Scenario: Credit card fraud occurs when a lost or stolen credit card is used to make fraudulent purchases. Even when purchases on stolen cards are authorized, Splunk can analyze these transactions as they occur, and surface them as suspicious through regular reporting. Analysts can then investigate possible fraudulent activity and take the appropriate steps to notify the customer.
To succeed in implementing this use case, you need the following dependencies, resources, and information.
- People: Security analyst, threat hunter
- Technologies: Splunk Enterprise or Splunk Cloud Platform
- Data: Business service data of customer information
- A CSV or KV lookup file of categorized spending by customer
Your lookups may not have the same fields as the ones demonstrated in the sample searches. Adjust field names as needed to match your environment.
How to use Splunk software for this use case
Depending on what information you have available, you might find it useful to identify some or all of the following:
- Large and rapid credit card spending
- Outlier credit card spending by category
- Outlier credit card spending by value
- Excessive number of credit card transactions in a short period
- Credit card fraudulent test purchases
Use the results of these searches to notify customers and take appropriate steps to deactivate cards.
The searches in this guide are also included in the Splunk Essentials for the Financial Services Industry app, which provides more information about how to implement them successfully in your financial services maturity journey. In addition, this Splunk resource might help you understand and implement this use case: