Skip to main content


Splunk Lantern

Detecting credit card fraud

Scenario: Credit card fraud occurs when a lost or stolen credit card is used to make fraudulent purchases. Even when purchases on stolen cards are authorized, Splunk can analyze these transactions as they occur, and surface them as suspicious through regular reporting. Analysts can then investigate possible fraudulent activity and take the appropriate steps to notify the customer.


To succeed in implementing this use case, you need the following dependencies, resources, and information.

  • People: Security analyst, threat hunter
  • Technologies: Splunk Enterprise or Splunk Cloud Platform
  • Data: Business service data of customer information
  • A CSV or KV lookup file of categorized spending by customer

Your lookups may not have the same fields as the ones demonstrated in the sample searches. Adjust field names as needed to match your environment.

How to use Splunk software for this use case

Depending on what information you have available, you might find it useful to identify some or all of the following: 


Use the results of these searches to notify customers and take appropriate steps to deactivate cards.

Additional resources

The searches in this guide are also included in the Splunk Essentials for the Financial Services Industry app, which provides more information about how to implement them successfully in your financial services maturity journey. In addition, this Splunk resource might help you understand and implement this use case: