IMPROVEMENTS IN FRAUD DETECTION

§101 §103

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR § 1.114 A request for continued examination under 37 CFR § 1.114, including the fee set forth in 37 CFR § 1.17(e), was filed in this application on November 17, 2025. Since this application is eligible for continued examination under 37 CFR § 1.114, and the fee set forth in 37 CFR § 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR § 1.114. Applicant's submission filed on November 17, 2025 has been entered. Status of the Claims This office action is prepared in response to claim amendments and Remarks submitted by Applicant on November17, 2025 relating to U.S. Patent Application No. 18/356,498 filed on July 21, 2023, which claims foreign priority benefits under 35 U.S.C. § 119 to European Patent Application No. 22187644.4, filed July 28, 2022. Claims 1, 3-7, 9, 11-13, 17-18, 20-21 and 24 have been amended. Claims 1, 3-18, 20-21 and 23-24 are pending and have been examined. This action is non-final. Response to Arguments The Remarks submitted by Applicant on November 17, 2025 have been fully considered. With respect to the Section 101 subject matter eligibility rejection, Applicant has amended the independent claims and asserts, citing to provisions in the specification, that the claims are tied to a particular machine or transform a particular article into a different state or thing. (Remarks, pp. 15-16). Examiner respectfully disagrees. (See Section 101 rejection below). Applicant further asserts that the claims do not recite a mental process insofar as they cannot be performed in the mind. (Remarks, pp. 16-17). Examiner respectfully disagrees. A mental process can still be performed on a computer. (See MPEP 2106.04 (a)(2) III). Applicant also asserts, citing to Enfish for support, that Claim 1 provides a technical improvement in that it recites a computer-implemented method for use in detecting fraudulent electronic transactions which sets forth a solution that is rooted in computer technology in order to overcome a problem specifically arising in the realm of computer networks, and further, that the claim provides significantly more than the abstract idea. (Remarks, pp. 17-19). Examiner respectfully disagrees. The additional elements of the claims are recited at a high level of generality and are used as tools to implement the abstract idea. They do not provide improvements to the functioning of a computer or to technology because they only manipulate data. They do not integrate the abstract idea into a practical application and do not add significantly more to the abstract idea. (See Section 101 rejection below). Lastly, Applicant submits that the Examiner has not demonstrated that any of the claimed elements represent well-understood, routine, conventional activity in accordance with Berkheimer. (Remarks, p. 19). Examiner respectfully disagrees insofar as this is not required under the circumstances. The Section 101 rejection is maintained. With respect to the Section 103 rejection, Applicant asserts that the cited references, Arnold and Sanepudi, do not teach each of the elements of the claims, particularly, that Sandepudi, although discloses transaction times being included in transaction data, it does not disclose electronic transaction records in the electronic data structure that is timestamped. (Remarks, pp. 25-26). As noted in the response to Applicant’s remarks in its prior submission, each field within a data structure reads on a partition, insofar as Sandepudi teaches user identifiers, session identifiers and event types, it teaches this limitation. Further, in regard to a timestamp, a transaction time reasonably reads on a timestamp. Applicant’s argument is moot however, in light of the additional reference identified upon further search necessitated as a result of Applicant’s amendments. The cited references teach the elements of the amended claims. (See Section 103 rejection below). The Section 103 rejection is maintained. Claim Rejections - 35 USC § 101 35 U.S.C. § 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1, 3-18, 20-21 and 23-24 are rejected pursuant to 35 USC § 101 because the claimed invention is directed to an abstract idea without significantly more. Step 1 - Statutory Class Claims 1, 3-16 and 23-24 are directed to a method. Claims 17 and 20 are directed to device. Claims 18 and 21 are directed to a non-transitory computer-readable storage medium. Therefore, on their face, Claims 1, 3-18, 20-21 and 23-24 are directed to a statutory class of invention. Step 2A, Prong 1 – Abstract Idea Claim 17 recites: access a data structure comprising a plurality of transaction records, wherein the data structure comprises a plurality of partitions each comprising a subset of the plurality of transaction records, wherein each transaction record in the data structure is timestamped, and the transaction records in each partition of the data structure are ordered by record according to the respective timestamps of the transaction records; and execute a plurality of instruction sets sharing a common ruleset, each instruction set being configured to use the ruleset to output fraud decisions for transaction records, wherein a fraud decision for a transaction record is a prediction based on the ruleset as to whether the transaction to which the transaction record relates is fraudulent; wherein for each instruction set, executing the instruction set comprises: accessing one or more transaction records for a predetermined historical period from a single distinct partition of the plurality of partitions in the data structure; and determining, using the ruleset, fraud decisions for the one or more transaction records accessed from the data structure. Claim 17 recites the abstract idea of accessing a data structure comprising a plurality of historical transaction records, executing decision processes sharing a common ruleset configured to provide predictions on whether the transaction to which a transaction record relates is fraudulent which falls within fundamental economic principles or practices including mitigating risk under Certain Methods of Organizing Human Activity under MPEP 2106.04(a). Claims 1 and 18 recite the same abstract idea. Additionally, the independent claims recite a mental process that can be performed mentally / manually: the accessing of a data structure comprising a plurality of transaction records is observation; the executing a plurality of decision processes sharing a common ruleset, each decision process being configured to use the ruleset to output fraud decisions for transaction records is evaluation; the reading one or more transaction records for a predetermined historical period from a single distinct partition of the plurality of partitions in the data structure is observation; and the determining, using the ruleset, fraud decisions for the one or more transaction records read from the data structure is judgment. Basically, but for the computing system and the electronic data components (making the process more efficient), the abstract idea could be performed mentally / manually. Step 2A, Prong 2 – Practical Application Claim 17 recites at least one computer processor, a memory containing computer-readable instructions and an electronic data structure comprising a plurality of electronic transaction records. The additional elements are recited at a high level of generality and are used as tools to implement the abstract idea. They do not integrate the abstract idea into a practical application. They do not provide improvements to the functioning of a computer or to technology because they only manipulate data. The claims do not invoke a particular machine as our guidance is clear that a generic computer is not the particular machine envisioned, they do not transform matter as they only manipulate data which is not matter. Step 2B – Significantly more As set forth in the discussion in Step 2A, Prong 2, above, the additional elements are recited at a high level of generality and are used as tools to implement the abstract idea. They do not integrate the abstract idea into a practical application and do not add significantly more to the abstract idea. Dependent claims Claim 3 (accessing the one or more electronic transaction records by the instruction sets and/or determining the fraud decisions by a first instruction set occurs concurrently with accessing the one or more electronic transaction records and/or determining the fraud decisions by at least a second instruction set; and/or an instruction set accesses each electronic transaction record concurrently with, asynchronously to, in parallel to, independently of, or at the same time as the other instruction sets' access operations), Claim 4 (determining the fraud decisions by the instruction sets comprises an instruction set determining a fraud decision for an electronic transaction record concurrently with, asynchronously to, in parallel to, independently of, or at the same time as fraud decision determinations of one or more other instruction sets; and/or determining the fraud decisions comprises determining a fraud decision for every electronic transaction record in the electronic data structure), Claim 5 (accessing the electronic data structure, during execution of each instruction set, is performed by reading electronic transaction records in order of timestamp), Claim 6 (each electronic transaction record in the electronic data structure comprises a customer identifier), Claim 7 (the electronic data structure is partitioned into the plurality of partitions based on customer identifiers of its electronic transaction records; and/or the plurality of partitions of the electronic data structure are configured such that no two partitions hold records for the same customer identifier; and/or each partition holds records for its own distinct set of customer identifiers), Claim 8 (the ruleset comprises a fraud model, wherein the fraud model is configured to map a plurality of inputs to a model score, wherein the ruleset uses one or more model scores to determine a fraud decision wherein the ruleset uses one or more additional rules to determine a fraud decision wherein the fraud model is stateful, and/or wherein the fraud model determines a model score for its plurality of inputs based on previously-seen inputs), Claim 9 (the predetermined historical period is a built-in parameter of the fraud detection system or is selected by a user; and/or each electronic transaction record in the electronic data structure is timestamped and the historical period defines a set of electronic transaction records whose timestamps all fall within a specific window, preferably wherein said window is the last 90 days), Claim 10 (evaluating, by the at least one computer processor, the ruleset by comparing the fraud decisions to fraudulent transaction report data to determine a score for the ruleset), Claim 11 (receiving, by the at least one computer processor, a live transaction event; and writing, by the at least one computer processor, a record of the live transaction event to the electronic data structure; optionally wherein: the electronic data structure comprises a plurality of partitions and for each instruction set, accessing the one or more electronic transaction records comprises accessing from a subset of the plurality of partitions; and writing the record of the live transaction event to the electronic data structure comprises writing the record of the live transaction event to one of the partitions; optionally wherein each electronic transaction record in the electronic data structure comprises a customer identifier and the partition for the record of the live transaction event to be written to is selected based on a customer identifier of the live transaction event), Claim 12 (the electronic data structure is a topic), Claims 13, 20, and 21 (receiving, by the at least one computer processor, a stream of live transaction events; for each live transaction event: determining, by the at least one computer processor, using a first ruleset, a fraud decision for the live transaction event, wherein the fraud decision for the live transaction event is a prediction based on the ruleset as to whether the transaction to which the live transaction event relates is fraudulent; and writing, by the at least one computer processor, a record of the live transaction event to the electronic data structure of electronic transaction records; receiving, by the at least one computer processor, a stream of fraudulent transaction reports; and comparing, by the at least one computer processor, the fraud decisions determined using the second ruleset to data from the stream of fraudulent transaction reports to determine a performance score for the second ruleset), Claim 14 (either: receiving, by the at least one computer processor, a previously-computed performance score for the first ruleset; or comparing, by the at least one computer processor, the fraud decisions determined using the first ruleset to data from the stream of fraudulent transaction reports to determine a performance score for the first ruleset), Claim 15 (in accordance with a determination that the performance score for the second ruleset indicates a higher accuracy than the performance score for the first ruleset, replacing, by the at least one computer processor, the first ruleset used to determine fraud decisions for live transaction events with the second ruleset), Claim 16 (determining, by the at least one computer processor, that the performance score for the second ruleset indicates a higher accuracy than the performance score for the first ruleset; receiving, by the at least one computer processor, a new live transaction event; determining, by the at least one computer processor, using the second ruleset, a fraud decision for the new live transaction event; and either: in accordance with a determination that the new live transaction event is likely to be fraudulent, terminating and/or generating, by the at least one computer processor, an alert for the transaction; or in accordance with a determination that the new live transaction event is not likely to be fraudulent, processing, by the at least one computer processor, the transaction), Claim 23 (the instruction sets run on a cluster) and Claim 24 (the data structure comprises a plurality of partitions and, for each instruction set, accessing the one or more electronic transaction records comprises accessing from a subset of the plurality of partitions, preferably a single distinct partition) further define and add specificity to the abstract idea. Thus, the dependent claims also fail to add significantly more to the abstract idea. As such, Claims 1, 3-18, 20-21 and 23-24 are not patent eligible. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 3-11, 13-18 and 20-21 are rejected under 35 U.S.C. 103 as being unpatentable over Arnold et al., US 2014/0114840 A1, (“Arnold”), in view of Sandepudi et al., US 2020/0334679 A1, (“Sandepudi”), in further view of Branco et al., US 2021/0248448 A1, (“Branco”). Claim 1: Arnold teaches: A computer-implemented method for use in detecting fraudulent electronic transactions, the method comprising: accessing, by at least one computer processor configured to execute stored computer-readable instructions to facilitate detecting fraudulent electronic transactions, an electronic data structure comprising a plurality of electronic transaction records, (See Arnold, Par. 11 (The transaction server 105 may include any device or devices configured to receive and process retail transactions. Retail transactions may include purchases made over a network, such as the Internet or a cellular network, or in a traditional brick-and-mortar store. Each retail transaction may be associated with one or more attributes. The retail database 130 may further include previous retail transactions and their associated attributes. This way, the retail database 130 stores current and historical information about retail transactions. The retail database 130 may store historical information going back any amount of time.)) executing, by the at least one computer processor, a plurality of computer-readable instruction sets sharing a common ruleset, each instruction set being configured to use the ruleset to output fraud decisions for electronic trans PNG media_image1.png 9 6 media_image1.png Greyscale action records, wherein a fraud decision for an electronic transaction record is a prediction based on the ruleset as to whether the transaction to which the electronic transaction record relates is fraudulent; (See Arnold, Par. 13 (The fraud detection server 120 may be configured to detect which of the retail transactions are potentially fraudulent. The fraud detection server 120 may include one or more processors 140C and may be in communication with the transaction server 105 and the retail database 130. Using the historical information stored in the retail database 130, the fraud detection server 120 may be configured to generate a plurality of fraud models 135, each representing a potentially fraudulent transaction. The historical information stored in the retail database 130 may also help to identify current retail transactions that are potentially fraudulent.)) wherein for each instruction set, executing the instruction set comprises: accessing, by the at least one computer processor, one or more electronic transaction records for a predetermined historical period from a single distinct partition of the plurality of partitions in the electronic data structure; and (See Arnold, Par. 11 (The transaction server 105 may include any device or devices configured to receive and process retail transactions. Retail transactions may include purchases made over a network, such as the Internet or a cellular network, or in a traditional brick-and-mortar store. Each retail transaction may be associated with one or more attributes. The retail database 130 may further include previous retail transactions and their associated attributes. This way, the retail database 130 stores current and historical information about retail transactions. The retail database 130 may store historical information going back any amount of time.)) determining, by the at least one computer processor, using the ruleset, fraud decisions for the one or more electronic transaction records accessed from the electronic data structure. (See Arnold, Par. 13 (The fraud detection server 120 may be configured to detect which of the retail transactions are potentially fraudulent. The fraud detection server 120 may include one or more processors 140C and may be in communication with the transaction server 105 and the retail database 130. Using the historical information stored in the retail database 130, the fraud detection server 120 may be configured to generate a plurality of fraud models 135, each representing a potentially fraudulent transaction. The historical information stored in the retail database 130 may also help to identify current retail transactions that are potentially fraudulent.)) Arnold does not expressly disclose, however, Sandepudi teaches: wherein the electronic data structure comprises a plurality of partitions, each comprising a subset of the plurality of electronic transaction records, wherein each electronic transaction record in the data structure is timestamped, and * * * ; and (See Sandepudi, Par. 20 (As shown in FIG. 1, fraud detection server 102 includes (or has access to) transaction data store 114, which may include various types of data associated with transaction system 120 and the service it provides. As a non-limiting example, this transaction data may include: user identifiers, session identifiers, event types, transaction times, origin IP addresses, or any other suitable transaction data that may be used to detect fraudulent activity.)