Digital fraud is a growing risk for all online companies: According to a survey report from PwC, over half (51%) of organizations have experienced fraud in the past two years. For many of them, this has resulted in significant losses in revenue, new business opportunities, employee morale, and more.
The financial services (finserv) industry isn’t exempt from the dangers of fraudulent activity. In Alloy’s recent survey on fraud and financial institutions, 91% of respondents said fraud rates have increased year-over-year and 71% have boosted spending on fraud mitigation.
While fraud has been around since money existed, there are cautionary measures any finserv organization can take to curb it—and your tech can help. In this article, we’ll focus on how your digital experience analytics solution should support your organization’s fraud prevention practices and share some real-world examples.
3 ways FullStory can identify fraudulent activity
1. Tagging suspicious activity
FullStory’s ability to automatically capture and index millions of user behavior data points is the foundation of what makes the platform so powerful. Part of that indexing is scanning for suspicious activity.
Whenever text is input on your site or app, FullStory examines the patterns within input text and URL parameters for two types of suspicious activity:
SQL injection: Input text or URL parameters appear to contain SQL commands rather than expected text input or URLs.
Cross-Site Scripting (XSS): Input text or URL parameters appear to contain scripting commands rather than expected input or URLs.
Sessions appearing to contain either of these types of activity are automatically tagged within FullStory so that you can search and review them later for possible attacks.
When finserv organizations use other digital experience tools, they risk the potential of accidentally collecting sensitive or unwanted user data (if they realize it at all). And it can be a scramble to redact it as quickly as possible.
With Detections, teams can proactively prevent unintentionally capturing undesired data or personally identifiable information (PII)—keeping both your company and your users safe and secure.
Detections monitors for two predefined types of sensitive information: Passwords and credit card numbers. So, for example, your organization captures text input into a comment box but excludes credit card numbers. What happens when a user accidentally pastes their credit card number into the comment box?
In this scenario, FullStory would recognize the credit card number as PII and create an alert for your triage queue. Detections is a powerful privacy feature in that it ensures that sensitive information isn’t lurking in your dataset without you even knowing.
3. Tabbed browsing
Where internet users may once have relied heavily on the “back” button to navigate between websites and search results, the vast majority of today’s users regularly jump from tab to tab for shopping, researching, and everything in between. In fact, back button usage has decreased from around 40% in the mid-90s to 7% in the early 2010s.
Because tabs are a vital part of how people experience the internet, it’s critical for online businesses to understand how people are using them to complete their tasks.
FullStory offers the only Session Replay with detailed visibility into browsing behaviors across multiple tabs. With tabbed browsing, you can accurately visualize the creation, closure, and navigation between tabs on your site.
But tabbed browsing goes beyond user behavior insights: it can also be a window into potential suspicious or fraudulent activity. For example, a bad actor may be attempting to use stolen PII to open multiple accounts at once, which could be flagged via tabbed browsing. Or, a finserv organization might spot a case of fraud in which someone is using multiple tabs to test out different input information to manipulate estimates or quotes.
How companies use FullStory to mitigate fraud
Pinnacle Pet Group (PPG) is a major pan-European pet insurance and pet health services organization. They’ve used FullStory to get a handle on bots, which could make up as much as 64% of total web traffic. How? PPG uses segmentation within FullStory to flag and remove sessions that exhibit clear bot activity, creating an effective early detection system and eliminating bots from key reporting metrics for more accurate data.
Additionally, a recent Total Economic Impact study explored how enterprise organizations are using FullStory and detailed the monetary and business benefits they receive from the platform. The report found that a company using FullStory preserved revenue by preventing an estimated 4,000 fraudulent events per year, making up a tenth of their annual fraud incidents.
To learn more about choosing a DXI platform that helps you mitigate fraud, increase revenue, and better understand user behavior, download the complete finserv buyer’s guide.