web analytics

5 Takeaways from the “Detect Bad Intent Early” Webinar: How to Stop Fraud Before It Starts – Source: securityboulevard.com

5-takeaways-from-the-“detect-bad-intent-early”-webinar:-how-to-stop-fraud-before-it-starts-–-source:-securityboulevard.com
Rate this post

Source: securityboulevard.com – Author: Paige Tester

Fraud doesn’t start at checkout. It starts the moment someone (or something) lands on your site.

That was the core message of our recent webinar, Detect Bad Intent Early to Stop Downstream Fraud, featuring insights from Andrew Hendry, Senior Director of Product Marketing and cybersecurity veteran at DataDome, Dan Ayash, Director of Cybersecurity Solutions at PayPal, and Ronald Praetsch, co-founder at About Fraud. Together, they explored the shifting nature of fraud, the convergence of cybersecurity and fraud prevention, and what it really means to act early, before threats turn into financial loss, reputational damage, and broken customer trust.

Techstrong Gang Youtube

AWS Hub

Whether you’re managing risk for a high-volume fintech platform or just beginning to understand the threats AI brings to your login page, this session offered practical strategies to help you defend upstream, reduce false positives, and maintain a seamless user experience.

Here are five of the most important takeaways from the session, each one reinforced by real-world experience and emerging industry trends.

1. Fraud prevention must start early in the customer journey

One of the most urgent points raised during the session: many organizations wait too long to act. Fraud doesn’t just occur when a stolen card is used or a chargeback hits. It often begins quietly at the very top of the funnel, through automated bots probing your login, registration, or password reset endpoints.

Andrew shared a sobering example from a major peer-to-peer marketplace platform. Despite having fraud detection in place, they were overwhelmed.

  • 80% of total traffic was from bots
  • 33% of new account registrations were fake
  • Hundreds of thousands of sleeper accounts were created each week

These fake accounts weren’t just idle, they were weaponized to sell counterfeit or phantom goods to real users, steal PII, and send phishing messages. Legitimate customers were left with losses, and the internal fraud team was stuck in a costly and demoralizing game of cleanup.

This is exactly why fraud prevention must begin at first touch. Every endpoint, from login to promo code redemption, is a potential target. If you wait for a transaction to flag fraud, you’re already too late.

2. Push detection upstream: meet attackers before they reach your infrastructure

A critical strategy discussed by Dan was PayPal’s decision to push fraud mitigation outside its own infrastructure, deploying defenses at the edge rather than deeper in the stack. This upstream approach means that high-risk traffic is intercepted and scored in real time, long before it can impact systems or skew metrics.

By integrating DataDome at the CDN level, PayPal effectively created a “cleaner funnel” at the very top of their user journey. Dan described it like a filtration system: the earlier you remove noise, the clearer every subsequent layer becomes.

This approach pays off in multiple ways:

  • Less noise for downstream detection models
  • Reduced infrastructure strain and cost
  • Fewer false positives affecting real users
  • More accurate signals to train machine learning models

For organizations operating at internet scale, moving defenses closer to the adversary is essential. It frees up internal resources and allows your risk teams to focus on truly anomalous behavior, not just noise.

3. Detecting intent over identity: how AI agents are changing fraud tactics

The rise of agentic AI is complicating the fraud landscape in new ways. As Andrew pointed out, traditional defenses based on user identity or bot detection are no longer enough.

Today, a legitimate user might deploy an AI agent to compare prices or autofill a form. But attackers can use the same tools to simulate human-like behavior, bypass CAPTCHAs, or manipulate checkout flows. Some bots are “good.” Others are indistinguishable from real users but act with malicious intent.

This is why organizations must shift toward intent-based detection. The key question is no longer “Is this a bot?” but “What is this agent trying to do?”

Effective defenses now require:

  • Behavioral baselining across sessions and entities 
  • Contextual risk scoring that accounts for automation patterns 
  • Controls that adapt in real-time based on evolving intent

Merchants that fail to monitor agentic activity risk becoming invisible to their own fraud. Worse, they risk trusting traffic that’s actively working against them.

4. Why smart friction beats no friction

Dan and Andrew both emphasized that reducing fraud should never come at the cost of a good user experience. But that doesn’t mean all friction is bad.

PayPal has a clear philosophy: fight for legitimate customers. That means tracking false positives as closely as conversion rates. When friction is deployed wisely, such as outside the core user journey, or with silent browser challenges, it can block abuse without alienating real users.

What matters is where and how you introduce those checks:

  • Can they be silent and upstream?
  • Do they adjust based on behavior?
  • Are you measuring their impact in real time?

The most successful programs treat friction as a surgical tool, not a wall. Used correctly, it enhances trust, stops abuse, and supports long-term growth.

5. Aligning cybersecurity and fraud teams for better defense

One of the most insightful exchanges in the webinar was about internal alignment. Fraud and cybersecurity teams often operate separately, with different tools, data models, and KPIs. But as Dan noted, that misalignment comes at a cost.

“Fraudsters don’t operate in silos, and neither should cybersecurity and fraud teams.”

Cybersecurity leaders tend to prioritize infrastructure protection and risk reduction. Fraud teams focus on customer friction, false positives, and transaction completion. Without a shared language or feedback loop, both sides may miss critical patterns and solutions.

The speakers encouraged:

  • Shared taxonomies and metrics across teams
  • Unified data pipelines from the edge to transaction
  • Empathy for each team’s perspective and goals

This isn’t just theory. Industry research suggests that fewer than 5% of organizations have unified fraud and security functions today, but that number is projected to reach 25% in the next three years. Leading teams are already moving in that direction.

Getting ahead of the next wave

The message from the webinar was clear: waiting to detect fraud at checkout is a losing game. Attackers are too fast, too distributed, and too creative.

By acting earlier, pushing defenses upstream, and focusing on intent, organizations can reduce fraud, protect users, and lighten the load on internal teams. That’s not just a security win, it’s a business win.

If you missed the live session, watch the full replay to hear more from the experts.

Fraud prevention is no longer about “is it a bot?” It’s about knowing who (or what) you’re interacting with and why.

And that’s a question every organization needs to be able to answer.

Want to see how this works in action? Request a demo to see how DataDome helps detect bad intent in real time before it becomes downstream fraud.

*** This is a Security Bloggers Network syndicated blog from DataDome authored by Paige Tester. Read the original post at: https://datadome.co/bot-management-protection/stop-fraud-before-it-starts/

Original Post URL: https://securityboulevard.com/2025/06/5-takeaways-from-the-detect-bad-intent-early-webinar-how-to-stop-fraud-before-it-starts/?utm_source=rss&utm_medium=rss&utm_campaign=5-takeaways-from-the-detect-bad-intent-early-webinar-how-to-stop-fraud-before-it-starts

Category & Tags: Security Bloggers Network,Bot & Fraud Protection,bot management,cyberfraud,Financial Services – Security Bloggers Network,Bot & Fraud Protection,bot management,cyberfraud,Financial Services

Views: 2

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

SCYTHE
Better Cybersecurity Metrics – SOC Metrics – Threat Hunting Metrics – Cyber Threat Intelligence (CTI) Metrics – Incident Response (IR) Metrics for CISOs by SCYTHE
Better Cybersecurity Metrics – SOC...
Joas Antonio
100 Security Operation Tools for SOCs by Joas Antonio
100 Security Operation Tools for...
Joas Antonio
Guide for Multi-Cloud Read Team AWS – GCP – AZURE by Joas Antonio
Guide for Multi-Cloud Read Team...
SANS
SANS Faculty Cybersecurity Free Tools – SANS Instructors have built more than 150 open source tools that support your work and help you implement better security.
SANS Faculty Cybersecurity Free Tools...
Ciso Council
CISO Security Officer Handbook
CISO Security Officer Handbook
Splunk
81 Siem Very important Use Cases for your SOC by SPLUNK
81 Siem Very important Use...
Vendict
The 2024 CISO Burnout Report by Vendict
The 2024 CISO Burnout Report...
Mohammad Alkhudari
Cybersecurity Strong Strategy step by step Guide collected by Mohammad Alkhudari 2024
Cybersecurity Strong Strategy step by...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...

LASTEST PUBLISHED POSTS

Cyberint
Retail Threat Landscape Report Q1-Q3 – November 2024 Summary by Cyberint a Check Point Company
Retail Threat Landscape Report Q1-Q3...
NCSC
Protecting Critical Supply Chains – A Guide to Securing your Supply Chain Ecosystem
Protecting Critical Supply Chains –...
Culture AI
Time to Adapt – The State of Human Risk Management in 2024 by Culture AI.
Time to Adapt – The...
National Cyber Security Centre
Engaging with Boards to improve the management of cyber security risk.
Engaging with Boards to improve...
Microsoft Security
2024 State of Multicloud Security Report by Microsoft Security
2024 State of Multicloud Security...
bugcrowd
Inside the Mind of a CISO 2024 The Evolving Roles of Security Leaders 2024 by bugcrowd
Inside the Mind of a...
Mohammad Alkhudari
Cybersecurity Strong Strategy step by step Guide collected by Mohammad Alkhudari 2024
Cybersecurity Strong Strategy step by...
Lacework
CISO’s Playbookto Cloud Security by Lacework
CISO’s Playbookto Cloud Security by...
MITRE - Carson Zimmerman
Ten Strategies of a World-Class Cybersecurity Operations Center by MITRE
Ten Strategies of a World-Class...
SILVERFRONT - AIG
Identity Has Become the Prime Target of Threat Actors by Silverfort AIG.
Identity Has Become the Prime...
CYZEA.IO
Enterprise Information Security
Enterprise Information Security
IGNITE Technologies
ENCRYPTED REVERSE
ENCRYPTED REVERSE

More Latest Published Posts

WORLD BANK GROUP
Global Cybersecurity Capacity Program
Global Cybersecurity Capacity Program
Gary Hinson
Getting started withsecurity metrics
Getting started withsecurity metrics
EDPS
Generative AI and the EUDPR.
Generative AI and the EUDPR.
Bright
2024 Guide to Application Security Testing Tools
2024 Guide to Application Security Testing Tools
HADESS
Hacker Culture
Hacker Culture
Quuensland Govermment
RISK ASSESSMENT PROCESS HANDBOOK
RISK ASSESSMENT PROCESS HANDBOOK
Ministry of MOS Security
HIPAA SIMPLIFIED
HIPAA SIMPLIFIED
Hacker Combat
How Are Passwords Cracked?
How Are Passwords Cracked?
CIS - Center for Internet Security
How to Plan a Cybersecurity Roadmap in Four Steps
How to Plan a Cybersecurity Roadmap in Four Steps
ACSC Australia
Information Security Manual
Information Security Manual
Kaspersky
Incident Response Playbook: Dark Web Breaches
Incident Response Playbook: Dark Web Breaches
ninjaOne
Endpoint Hardening Checklist
Endpoint Hardening Checklist
HADESS
Important Active Directory Attribute
Important Active Directory Attribute
ISA GLOBAL CYBERSECURITY ALLIANCE
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
Rajneesh Gupta
IAM Security CHECKLIST
IAM Security CHECKLIST
sqrrl
Hunt Evil
Hunt Evil
Searchinform
How to protect personal data and comply with regulations
How to protect personal data and comply with regulations
Giuseppe Manco
Threat Intelligence Platforms
Threat Intelligence Platforms
CSA Cloud Security Alliance
Hardware Security Module(HSM) as a Service
Hardware Security Module(HSM) as a Service
IGNITE Technologies
CREDENTIAL DUMPING FAKE SERVICES
CREDENTIAL DUMPING FAKE SERVICES
IGNITE Technologies
A Detailed Guide on Covenant
A Detailed Guide on Covenant
NIST
Computer Security Incident Handling Guide
Computer Security Incident Handling Guide
IGNITE Technologies
DIGITAL FORENSIC FTK IMAGER
DIGITAL FORENSIC FTK IMAGER
Accedere
Cloud Security Assessment
Cloud Security Assessment
YL VENTURES
CISO Reporting Landscape 2024
CISO Reporting Landscape 2024
CISO Edition
Reporting Cyber Risk to Boards
Reporting Cyber Risk to Boards
CIOB
CIOB Artificial Intelligence (AI) Playbook 2024
CIOB Artificial Intelligence (AI) Playbook 2024
INCIBE & SPAIN GOVERNMENT
Nuevas normativas de 2024 de ciberseguridad para vehículos
Nuevas normativas de 2024 de ciberseguridad para vehículos