, as further modified by Shevyrev's teachings regarding (i) identifying returns as a risk factor and (ii) a tripartite decision/outcome structure (both as explained above), and as further modified by Faibish's teachings regarding executing a model fit to evaluate accuracy of a machine learning model during/after training and tuning hyperparameters of the model based on the determined accuracy metric to improve model performance, by incorporating therein these teachings of Karpovsky regarding a Virtual Private Network (VPN) indicator as a fraud risk factor, because this is a known fraud risk factor, and accordingly the incorporation of Karpovsky's teachings into the combination would cause the heretofore combination to take into account a greater range of known fraud risk factors, and thus would render the heretofore combination more comprehensive, robust and accurate, see Karpovsky, 0027, see Comeaux, 1:23-56 (“organizations that are especially vulnerable to fraudulent activity, such as the banking and insurance industries, need tools to detect, investigate, analyze, and prevent fraud as accurately and efficiently as possible … Based on the afore-mentioned reasons, it is clear that the current fraud analytics techniques are neither efficient nor accurate enough.”), MPEP 2143.I.A.,G. Conclusion The prior art made of record and not relied upon, as set forth in the accompanying Notice of References Cited (PTO-892), is considered pertinent to applicant's disclosure. Among the cited references: Comeaux (10,567,402) and Comeaux (11,722,502) teach fraud detection/prevention similar to Comeaux (11,699,844) but to greater depth in certain aspects; Phatak (2022/0006899) and Anderson (12,136,096) teach a fraud alert queue that prioritizes fraud alerts based on fraud importance; Vaswani (2022/0377090) teaches fraud detection/prevention (including risk scores and alerts) similar to Comeaux (11,699,844); Karpovsky (2022/0191173) teaches determining fraud risk based on VPN and/or proprietary knowledge and periodic monitoring; and Pavlovic ("Log-normal Distribution - A simple explanation”) teaches content about log-normal distribution similar to that of Applicant's disclosure (specification paragraph 0045). Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to DOUGLAS W PINSKY whose telephone number is (571)272-4131. The examiner can normally be reached on 8:30 am - 5:30 pm ET. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jessica Lemieux can be reached on 571-270-3445. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /DOUGLAS W PINSKY/ Examiner, Art Unit 3626 /JESSICA LEMIEUX/Supervisory Patent Examiner, Art Unit 3626 1 Note the foregoing is merely a paraphrase of content of the independent claims, and is not intended to completely capture the exact claim language. 2 Note a contract or a performance guarantee pertains to addressing (mitigating) risks.
Read full office action

Prosecution Timeline

Show 6 earlier events
Jul 28, 2025
Response after Non-Final Action
Aug 29, 2025
Request for Continued Examination
Sep 09, 2025
Response after Non-Final Action
Nov 03, 2025
Non-Final Rejection mailed — §101, §103, §112
Jan 26, 2026
Applicant Interview (Telephonic)
Jan 26, 2026
Examiner Interview Summary
Feb 02, 2026
Response Filed
Jun 26, 2026
Final Rejection mailed — §101, §103, §112 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12675787
INTERFACE WIDGET TOOL FOR AUTOMATIC QR CODE GENERATION AND DISPLAY WITHOUT APPLICATION LAUNCHING
4y 4m to grant Granted Jul 07, 2026
Patent 12646062
TECHNIQUES AND SYSTEMS TO PERFORM AUTHENTICATION AND PAYMENT OPERATIONS WITH A CONTACTLESS CARD TO PROVIDE ITEMS AND SERVICES
4y 9m to grant Granted Jun 02, 2026
Patent 12646015
PROPENSITY PERTURBATION FOR MODELED TREATMENT SELECTION
2y 9m to grant Granted Jun 02, 2026
Patent 12646072
SYSTEMS AND METHODS OF VERIFYING ORIGIN OF REQUEST FOR PAYMENT
1y 6m to grant Granted Jun 02, 2026
Patent 12481976
ENCODED TRANSFER INSTRUMENTS
2y 8m to grant Granted Nov 25, 2025
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

5-6
Expected OA Rounds
25%
Grant Probability
42%
With Interview (+16.8%)
3y 3m (~0m remaining)
Median Time to Grant
High
PTA Risk
Based on 119 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month