An employee made changes to a policy’s beneficiaries, and several days later started withdrawing money from the policy. Such withdrawals were performed several times.
The sequence of activities performed by employees over a month’s time (a journey was created per user, per month).
TrackerIQ learned monthly working profiles for the entire organization and then used these profiles to detect abnormal/suspicious working journeys. The underlying assumption is that although activities themselves are common, actual attack journeys are very unusual.
Abnormal journeys were detected in historical data and began six months before the employee committed actual fraud. The employee started by performing activities similar to the final fraud, but with small monetary values of only a few cents. Had the insurance company detected these abnormal journeys when they started, it could either have asked the employee about the anomalies, which likely would have prevented the subsequent fraud, or instead start monitoring the employee more closely.
Monitoring employee activities and generating alerts about abnormal journeys, even if these journeys are not malicious, is an important preventive control given the number of alerts generated is small (a few per month).
Insurance, publicly traded.
Custom-built.
The application is used by company employees to manage pension and insurance policies.
Application audit logs, including historical data, describing user (i.e. employee) activities within the application.
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |