Guest post by John W. Kolker, Web Analytics Technical Consultant, Siteworx —
In my post last week, I discussed how a Customer Experience Management (CEM) tool like Tealeaf (which is not a "Fraud Detection Tool") has been leveraged by Siteworx to help our clients forensically track all aspects of customer behavior. This post concludes the discussion by describing the steps a company can take to understand and forensically track all aspects of customer behavior—legitimate or otherwise.
Step Two: Tealeaf and Deviant Behavior Digital Profiling
Once you have established customer behavior and the status quo for various parts of your digital space, you can then create events that will help you understand if users are deviating from the typical behavior or the standard you've set. Here are some examples:
In my post last week, I discussed how a Customer Experience Management (CEM) tool like Tealeaf (which is not a "Fraud Detection Tool") has been leveraged by Siteworx to help our clients forensically track all aspects of customer behavior. This post concludes the discussion by describing the steps a company can take to understand and forensically track all aspects of customer behavior—legitimate or otherwise.
Step Two: Tealeaf and Deviant Behavior Digital Profiling
Once you have established customer behavior and the status quo for various parts of your digital space, you can then create events that will help you understand if users are deviating from the typical behavior or the standard you've set. Here are some examples:
General
- Average login attempts per visit—threshold exceeded: Sessions where there are many "guesses" at passwords, especially if the session includes a successful login, will be of interest
- Threshold exceeded for average credential changes: Excessive pin changing may be indicative of a phished identity or commandeering attempt at a legitimate customer's account
- Average total visits by hour: Look for spikes in traffic over the norm since many malicious automated processes (for example, an automated attempt to pass hundreds of pin numbers) may generate a new session each time over and over again
E-Commerce
- Average order amount per session—threshold exceeded: Look for repeat offenders for orders that are above average. View sessions to weed out illegitimate from legitimate above average order-placers
- Average product count per order per session: Again, analyze for repeat offenders
- Average order count per session: Look out for sessions where there are more than one order
- Average maximum order amount—threshold exceeded: Online retailers should always be suspicious of the very large order. Some orders seem too good to be true, and since they may have been placed by a bad actor using a stolen or phished credit card number, some are
- Average maximum product count per order—threshold exceeded: Beware of orders for dozens or hundreds of the same thing. I mean, who really needs 1,250 size 10 Air Jordan basketball shoes anyway?
Financial Services
- Average number of transactions per session—threshold exceeded: Look for repeat offenders
- Average transfer of funds amount per period per session: Again, analyze for repeat offenders
- Average maximum transfer amount: Of course, because of the hit-and-run nature of digital miscreant behavior, you will always want to validate larger-than-normal transfers
- Average maximum transactions per session (for known legitimate transfers): Be on the lookout for the "emptying of the well one bucket at a time" phenomenon. Once an ill-meaning visitor gets that first successful bogus transfer, he or she may begin to carefully make other similarly-sized transfers until the account is drained
Step Three: Turn Discoveries into Action with Tealeaf Alerting
Once you have established status quo behavior and deviations from it by using eventing, determine who in your organization needs to know about the deviant and potentially illegitimate behavior and set up alerting to that person's email.
Here are some examples:
General
Frequent failed login attempts can be analyzed to see, via replay, what else are these multiple-attempters are doing in your digital space and from where are they being referred?
E-Commerce
In the event that any session meets your deviant criteria for, let's say...product count threshold or orders placed per session, an alert can be set up to email the warehouse to hold off on the orders in those sessions. Said orders can be pulled from the fulfillment process and reviewed to determine if they pass the smell test for processing. Depending on the size of your retail site, this could save thousands of pieces of merchandise from being sent to digital thieves never to be seen again.
Financial Services
Any anomalies found in your non-status quo events could be set up to send alerts directly to the digital security department for further action or tightening of security considerations with the design teams.
Now, Go Event and Be Safer
If you've followed the advice outlined in the first two steps, you can create events that will help you track and understand deviations in customer behavior. Admittedly, it's a tough digital world out there. Just like brick-and-mortar businesses, which have alarm systems, motion sensors, security cameras, and other physical security safeguards, your digital space can be monitored forensically by Tealeaf. Eventing on non-status-quo behavior helps to analyze the seedier visitors and their illegitimate behavior in your digital space. Alerting the appropriate stakeholders in your business, via Tealeaf, about such behavior can assist in making safe, intelligent, loss-mitigating and experience-improving decisions—both for your business and your customers.
What are you using to detect illegitimate behavior on your site?
Siteworx Inc., a leading interactive agency and Web content management (WCM) consultancy, helps interactive marketers, Web strategists and technology leaders achieve measurable business results.
Comments