Suspicious Activity — Employees
Suspicious Activity — Employees: How to Monitor Staff in a Gaming Club
Section titled “Suspicious Activity — Employees: How to Monitor Staff in a Gaming Club”The Suspicious Activity — Employees section in IZI CRM automatically collects non-typical operations broken down by each administrator: manual cash balance edits without a real payment, cancellations of paid sessions, bonus accruals without a matching top-up, and other actions that deviate from a normal working pattern. Access it via Analytics → Suspicious Activity → Employees — choose a date range and optionally filter by person. The system makes no judgments: it records the deviation; you investigate the reason. A single event is almost always an error or an edge-case guest assist. A pattern that repeats in one person’s shifts and consistently suppresses the till — that warrants a conversation. Read this section alongside the shift report: a shift with an anomalously low AOV for a specific administrator, combined with flagged operations in that same shift, is not a coincidence.
Which Operations Are Flagged
Section titled “Which Operations Are Flagged”IZI tracks several classes of action that, in certain contexts, may signal abuse or a process failure.
Manual Balance Adjustments
Section titled “Manual Balance Adjustments”An administrator manually changes a client’s cash or gaming balance without running a payment. The legitimate scenario is compensating for a technical failure — a PC freeze or network drop — where the guest genuinely lost time. The problematic scenario is regularly “adding time” for acquaintances without a till record.
What to check in the report:
- How often does one employee make these adjustments compared to others?
- Do the adjustments cluster around specific client accounts (always the same guests)?
- Is there a corresponding technical log entry (device error) that explains the compensation?
Session and Receipt Cancellations
Section titled “Session and Receipt Cancellations”Cancelling an already-closed, paid session is a rare operation that should be the exception, not the norm. IZI records every such cancellation with the initiator’s name and timestamp.
A warning sign: one administrator cancels sessions noticeably more often than peers — especially if the cancelled sessions were paid in cash.
Bonuses Without a Top-Up
Section titled “Bonuses Without a Top-Up”Bonus balance accruals normally fire automatically when a client deposits funds — that is the standard loyalty mechanics. If bonus balance appeared on a client account without a corresponding payment in the till, that is a flag worth investigating.
Off-Shift Actions
Section titled “Off-Shift Actions”System actions performed during hours when the employee is not scheduled to work, or during club closure. This may be harmless (left the account open), but it can also indicate unauthorized access.
How to Read the Employees Table
Section titled “How to Read the Employees Table”Each row in the table represents one employee for the selected period. Key columns:
| Column | What it shows | What to look for |
|---|---|---|
| Employee | Administrator name / login | Person identification |
| Manual adjustments | Count and total amount of manual balance changes | Compare against the team average |
| Session cancellations | Number of sessions cancelled | Concentration on one person → flag |
| Payment cancellations | Voided receipts / transactions | Especially critical for cash payments |
| Bonuses without top-up | Accruals with no matching payment | Should be zero or have a clear explanation |
| Off-shift actions | Activity outside scheduled working hours | Requires context clarification |
A single number in any column means nothing without context. Relative magnitude is what matters: if one employee’s figure is three times the team average, that is an anomaly worth examining.
How to Distinguish an Error from Abuse
Section titled “How to Distinguish an Error from Abuse”Step 1 — Assess Scale
Section titled “Step 1 — Assess Scale”One or two events per month in any operation type is within normal range for an active club. Dozens of the same operation type from one person over the same period is a pattern.
Step 2 — Cross-Check with the Till
Section titled “Step 2 — Cross-Check with the Till”Open the shift report and compare: do shifts with a high anomaly count also show a lower AOV or a till discrepancy? If yes, the link is direct.
Parametric reference:
Expected shift revenue = Session count × AOV (your average check for a comparable time slot)If a shift’s actual revenue is consistently below expected for the same session count, the gap is explained either by an unusual tariff mix or by operations that suppressed the till.
Step 3 — Review the Context of Each Operation
Section titled “Step 3 — Review the Context of Each Operation”Drill into the specific event in the log — IZI shows the timestamp, operation type, affected client account, and amount. Check whether there is a related guest complaint or a corresponding entry in the technical log that explains the action.
Step 4 — Compare Across the Whole Team
Section titled “Step 4 — Compare Across the Whole Team”An anomaly for one person only becomes significant when set against the rest. If all administrators produce roughly the same number of adjustments, that may simply be your club’s normal operational level. If one person accounts for 80 % of all adjustments — that is a different conversation.
Preventive Measures: Permission Settings
Section titled “Preventive Measures: Permission Settings”The most effective way to reduce suspicious operations is to limit the tools that enable them. IZI CRM has one built-in staff role — Administrator — plus custom roles you create yourself. For each custom role you choose exactly which permissions to grant. This lets you calibrate what each category of staff can and cannot do.
Recommended restrictions to configure on roles that handle day-to-day front-desk work:
- Manual balance adjustment — require a second person to approve, or route through a support request so the action is always logged with a reason
- Cancellation of paid sessions — restrict to roles whose holders are responsible for end-of-shift reconciliation; front-desk staff who only open sessions generally do not need this capability
- Manual bonus issuance — restrict or remove entirely; automation handles standard cases
- Account access from unauthorized devices — restrict by IP or registered device where possible
The fewer “bypass” options a front-desk administrator has, the fewer events will appear in the suspicious activity report — and the fewer uncomfortable conversations you will need to have.
Using the Data with Your Team
Section titled “Using the Data with Your Team”The section is a management tool, not a punishment tool. A few principles that make it effective:
Facts, not suspicions. Show specific records: date, time, operation type, amount. Give the employee a chance to explain. There is often a perfectly rational reason that is invisible without context.
Pattern over single incident. One event is not grounds for conclusions. A recurring scheme in one person’s shifts is grounds for a serious conversation and, if needed, an access permission adjustment.
Prevention through transparency. If the team knows the system logs all non-typical operations and you review them regularly, that awareness alone reduces the likelihood of abuse.
Track change in dynamics. If you tightened a process (for example, added mandatory confirmation for balance adjustments) and the anomaly count dropped, that is a measurable result you can point to.
Related Analytics Sections
Section titled “Related Analytics Sections”Suspicious Activity — Employees is one piece of a larger picture. Use it together with adjacent sections for complete oversight:
| What to check | Where to go |
|---|---|
| Suspicious client balance operations | Balance Operations |
| Technical device events during a shift | Technical Log |
| Full overview of all suspicious activity types | Suspicious Activity — Overview |
| Shift comparison and AOV anomaly detection | Shift Report |
| Tariff sales broken down by employee | Tariff Sales |
Frequently Asked Questions
Section titled “Frequently Asked Questions”How often should I check this section?
Section titled “How often should I check this section?”Ideally, a 2–3 minute daily scan of the previous day’s events, plus a weekly review of the accumulated picture. For multi-location operators, one weekly aggregate slice across all clubs is the most efficient rhythm.
What if suspicious operations are spread evenly across all staff?
Section titled “What if suspicious operations are spread evenly across all staff?”That is a signal about the process, not the people. Your club likely has situations where administrators have no option other than a manual adjustment — for example, no convenient compensation flow when a device fails. The fix is to redesign the process, not to look for individuals to blame.
How do I properly document a violation?
Section titled “How do I properly document a violation?”Export or filter the operation list by employee and period. Record the specific entries — timestamp, type, amount — in a separate document along with the date of your review. This is the correct evidentiary basis for an administrative decision.
Does changing an employee’s password affect their operation history?
Section titled “Does changing an employee’s password affect their operation history?”No. IZI ties operations to the user account, not to the device or the password. The operation history is preserved regardless of any changes made to the account credentials.
Frequently asked questions
What is the Suspicious Activity — Employees section in IZI CRM?
It is an analytics section that automatically captures non-typical operations per administrator: manual balance adjustments, session cancellations, bonus accruals without a matching payment, and off-shift actions. The system does not draw conclusions — it surfaces deviations so the owner can investigate the cause.
How do I open the Suspicious Activity — Employees section in IZI CRM?
Navigate to Analytics → Suspicious Activity → Employees tab. Set a date range with the filter and optionally select a specific staff member. The table will display each administrator with a breakdown by operation type.
Which operations does IZI flag as suspicious for an employee?
Manual balance changes without a corresponding payment (adding gaming time from thin air), bulk session or receipt cancellations, bonus accruals without a matching top-up transaction, sessions opened without recorded payment, and actions performed outside the employee's scheduled shift.
How do I tell an honest mistake from deliberate abuse in the report?
A single event is almost always an error or a legitimate guest assist. A pattern — the same operation types repeating across one person's shifts and consistently affecting cash — is grounds for a conversation. The key abuse marker: operations that reduce recorded revenue appear regularly in one specific administrator's shifts.
Can I restrict employee permissions to prevent suspicious operations?
Yes. In IZI CRM you can configure custom roles with restricted permissions — disable manual balance adjustment, cancellation of paid sessions, and bonus issuance for roles that do not need those capabilities. Prevention beats investigation: remove the tool before the problem arises.
How should I use this data when talking to an employee?
Export or screenshot the specific records — date, time, amount, and operation type. Give the employee a chance to explain first. If the explanation does not match the data, you have a documented basis for administrative action. Never build a case on a single incident; only a pattern justifies it.
Do suspicious employee actions affect shift revenue in reports?
Directly, yes. Manual adjustments and cancellations can reduce recorded revenue. That is why you should read this section alongside the shift report: a shift with an unusually low AOV for a specific administrator is a signal to check whether it also contains anomalous operations.
How often should I review suspicious employee activity?
Minimum once a week; ideally a quick daily scan of the previous day's events. For multi-club networks, a weekly roll-up across all locations lets you spot cross-site anomalies and compare administrator behavior in aggregate.
What should I do if the number of suspicious operations spikes suddenly?
First, check whether the spike is concentrated on one employee or spread across the whole team. Concentration on one person points to a personal pattern. An even spread across all staff suggests a process bottleneck — something in the workflow is forcing everyone into manual workarounds.
Can I set up notifications for suspicious employee actions in IZI?
Check the current IZI CRM release notes — notification settings are actively developed. At minimum, the data is always available in the analytics section in near real time, without delay.