Monitoring new logins to financial applications
A key measurement for improving bank customer experience is new user logins. This can help banks know what kind of experience new users are having, as well as any forced conscience denial to let the customer login. Analytics can improve customer experience.
Data required
Application data for consumer financial applications
Procedures
- Splunk recommends that customers look into using data models, report acceleration, or summary indexing when searching across hundreds of GBs of events in a single search. The searches provided here are a good starting point, but depending on your data, search time range, and other factors, more can be done to ensure that they scale appropriately.
- Some commands, parameters, and field names in the searches below may need to be adjusted to match your environment. In addition, to optimize the searches shown below, you should specify an index and a time range when appropriate.
- ► New account login denials
-
After registering for online banking access, users might be denied access for a variety of business reasons. You want to see when this occurs in your organization's software. Extract the fields that represent errors from your data, then run the following search.
sourcetype=<consumer financial application data source> |where action="denied" |table _time, customer, action, sessionID, location
If a user was denied and then authorized, there might be an error in your software. You want to see if this happens in your system and, if so, how many times per day. Extract the fields that represent denial and authentication from your data, then run the following search.
sourcetype=<consumer financial application data source> |stats first(action) AS first_action last(action) AS last_action last(_time) AS _time by customer, location,sessionID |where first_action="denied" AND last_action="authorized"
- ► New account login errors
-
After registering for a login, a customer receives an error upon first time logging in. You need a search that shows you when this happens so that you can look into the problem further. Extract the fields that represent errors from your data, then run the following search.
sourcetype=<consumer financial application data source> |where action="error" |table _time, customer, action, sessionID, location, ResponseTime
- ► New account login response times
-
After registering for access, a user might experience a longer than usual response time to log in. How many customers were effected by this bad user experience and should they be contacted? Extract the fields that represent customers and response times from your data, then run the following search.
sourcetype=<consumer financial application data source> |stats avg(ResponseTime) AS averageResp BY customer,location |eventstats avg(averageResp) AS avg stdev(averageResp) AS stdev |where averageResp>(avg+4*stdev)
Further, by comparing response times from different hours, it is possible to see if your application is behaving normally or abnormally. Extract the fields that represent response times from your data, then run the following search.
sourcetype=<consumer financial application data source> |timechart span=5m fixedrange=F count |timewrap 2h series=exact
- ► New account action comparisons
-
Side-by-side comparisons provide useful information on trends. A trellis chart tells you how each action is performing over time with its own timechart. This is useful for side-by-side comparisons to chart customer experience. Extract the fields that represent actions such as authorized, denied, or error from your data, run the following search, and then view the results in a Trellis chart.
sourcetype=<consumer financial application data source> |timechart fixedrange=F span=10m count BY action
- ► New account activity by location
-
A chart of new account login attempts over location by time can give you insight into how new account logins are performing with respect to location and time. Extract the fields that represent actions and locations from your data, then run the following search.
sourcetype=<consumer financial application data source> |timechart span=15m fixedrange=F count(action) AS action BY location
You might also be interested in login actions by location. If some locations have fewer authorized actions than others, it may be time to investigate the customer experience.
sourcetype=<consumer financial application data source> |chart count OVER location BY action
You can also use a timechart to specifically compare authorizations versus denials by location.
sourcetype=<consumer financial application data source> |timechart span=15m fixedrange=F count(eval(action="authorized")) AS authorized count(eval(action="denied")) AS denied BY location
Finally, a timechart of different response times split by location provides insight into how new account logins are performing with respect to login response time. This can help you determine whether your services are functioning normally or out of the ordinary. For instance, if one location has an instant response time while another is taking several seconds, there might be a latency issue.
sourcetype=<consumer financial application data source> |timechart span=15m fixedrange=F avg(ResponseTime) AS averageResponseTime BY location
Next steps
Errors and long response times can lead to a bad customers experience. Use the data from the searches in this use case to make decisions about what is normal for your application and what outcomes need troubleshooting. You might also want to consider what to do with customer who routinely have poor experiences with your application. Should these customers be tracked in other parts of the multi channel bank?
- Fraud: Credit cards, ATM usage, wire transfers, banking transactions
- Monitoring: Credit cards, ATM usage, wire transfers, banking transactions
- Banking: Account compliance
- Payments: Responses, mobile payments
- Markets: Bitcoin, MFID, FIX orders, trades
- Credit limit increases
These additional Splunk resources might help you understand and implement this use case: