You can't save customers you don't know are at risk. At-risk customer identification combines quantitative signals (usage data, engagement metrics) with qualitative indicators (sentiment, feedback) to systematically flag accounts before they cancel. The goal: create a reliable early warning system that prioritizes CS team effort where it matters most.
Defining "At Risk"
At-risk means a customer has significantly higher churn probability than baseline.
Example baseline: Overall churn rate = 5%/month
At-risk threshold: Churn probability ≥15% in next 90 days
Risk tiers:
- Critical (Red): >40% churn probability → Immediate action required
- High (Orange): 20-40% probability → Proactive engagement within 1 week
- Moderate (Yellow): 10-20% probability → Monitor closely, light touch
- Low (Green): <10% probability → Standard nurturing
Data Sources for Risk Identification
1. Product Usage Data
Critical metrics:
Login frequency:
- Baseline: 10 logins/week
- At-risk signal: <3 logins/week for 14+ days
Session depth:
- Baseline: 25 actions/session
- At-risk signal: <10 actions/session
Feature adoption:
- Baseline: 60% of core features used
- At-risk signal: <30% adoption after 90 days
Workflow completion:
- Baseline: 80% completion rate
- At-risk signal: <40% completion or 0 completions in 21 days
Tools: Amplitude, Mixpanel, Heap, Pendo
2. Engagement Metrics
Communication engagement:
- Email open rates dropping >50%
- Notification opt-outs
- Unsubscribes from product updates
- No response to 3+ CS touchpoints
Support interactions:
- Ticket volume spike (3× baseline)
- Repeat tickets on same issue
- Escalation language ("unacceptable," "frustrated")
- Ghosting (no response to CS for 14+ days)
Tools: Intercom, Zendesk, Pelin.ai (sentiment analysis)
3. Business & Contract Data
Payment signals:
- Failed payment attempts
- Past-due invoices
- Downgrades or seat reductions
- Cancellation page visits
Contract timing:
- <60 days to renewal
- No expansion activity in past 90 days
- Month-to-month vs. annual (month-to-month churns 3× more)
Organizational changes:
- Key contact departed (LinkedIn monitoring)
- Company layoffs or restructuring
- Merger/acquisition
Tools: Stripe, Chargebee, Salesforce, HubSpot
4. Customer Sentiment
NPS/CSAT trends:
- Declining scores (Promoter → Passive → Detractor)
- Detractor status (NPS 0-6)
- CSAT consistently <3/5
Support sentiment:
- Negative language in tickets
- Escalations to management
- Threat language ("We're considering switching")
- Competitor mentions
Survey responses:
- "Unlikely to recommend"
- Feature requests framed as "need this or we'll leave"
- Expressing dissatisfaction in open-ended feedback
Tools: Delighted, Wootric, Pelin.ai (auto-sentiment analysis)
Building a Risk Identification Model
Approach 1: Rules-Based Scoring (Simpler)
Define explicit rules that flag at-risk customers:
Rule examples:
Critical risk (+40 points each):
- No login in 21+ days
- Cancellation page visited
- Payment failed 2+ times
- Detractor NPS + negative support interaction
High risk (+20 points each):
- Usage down >50% from baseline for 14+ days
- Key feature not used in 30 days
- Support ticket with escalation language
- Contract renewal <30 days with no engagement
Moderate risk (+10 points each):
- Usage down 30-50%
- NPS declined by 3+ points
- Unsubscribed from emails
- No response to CS outreach
Total risk score: Sum of triggered rules
Threshold: >40 points = Critical, 20-39 = High, 10-19 = Moderate
Pros: Transparent, easy to explain, quick to build
Cons: Doesn't capture complex patterns, requires manual tuning
Approach 2: Machine Learning (Advanced)
Train predictive model on historical data:
Training data:
- Features: All usage, engagement, sentiment, and contract data
- Labels: Did customer churn? (Yes/No)
- Timeframe: Predict churn in next 30/60/90 days
Model outputs: Churn probability (0-100%)
Algorithms:
- Logistic regression (simple, interpretable)
- Random forest (handles non-linear relationships)
- Gradient boosting (XGBoost, LightGBM—highest accuracy)
- Neural networks (deep learning for very large datasets)
Tools:
- Python (scikit-learn, XGBoost)
- Cloud ML (AWS SageMaker, Google AutoML, Azure ML)
- CS platforms (Gainsight, ChurnZero have built-in ML)
Pros: Discovers hidden patterns, adapts as data changes, high accuracy
Cons: Requires data science expertise, needs large historical dataset (500+ churn events)
Approach 3: Hybrid (Best of Both)
Combine rules-based and ML:
ML model: Generates base risk score
Rules-based adjustments: Add/subtract points for critical events
Example:
- ML predicts 30% churn risk
- Customer visits cancellation page → +30 points → 60% risk (Critical)
Benefit: ML finds subtle patterns, rules catch obvious signals
Segmented Risk Identification
Different customer segments have different risk profiles:
New Customers (<90 days)
Primary risk: Failed onboarding
Key signals:
- Core feature not adopted by Day 30
- Usage declining from peak onboarding period
- Setup incomplete (integrations, team invites)
At-risk threshold: Lower bar (usage decline >30% triggers alert)
Intervention: Onboarding optimization, reducing time-to-value
Mature Customers (>1 year)
Primary risk: Stagnation, better alternatives
Key signals:
- No expansion in 6+ months
- Usage plateaued or declining
- Competitive tool mentions
- Champion turnover
At-risk threshold: Sustained trends over months
Intervention: Executive business reviews, expansion discussions, relationship rebuilding
Enterprise vs. SMB
Enterprise:
- Contract-driven (renewal timing matters most)
- Relationship-heavy (stakeholder engagement critical)
- Multi-threaded (many users, complex to assess)
SMB:
- Usage-driven (low usage = imminent churn)
- Self-serve (less relationship dependency)
- Faster churn cycles (decide and cancel quickly)
Adjust risk scoring weights per segment.
Operationalizing Risk Identification
1. Automated Daily Scoring
Process:
- Nightly batch job: Recalculate risk scores for all customers
- Trigger alerts: New customers crossing risk thresholds
- Update dashboards: CS team sees latest scores each morning
Tools: Data warehouse (Snowflake, BigQuery) + scheduling (Airflow, dbt) + alerting (Slack, email)
2. Real-Time Event Triggers
High-priority signals trigger immediate alerts:
- Payment failure → Instant Slack alert to CS manager
- Cancellation page visit → Real-time notification
- Detractor NPS submitted → Alert within 1 hour
Tools: Segment, Rudderstack (event streaming) + Zapier, Make (automation)
3. CS Dashboard
Build internal dashboard showing:
Customer list view:
- Customer name, risk score, risk trend (↑↓), days at risk
- Sortable/filterable by score, segment, CS owner
- Click customer → detailed risk breakdown
Portfolio view:
- % customers in each risk tier
- At-risk ARR/MRR
- Week-over-week trend
Individual customer view:
- Risk score components (what's driving the score?)
- Historical score trend (improving or declining?)
- Recent activity timeline
- Suggested actions (playbook recommendations)
Tools: Tableau, Looker, Mode, or CS platforms (Gainsight, ChurnZero)
4. Alert Routing & Prioritization
Not all at-risk customers deserve equal attention:
Priority matrix:
| Risk Level | High Value Customer | Medium Value | Low Value |
|---|---|---|---|
| Critical | CEO + CS Exec | CS Manager | Automated save offer |
| High | CSM + Manager | CSM | Email + resource |
| Moderate | CSM check-in | Monitor |
Route alerts to appropriate person based on risk + value.
Continuous Model Improvement
1. Track Prediction Accuracy
Monthly review:
True Positives: Flagged as at-risk, actually churned (good catch!)
