arrow left facebook twitter linkedin medium menu play circle
April 20, 2023 - Greg Oprendek

Starter’s Guide to Digital Fraud Investigations

Welcome to the world of digital fraud investigations. Cyberspace is our crime scene and every bit of data is a potential clue. It’s a world where the art of deduction meets the science of technology. Where digital detectives unravel complex schemes and catch tech-savvy culprits.

If this is your first time on the fraud investigations beat, don’t worry. In this blog, we’ll show you the ropes and introduce you to the tools of the trade. Grab a cup of coffee, put on your thinking cap, and let’s dive into the world of digital fraud investigations.

What are digital fraud investigations?

Digital fraud investigations are processes that uncover and evaluate evidence of fraud attacks. The investigators can be individuals or organizations. It’s not always law enforcement doing the work, either. Private financial and e-commerce firms often have some system to investigate external fraud attacks.

The list of fraud attack types these companies need to investigate is unfortunately as long as the list of services they offer. Fake account creations, loan application fraud, card not present payment fraud—these are only the start.

In the end, the investigation goal is always the same—defend customers from attempts to take their money, goods, or services by deception.

Some prefer the term “fraud case management” because it implies the need to both investigate and manage suspected attacks. DataVisor does this by helping teams gather information to then block transactions, challenge user authentications, freeze accounts, or install other defensive measures.

case management

Why is case management so important for modern fraud strategies?

Effective case management is crucial in the fight against fraud for three main reasons:

Preserving good customer experience

Firms often put suspicious events on hold after case management flags them for manual review. So, customers need to wait on purchases, account openings, and other events until the case review is complete.

This, as you might imagine, can have dire effects on customer experience. Having an effective case management system cuts down on false positives.

Manual reviews are expensive

The manual review part of case management requires humans, and their time is precious—and expensive—for firms.

A good case management software cuts down on these manual reviews in a few ways which we’ll touch on later.

The system relies on good process

Fraud cases sent for review usually end up there because rules and model-based detection couldn’t reach a conclusion.

That’s where skilled human reviewers have to decide. Building a positive feedback loop in the overall system improves future detection.

Where does case management fit in modern fraud prevention systems?

To answer this, we need to visualize a modern fraud prevention system.

case management system fraud prevention

Now let’s break things down in order:

1. Event data goes in

Transactions, logins, and other common user actions generate event data. The case management system then blends it with internal data (i.e. each client’s transaction history) and third-party (i.e. identity verification.)

2. Data transformation

All that data goes through a series of transformations. Then it’s fed into fraud detection systems which use a set of decision rules shaped and assisted by machine learning.

3. Automated detection

The detection system rejects or accepts events automatically. Some events trigger alerts for manual review, which would move us into the case management arm of the system.

4. Manual verification

After the automatic review, some events need after-the-fact review and manual sign-off. Chargebacks—when account holders challenge an existing transaction—are the most common example.

5. Case management processes

Events that enter case management go to analysts who investigate why they triggered an alert. All client, account, and event data, plus a few other inputs, enrich the data. The analysts decide to approve or block the event based on their review. Then, they record details about the event to inform similar investigations in the future.

6. Case management reviews

Case management processes are always auditable. This both ensures trust in the system and measures how well a firm is controlling fraud decision-making. It’s also a main source of information to keep improving the fraud solution.

7. Case management outputs

In the last step, case management findings integrate with internal downstream systems. These systems vary organization to organization, but often are compliance or broader security.

What is case management software (CMS)?

CMS is a digital interface that enables fraud analysts to gather all pertinent information about an event under review and act on it.

As you can see in the process above, case management is integral in the fraud prevention system. In modern fraud stacks, CMS is usually the most visible and empowering component.

As Aite-Novarica Group attests, the efficiency boost CMS provides for fraud fighters is immense. This fact motivates firms to add CMS products with a variety of features, including:

  • Alert Management
  • Investigation infrastructure
  • Workflow mechanisms
  • Management reporting
  • Compliance features
  • Fraud loss analysis

Fraud Fighters — The Unsung Heroes

It’s true much of the digital fraud investigation process relies on machine help. But the process would be impossible if not for fraud analysts.

They perform these vitally important investigations alongside the risk management team. If you want to be a fraud analyst, you need an extremely observant and analytical mindset. And—like any great detective—you need to know how to ask the right questions.

fraud analyst

If we cast fraud fighters as our Sherlock Holmes, the fraudsters make a fitting Moriarty. They rely on outsmarting fraud analysts with sophisticated tricks and schemes. They know how fraud detection models work precisely so they can get around them. As things like real-time payments become commonplace, fraudsters’ methods have become more damaging.

It’s only by working together with advanced AI models—and documenting learnings from each case management output—that fraud fighters can stay ahead.

How to design a great case management strategy

Any fraud solution worth its salt will detect the basics like suspicious transactions. Uncovering more deceptive fraud, and doing it quickly, requires a truly comprehensive strategy.

We can break the components of a great case management strategy down into seven key principles. As we explain them below, we’ll also share how we at DataVisor make them the best they can be.

1. Integration

A fraud prevention strategy is no good if it doesn’t integrate data sources and tools to bolster case management. What’s more, the CMS needs to integrate with many internal and external data sources for analysts to review cases effectively. That’s the only way analysts are able to access the right information without interruption.

But case management interfaces also need to integrate with the firm’s other systems that rely on fraud analysts’ actions. If investigators decide to delete an account they reviewed as fraudulent, it needs to happen immediately in other systems. That way, the backend infrastructure will reject the account’s future login attempts and transactions.

Integration with DataVisor:

We hear often from fraud fighters relying on a hodgepodge of systems and tools. Some might be in-house, and some sourced from third parties. This decentralization creates more work and a higher risk of error.

DataVisor can configure external links right on the case management details page. So when an analyst opens a case, the embedded signals embed on their own, and all display in the same interface. Any information relevant to the case appears pre-filled in forms too, saving on manual work. To us, that’s true integration.

2. Visibility

Analysts need a single source of truth to decode complex cases and connect the dots to spot fraud. Without a complete view of customers and events, analysts aren’t using all the information possible to make the right decision.

Visibility with DataVisor:

DataVisor’s Knowledge Graph ingests omnichannel data to visualize connections among seemingly unrelated events. This finds and uncovers the most advanced fraud types. Plus, it allows analysts to view connections between events in one click. Analysts can also use it to create blacklists and whitelists for good and bad users. Its customization gives operations teams full control to build fraud networks and eliminate fraud at scale.

3. Simplicity

Analysts have a tough job already. It doesn’t need to be any harder due to an overcomplicated system. They need to see the most critical information at a glance, with all supporting data only a click away.

Some fraud teams convince themselves more information is a good thing. But the key isn’t to pile in as much data as possible—it’s to condense it, then make logical decisions fast.

Simplicity with DataVisor:

Ask yourself—would you rather read a 20-slide deck of data or one page with the key information? DataVisor’s case management is that one-pager.

It provides intuitive dashboards that rank, distill, and synthesize data using clear language in a single-page view.

Simplicity isn’t only in the view, it’s also in the use. That’s why our solution also comes with drag-and-drop functionality for endless customization.

4. Prioritization

When you’re in the foxhole fighting fraud, there’s no time to second-guess yourself. The stakes can be millions in fraud losses, or even more in lost customers. You need to know what’s most important, identify it quickly, and act on it.

Effective prioritization can truly make or break a fraud investigation’s operation. You might need to make special rules for a certain region. You could find your team focusing on big-ticket items first. Whatever the case, you need a hierarchy of threats in place and a plan to eliminate them.

Prioritization with DataVisor:

Prioritization comes built into DataVisor’s case management capabilities. It queues cases based on user-defined criteria, so analysts can move through the most critical cases back to back. That uninterrupted review of the most relevant events also allows for different collaborators in the fraud team to review specific cases based on their roles.

