Executive Summary

When Justin Skagen, VP of Revenue Integrity and Operational Compliance at Arrivia, discovered an employee building secret databases of customer information in the middle of the night, he knew traditional security measures weren’t enough. What started as another department’s productivity experiment became Arrivia’s most powerful fraud detection weapon, catching everything from data exfiltration attempts to time clock manipulation across their global call centers.

As a white-label travel agency, Arrivia couldn’t afford security breaches. When Teramind initially revealed that 50-60% of their call center agents were manipulating activity tracking, Arrivia took immediate action to restructure operations and redistribute workloads. Today, with proper oversight in place, Teramind helps them proactively catch 10-15 insider threats annually before they escalate.

“Anytime you have more than one employee at a company, you have the potential for fraud.”

The Accidental Discovery That Changed Everything

“We didn’t really track fraud too much,” Justin admits about Arrivia’s pre-Teramind days. While they handled incidents internally, they lacked systematic fraud detection and record-keeping.

The turning point came during a routine investigation into hotel booking fraud. As Justin’s team interviewed employees about password sharing, one name kept surfacing. When they investigated this person further, they discovered unusual patterns: accessing numerous accounts during night shifts when they should have been off duty.

Their running theory? The employee was building a database to sell to third parties for extra income. “We were banging our heads against the wall trying to figure out how to prove this,” Justin recalls. 

The team piloting Teramind for productivity reached out: “This employee’s on the system. Do you guys want to take a look at it?”

A Case Study in Data Theft Prevention

What Justin’s team discovered through Teramind’s screen recordings shocked them. The employee wasn’t just browsing accounts—she had developed a sophisticated data theft operation:

• The Method: Copy customer data from accounts and paste into Excel files
• The Cover-Up: White out the text so the files appeared blank if someone checked
• The Distraction: Play Disney movies and Roblox for her children while working

“We couldn’t actually see what was going on in the computer before,” Justin explains. “We had the data, we can see that she’s going into the accounts, but we didn’t know why. This showed us exactly why.”

The investigation revealed she was building a comprehensive database of customer information, likely for sale to competitors or identity thieves. Thanks to Teramind, they stopped the data before it left the company—a victory Justin believes wouldn’t have been possible otherwise.

“Without the tool, we would have been just running around in the dark. We might have terminated her, but not before that file potentially got out.”

“Just the amount of data that was available to us [in the platform] was really surprising. It was like having G-D mode in a video game.”

From Productivity Pilot to Fraud Prevention Powerhouse

After the data theft case, Justin’s team commandeered Teramind from the productivity team. 

“We’re taking this [Teramind] over now. This is going to be our baby. You guys had it for a while, so now it’s ours.”

They immediately began building behavior rules based on previous investigations:

• Alerts for accessing dormant accounts with unused benefits
• USB drive usage monitoring
• Credit card data detection for PCI compliance
• Unusual access patterns and timing

“A lot of our investigations take a week to two weeks because we’re relying on other people to pull us the information,” Justin notes. “Once we started using Teramind, we realized we can do this more in real time.”

The PCI Compliance Victory

As a PCI Level One-compliant company, Arrivia faces strict requirements for handling credit card data. Their previous security tool failed critical tests; credit cards sent through Teams messages and emails went undetected.

Teramind’s DLP package changed that immediately. “We would run tests on our side. The other tool wasn’t catching that, so we actually turned around and started using Teramind for that,” Justin explains.

Now, when agents store credit card information in unauthorized locations like Notepad or OneNote, alerts fire instantly, management receives immediate notification to correct the behavior before it becomes a compliance violation.

The Great Spacebar Conspiracy

The most surprising discovery came from analyzing application usage patterns. Agents were showing hours of Notepad activity, which is unusual for call center workers who should be handling customer interactions.

“We pulled up the screen playback, and you could see in the very bottom right corner a jiggling where the cursor would be,” Justin describes. “The line count was steadily increasing.”

The truth? Agents were placing phones or other objects on their spacebars to keep computers awake and appear active. Some did it because they lacked sufficient work, leading to call campaign redistributions. Others had more malicious intent, taking themselves out of call queues and rejoining to avoid customer interactions.

This discovery led to one of Arrivia’s most impactful operational changes: when Teramind’s key pressing detection revealed that 50-60% of their call center was engaging in activity manipulation, Arrivia immediately restructured workloads and redistributed call campaigns to address the root causes.

Building Trust Through Transparency

When implementing monitoring technology, Arrivia prioritized open communication with its workforce. While Justin’s security team embraced the new capabilities,other departments naturally had questions about privacy and scope.

Arrivia addressed concerns proactively through education and clear policies:

1. Structured Access: Each manager could only view their own team’s data, preventing interdepartmental conflicts
2. Professional Boundaries: Clear communication that monitoring applied only to company devices during work activities
3. Privacy Protections: No audio recording, no camera activation, and keystroke logging disabled to protect passwords
4. Open Demonstrations: Leadership walked interested employees through the actual system capabilities

“We’d show them, ‘OK, this is how it’s being used. We’re not using audio. We can’t just flip that on and listen to whatever’s going on in your home,'” Justin explains. This educational approach transformed initial skepticism into understanding.

The key message was straightforward: Teramind monitors work activities on company devices to protect both the organization and employees from fraud. By being transparent about capabilities and limitations, Arrivia successfully built trust while maintaining the security benefits they needed.

The Numbers That Matter

Arrivia’s Teramind deployment delivers measurable results:

• 10-15 insider threats caught annually across various severity levels
• 150-200 productivity issues identified, leading to team reassignments or terminations
• Real-time fraud detection replacing weeks-long investigations
• 100% PCI compliance on credit card data detection
• Initial discovery of 50-60% activity manipulation led to comprehensive workforce restructuring

While Arrivia doesn’t use Teramind data for promotions, they do verify concerns about workload before advancement decisions. “Those numbers speak for themselves through our other reporting,” Justin notes. “This is just more of a validation.”

Beyond Traditional Threats

Justin’s fraud examiner expertise shapes how Arrivia uses Teramind. Beyond data theft, they monitor for:

• Money laundering attempts
• Embezzlement schemes
• Time clock manipulation
• Internal account takeovers
• Benefits fraud on dormant accounts

“Being a certified fraud examiner, I have to look at a bunch of different things,” Justin explains. The comprehensive approach catches threats others might miss.

The Validation Tool Philosophy

Arrivia uses Teramind as part of a broader security ecosystem. “We usually use it as a validation tool,” Justin explains. “We have a bunch of other tools that we use, and then we’ll go into Teramind to validate some of the information that we already know.”

This multi-tool approach provides legal protection and comprehensive evidence gathering, particularly important when dealing with international labor laws and potential criminal prosecutions.

Key Takeaways

Justin identifies key pressing detection as Teramind’s most valuable insight: “That has been by far the biggest one because 50 to 60 percent of our call center was guilty of doing that.” This discovery enabled Arrivia to restructure operations and ensure agents stay available and productive.

For companies considering similar deployments, Arrivia’s journey offers crucial lessons:

1. Unexpected discoveries drive value: A productivity tool became a fraud prevention system
2. Real-time detection beats retrospective investigation: Stopping threats before data leaves
3. Transparency builds trust: Education and clear policies reduce employee resistance
4. Integration multiplies effectiveness: Using Teramind alongside other tools provides comprehensive coverage
5. Behavioral insights drive operational changes: Discovery of widespread activity manipulation led to workforce restructuring

From catching sophisticated data theft operations to revealing systemic productivity manipulation, Arrivia’s experience proves that the right monitoring tool can fundamentally change how organizations approach both security and operations.

“I do believe that without the tool, we wouldn’t have been able to do that.”

Justin Skagen, VP of Revenue Integrity and Operational Compliance, Arrivia