SECURITY SECURITY

A Little Fraud Goes a Long Way: What You Need to Know About Fraud Detection

The impact to your critical data can be the biggest threat to you and your organization. With a drastic increase in breaches and security threats such as ransomware, it’s important to first understand what your most critical data is and second, your challenges around protecting that data. Then you’re ready to find a solution to reduce risk, remediate and prevent an attack.

Across cybersecurity we are seeing drastic increases in threat landscape, and fraud is no different—it’s a multi-billion dollar business and only increasing. Fraud impacts many different industries including banking, financial sectors, healthcare, insurance, government agencies, e-commerce and more. The general statistic is that fraudulent activity costs are more than $16 billion worldwide and over 16 million US consumers were victims of identity theft or fraud in 2016.

What is Fraud?

Fraud is the criminal deception to gain financial or personal information and when we talk about cyberattacks today, fraud needs to be included. Fraud impacts both individuals and organizations. Sadly, many fraudulent actors play off people’s emotions during times of crisis, as we’ve been seeing during Hurricane Harvey. Fraud can be as simple as calling people to help with insurance claims and getting the necessary information for account takeovers, credit card transactions or malicious ecommerce exploits.

Fraud detection teams have similar challenges to other security teams and the reality is that detecting fraud can be complicated. The fraud use cases we see have many different behaviors that requires contextual information of what is taking place around the event. Halting fraud quickly requires preventive measures, monitoring and analytics.

Challenges of Fraud

There are multiple data points and event sources required to know for detection of fraud. Fraud patterns vary and evolve, just as the behaviors of cybercriminals do. There’s no one size fits all to detect fraud and every organization is different, which means the patterns will also vary. This means the need to be flexible and able to visualize relevant data sources is important.

There’s also a limited supply of human experts to keep up with alert volumes and prioritizing signals, often missing small incidents with too much time lost chasing false positives. Fraudsters are getting at better making it difficult to keep rules effective. Every fraud use case and behaviors differ, so there isn’t one quick fix for all the different types of possible fraud.

Many financial, healthcare, e-commerce and telco organizations are losing profits due to:

  • Account take overs
  • Stolen customers’ financial information
  • Abuse of system and services
  • Hard to detect all fraud activity

Current fraud detection technologies lack the ability to process mass amounts of transactional data in real-time, and advanced analytics that often require correlation and calculating statistics and prediction.

Solution for Fraud Detection

Patterns of internal or external fraud often lie in the massive amounts of unstructured machine data and logs generated by applications and systems. These are difficult to detect so it’s important to take preventive measures by monitoring and analyzing your data to manage fraud risks.

  • Fraud Prevention: Identify your most critical assets, internal and external vulnerabilities to be able to understand your risk and focus on the most important data to protect. Also, keeping a solid inventory of current and historical data will enable you to research possible fraudulent behavior to understand “who, what, where, when and how”.
  • Fraud Monitoring and Investigation: Using the collection of data you identified as critical, you can begin to monitor data of user devices and endpoints to understand what’s happening in your environment. Then it’s time to search, look for suspicious patterns and perform correlations across events and different data sets to identify fraud and create a baseline to determine normal activities vs. anomalies that may indicate fraudulent activity.
  • Analysis: It’s important to be able to analyze across all data and accounts, not just single instances—for example, web fraud and separately looking at credit card fraud. By applying advanced correlations to look at patterns across accounts and analytics techniques to the siloed data, it’s possible to translate human knowledge into rules to link the relationship between the data to detect fraud. Then you can integrate directly with operational systems to automate and take action.

Splunk for Fraud Detection

  • Fraud detection: Real-time correlation searches or anomaly detection can identify and alert on fraud as it happens so organizations can act to prevent the fraud before it adversely impacts the bottom line
  • Fraud investigations: Quickly search and pivot through massive amounts of current or historical machine data to research possible fraud and to understand the "who, what, where, when and how" around a possibly fraudulent action
  • Fraud analytics and reporting: Make it easy to analyze, measure and manage fraud risk for a wide range of internal users
  • Enhance existing anti-fraud tools: Index event data from siloed tools to create an aggregate fraud score for a single transaction
  • Create consolidated reports and dashboards to view enterprise-wide fraud risk on a single pane of glass
  • Use Splunk User Behavior Analytics to detect account takeover by uncovering malicious or anomalous behavior associated with users (including root, service and other shared privileged accounts), devices, and applications.


Breaking down siloes and looking across different data sources to find patterns


Use statistical analysis to detect outliers and anomalies

But don’t take our word for it...

Here's what our customers have to say:

"Our use of the Splunk platform has grown dramatically and it is now an integral part of our IT operations, providing insights in areas from e-commerce to security and fraud. Ultimately, with Splunk Enterprise, we have improved the protection we offer our customers.”
- Patrick Hoffman, Head of IT Infrastructure, PostFinance
"Our Splunk solution proves over and over that Operational Intelligence can combat malicious exploits like fraud on e-commerce sites. Fraudsters and cybercriminals may be getting savvier, but with the analytics enabled by our Splunk software, so are we.”
- Lead Application Security Engineer, Leading Global Retailer

Missed or want to re-live the Fraud sessions at .conf2017? Check out the recordings and session slides to learn how others are using Splunk for their anti-fraud needs.

You can also learn how Splunk and the Splunk Machine Learning Toolkit help detect and solve healthcare fraud in "Building a $60 Billion Data Model to Stop US Healthcare Fraud (Part 1)" and "Building a $60 Billion Data Model to Stop US Healthcare Fraud (Part 2)."

Follow all the conversations coming out of #splunkconf17!

Gleb Esman
Posted by Gleb Esman

Gleb Esman is Sr. Product Manager for Fraud Detection at Splunk.

With a technical background in analytics, security research and development, Gleb helps to guide product development efforts in the areas of fraud detection, analytics and investigations.

With experience in security research and building fraud detection, analytics and investigation applications at a major financial institution, Gleb helps ensure that Splunk customers will get the best of breed, cutting edge solutions to tackle costly challenges with fraud across multiple industry verticals.

Gleb is an author of patent applications in the area of deep learning, security and behavior biometrics.

Join the Discussion