icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Fraud Detection for Banks
SHA256 checksum (fraud-detection-for-banks_102.tgz) dc4b79f652142ded0d1879c5f8c2358864470f197a40324ca5bb8ea7d968d3c9 SHA256 checksum (fraud-detection-for-banks_101.tgz) 30feefa9ee561befd0b8618ee8ed13eb0269e9284fb0e5d11e9e7b621fe25471 SHA256 checksum (fraud-detection-for-banks_100.tgz) 338c423f349240d351007e7bbd9ff3741d7a476e2199c4645ef8bf3855e5b72c
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Fraud Detection for Banks

Splunk AppInspect Passed
Overview
Details
The application is configured to detect fraudulent activities among bank transactions, based on implemented algorithms upon given thresholds. With the provided exmaple datasets, every user can use the app, both for historical data and for real-time transactions. For newly ingested data, the algorithms' thresholds can be changed upon user requirments.
NB! The app contains datasets with fictional example data of bank transactions. The information in the datasets is not from real events and does not contain real data - names, stores, bank accounts etc.
Development - Bright Consulting, Bulgaria - https://www.bright.consulting/

Initial Configuration

There is no need for additional configuration on the application.

Onboarding the example datasets

Before you start working with the app's dashboards, you can onboard the example datasets provided in the application:

  • for the Payment cards dashboard, you shoud upload the creditcard_events.csv file from the /data folder of the app. Set the sourcetype to "creditcard_logs" from the Custom sourcetypes.
  • for the Internal cashdesk dashboard, you shoud upload the cashdesk.csv file from the /data folder of the app. Set the sourcetype to "internal" from the Custom sourcetypes.
  • for the Online banking dashboard, you shoud upload the online_banking1.csv file from the /data folder of the app. Set the sourcetype to "online" from the Custom sourcetypes.

There are not configured other indexes, beside the default one - main. So, you shoud onboard the datasets in the main index. If you wish to use other indexes created by you, you should change the datamodels constrains in the datamodel's settings.

Usage of additional applications

For the Online banking dashboard logic to be working, you must install the "haversine" application from Splunk Base - https://splunkbase.splunk.com/app/936/. It uses the haversine command to calculate the distance between two geografical locations, based on their latitudes and longitudes.

Appication Manual

The app is named "Fraud-Detection for Banks" .
It has 3 main dashboards - Payment cards, Online banking transfers and Internal Cash Desk Fraud.

I. Payment cards Dashboard:

This dashboard has several panels indicating different values/statistcs/charts. The main logic of the implementation is that it detects 5 different fraud scenarios /cases/ and calculates the risk value score for each payment card in the data base of the client bank. All the aggregating functions are combined in one SPL query, which is the mile-stone of the dashboard. These are the following panels of the dashboard:

  • Number of Outliers for the period - indicates the final number of Outliers combined in one value. It has a drill-down function to the main hidden panel "Outliers transactions" which displays all the fraudulent transactions made by different payment cards, their risk score and the additional data for the transaction - time, merchant, amount, action, terminal, invoice number. The panel has 2 drill-down functions - one for displaying all the transactions (fraudulent and not-fraudulent) made by the clicked cardID, and second one - for displaying all fradulent transactions made to a chosen (clicked) merchant.
  • Trend of Outliers by day - indicates the number of Outliers day by day for the chosen period in a trend visual chart sparline.
  • Protected amount
  • Number of all transaction by day - indicates the number of transaction day by day for the chosen period in a trend visual chart sparline.
  • Number of all made transaction for the period.
  • Sum of amounts over count of transaction by day-time - a timechart panel with a function to select a current time-range, which action activates a hidden panel, displaying detailed data for the transactions in this time range.
  • Prediction time chart for Outliers

Fraud cases:

  1. Buy Small then Large - If a card is used in under 30 seconds, and the first amount is less than 10 BGN /type of currency/ and the second is more than 200 BGN /type of currency
  2. Without 3D Secure Code - two payments from a card to one merchant in a day period, without using a 3D Secure Code
  3. Fast region shift - payments in two different regions in less than 20 seconds
  4. Fast merchant shift - payments to two different merchants in less than 5 seconds
  5. Rare Large - using a card for a purchase, when the last payment with the card is made more than one month ago, and the current transaction amount is larger 10 times than the previous one.

