Skip to main content


Splunk Lantern

Monitoring consumer bank accounts for potential fraud

Scenario: Banks, and their customers, are susceptible to fraud in a number of key areas related to customer accounts. Splunk reports can show customer account activity that is unusual or potentially suspicious, such as having multiple accounts, some of which have zero balances, negative balances, or are dormant. These reports can be shown instantly with transaction logs by referencing other accounts in a database. This type of just-in-time reporting allows banks to keep customers informed in a timely manner so they can take corrective action. Monitoring customer accounts also helps banks to adhere to compliance regulations.


To succeed in implementing this use case, you need the following dependencies, resources, and information.

  • People: Business operations manager, compliance officer
  • Technologies: Splunk Enterprise or Splunk Cloud Platform
  • Data: Business service data for banking transactions
  • CSV or KV lookup file of customer account information

Your lookups may not have the same fields as the ones demonstrated in the sample searches. Adjust field names as needed to match your environment.

How to use Splunk software for this use case

Depending on what information you have available, you might find it useful to identify some or all of the following: 


Run reports based off these searches on a regular basis and save the results as needed for compliance reporting. Investigate as needed to ensure the activity isn't related to employee behavior, and then communicate immediately with customers regarding any results that indicate problematic accounts.

Additional resources

The searches in this guide are also included in the Splunk Essentials for the Financial Services Industry app, which provides more information about how to implement them successfully in your financial services maturity journey. In addition, this Splunk resource might help you understand and implement this use case: