Every few years our industry rediscovers the same debate: should fraud and cybersecurity teams actually sit together?

And honestly, usually both sides hate the idea immediately.

Not because they dislike each other. Mostly because both teams are already overwhelmed and nobody wants another meeting.

But over the last couple of years, something changed.

The signals started converging.

Credential stuffing became account takeover. Account takeover became fraud. Fraud became phishing. Phishing became invoice fraud and ACH fraud. And suddenly the same security telemetry that detects compromised infrastructure also helps identify fraudulent users before they ever reach checkout.

That is where things start getting weird.

In this episode, I sat down with Cy Khormaee, who helped build Recaptcha at Google and now runs Aegis AI, to talk about why AI phishing detection is forcing fraud and cybersecurity teams closer together whether they like it or not.

And honestly, once you realize the same behavioral signals can stop both account takeover and payment fraud detection, the organizational separation starts feeling a little artificial.

We get into AI email security, AI-powered fraud, fraudster ROI, upstream fraud detection, and why modern attackers are moving faster than most enterprise security stacks were designed for.

Also, I learned that Google literally tracked the market price of breaking CAPTCHA systems like a stock ticker.

Which honestly feels extremely fraud-brained.

• A practical look at why fraud and cybersecurity teams are starting to share the same signals
• How credential stuffing and account takeover pushed security tools into fraud prevention use cases
• Why AI phishing detection depends on more than static email rules or reputation checks
• How AI email security is changing as attackers use AI to generate more targeted phishing attacks
• Where invoice fraud, ACH fraud, and accounts payable fraud sit between security and fraud operations
• Why security telemetry and fraud telemetry become more useful when teams connect the full user journey
• How Recaptcha evolved from image puzzles into behavioral detection and fraud prevention infrastructure
• Why “good people leave tracks” still applies across both fraud and security signals
• How upstream fraud detection helps stop problems before money leaves the platform
• Why fraudster ROI is one of the most useful ways to think about modern defense
• What teams should ask vendors before buying AI-powered fraud or AI security tools

Expect a conversation about tools, signals, attacker economics, and the awkward reality that fraud and security may already be converging, whether the org chart admits it or not.

• Fraud leaders and fraud analysts
• Cybersecurity professionals
• Trust and safety teams
• FinTech fraud prevention teams
• Email security teams
• Accounts payable and payment risk teams
• Teams evaluating AI phishing detection or AI email security vendors
• Anyone working on credential stuffing, account takeover, invoice fraud, ACH fraud, or upstream fraud detection

Basically, if your fraud team and cybersecurity team only meet during incident review, this one may be worth playing in both rooms.

Honestly, most fraud teams have no idea how many good users they are actually blocking.

Ask someone for their chargeback data and you’ll usually get a very precise answer. Ask how many legitimate customers were declined by mistake and suddenly things get a lot less scientific.

Usually somewhere between a shrug and “probably not many.”

Not a great sign.

False positive fraud detection is fundamentally difficult, not because fraud teams do not care, but because fraud systems are often designed in ways that make false positives invisible by default.

If you approve a transaction, the system gets feedback. Fraud turns into chargebacks. Legitimate users come back and transact again.

But when you block someone, the signal disappears.

The complaint gets buried in a support queue. The customer never retries. The event never becomes a label. And suddenly your fraud analytics pipeline has no idea the mistake even happened.

That is really the core problem this episode explores.

More specifically, how fraud teams can start measuring false positive rates using imperfect but practical approaches like fraud rules simulation, manual review, entity resolution, control groups, transaction monitoring, and user feedback.

Before you can reduce false positives, you first need to prove they exist.

• Why false positive fraud detection is difficult in systems built around incomplete feedback loops
• How declined transactions disappear from fraud analytics and model training data
• Why chargeback data is easier to measure than blocked legitimate users
• A breakdown of fraud rules simulation and where simulation fails operationally
• How manual review helps identify hidden false positives inside payment fraud detection systems
• Why entity resolution becomes one of the strongest tools for linking blocked users to later legitimate behavior
• How control groups expose hidden weaknesses in fraud decisioning systems
• Where user feedback loops can help, and where they become dangerous
• Why fraud prevention strategy depends on understanding false positive reduction at the operational level
• How fraud risk management changes once teams understand where false positives actually come from

A conversation about fraud systems, hidden mistakes, operational blind spots, and why measuring false positives is mostly an exercise in triangulation rather than certainty.

• Fraud leaders and fraud analysts
• Risk and compliance teams
• Fraud operations managers
• FinTech fraud prevention teams
• Payment fraud detection professionals
• Teams managing fraud decisioning systems
• Data science and fraud analytics teams
• Anyone responsible for transaction monitoring, fraud prevention tools, or false positive reduction

Basically, if you have ever looked at your fraud system and wondered whether you are blocking more good users than you realize, this episode is for you.

Honestly, the answer is probably yes.

Back in 2009, when I started working in fraud prevention at PayPal, we had this saying: “Good people leave tracks.”

And honestly, that was kind of the whole job.

Fraudsters tried to erase themselves. Fake identities, disposable emails, wiped browser cookies, brand-new accounts. Legitimate users, meanwhile, usually left digital breadcrumbs everywhere because nobody really thought much about online privacy back then.

So yes, part of the job was basically social media investigation.

And honestly, I got weirdly good at it.

In this episode, I tell the story of how a random Facebook profile picture, a colonial-looking building, and an old backpacking trip through Vietnam helped us approve a transaction that initially looked like obvious fraud.

Now, if listening to that story makes you cringe a little, good. It should.

The bigger conversation here is not really about Facebook stalking. It is about how fraud prevention changed once online privacy, customer privacy, and data privacy became much more serious priorities across the internet.

And now we have this strange tradeoff.

As private citizens, most of us are probably happy that publicly available information is harder to access than it was 15 years ago. But as fraud professionals, we also lost a huge amount of visibility that once helped us understand identity intelligence, behavior patterns, and fraud risk.

Not a simple problem.

• How social media investigation worked inside fraud teams in the early days of fintech fraud prevention
• Why fraud analysts relied heavily on publicly available information and digital breadcrumbs
• A real fraud investigation story involving Facebook, geolocation mismatch, and identity verification
• How online privacy and data privacy reshaped fraud prevention workflows
• Why social media OSINT became harder as platforms tightened customer privacy controls
• How open source intelligence techniques evolved from manual investigation into AI OSINT tools
• Why identity intelligence became more difficult once social networks reduced public visibility
• A practical discussion about OSINT for fraud prevention and its limits today
• How scammers and social engineering scams changed the privacy conversation entirely
• Why fraud fighters may need to rethink their relationship with privacy regulations

A conversation that starts with an old-school fraud investigation story that turns into a broader discussion about whether losing access to personal data may have actually protected us in the long run.

• Fraud leaders and fraud investigators
• Trust and safety professionals
• FinTech fraud prevention teams
• Risk and compliance professionals
• OSINT and digital investigation practitioners
• Cybersecurity and identity teams

Anyone interested in social media OSINT, online privacy, identity intelligence, or open source intelligence techniques.

Basically, if you ever used Facebook like an investigative database, this episode is probably going to make you a little uncomfortable.

A year and a half ago, I wrote that for around 150 bucks, anyone could buy a service on the dark web that bypassed a KYC vendor.

People were shocked.

Today? Honestly, not so much.

Now the threat is cheaper, faster, and harder to spot. Document checks can be bypassed. Selfies can be bypassed. Even 3D liveness checks, the ones that looked unbeatable not that long ago, can be bypassed.

Not a good look.

So in this episode, I want to talk about what fraud teams actually do next. Because if your KYC fraud prevention strategy still assumes that a clean KYC pass means a clean user, you are already behind.

The answer is layering. But not the lazy version where you just buy more KYC vendors and hope one of them saves you. I mean real multi-layer fraud defense: device intelligence, behavioral biometrics, behavioral signals, identity intelligence, device telemetry, post-signup fraud monitoring, and KYC vendor orchestration used in the right sequence.

Because a KYC check is a signal. It is not a verdict.

• A breakdown of why KYC bypass prevention has become harder as fraud kits get cheaper and more specialized
• Why KYC fraud checks, document checks, selfies, and 3D liveness can no longer carry the whole fraud prevention strategy
• How device intelligence asks different questions than a KYC vendor
• Why behavioral signals and behavioral biometrics can expose what a document check misses
• How identity intelligence helps connect emails, phone numbers, addresses, and documentation into a more cohesive picture
• Why post-signup fraud monitoring and high-risk user monitoring matter after account opening
• How step-up verification can add friction only when the risk actually justifies it
• Why KYC vendor orchestration can be useful for a small, high-risk segment
• How fraudster ROI changes when fraud teams stop relying on a single point of failure

A practical conversation about layered fraud defense, operational blind spots, and why modern KYC fraud detection depends on connecting signals instead of trusting one onboarding result.

• Fraud leaders and fraud operators
• Risk and compliance teams
• FinTech teams managing onboarding and account opening fraud
• Trust and safety professionals
• Identity verification and KYC teams
• Teams evaluating behavioral biometrics, device intelligence, and synthetic identity detection

Basically, if your fraud stack still depends heavily on one KYC vendor, or if device telemetry is collected but barely used, or if onboarding and transaction monitoring teams are still operating in silos this episode is probably going to feel uncomfortably familiar.

Honestly, that stack fails every time eventually.

This episode is a bit of a full-circle moment.

Years ago, Matt Vega interviewed me on one of my first podcast appearances. And now, somehow, here we are, roles reversed, with Matt joining me for the first full interview episode of The Saturday Fraud Strategist.

Honestly, not a bad way to start.

In this episode, Matt and I talk about what it actually takes to build real-time fraud prevention from zero. Not the polished vendor version. The real version. The one with hiring decisions, messy processes, fragile fraud prevention tech stacks, disconnected vendors, and systems that look impressive right up until they break.

Not a good look.

While real-time fraud detection sounds like a technology problem, the conversation goes deeper. We talk about people, process, product, real-time fraud monitoring, tactical friction, fraud prevention guardrails, AI readiness, and why teams need to move upstream before the money is gone.

Because once the payment moves, especially in real-time transaction monitoring or real-time payment environments, you are not preventing fraud anymore. You are documenting the damage.

• A breakdown of Matt Vega’s people, process, and product framework for real-time fraud prevention
• A practical discussion of how to build a fraud prevention strategy from zero
• Insight into hiring for curiosity, trust, flexibility, and actual problem-solving ability
• A conversation about reactive vs proactive fraud prevention in real-time payment environments
• A focused look at upstream fraud detection, tactical friction, and why friction done right can increase trust
• Practical considerations for building a fraud prevention tech stack where vendors, signals, and workflows actually communicate
• A discussion of AI fraud prevention, machine learning fraud detection, and agentic AI in fraud prevention

Listeners can expect a conversation that moves from theory to operating reality, and from operating reality to practical decisions fraud teams can actually use.

• Fraud leaders and fraud professionals
• Risk, compliance, and cybersecurity teams
• Fintech, banking, and payments teams
• Product leaders building real-time payment experiences
• Fraud operations teams moving from manual review to automation
• Founders, operators, and executives building fraud prevention programs from scratch

Anyone evaluating fraud detection rules, behavioral biometrics, device intelligence, KYC fraud prevention, account takeover prevention, or the best fraud prevention tools for their stack.

The discussion is designed for professionals who are committed not only to detecting fraud, but to building systems that can scale without becoming fragile.

In this episode, I start with a slightly strange moment at the Mastercard offices. I was catching up with someone I know and he told me I had started pushing a new narrative.

Okay. Apparently, the narrative was that rules are better than AI.

Honestly, I get why it looked that way. I talk about rules vs AI in fraud prevention quite a bit. But that is not really the point.

The point is control.

AI fraud prevention, fraud prevention AI, AI fraud detection, machine learning fraud prevention, all of it sounds great until the person responsible for money movement and customer acquisition has to approve the change. Then accuracy is not the only thing that matters. Trust matters. Explainability matters. Strategy visibility matters. And if leaders do not feel in control, they will choose worse fraud tools.

Not because they are irrational.

Because breaking the business is, technically speaking, not a good look.

• A breakdown of why the “rules vs AI in fraud prevention” debate misses the bigger issue
• Why leaders often choose fraud detection rules over stronger AI fraud tools
• How fraud risk management changes when the process touches money movement and customer acquisition
• Why fraud decisioning depends on trust, not just model accuracy
• What fraud AI tools often get wrong about explainability
• How chargeback rate optimization can become more useful when users can compare low, medium, and high-risk strategies
• Why AI trust in fraud prevention depends on clear KPIs, plain answers, and visible tradeoffs
• Listeners can expect a conversation that moves from “which tool performs better?” to the more uncomfortable question: who actually feels safe enough to make the decision?

• Fraud leaders and fraud operators
• Risk and compliance teams
• Product teams building fraud AI tools
• Financial institution leaders evaluating AI fraud prevention
• Fraud technology vendors and solution architects
• Anyone involved in fraud decisioning, chargeback rate optimization, or machine learning fraud prevention

Basically, if you have ever looked at a model and thought, “The performance is better, so why won’t they use it?” this one is for you.

I wanted to take a step back and talk about something a bit more personal, but also very relevant to how I think about fraud prevention strategy.

It’s been six months since I joined Sardine. And I figured it makes sense to explain how I got here, because honestly, the decision wasn’t hard, but it wasn’t simple either.

This isn’t just about changing roles. It’s about moving from fraud prevention consulting into something broader, where I can connect content, product, and strategy in a way that actually helps fraud fighters do their job better.

And along the way, it raises a bigger question: what does an effective fraud prevention strategy actually look like when you’ve been on the practitioner's side for long enough?

• A personal breakdown of why I moved from solo consulting back into a team
• Why “freedom” in consulting isn’t always what it seems
• How I think about fraud prevention strategy after years in the field
• What made Sardine stand out as a fraud prevention platform
• Why practitioner-led content matters more than ever
• How fraud prevention solutions should actually be built and evaluated

• Fraud fighters working in fintech fraud prevention and enterprise fraud prevention
• Risk, compliance, and product teams evaluating fraud prevention solutions
• Professionals working in fraud prevention consulting
• Anyone thinking about the gap between vendor promises and real-world fraud operations
• Anyone trying to build or choose a fraud prevention platform that actually works

If you’ve ever asked yourself whether the tools you’re using really solve your problems, this one will probably resonate.

A few months ago, I woke up registered on a dating app. I'm in a 13-year relationship. I did not sign up.

Someone used my email to create a profile on Coffee Meets Bagel. When the platform froze the account, the scammers opened another one. Same email. Same details. Instantly. By the third account, customer support still hadn't replied.

What starts as fake dating profiles doesn't stay there. They become romance scams. Then a loss your FI absorbs while the dating platform moves on with no accountability for the identity verification failure and no skin in the game.

Dating platforms have no chargebacks, no regulatory pressure, and no reason to fix the lack of account takeover detection. So who actually bears the cost, and why are we still waiting for them to care about APP fraud prevention?

• How dating app identity theft becomes a gateway to romance scams and APP fraud
• Why dating platforms have no structural incentive to prevent account misuse
• What the upstream fraud trail looks like, and who ends up paying downstream

• Fraud ops teams at FIs and fintechs
• Teams working with identity verification systems
• Risk and compliance professionals tracking APP fraud vectors
• Anyone watching romance scam trends