Note: Some of the logic is reused from Splunk Security Essentials for Fraud Detection application - https://splunkbase.splunk.com/app/3693/

II. Online banking transfers:

This dashboard has several panels also. The main logic of the implementation is that the app detects 4 types of fraudulent activities, but in a separate ways - displaying the Outliers in each use case, without scoring system involved. These are the following panels of the dashboard:

  • Lateral Speed on Location. Trend for the day - indicates the number of Outliers day by day for the chosen period in a trend visual chart sparkline. It has a drill-down function, displaying the list of all Outliers for the period. The logic of the algorithm is to detect when a user uses the online banking platform with different IPs. The algorithm calculates the distance, time and speed between the two locations of the IPs, and detects the Outlier if the speed is more than 1000 km/h.
  • Different Common home locations. Trend for the day - indicates the number of Outliers day by day for the chosen period in a trend visual chart sparkline. It has a drill-down function, displaying the list of all Outliers for the period. The logic of the algorithm is to detect when a user uses a new IP for using the online banking platform.
  • Different Common corespondent. Trend for the day - indicates the number of Outliers day by day for the chosen period in a trend visual chart sparkline. It has a drill-down function, displaying the list of all Outliers for the period. The logic of the algorithm is to detect when a user is transfering money through the online banking platform to a new account for the first time.
  • Amounts above avg + stdev. Trend for the day - indicates the number of Outliers day by day for the chosen period in a trend visual chart sparkline. It has a drill-down function, displaying the list of all Outliers for the period. The logic of the algorithm is to detect when a user transfer an amount larger than the average amount for all own transactions + the standart deviation.
  • Number of transfers over the transfered amounts time chart
  • Lateral speed Outliers map visualization.

III. Internal Cash Desk Operations

This dashboard has several panels indicating different values/statistcs/charts. The main logic of the implementation is that it detects 2 different fraud scenarios /cases/:

  • Outliers employees with more than 2 withdraws from customers' account for period of 30 days. It has a drill-down function, displaying the list of all Outliers for the period. The name of the panel speaks for itself for the logic of the used algorithm. The main idea is to detect an employee who makes more withdraws from customer's account than usual.
  • Outliers employees with more than 3 addings in own account, and more than 3 outgoing transfers in 15 days period. It has a drill-down function, displaying the list of all Outliers for the period. The name of the panel speaks for itself for the logic of the used algorithm. The main idea is to detect employees who use their own accounts for transfering amounts on behalf of other people escaping the bank taxes for them. It has a drill-down function for displaying the list of all Outliers.
  • Number of all transactions.
  • Number of transactions made by cashiers by week.
  • Predict graphs for Outliers.

Usage of Datamodels

In the application are developed 3 datamodels - for the three dashboards:

  • online_banking data model
  • Payments_cards data model and
  • internal_cashdesk data model

Each datamodel encaptures the needed constrains for developing fast and accurate searches and reports. The models are not accelerated, but for real cases the acceleration should be enabled for summaring the indexed data and faster performance.

All datasets are indexed at main index - the app does not create indexes, because such activity should be implemented by Splunk System Administrators. The searches depend on the sourcetypes - creditcard_log, internal and online.

For newly ingested data, the extracted fields can be mapped to the datamodels for compatibility.

Release Notes

Version 1.0.2
June 14, 2019

Changes for applying appInspect criterias

Version 1.0.1
June 13, 2019

Changes in file permissions of the files of the application due to AppInspect criteria

Version 1.0.0
June 6, 2019

28
Installs
102
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2019 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.