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine with the teachings of Arnold discussed above, transaction record data that includes a timestamp, as taught by Sandepudi. Arnold teaches an automated fraud detection system. It would be obvious for --Arnold to include a step for having transaction record data that include a timestamp so as to provide information essential for determination of fraud decisions. Since the claimed invention is merely a combination of old elements, Arnold’s automated fraud detection system and Sandepudi’s transaction record data that includes a timestamp, and in the combination each element would have performed the same function it performed separately, one having ordinary skill in the art at the time of the invention would have recognized that the results of the combination were predictable. Arnold does not expressly disclose, however, Branco teaches: * * * the electronic transaction records in each partition of the electronic data structure are ordered according to the respective timestamps of the electronic transaction records; (See Branco, Par. 67 (In various embodiments, each card's transactions are saved in the database by chronological order (and fed to the model in that same order).)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine with the teachings of Arnold and Sandepudi discussed above, transaction data fed to a model in chronological order when requested, as taught by Branco. Arnold teaches an automated fraud detection system. Sandepudi teaches transaction record data that includes a timestamp. It would be obvious for --Arnold to include a step for having transaction data fed to a model in chronological order when requested, so as to properly provide historical information for analysis and determination of fraudulent transactions. Since the claimed invention is merely a combination of old elements, Arnold’s automated fraud detection system, Sandepudi’s transaction record data that includes a timestamp and Branco’s transaction data fed to a model in chronological order, and in the combination each element would have performed the same function it performed separately, one having ordinary skill in the art at the time of the invention would have recognized that the results of the combination were predictable. Claim 3: Arnold, Sandepudi and Branco teach each and every element of Claim 1 above. Arnold further teaches: accessing the one or more electronic transaction records by the instruction sets and/or determining the fraud decisions by a first instruction set process occurs concurrently with accessing the one or more electronic transaction records and/or determining the fraud decisions by at least a second instruction set; and/or an instruction set accesses each electronic transaction record concurrently with, asynchronously to, in parallel to, independently of, or at the same time as the other instruction sets' access operations. (See Arnold, Par. 21 (The fraud detection server 120 may be configured to select any number of fraud models 135. In one possible implementation, one selected fraud model 135 may be selected for an initial query to identify potentially fraudulent transactions. One or more additional fraud models 135 may be selected to further identify which of the results of the initial query are most likely to be fraudulent or, in the alternative, help prioritize which results to investigate first.)) Claim 4: Arnold, Sandepudi and Branco teach each and every element of Claim 1 above. Arnold further teaches: determining the fraud decisions by the instruction sets comprises an instruction set determining a fraud decision for an electronic transaction record concurrently with, asynchronously to, in parallel to, independently of, or at the same time as fraud decision determinations of one or more other instruction sets; and/or determining the fraud decisions comprises determining a fraud decision for every electronic transaction record in the electronic data structure. (See Arnold, Par. 13 (The fraud detection server 120 may be configured to detect which of the retail transactions are potentially fraudulent. The fraud detection server 120 may include one or more processors 140C and may be in communication with the transaction server 105 and the retail database 130. Using the historical information stored in the retail database 130, the fraud detection server 120 may be configured to generate a plurality of fraud models 135, each representing a potentially fraudulent transaction. The historical information stored in the retail database 130 may also help to identify current retail transactions that are potentially fraudulent.)) Claim 5: Arnold, Sandepudi and Branco teach each and every element of Claim 1 above. Arnold does not expressly disclose, however, Sandepudi teaches: accessing the electronic data structure, during execution of each instruction set, is performed by reading electronic transaction records in order of timestamp. (See Sandepudi, Par. 20 (As shown in FIG. 1, fraud detection server 102 includes (or has access to) transaction data store 114, which may include various types of data associated with transaction system 120 and the service it provides. As a non-limiting example, this transaction data may include: user identifiers, session identifiers, event types, transaction times, origin IP addresses, or any other suitable transaction data that may be used to detect fraudulent activity.)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine with the teachings of Arnold discussed above, transaction record data that includes a timestamp, as taught by Sandepudi. Arnold teaches an automated fraud detection system. It would be obvious for --Arnold to include a step for having transaction record data that include a timestamp so as to provide information essential for determination of fraud decisions. Since the claimed invention is merely a combination of old elements, Arnold’s automated fraud detection system and Sandepudi’s transaction record data that includes a timestamp, and in the combination each element would have performed the same function it performed separately, one having ordinary skill in the art at the time of the invention would have recognized that the results of the combination were predictable. Claim 6: Arnold, Sandepudi and Branco teach each and every element of Claim 1 above. Arnold does not expressly disclose, however, Sandepudi teaches: each electronic transaction record in the electronic data structure comprises a customer identifier. (See Sandepudi, Par. 20 (As shown in FIG. 1, fraud detection server 102 includes (or has access to) transaction data store 114, which may include various types of data associated with transaction system 120 and the service it provides. As a non-limiting example, this transaction data may include: user identifiers, session identifiers, event types, transaction times, origin IP addresses, or any other suitable transaction data that may be used to detect fraudulent activity.)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine with the teachings of Arnold discussed above, transaction record data that includes a user identifier, as taught by Sandepudi. Arnold teaches an automated fraud detection system. It would be obvious for --Arnold to include a step for having transaction record data that include a user identifier so as to provide information essential for determination of fraud decisions. Since the claimed invention is merely a combination of old elements, Arnold’s automated fraud detection system and Sandepudi’s transaction record data that includes a user identifier, and in the combination each element would have performed the same function it performed separately, one having ordinary skill in the art at the time of the invention would have recognized that the results of the combination were predictable. Claim 7: Arnold, Sandepudi and Branco teach each and every element of Claim 1 above. Arnold does not expressly disclose, however, Sandepudi teaches: the electronic data structure is partitioned into the plurality of partitions based on customer identifiers of its electronic transaction records; and/or the plurality of partitions of the electronic data structure are configured such that no two partitions hold records for the same customer identifier; and/or each partition holds records for its own distinct set of customer identifiers. (See Sandepudi, Par. 20 (As shown in FIG. 1, fraud detection server 102 includes (or has access to) transaction data store 114, which may include various types of data associated with transaction system 120 and the service it provides. As a non-limiting example, this transaction data may include: user identifiers, session identifiers, event types, transaction times, origin IP addresses, or any other suitable transaction data that may be used to detect fraudulent activity.)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine with the teachings of Arnold discussed above, transaction record data that includes a user identifier, as taught by Sandepudi. Arnold teaches an automated fraud detection system. It would be obvious for --Arnold to include a step for having transaction record data that include a user identifier so as to provide information essential for determination of fraud decisions. Since the claimed invention is merely a combination of old elements, Arnold’s automated fraud detection system and Sandepudi’s transaction record data that includes a user identifier, and in the combination each element would have performed the same function it performed separately, one having ordinary skill in the art at the time of the invention would have recognized that the results of the combination were predictable. Claim 8: Arnold, Sandepudi and Branco teach each and every element of Claim 1 above. Arnold further teaches: the ruleset comprises a fraud model, wherein the fraud model is configured to map a plurality of inputs to a model score, wherein the ruleset uses one or more model scores to determine a fraud decision wherein the ruleset uses one or more additional rules to determine a fraud decision wherein the fraud model is stateful, and/or wherein the fraud model determines a model score for its plurality of inputs based on previously-seen inputs. (See Arnold, Par. 13 (The fraud detection server 120 may be configured to detect which of the retail transactions are potentially fraudulent. The fraud detection server 120 may include one or more processors 140C and may be in communication with the transaction server 105 and the retail database 130. Using the historical information stored in the retail database 130, the fraud detection server 120 may be configured to generate a plurality of fraud models 135, each representing a potentially fraudulent transaction. The historical information stored in the retail database 130 may also help to identify current retail transactions that are potentially fraudulent.)) Claim 9: Arnold, Sandepudi and Branco teach each and every element of Claim 1 above. Arnold further teaches: the predetermined historical period is a built-in parameter of the fraud detection system or is selected by a user; and/or each electronic transaction record in the electronic data structure is timestamped and the historical period defines a set of electronic transaction records whose timestamps all fall within a specific window, preferably wherein said window is the last 90 days. (See Arnold, Par. 11 (The retail database 130 may further include previous retail transactions and their associated attributes. This way, the retail database 130 stores current and historical information about retail transactions. The retail database 130 may store historical information going back any amount of time. The historical information may include retail transactions from the last week, six months, or even ten (10) years depending on various factors.)) Claim 10: Arnold, Sandepudi and Branco teach each and every element of Claim 1 above. Arnold does not expressly disclose, however, Sandepudi teaches: Evaluating, by the at least one computer processor, the ruleset by comparing the fraud decisions to fraudulent transaction report data to determine a score for the ruleset. (See Sandepudi, Par. 42 (At 410, in the illustrated embodiment, the rule tuning module 112 evaluates a performance of the first fraud-detection rule using the updated threshold value. For example, the performance evaluation module 212 may compare the performance of the rule 106 using the previous threshold values 110 against the performance of the rule 106 using the updated threshold values 118.)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine with the teachings of Arnold discussed above, comparing fraud decisions, as taught by Sandepudi. Arnold teaches an automated fraud detection system. It would be obvious for --Arnold to include steps for comparing fraud decisions as to provide information essential for accurate determination of fraud decisions. Since the claimed invention is merely a combination of old elements, Arnold’s automated fraud detection system and Sandepudi’s comparing fraud decisions, and in the combination each element would have performed the same function it performed separately, one having ordinary skill in the art at the time of the invention would have recognized that the results of the combination were predictable. Claim 11: Arnold, Sandepudi and Branco teach each and every element of Claim 1 above. Arnold further teaches: receiving, by the at least one computer processor, a live transaction event; and (See Arnold, Par. 11 (The transaction server 105 may include any device or devices configured to receive and process retail transactions. Retail transactions may include purchases made over a network, such as the Internet or a cellular network, or in a traditional brick-and-mortar store.)) Arnold does not expressly disclose, however, Sandepudi teaches: writing, by the at least one computer processor, a record of the live transaction event to the electronic data structure; optionally wherein: the electronic data structure comprises a plurality of partitions and, for each instruction set, accessing the one or more electronic transaction records comprises accessing from a subset of the plurality of partitions; and writing the record of the live transaction event to the electronic data structure comprises writing the record of the live transaction event to one of the partitions; (See Sandepudi, Par. 20 (As shown in FIG. 1, fraud detection server 102 includes (or has access to) transaction data store 114, which may include various types of data associated with transaction system 120 and the service it provides. As a non-limiting example, this transaction data may include: user identifiers, session identifiers, event types, transaction times, origin IP addresses, or any other suitable transaction data that may be used to detect fraudulent activity.), Fig. 6A, Par. 52 (In FIG. 6A, UI 600 depicts a graph 602 showing the performance of the fraud-detection rule 502A using the existing threshold value 516 for the evaluation criterion 514 over a given time period (e.g., one month, in the depicted embodiment). For the given time period, graph 602 shows both the total number of records (e.g., the total number of transactions associated with transaction system 120) generated on a given day and the total number of records flagged by rule 502A. For example, on 13th February on graph 602, there were approximately 65,000 total records generated that day (e.g., transactions performed with transaction system 120) and approximately 145 of those records were identified as satisfying rule 502A)) optionally wherein each electronic transaction record in the electronic data structure comprises a customer identifier and the partition for the record of the live transaction event to be written to is selected based on a customer identifier of the live transaction event. (See Sandepudi, Par. 20 (As shown in FIG. 1, fraud detection server 102 includes (or has access to) transaction data store 114, which may include various types of data associated with transaction system 120 and the service it provides. As a non-limiting example, this transaction data may include: user identifiers, session identifiers, event types, transaction times, origin IP addresses, or any other suitable transaction data that may be used to detect fraudulent activity.)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine with the teachings of Arnold discussed above, creating records of transactions, receiving fraudulent transaction reports and comparing fraud decisions, as taught by Sandepudi. Arnold teaches an automated fraud detection system. It would be obvious for --Arnold to include steps for creating records of transactions, receiving fraudulent transaction reports and comparing fraud decisions as to provide information essential for accurate determination of fraud decisions. Since the claimed invention is merely a combination of old elements, Arnold’s automated fraud detection system and Sandepudi’s creating records of transactions, receiving fraudulent transaction reports and comparing fraud decisions, and in the combination each element would have performed the same function it performed separately, one having ordinary skill in the art at the time of the invention would have recognized that the results of the combination were predictable. Claim 13: Arnold, Sandepudi and Branco teach each and every element of Claim 1 above. Arnold further teaches: receiving, by the at least one computer processor, a stream of transaction events; (See Arnold, Par. 11 (The transaction server 105 may include any device or devices configured to receive and process retail transactions. Retail transactions may include purchases made over a network, such as the Internet or a cellular network, or in a traditional brick-and-mortar store.)) for each live transaction event: determining, by the at least one computer processor, using a first ruleset, a fraud decision for the live transaction event, wherein the fraud decision for the live transaction event is a prediction based on the ruleset as to whether the transaction to which the live transaction event relates is fraudulent; and (See Arnold, Par. 13 (The fraud detection server 120 may be configured to detect which of the retail transactions are potentially fraudulent. The fraud detection server 120 may include one or more processors 140C and may be in communication with the transaction server 105 and the retail database 130. Using the historical information stored in the retail database 130, the fraud detection server 120 may be configured to generate a plurality of fraud models 135, each representing a potentially fraudulent transaction. The historical information stored in the retail database 130 may also help to identify current retail transactions that are potentially fraudulent.)) Arnold does not expressly disclose, however, Sandepudi teaches: writing, by the at least one computer processor, a record of the live transaction event to the electronic data structure of electronic transaction records; (See Sandepudi, Par. 20 (As shown in FIG. 1, fraud detection server 102 includes (or has access to) transaction data store 114, which may include various types of data associated with transaction system 120 and the service it provides. As a non-limiting example, this transaction data may include: user identifiers, session identifiers, event types, transaction times, origin IP addresses, or any other suitable transaction data that may be used to detect fraudulent activity.), Fig. 6A, Par. 52 (In FIG. 6A, UI 600 depicts a graph 602 showing the