Why the old fraud playbook fails in the AI business era
Convenience comes at a price. That cost, at least across digital commerce, is increasing the attack surface for fraud.
The result is a familiar paradox: the more seamless the customer journey becomes, the more opportunities there are to leverage it. One-click checkout, subscription bundling, loyalty wallet, pay later option, gift cards and generous returns policy. Every step taken in digital commerce has the potential to further complicate fraud.
Adam Hiatt, Spreedly's vice president of fraud strategy, told PYMNTS that two forces are now moving “in lockstep” across the industry. The first is the compound complexity of the user journey, and the second is the vast amount of gray area that complexity creates in new states, edges, and transitions for bad actors to exploit.
“The arms race continues, and the proliferation of AI-driven tools will only make the job of professional fraudsters easier,” Hiatt said.
“The user experience and innovation introduced by merchants is amazing,” he added. “But at the same time, all the complexity that merchants present creates opportunities for bad actors.”
AD: SCROLL TO CONTINUE
This means that as digital commerce enters the next phase, fraud prevention must evolve from a discrete function run by a rules engine and a fleet of analysts to an always-on, cross-platform capability that increasingly resembles core product infrastructure.
Adapt to micro-moments
The merchants most likely to feel the pressure of contemporary fraud first are those whose business growth has forced them into product breadth. Risk complexity not only increases with transaction volume; It increases with the number of edges in the business model.
Historically, fraud teams have worked side by side with businesses, serving as a defensive function. Their mission is to reduce losses and their tools are used as an afterthought. When something went wrong, they added a rule. When fraud surged, they increased their headcount. The result is a proliferation of point solutions, each optimized for a small subset of risk.
Fast forward to today, and tools are growing faster than many organizations’ ability to coordinate them. The result is not security, but vulnerability, as decisions conflict, signals lag, and simple changes require weeks of cross-team negotiations.
“You need to be able to develop consistent, realistic risk responses,” Hiatt said. “You need to operate from a single profile of your customer and apply that single view in real-time.”
In leading organizations, fraud prevention is now on the same conceptual level as identity, authorization, pricing and fulfillment logic. It is no longer a brake applied at the edge of the business, but a governor embedded in the engine, able to regulate speed without stopping the movement.
“Success is not just about linearly improving how you say 'yes' or 'no,'” Hiatt said, but about adjusting the trading process in real time based on risk.
From this perspective, orchestration is not about adding more gates; It's about choosing the right door at the right moment without having to rebuild the decision stack every time the business changes.
Read more: Orchestrating Trust: The Future of Payment Fraud Prevention
Artificial Intelligence is not a one-sided advantage for attackers
While AI has rightly received a lot of attention for its role in democratizing fraud, criminals do not have a monopoly on this technology. Nonetheless, the emergence of artificial intelligence and its application in popular and increasingly industrialized fraud schemes has compressed time and increased the level of abstraction at which humans operate.
“Separating good from bad is becoming something that even good human review can’t do,” Hiatt said. “In the past, you could get people to solve the problem, but that's becoming increasingly difficult.”
Machine learning models can now score transactions in milliseconds, adapting to patterns that humans cannot enumerate. But attackers are using similar tools to automate experiments and probe systems at scale. The result is an ever-expanding gray zone where behavior is ambiguous, statistically noisy, and rapidly changing.
This pressure changes the economics of fraud. Just as transaction volume surges during peak seasons or major product launches, manual review becomes less accurate and less scalable.
“The best way to solve this problem is data synthesis,” Hiatt said, emphasizing the need to gain insights across systems rather than relying on siled tools to synthesize signals and precisely automate responses.
“Policy choices should keep pace with developments,” he added.
Policy becomes the interface
The historical trajectory of fraud and innovation in digital commerce has thus far been relatively simple. Seamless experiences bring complexity. Complexity creates attack surfaces. Attack surface forces fraud orchestration. Now that the need for fraud orchestration has emerged, so has the need for systems thinking.
“Being able to pull all the right information together to synthesize the policy choices that need to be made … both in terms of user experience and in terms of operational aspects of any action that might be taken,” Hiatt said, is the essence of “well-planned decision-making.”
This means modernization is often less about discovering new tools and more about building consistency: showing how fraud affects approvals, lost refunds, labor costs, customer experience and brand trust, and, as Hiatt points out, how orchestration connects those results to an interpretable policy layer.
Ultimately, he added, digital commerce is entering an era where trust must be calculated rather than assumed. The question, then, is no longer whether companies need sophisticated defenses; The question is whether they can build a scalable defense model that doesn't collapse under their own tools.