Best of all, administrators can configure everything in seconds.

5. Explainability

No matter how advanced your fraud detection system is, in the end, humans will be the ones using it. To make the most of its capability, those humans need to understand the rationale behind even the most complex decisions. Analysts must know not only what got an event flagged as suspicious, but the specific rules or parameters it triggered. That creates transparency for stakeholders, fraud teams, and leaders as well.

Explainability with DataVisor:

When we designed our case management product, we emphasized simple explanations of results. Every alert and detection result comes with clear and concise reasoning. This ensures fraud fighters trust the platform and the process our machine learning algorithms follow.

6. Quick and effective actions

Up to this point, we’ve focused a lot on how analysts rely on case management systems to get the information they need. But that information is only as good as the insights it provides fraud fighters to make decisions.

Analysts need to be confident in approving and rejecting transactions or sending events for further review. Systems with account whitelisting/blacklisting also increase efficiency by reducing future reviews.

Actions with DataVisor:

DataVisor’s Case Management enables analysts to respond to fraud attempts fast with automated decisions, batch actions, and intelligent investigative features. Once an analyst has detected a fraudulent transaction, they can prevent it with one click. If the analyst finds a compromised account, they can block it instantly. If they detect a fraud scheme, they can automate transaction blocks, terminate accounts en masse, and take other group-based actions for maximum response efficiency.

7. Operational efficiency and analytics

Fraud fighting isn’t cheap. Building a fraud prevention stack is a substantial expense. So of course, executives want to know they’re getting a good return on investment.

Calculating the ROI on a good fraud prevention system requires both a short and long view. Firms need to know the benefits are not only substantial but that they directly affect the bottom line.

Fraud operations leaders can start by interrogating their current system:

‣ How are detection systems performing? Are they sending too many cases for review and need adjustments?
‣ How many cases can the team review per day, week, or month? What does the backlog look like? Does it seriously impact customer lead times?
‣ How much is on fraud analysts’ plates? Could a larger team make a significant difference?

Operational efficiency and analytics with DataVisor:

DataVisor’s case management provides a continuous feedback loop for evaluating fraud ops performance by design. The Insights Center seamlessly integrates to allow effortless reporting setup for various fraud analytics. Review queue volumes, individual and team-level case resolution speed, advanced analytics focusing on fraud topline KPIs, operations performance, and model/rule analytics, just to name a few.

By leveraging these insights, organizations can:

  • Better understand their analysts’ performance
  • Calculate the ROI of fraud decisions
  • Identify bottlenecks
  • Allocate resources more efficiently


Ralph Waldo Emerson once said that common sense is genius dressed in its working clothes. Fraud experts know that even the most advanced AI fraud detection systems don’t replace their own common sense. But they are critical tools that fraud fighters need to beat fraudsters. When going into a sophisticated digital fraud crime scene, analysts need their equipment to be working its best.

Our mission at DataVisor is to provide fraud fighters with the most accurate, insightful, and complete set of tools available to stop fraud. Our fraud platform empowers them by:

  • Enriching transactional data as well as correlating activities and behaviors with past learned examples
  • Providing highly accurate insight into current risk
  • Highlighting trends that indicate a future high-impact fraud events

Case management is essential in modern fraud investigations. It’s where fraud analysts add value to fraud prevention teams by dissecting and stopping fraud. Good case management practices empower rapid, effective decision making and set up a fraud team for success. A lackluster CMS, on the other hand, can set the organization back by jamming up collaboration and leaving the firm open to attacks.

If you want to test drive the best case management tool in the industry and see the DataVisor difference for your team, request a free demo.

about Greg Oprendek
Greg is a passionate digital marketer, avid basketball fan, aspiring fraud expert, and Content Marketing Manager at DataVisor.
about Greg Oprendek
Greg is a passionate digital marketer, avid basketball fan, aspiring fraud expert, and Content Marketing Manager at DataVisor.