IBM Tealeaf reported every day multiple sessions of bank’s customer with a very large number of hits greater than 2000 hits.
Most sessions in Tealeaf have hits in a range of 300-500, but every day there were sessions which had a large number of hits i.e. at least 2000 hits which do not make sense as all the Sessionization configuration was correct and all other sessions seem to be of right size. We have to check if those sessions are large due to fragmented storage and by any reason if there are duplicate JSESSIONID which was used as a Sessionization cookie. None of those large sessions were non-fragmented and had no Sessionization issue.
As Tealeaf sessions were large it gets difficult to find any customer struggles and find out how those users engaged with bank’s online services. It also raises suspicion of fraudulent transactions or malicious activities which needs an immediate solution.
Replaying such large sessions, we found multiple login but as session ID and TLTSID did not change it was stitched as the same session. Further investigation gave us that such sessions originate from certain specific locations only, on inquiry with BANK we came to know they have a computer in each bank branch for customer’s to login and access their account and subscribe bank’s services. On such computers most customer will not close/restart browser session will just logout hence it gave root cause of such large session. So to have insight on such sessions we split such sessions based on logout using IBM Tealeaf advance eventing. Splitting such sessions not only gave required insights of walk-in customers but also eliminate observed fraud & malicious threat.
Please click here for more details on IBM Tealeaf and Royal Cyber services.