False Positives: Flagged as at-risk, didn't churn (wasted CS effort)
True Negatives: Not flagged, didn't churn (correct)
False Negatives: Not flagged, but churned (missed opportunity!)
Key metrics:
- Precision: Of flagged customers, what % actually churned? (target: 30-50%)
- Recall: Of churned customers, what % were flagged? (target: >70%)
- F1 score: Harmonic mean of precision and recall
If precision too low (lots of false positives): Tighten thresholds, add more filters
If recall too low (missing churns): Lower thresholds, add more signals
2. Incorporate New Signals
Regularly test new indicators:
Hypothesis: "Customers who export data are 3× more likely to churn"
Test: Add data export as signal, measure if precision/recall improve
Result: If yes, add to model permanently; if no, discard
3. Retrain ML Models
If using machine learning:
Quarterly: Retrain on latest data (customer behavior changes over time)
After major product changes: New features alter usage patterns, models may need retraining
When performance degrades: If precision/recall drops >10%, investigate and retrain
4. Feedback from CS Team
Monthly CS team survey:
- "Were the at-risk alerts accurate this month?"
- "Did you encounter churns we didn't predict?"
- "What signals would you add?"
CS intuition often catches what data misses.
Common Mistakes in Risk Identification
Mistake 1: Single Signal Over-Reliance
Problem: "They haven't logged in for a week" = at-risk
Reality: Could be vacation, project pause, seasonal business
Fix: Require multiple signals (low usage + declining engagement + negative sentiment)
Mistake 2: Ignoring Segment Differences
Problem: Applying same thresholds to all customers
Reality: Enterprise customers with quarterly usage cycles != SMB with daily usage
Fix: Segment-specific models and thresholds
Mistake 3: No Action on Alerts
Problem: Identifying at-risk customers but CS team doesn't engage
Reality: Risk ID only helps if it triggers intervention
Fix: Build retention playbooks and proactive outreach processes
Mistake 4: Alert Fatigue
Problem: Too many alerts, CS team ignores them
Reality: Low-quality alerts train teams to dismiss all alerts
Fix: Strict thresholds, prioritize by value, limit daily alerts to top 10
Mistake 5: Static Model
Problem: Build model once, never update
Reality: Customer behavior and product evolve, models decay
Fix: Quarterly reviews, continuous calibration, retrain ML models
Advanced Risk Identification Techniques
Leading Indicator Discovery
Analyze sequences leading to churn:
Finding: "Customers who hit [Error X] 3+ times in first week churn at 4× baseline rate"
Action: Add "Error X frequency" as early warning signal
Method: Cohort analysis, sequence mining, time-series analysis
Peer Group Benchmarking
Compare customer to similar cohort:
Customer A (at risk):
- Usage: 5 sessions/week (cohort avg: 20)
- Features used: 3 (cohort avg: 12)
- Team size: 2 (cohort avg: 8)
Action: Flag as underperforming vs. peers
Velocity of Change
Track rate of decline, not just absolute values:
Customer B:
- Current usage: 10 sessions/week (still healthy)
- 30 days ago: 25 sessions/week
- Velocity: -60% in 30 days → RED FLAG
Rapid decline predicts imminent churn better than low absolute usage.
Customer Journey Stage Alignment
Risk varies by lifecycle stage:
Onboarding (Days 1-30): Slow adoption = high risk
Growth (Months 2-6): Expansion activity = low risk
Mature (6+ months): Stagnation = rising risk
Pre-renewal (60 days out): Any negative signal = critical
Adjust risk thresholds based on customer lifecycle stage.
Identify at-risk customers automatically from product and feedback data. Pelin.ai combines usage analytics, sentiment analysis across Intercom/Zendesk/Slack, and business metrics to surface at-risk customers in real-time. Request a free trial and catch churn before it happens.
Related Articles
- Product Discovery Process - Build products customers want
- Continuous Discovery Habits - Make research a weekly practice
- Opportunity Solution Trees - Map problems to solutions
- Customer Interview Techniques - Conduct effective research
- Research Synthesis - Transform findings into insights