July 29, 2015 | Written by: Ken Bisconti
Categorized: Customer Analytics
Share this post:
Customers expect a great experience across all channels in your organization. Customer experience has become a key differentiator for many organizations. What happens when there is a customer dispute or when fraud occurs on your website? You need the tools necessary to determine if it is a legitimate customer challenge or fraudulent activity. When it comes to customer disputes, there is nothing better than being able to go back and look at the customer actions in the session. You can quickly determine if it is an actual CX issue or potential fraud. The cxReveal component of IBM® Tealeaf allows your customer service reps to quickly see if the user’s complaints are valid. Tracking fraud across your site takes a bit more work, but can be done when you apply the following steps.
There are many things you can do with Tealeaf to track potential fraudulent activity. One of the main things to track is multiple changes to key data points in your session. Look for multiple occurrences of the following data points in the session:
- IP Address
- Login ID
- Credit Card Numbers (Use privacy to encrypt then look for changes)
- Social Security
- Account Number
- VIN Number, etc.
You can also look for suspicious activity. Before any type of process conversion, you can look to see if:
- a shipping address does not match the billing address
- the user’s profile password, name, address, etc. was changed before the conversion
- the name on the credit card does not match the profile name of the user
- it is a same-day travel purchase
- a user signs up for insurance, then makes a claim
- a user checks repeatedly to see if order was approved
- there is a loan signer and co-signer in same session, etc.
For many clients, an overpayment should be carefully watched, especially an overpayment by check. Many times the overpayments are turned into store credit, and the credit can sometimes be used before the payment clears. Any refund request should be tracked closely for the same reason.
Login errors should also be closely watched. A spike in login errors is sometimes an attempt to run through an email/password list to see if the same login/password exists on your site. These lists are often sold on the black market and used by fraudsters to gain access to your user’s accounts.
Pay close attention to your affiliates. Sometimes an affiliate will take advantage of malware to force your user onto an affiliate landing page in the middle of the session. If the affiliate is identified midway in the session, it is potentially fraudulent.
And, since many fraudsters use automated bots, a key thing to look for is very short “dwell times” on a page. If the user makes it through five pages in less than one second, it’s probably a bot. You can also use the UISDK is to ensure the mouse is moving on each page. If it is not, then once again, it could be a bot.
Using the Tealeaf Data Connector allows you to import/export data to/from Tealeaf. So, looking at a session where a user logs in from Seattle, and then an hour later, from Costa Rica could be easily detected and added as a fraud-based alert. The Data Connector opens up a great deal of fraudulent detection that could span multiple sessions.
Every web site is different and you will discover some very clever ways that people attempt to manipulate your site. Once these are found, Tealeaf has the session stored and you can quickly understand what happened. You can then build events to track that activity going forward as a potential fraud. One great way to investigate points of fraud is to look at any bad debt your company may have incurred. Simply track the bad debt back to its source, review the sessions the user had and adjust how you identify potential fraud moving forward.
Now all of the above are potential acts of fraud. A user may have made a mistake or just happened to do something that would indicate fraudulent activity. So, how do you manage all the different ways that people may or may not have committed fraud? For each activity above, a “fraud score” is created. Some activities indicate a greater chance of fraud than others. For example, a login error happens to us all, so that may only get a fraud score of “1,” while an overpayment on a banking site may get a fraud score of “10.” At the end of the session, you can simply add up the fraud scores and publish as a session attribute. If certain sessions are outside of a certain score, create an alert to be reviewed by the fraud forensics team. Adding the fraud score to the session list for searches can also give the customer support team an indicator of when to pass a call to another support level.
Once fraud has been detected, you may want to add the user and IP address to a watch list. Any activity from that user/IP would then be directly reviewed as the session comes in. This can be done real time, watching the user’s every move. Another option is to block the IP. A bot that is continuously trying new logins can be blocked by IP, just keep looking for increases in login errors from another IP (they will move their bot to a different server). Eventually, they get the idea that you know they are trying to hack your login system and give up. Some Tealeaf users will time-delay their transaction processing based on a Tealeaf alert. Tealeaf alerts can push data out to external sources to create the delay. Detection is most of the work in Tealeaf, preventing the fraud should be pretty straight forward.
Research and investigate:
Once you have detected a fraud, it’s easy to use the cxVerify component. This stores out sessions well beyond the default you have set for all sessions. If a session comes through with a high fraud score, it can automatically be saved for years, instead of months, for any investigative purposes you may have. If you have a core process like order success and stock trades, etc., you can track those by default. Of course, any session can be saved without cxVerify, but cxVerify can automate the process for you.
Report the impact:
Reporting the impact both internally and externally is likely the most politically dangerous step to managing fraud in your organization. If the fraud is discovered outside of your organization, it can be a company disaster. When fraud is reported and new steps are taken in detection and prevention, it shows that you are actively participating in the interests of your stakeholders and the safety of your customers. Having the stored sessions related to fraud allows you to quickly pull out the data needed to send warnings to customers, as well as quantify impact. Customers will want to know which accounts were breached as well as any Personally Identifiable Information (PII) that was displayed and to whom. The cxConnect component in Tealeaf allows for a data extract from stored session of affected users, displayed PII (PII is always masked in Tealeaf), lost revenue, etc. Reporting the fraud to authorities for criminal proceedings becomes an easier process when you have the session data and extracted reports.
Customer disputes will happen, and if you are concerned those disputes are taking too much support time, Tealeaf can reduce that time significantly by helping your support staff know if there is a customer experience issue or if there is potential fraud. cxReveal allows greater access of Tealeaf sessions to your customer support team. Internet fraud is a part of our daily lives and every web site will have to deal with fraudulent behavior. Using various techniques, you will be able to track down potential fraud and review the sessions to verify the behavior. cxVerify will help you store sessions that need review and cxConnect can help pull data to report the impact to your customers and to your stakeholders.
Having the right tools will not only make it easier to detect fraud, but it will allow you to act on the fraud. Download this white paper to learn more about how IBM Tealeaf solutions can provide companies with the visibility they need to fight fraudulent activities on their websites. Good luck!
1 2014 LexisNexis True Cost of Fraud Study