performance of the fraud-detection rule 502A using the existing threshold value 516 for the evaluation criterion 514 over a given time period (e.g., one month, in the depicted embodiment). For the given time period, graph 602 shows both the total number of records (e.g., the total number of transactions associated with transaction system 120) generated on a given day and the total number of records flagged by rule 502A. For example, on 13th February on graph 602, there were approximately 65,000 total records generated that day (e.g., transactions performed with transaction system 120) and approximately 145 of those records were identified as satisfying rule 502A)) receiving, by the at least one computer processor, a stream of fraudulent transaction reports; and (See Sandepudi, Fig. 6A, Par. 52 (In FIG. 6A, UI 600 depicts a graph 602 showing the performance of the fraud-detection rule 502A using the existing threshold value 516 for the evaluation criterion 514 over a given time period (e.g., one month, in the depicted embodiment). For the given time period, graph 602 shows both the total number of records (e.g., the total number of transactions associated with transaction system 120) generated on a given day and the total number of records flagged by rule 502A.)) comparing, by the at least one computer processor, the fraud decisions determined using the second ruleset to data from the stream of fraudulent transaction reports to determine a performance score for the second ruleset. (See Sandepudi, Par. 42 (At 410, in the illustrated embodiment, the rule tuning module 112 evaluates a performance of the first fraud-detection rule using the updated threshold value. For example, the performance evaluation module 212 may compare the performance of the rule 106 using the previous threshold values 110 against the performance of the rule 106 using the updated threshold values 118.)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine with the teachings of Arnold discussed above, creating records of transactions, receiving fraudulent transaction reports and comparing fraud decisions, as taught by Sandepudi. Arnold teaches an automated fraud detection system. It would be obvious for --Arnold to include steps for creating records of transactions, receiving fraudulent transaction reports and comparing fraud decisions as to provide information essential for accurate determination of fraud decisions. Since the claimed invention is merely a combination of old elements, Arnold’s automated fraud detection system and Sandepudi’s creating records of transactions, receiving fraudulent transaction reports and comparing fraud decisions, and in the combination each element would have performed the same function it performed separately, one having ordinary skill in the art at the time of the invention would have recognized that the results of the combination were predictable. Claim 14: Arnold, Sandepudi and Branco teach each and every element of Claim 13 above. Arnold does not expressly disclose, however, Sandepudi teaches: either: receiving, by the at least one computer processor, a previously-computed performance score for the first ruleset; or comparing, by the at least one computer processor, the fraud decisions determined using the first ruleset to data from the stream of fraudulent transaction reports to determine a performance score for the first ruleset. (See Sandepudi, Par. 42 (At 410, in the illustrated embodiment, the rule tuning module 112 evaluates a performance of the first fraud-detection rule using the updated threshold value. For example, the performance evaluation module 212 may compare the performance of the rule 106 using the previous threshold values 110 against the performance of the rule 106 using the updated threshold values 118.)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine with the teachings of Arnold discussed above, comparing fraud decisions, as taught by Sandepudi. Arnold teaches an automated fraud detection system. It would be obvious for --Arnold to include steps for comparing fraud decisions as to provide information essential for accurate determination of fraud decisions. Since the claimed invention is merely a combination of old elements, Arnold’s automated fraud detection system and Sandepudi’s comparing fraud decisions, and in the combination each element would have performed the same function it performed separately, one having ordinary skill in the art at the time of the invention would have recognized that the results of the combination were predictable. Claim 15: Arnold, Sandepudi and Branco teach each and every element of Claim 14 above. Arnold does not expressly disclose, however, Sandepudi teaches: in accordance with a determination that the performance score for the second ruleset indicates a higher accuracy than the performance score for the first ruleset, replacing, by the at least one computer processor, the first ruleset used to determine fraud decisions for live transaction events with the second ruleset. (See Sandepudi, Par. 42 (As described above with reference to FIG. 2, if tile performance of tile updated version of tile rule 106 exceeds a predetermined threshold (based, for example, on one or more performance metrics), method 400 proceeds to element 412 in which the fraud detection server 102 sends a suggested update of the first fraud-detection rule 106 to the transaction system 120.)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine with the teachings of Arnold discussed above, replacing a ruleset with a better performing ruleset, as taught by Sandepudi. Arnold teaches an automated fraud detection system. It would be obvious for --Arnold to include a step for replacing a ruleset with a better performing ruleset so as to improve the determination of fraud decisions. Since the claimed invention is merely a combination of old elements, Arnold’s automated fraud detection system and Sandepudi’s replacing a ruleset with a better performing ruleset, and in the combination each element would have performed the same function it performed separately, one having ordinary skill in the art at the time of the invention would have recognized that the results of the combination were predictable. Claim 16: Arnold, Sandepudi and Branco teach each and every element of Claim 14 above. Arnold further teaches: receiving, by the at least one computer processor, a new live transaction event; (See Arnold, Par. 11 (The transaction server 105 may include any device or devices configured to receive and process retail transactions.)) either: in accordance with a determination that the new live transaction event is likely to be fraudulent, terminating and/or generating, by the at least one computer processor, an alert for the transaction; or in accordance with a determination that the new live transaction event is not likely to be fraudulent, processing, by the at least one computer processor, the transaction. (See Arnold, Par. 8 (When a potential instance of fraud is identified, a fraud investigator may review the affected transaction to determine whether it is indeed fraudulent. If so, the investigator may cancel the transaction.)) Arnold does not expressly disclose, however, Sandepudi teaches: determining, by the at least one computer processor, that the performance score for the second ruleset indicates a higher accuracy than the performance score for the first ruleset; (See Sandepudi, Par. 42 (As described above with reference to FIG. 2, if tile performance of tile updated version of tile rule 106 exceeds a predetermined threshold (based, for example, on one or more performance metrics), method 400 proceeds to element 412 in which the fraud detection server 102 sends a suggested update of the first fraud-detection rule 106 to the transaction system 120.)) determining, by the at least one computer processor, using the second ruleset, a fraud decision for the new live transaction event; and (See Sandepudi, Par. 42 (As described above with reference to FIG. 2, if tile performance of tile updated version of tile rule 106 exceeds a predetermined threshold (based, for example, on one or more performance metrics), method 400 proceeds to element 412 in which the fraud detection server 102 sends a suggested update of the first fraud-detection rule 106 to the transaction system 120.)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine with the teachings of Arnold discussed above, replacing a ruleset with a better performing ruleset, as taught by Sandepudi. Arnold teaches an automated fraud detection system. It would be obvious for --Arnold to include a step for replacing a ruleset with a better performing ruleset so as to improve the determination of fraud decisions. Since the claimed invention is merely a combination of old elements, Arnold’s automated fraud detection system and Sandepudi’s replacing a ruleset with a better performing ruleset, and in the combination each element would have performed the same function it performed separately, one having ordinary skill in the art at the time of the invention would have recognized that the results of the combination were predictable. Claim 17: Arnold teaches: A device for use in detecting fraudulent electronic transactions comprising at least one computer processor and a memory, the memory containing computer-readable instructions which, when executed on the at least one computer processor, cause the at least one computer processor to: (See Arnold, Par. 25 (A processor (e.g., a microprocessor), such as the processors 140A-140D discussed above, receives instructions, e.g., from a memory, a computer-readable medium, etc., and executes these instructions, thereby performing one or more processes, including one or more of the processes described herein.)) access an electronic data structure comprising a plurality of electronic transaction records, (See Arnold, Par. 11 (The transaction server 105 may include any device or devices configured to receive and process retail transactions. Retail transactions may include purchases made over a network, such as the Internet or a cellular network, or in a traditional brick-and-mortar store. Each retail transaction may be associated with one or more attributes. The retail database 130 may further include previous retail transactions and their associated attributes. This way, the retail database 130 stores current and historical information about retail transactions. The retail database 130 may store historical information going back any amount of time.)) execute a plurality of computer-readable instruction sets sharing a common ruleset, each instruction set process being configured to use the ruleset to output fraud decisions for electronic transaction records, wherein a fraud decision for an electronic transaction record is a prediction based on the ruleset as to whether the transaction to which the electronic transaction record relates is fraudulent; (See Arnold, Par. 13 (The fraud detection server 120 may be configured to detect which of the retail transactions are potentially fraudulent. The fraud detection server 120 may include one or more processors 140C and may be in communication with the transaction server 105 and the retail database 130. Using the historical information stored in the retail database 130, the fraud detection server 120 may be configured to generate a plurality of fraud models 135, each representing a potentially fraudulent transaction. The historical information stored in the retail database 130 may also help to identify current retail transactions that are potentially fraudulent.)) wherein for each instruction set, executing the instruction set comprises: accessing one or more electronic transaction records for a predetermined historical period from a single distinct partition of the plurality of partitions in the electronic data structure; and (See Arnold, Par. 11 (The transaction server 105 may include any device or devices configured to receive and process retail transactions. Retail transactions may include purchases made over a network, such as the Internet or a cellular network, or in a traditional brick-and-mortar store. Each retail transaction may be associated with one or more attributes. The retail database 130 may further include previous retail transactions and their associated attributes. This way, the retail database 130 stores current and historical information about retail transactions. The retail database 130 may store historical information going back any amount of time.)) determining, using the ruleset, fraud decisions for the one or more electronic transaction records accessed from the electronic data structure. (See Arnold, Par. 13 (The fraud detection server 120 may be configured to detect which of the retail transactions are potentially fraudulent. The fraud detection server 120 may include one or more processors 140C and may be in communication with the transaction server 105 and the retail database 130. Using the historical information stored in the retail database 130, the fraud detection server 120 may be configured to generate a plurality of fraud models 135, each representing a potentially fraudulent transaction. The historical information stored in the retail database 130 may also help to identify current retail transactions that are potentially fraudulent.)) Arnold does not expressly disclose, however, Sandepudi teaches: wherein the electronic data structure comprises a plurality of partitions each comprising a subset of the plurality of electronic transaction records, wherein each electronic transaction record in the electronic data structure is timestamped, and * * * ; and (See Sandepudi, Par. 20 (As shown in FIG. 1, fraud detection server 102 includes (or has access to) transaction data store 114, which may include various types of data associated with transaction system 120 and the service it provides. As a non-limiting example, this transaction data may include: user identifiers, session identifiers, event types, transaction times, origin IP addresses, or any other suitable transaction data that may be used to detect fraudulent activity.)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine with the teachings of Arnold discussed above, transaction record data that includes a timestamp, as taught by Sandepudi. Arnold teaches an automated fraud detection system. It would be obvious for --Arnold to include a step for having transaction record data that include a timestamp so as to provide information essential for determination of fraud decisions. Since the claimed invention is merely a combination of old elements, Arnold’s automated fraud detection system and Sandepudi’s transaction record data that includes a timestamp, and in the combination each element would have performed the same function it performed separately, one having ordinary skill in the art at the time of the invention would have recognized that the results of the combination were predictable. Arnold does not expressly disclose, however, Branco teaches: * * * the electronic transaction records in each partition of the electronic data structure are ordered according to the respective timestamps of the electronic transaction records; (See Branco, Par. 67 (In various embodiments, each card's transactions are saved in the database by chronological order (and fed to the model in that same order).)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine with the teachings of Arnold and Sandepudi discussed above, transaction data fed to a model in chronological order when requested, as taught by Branco. Arnold teaches an automated fraud detection system. Sandepudi teaches transaction record data that includes a timestamp. It would be obvious for --Arnold to include a step for having transaction data fed to a model in chronological order when requested, so as to properly provide historical information for analysis and determination of fraudulent transactions. Since the claimed invention is merely a combination of old elements, Arnold’s automated fraud detection system, Sandepudi’s transaction record data that includes a timestamp and Branco’s transaction data fed to a model in chronological order, and in the combination each element would have performed the same function it performed separately, one having ordinary skill in the art at the time of the invention would have recognized that the results of the combination were predictable. Claim 18: Arnold teaches: A non-transitory computer-readable storage medium containing computer-readable instructions for use in detecting fraudulent electronic transactions which, when executed by at least one computer processor, cause the at least one computer processor to: (See Arnold, Par. 25 (Computing devices generally include computer-executable instructions, where the instructions may be executable by one or more computing devices such as those listed above. Computer-executable instructions may be compiled or interpreted from computer programs created using a variety of programming languages and/or technologies. In general, a processor (e.g., a microprocessor), such as the processors 140A-140D discussed above, receives instructions, e.g., from a memory, a computer-readable medium, etc., and executes these instructions, thereby performing one or more processes, including one or more of the processes described herein.)) access an electronic data structure comprising a plurality of electronic transaction records, (See Arnold, Par. 11 (The transaction server 105 may include any device or devices configured to receive and process retail transactions. Retail transactions may include purchases made over a network, such as the Internet or a cellular network, or in a traditional brick-and-mortar store. Each retail transaction may be associated with one or more attributes. The retail database 130 may further include previous retail transactions and their associated attributes. This way, the retail database 130 stores current and historical information about retail transactions. The retail database 130 may store historical information going back any amount of time.)) execute a plurality of computer-readable instruction sets sharing a common ruleset, each instruction set being configured to use the ruleset to output fraud decisions for electronic transaction records, wherein a fraud decision for an electronic transaction record is a prediction based on the ruleset as to whether the transaction to which the electronic transaction record relates is fraudulent; (See Arnold, Par. 13 (The fraud detection server 120 may be configured to detect which of the retail transactions are potentially fraudulent. The fraud detection server 120 may include one or more processors 140C and may be in communication with the transaction server 105 and the retail database 130. Using the historical information stored in the retail database 130, the fraud detection server 120 may be configured to generate a plurality of fraud models 135, each representing a potentially fraudulent transaction. The historical information stored in the retail database 130 may also help to identify current retail transactions that are potentially fraudulent.)) wherein for each instruction set, executing the instruction set process comprises: accessing one or more electronic transaction records for a predetermined historical period from a single distinct partition of the plurality of partitions in the electronic data structure; and (See Arnold, Par. 11 (The transaction server 105 may include any device or devices configured to receive and process retail transactions. Retail transactions may include purchases made over a network, such as the Internet or a cellular network, or in a traditional brick-and-mortar store. Each retail transaction may be associated with one or more attributes. The retail database 130 may further include previous retail transactions and their associated attributes. This way, the retail database 130 stores current and historical information about retail transactions. The retail database 130 may store historical information going back any amount of time.)) determining, using the ruleset, fraud decisions for the one or more electronic transaction records accessed from the electronic data structure. (See Arnold, Par. 13 (The fraud detection server 120 may be configured to detect which of the retail transactions are potentially fraudulent. The fraud detection server 120 may include one or more processors 140C and may be in communication with the transaction server 105 and the retail database 130. Using the historical information stored in the retail database 130, the fraud detection server 120 may be configured to generate a plurality of fraud models 135, each representing a potentially fraudulent transaction. The historical information stored in the retail database 130 may also help to identify current retail transactions that are potentially fraudulent.)) Arnold does not expressly disclose, however, Sandepudi teaches: wherein the electronic data structure comprises a plurality of partitions each comprising a subset of the plurality of electronic transaction records, wherein each electronic transaction record in the electronic data structure is timestamped, and * * * ; and (See Sandepudi, Par. 20 (As shown in FIG. 1, fraud detection server 102 includes (or has access to) transaction data store 114, which may include various types of data associated with transaction system 120 and the service it provides. As a non-limiting example, this transaction data may include: user identifiers, session identifiers, event types, transaction times, origin IP addresses, or any other suitable transaction data that may be used to detect fraudulent activity.)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine with the teachings of Arnold discussed above, transaction record data that includes a timestamp, as taught by Sandepudi. Arnold teaches an automated fraud detection system. It would be obvious for --Arnold to include a step for having transaction record data that include a timestamp so as to provide information essential for determination of fraud decisions. Since the claimed invention is merely a combination of old elements, Arnold’s automated fraud detection system and Sandepudi’s transaction record data that includes a timestamp, and in the combination each element would have performed the same function it performed separately, one having ordinary skill in the art at the time of the invention would have recognized that the results of the combination were predictable. Arnold does not expressly disclose, however, Branco teaches: * * * the electronic transaction records in each partition of the electronic data structure are ordered according to the respective timestamps of the electronic transaction records; (See Branco, Par. 67 (In various embodiments, each card's transactions are saved in the database by chronological order (and fed to the model in that same order).)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine with the teachings of Arnold and Sandepudi discussed above, transaction data fed to a model in chronological order when requested, as taught by Branco. Arnold teaches an automated fraud detection system. Sandepudi teaches transaction record data that includes a timestamp. It would be obvious for --Arnold to include a step for having transaction data fed to a model in chronological order when requested, so as to properly provide historical information for analysis and determination of fraudulent transactions. Since the claimed invention is merely a combination of old elements, Arnold’s automated fraud detection system, Sandepudi’s transaction record data that includes a timestamp and Branco’s transaction data fed to a model in chronological order, and in the combination each element would have performed the same function it performed separately, one having ordinary skill in the art at the time of the invention would have recognized that the results of the combination were predictable. Claim 20: Arnold, Sandepudi and Branco teach each and every element of Claim 17 above. Arnold further teaches: receive a stream of live transaction events; (See Arnold, Par. 11 (The transaction server 105 may include any device or devices configured to receive and process retail transactions. Retail transactions may include purchases made over a network, such as the Internet or a cellular network, or in a traditional brick-and-mortar store.)) for each live transaction event: determine, using a first ruleset, a fraud decision for the live transaction event, wherein the fraud decision for the live transaction event is a prediction based on the ruleset as to whether the transaction to which the live transaction event relates is fraudulent; and (See Arnold, Par. 13 (The fraud detection server 120 may be configured to detect which of the retail transactions are potentially fraudulent. The fraud detection server 120 may include one or more processors 140C and may be in communication with the transaction server 105 and the retail database 130. Using the historical information stored in the retail database 130, the fraud detection server 120 may be configured to generate a plurality of fraud models 135, each representing a potentially fraudulent transaction. The historical information stored in the retail database 130 may also help to identify current retail transactions that are potentially fraudulent.)) Arnold does not expressly disclose, however, Sandepudi teaches: write a record of the live transaction event to the electronic data structure of electronic transaction records; (See Sandepudi, Par. 20 (As shown in FIG. 1, fraud detection server 102 includes (or has access to) transaction data store 114, which may include various types of data associated with transaction system 120 and the service it provides. As a non-limiting example, this transaction data may include: user identifiers, session identifiers, event types, transaction times, origin IP addresses, or any other suitable transaction data that may be used to detect fraudulent activity.), Fig. 6A, Par. 52 (In FIG. 6A, UI 600 depicts a graph 602 showing the performance of the fraud-detection rule 502A using the existing threshold value 516 for the evaluation criterion 514 over a given time period (e.g., one month, in the depicted embodiment). For the given time period, graph 602 shows both the total number of records (e.g., the total number of transactions associated with transaction system 120) generated on a given day and the total number of records flagged by rule 502A. For example, on 13th February on graph 602, there were approximately 65,000 total records generated that day (e.g., transactions performed with transaction system 120) and approximately 145 of those records were identified as satisfying rule 502A)) receive a stream of fraudulent transaction reports; and (See Sandepudi, Fig. 6A, Par. 52 (In FIG. 6A, UI 600 depicts a graph 602 showing the performance of the fraud-detection rule 502A using the existing threshold value 516 for the evaluation criterion 514 over a given time period (e.g., one month, in the depicted embodiment). For the given time period, graph 602 shows both the total number of records (e.g., the total number of transactions associated with transaction system 120) generated on a given day and the total number of records flagged by rule 502A.)) compare the fraud decisions determined using the second ruleset to data from the stream of fraudulent transaction reports to determine a performance score for the second ruleset. (See Sandepudi, Par. 42 (At 410, in the illustrated embodiment, the rule tuning module 112 evaluates a performance of the first fraud-detection rule using the updated threshold value. For example, the performance evaluation module 212 may compare the performance of the rule 106 using the previous threshold values 110 against the performance of the rule 106 using the updated threshold values 118.)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine with the teachings of Arnold discussed above, creating records of transactions, receiving fraudulent transaction reports and comparing fraud decisions, as taught by Sandepudi. Arnold teaches an automated fraud detection system. It would be obvious for --Arnold to include steps for creating records of transactions, receiving fraudulent transaction reports and comparing fraud decisions as to provide information essential for accurate determination of fraud decisions. Since the claimed invention is merely a combination of old elements, Arnold’s automated fraud detection system and Sandepudi’s creating records of transactions, receiving fraudulent transaction reports and comparing fraud decisions, and in the combination each element would have performed the same function it performed separately, one having ordinary skill in the art at the time of the invention would have recognized that the results of the combination were predictable. Claim 21: Arnold, Sandepudi and Branco teach each and every element of Claim 18 above. Arnold further teaches: receive a stream of live transaction events; (See Arnold, Par. 11 (The transaction server 105 may include any device or devices configured to receive and process retail transactions. Retail transactions may include purchases made over a network, such as the Internet or a cellular network, or in a traditional brick-and-mortar store.)) for each live transaction event: determine, using a first ruleset, a fraud decision for the live transaction event, wherein the fraud decision for the live transaction event is a prediction based on the ruleset as to whether the transaction to which the live transaction event relates is fraudulent; and (See Arnold, Par. 13 (The fraud detection server 120 may be configured to detect which of the retail transactions are potentially fraudulent. The fraud detection server 120 may include one or more processors 140C and may be in communication with the transaction server 105 and the retail database 130. Using the historical information stored in the retail database 130, the fraud detection server 120 may be configured to generate a plurality of fraud models 135, each representing a potentially fraudulent transaction. The historical information stored in the retail database 130 may also help to identify current retail transactions that are potentially fraudulent.)) Arnold does not expressly disclose, however, Sandepudi teaches: write a record of the live transaction event to the electronic data structure of electronic transaction records; (See Sandepudi, Par. 20 (As shown in FIG. 1, fraud detection server 102 includes (or has access to) transaction data store 114, which may include various types of data associated with transaction system 120 and the service it provides. As a non-limiting example, this transaction data may include: user identifiers, session identifiers, event types, transaction times, origin IP addresses, or any other suitable transaction data that may be used to detect fraudulent activity.), Fig. 6A, Par. 52 (In FIG. 6A, UI 600 depicts a graph 602 showing the performance of the fraud-detection rule 502A using the existing threshold value 516 for the evaluation criterion 514 over a given time period (e.g., one month, in the depicted embodiment). For the given time period, graph 602 shows both the total number of records (e.g., the total number of transactions associated with transaction system 120) generated on a given day and the total number of records flagged by rule 502A. For example, on 13th February on graph 602, there were approximately 65,000 total records generated that day (e.g., transactions performed with transaction system 120) and approximately 145 of those records were identified as satisfying rule 502A)) receive a stream of fraudulent transaction reports; and (See Sandepudi, Fig. 6A, Par. 52 (In FIG. 6A, UI 600 depicts a graph 602 showing the performance of the fraud-detection rule 502A using the existing threshold value 516 for the evaluation criterion 514 over a given time period (e.g., one month, in the depicted embodiment). For the given time period, graph 602 shows both the total number of records (e.g., the total number of transactions associated with transaction system 120) generated on a given day and the total number of records flagged by rule 502A.)) compare the fraud decisions determined using the second ruleset to data from the stream of fraudulent transaction reports to determine a performance score for the second ruleset. (See Sandepudi, Par. 42 (At 410, in the illustrated embodiment, the rule tuning module 112 evaluates a performance of the first fraud-detection rule using the updated threshold value. For example, the performance evaluation module 212 may compare the performance of the rule 106 using the previous threshold values 110 against the performance of the rule 106 using the updated threshold values 118.)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine with the teachings of Arnold discussed above, creating records of transactions, receiving fraudulent transaction reports and comparing fraud decisions, as taught by Sandepudi. Arnold teaches an automated fraud detection system. It would be obvious for --Arnold to include steps for creating records of transactions, receiving fraudulent transaction reports and comparing fraud decisions as to provide information essential for accurate determination of fraud decisions. Since the claimed invention is merely a combination of old elements, Arnold’s automated fraud detection system and Sandepudi’s creating records of transactions, receiving fraudulent transaction reports and comparing fraud decisions, and in the combination each element would have performed the same function it performed separately, one having ordinary skill in the art at the time of the invention would have recognized that the results of the combination were predictable. Claims 12 and 23 are rejected under 35 U.S.C. 103 as being unpatentable over Arnold et al., US 2014/0114840 A1, (“Arnold”), in view of Sandepudi et al., US 2020/0334679 A1, (“Sandepudi”), in further view of Branco et al., US 2021/0248448 A1, (“Branco”), in further view of Zhang et al., US 2017/0364534 A1, (“Zhang”). Claim 12: Arnold, Sandepudi and Branco teach each and every element of Claim 1 above. Arnold does not expressly disclose, however, Zhang teaches: the electronic data structure is a topic. (See Zhang, Par. 62 (Graph system 100 imports data from different data sources 102. The data sources 102 may include structured data such as those stored in relational databases and unstructured data. Graph system 100 includes data importing tools 314 that interface with different types of data sources 102 to provide flexible data import options, such as batch and bulk imports and distributed data streaming. Kafka and Flume are tools for real time streaming.)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine with the teachings of Arnold and Sandepudi discussed above, using a Kafka data structure for transaction records, as taught by Zhang. Arnold teaches an automated fraud detection system. Sandepudi teaches fraud detection rules. It would be obvious for --Arnold to include step using a Kafka data structure for transaction records so as to present data for an accurate determination of fraud decisions. Since the claimed invention is merely a combination of old elements, Arnold’s automated fraud detection system and Zhang’s Kafka data structure for transaction records, receiving fraudulent transaction reports and comparing fraud decisions, and in the combination each element would have performed the same function it performed separately, one having ordinary skill in the art at the time of the invention would have recognized that the results of the combination were predictable. Claim 23: Arnold, Sandepudi and Branco teach each and every element of Claim 1 above. Arnold does not expressly disclose, however, Zhang teaches: the instruction sets run on a cluster. (See Zhang, Par. 69 (The system 100 can generate a dynamically changing graph of people over time in each of the stores. The graph evolution study can help visualize one or more clusters of people moving among stores.)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine with the teachings of Arnold and Sandepudi discussed above, a step for running an instruction set based on a cluster, as taught by Zhang. Arnold teaches an automated fraud detection system. Sandepudi teaches fraud detection rules. It would be obvious for --Arnold to include step for running an instruction set based on a cluster so as to present data for an accurate determination of fraud decisions. Since the claimed invention is merely a combination of old elements, Arnold’s automated fraud detection system and Zhang’s running an instruction set based on a cluster, and in the combination each element would have performed the same function it performed separately, one having ordinary skill in the art at the time of the invention would have recognized that the results of the combination were predictable. Claim 24 is rejected under 35 U.S.C. 103 as being unpatentable over Arnold et al., US 2014/0114840 A1, (“Arnold”), in view of Sandepudi et al., US 2020/0334679 A1, (“Sandepudi”), in further view of Branco et al., US 2021/0248448 A1, (“Branco”), in further view of Fan et al., US 2005/0125434 A1, (“Fan”). Claim 24: Arnold, Sandepudi and Branco teach each and every element of Claim 1 above. Arnold does not expressly disclose, however, Fan teaches: the data structure comprises a plurality of partitions and, for each instruction set, accessing the one or more electronic transaction records comprises accessing from a subset of the plurality of partitions, preferably a single distinct partition. (See Fan, Abstract (A method (and structure) for processing an inductive learning model for a dataset of examples, includes dividing the dataset into N subsets of data and developing an estimated learning model for the dataset by developing a learning model for a first subset of the N subsets.), Par. 185 (All three dataset were partitioned into K=1024 partitions. For the adult dataset, each partition contains only 32 examples, but there are 15 attributes. The estimation results 800, 801, 802 are shown in Figs. 8A, 8B, and 8C.)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine with the teachings of Arnold and Sandepudi discussed above, a step for a dataset comprising a plurality of partitions, as taught by Fan. Arnold teaches an automated fraud detection system. Sandepudi teaches fraud detection rules. It would be obvious for --Arnold to include a step for a dataset comprising a plurality of partitions so as to include sufficient data for an accurate determination of fraud decisions. Since the claimed invention is merely a combination of old elements, Arnold’s automated fraud detection system and Fan’s a step for a dataset comprising a plurality of partitions, and in the combination each element would have performed the same function it performed separately, one having ordinary skill in the art at the time of the invention would have recognized that the results of the combination were predictable. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to GEORGE PROIOS whose telephone number is (571)272-4573. The examiner can normally be reached M-F 8-5. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Bennett M Sigmond can be reached on 303-297-4411. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /GEORGE N. PROIOS/Examiner, Art Unit 3694 /BENNETT M SIGMOND/Supervisory Patent Examiner, Art Unit 3694