fraud and abuse management

Risky business

When technology is the core of your business, managing risk is a 24/7 concern. There are the big, infrastructural risks, like a complete outage of a cloud region. There are the bugs that might slip through and impact the customer experience safeguard them from fraud and abuse.

There’s the risk your data might be leaked, stolen or otherwise compromised. And for platform companies like Zendesk, there’s also the risk of fraud and abuse. Spammers using the platform to send mass unwanted emails. Brand impersonators, intent on spear phishing. Scammers using Talk, Zendesk’s call center software, to commit voice fraud.

To safeguard its reputation as a safe, smart and friendly customer support platform, Zendesk has to be prepared for the unexpected, and Slack plays a big role in that.

Incident teams: assemble

For Zendesk’s global incident management teams, Slack is where they coordinate responses to issues big and small. Slack is a collaboration software that brings the right people and tools together to analyze the incident, take rapid action, and make sure customers know what’s happening.

Let’s look at how the engineering team at Zendesk uses Slack to manage incidents, prevent fraud and abuse, and keep senior leadership in the loop.

Incident command and control

The Zendesk Network Operations Center (ZNOC) is where incident management starts— and where monitoring and escalation happen. Every incident is categorized by severity:

  • Major customer-facing incident, like an outage of an entire cloud region
  • Serious incident with some customers experiencing downtime
  • A product is degraded, impacting service, but no customer downtime
  • An issue is happening, but it hasn’t impacted customers yet
  • No customer impact, just need eyes on a bug before it becomes an issue

What happens next?

The severity of the incident determines who gets involved and what happens next. Let’s look at a typical workflow.

Fighting fraud and abuse

Alerts and notifications for rapid action

Fighting fraud and abuse is nonstop, high-stakes work.

“Imagine the headline that could kill your career. Your job is to stop that happening.”

Max McCal, senior product manager, fraud and abuse, Zendesk

Manual monitoring across millions of accounts is impossible, so Zendesk’s first line of defense is AI, which combs through activity looking for potentially fraudulent or abusive behavior.

Anything that meets certain criteria—like high volumes of email sends—is escalated to the Fraud and Abuse team for a human to review. From there on in, Slack is where the action happens.

Alerts and triaging fraud and abuse

When suspicious activity is flagged, the team must act fast to establish whether it is actually fraud or spam, or just legitimate high-volume use. The last thing Zendesk wants to do is block genuine, valued customers from using the platform.

The team is distributed around the globe, so it uses Slack as a central place to collaborate. Here, everyone can come together to triage alerts, assign and take on tasks, and post updates.

Vital to the process are the integrated Slack apps the team uses to receive notifications from platform monitoring tools.

Datadog pushes alerts to Slack from the system that monitors Zendesk for potential fraudulent behavior. Often that’s an account set up with a name similar to a wellknown brand—which is frequently a precursor to a phishing campaign.

Having a central place to review and collaborate around inbound Datadog alerts is a huge help.

DataVisor is used to look for possible spam campaigns taking place in Zendesk’s self-service community. It’s a custom-built Slack app developed by the team to bring DataVisor into its Slack environment.

Having Datadog and DataVisor notifications in Slack helps the team keep conversations in one place and avoid context switching between other communication channels.

To read full download the whitepaper:
Manage Incidents to Stay Ahead of Risk


Previous articleIt’s a New Era in Business Intelligence, Enabled by the Cloud
Next articleModernize Your IT Security Now: 10 Reasons Why and 10 Ways How