Every few years our industry rediscovers the same debate: should fraud and cybersecurity teams actually sit together?

And honestly, usually both sides hate the idea immediately.

Not because they dislike each other. Mostly because both teams are already overwhelmed and nobody wants another meeting.

But over the last couple of years, something changed.

The signals started converging.

Credential stuffing became account takeover. Account takeover became fraud. Fraud became phishing. Phishing became invoice fraud and ACH fraud. And suddenly the same security telemetry that detects compromised infrastructure also helps identify fraudulent users before they ever reach checkout.

That is where things start getting weird.

In this episode, I sat down with Cy Khormaee, who helped build Recaptcha at Google and now runs Aegis AI, to talk about why AI phishing detection is forcing fraud and cybersecurity teams closer together whether they like it or not.

And honestly, once you realize the same behavioral signals can stop both account takeover and payment fraud detection, the organizational separation starts feeling a little artificial.

We get into AI email security, AI-powered fraud, fraudster ROI, upstream fraud detection, and why modern attackers are moving faster than most enterprise security stacks were designed for.

Also, I learned that Google literally tracked the market price of breaking CAPTCHA systems like a stock ticker.

Which honestly feels extremely fraud-brained.

• A practical look at why fraud and cybersecurity teams are starting to share the same signals
• How credential stuffing and account takeover pushed security tools into fraud prevention use cases
• Why AI phishing detection depends on more than static email rules or reputation checks
• How AI email security is changing as attackers use AI to generate more targeted phishing attacks
• Where invoice fraud, ACH fraud, and accounts payable fraud sit between security and fraud operations
• Why security telemetry and fraud telemetry become more useful when teams connect the full user journey
• How Recaptcha evolved from image puzzles into behavioral detection and fraud prevention infrastructure
• Why “good people leave tracks” still applies across both fraud and security signals
• How upstream fraud detection helps stop problems before money leaves the platform
• Why fraudster ROI is one of the most useful ways to think about modern defense
• What teams should ask vendors before buying AI-powered fraud or AI security tools

Expect a conversation about tools, signals, attacker economics, and the awkward reality that fraud and security may already be converging, whether the org chart admits it or not.

• Fraud leaders and fraud analysts
• Cybersecurity professionals
• Trust and safety teams
• FinTech fraud prevention teams
• Email security teams
• Accounts payable and payment risk teams
• Teams evaluating AI phishing detection or AI email security vendors
• Anyone working on credential stuffing, account takeover, invoice fraud, ACH fraud, or upstream fraud detection

Basically, if your fraud team and cybersecurity team only meet during incident review, this one may be worth playing in both rooms.

Honestly, most fraud teams have no idea how many good users they are actually blocking.

Ask someone for their chargeback data and you’ll usually get a very precise answer. Ask how many legitimate customers were declined by mistake and suddenly things get a lot less scientific.

Usually somewhere between a shrug and “probably not many.”

Not a great sign.

False positive fraud detection is fundamentally difficult, not because fraud teams do not care, but because fraud systems are often designed in ways that make false positives invisible by default.

If you approve a transaction, the system gets feedback. Fraud turns into chargebacks. Legitimate users come back and transact again.

But when you block someone, the signal disappears.

The complaint gets buried in a support queue. The customer never retries. The event never becomes a label. And suddenly your fraud analytics pipeline has no idea the mistake even happened.

That is really the core problem this episode explores.

More specifically, how fraud teams can start measuring false positive rates using imperfect but practical approaches like fraud rules simulation, manual review, entity resolution, control groups, transaction monitoring, and user feedback.

Before you can reduce false positives, you first need to prove they exist.

• Why false positive fraud detection is difficult in systems built around incomplete feedback loops
• How declined transactions disappear from fraud analytics and model training data
• Why chargeback data is easier to measure than blocked legitimate users
• A breakdown of fraud rules simulation and where simulation fails operationally
• How manual review helps identify hidden false positives inside payment fraud detection systems
• Why entity resolution becomes one of the strongest tools for linking blocked users to later legitimate behavior
• How control groups expose hidden weaknesses in fraud decisioning systems
• Where user feedback loops can help, and where they become dangerous
• Why fraud prevention strategy depends on understanding false positive reduction at the operational level
• How fraud risk management changes once teams understand where false positives actually come from

A conversation about fraud systems, hidden mistakes, operational blind spots, and why measuring false positives is mostly an exercise in triangulation rather than certainty.

• Fraud leaders and fraud analysts
• Risk and compliance teams
• Fraud operations managers
• FinTech fraud prevention teams
• Payment fraud detection professionals
• Teams managing fraud decisioning systems
• Data science and fraud analytics teams
• Anyone responsible for transaction monitoring, fraud prevention tools, or false positive reduction

Basically, if you have ever looked at your fraud system and wondered whether you are blocking more good users than you realize, this episode is for you.

Honestly, the answer is probably yes.

Back in 2009, when I started working in fraud prevention at PayPal, we had this saying: “Good people leave tracks.”

And honestly, that was kind of the whole job.

Fraudsters tried to erase themselves. Fake identities, disposable emails, wiped browser cookies, brand-new accounts. Legitimate users, meanwhile, usually left digital breadcrumbs everywhere because nobody really thought much about online privacy back then.

So yes, part of the job was basically social media investigation.

And honestly, I got weirdly good at it.

In this episode, I tell the story of how a random Facebook profile picture, a colonial-looking building, and an old backpacking trip through Vietnam helped us approve a transaction that initially looked like obvious fraud.

Now, if listening to that story makes you cringe a little, good. It should.

The bigger conversation here is not really about Facebook stalking. It is about how fraud prevention changed once online privacy, customer privacy, and data privacy became much more serious priorities across the internet.

And now we have this strange tradeoff.

As private citizens, most of us are probably happy that publicly available information is harder to access than it was 15 years ago. But as fraud professionals, we also lost a huge amount of visibility that once helped us understand identity intelligence, behavior patterns, and fraud risk.

Not a simple problem.

• How social media investigation worked inside fraud teams in the early days of fintech fraud prevention
• Why fraud analysts relied heavily on publicly available information and digital breadcrumbs
• A real fraud investigation story involving Facebook, geolocation mismatch, and identity verification
• How online privacy and data privacy reshaped fraud prevention workflows
• Why social media OSINT became harder as platforms tightened customer privacy controls
• How open source intelligence techniques evolved from manual investigation into AI OSINT tools
• Why identity intelligence became more difficult once social networks reduced public visibility
• A practical discussion about OSINT for fraud prevention and its limits today
• How scammers and social engineering scams changed the privacy conversation entirely
• Why fraud fighters may need to rethink their relationship with privacy regulations

A conversation that starts with an old-school fraud investigation story that turns into a broader discussion about whether losing access to personal data may have actually protected us in the long run.

• Fraud leaders and fraud investigators
• Trust and safety professionals
• FinTech fraud prevention teams
• Risk and compliance professionals
• OSINT and digital investigation practitioners
• Cybersecurity and identity teams

Anyone interested in social media OSINT, online privacy, identity intelligence, or open source intelligence techniques.

Basically, if you ever used Facebook like an investigative database, this episode is probably going to make you a little uncomfortable.