web analytics

5 Takeaways from the “Detect Bad Intent Early” Webinar: How to Stop Fraud Before It Starts – Source: securityboulevard.com

Rate this post

Source: securityboulevard.com – Author: Paige Tester

Fraud doesn’t start at checkout. It starts the moment someone (or something) lands on your site.

That was the core message of our recent webinar, Detect Bad Intent Early to Stop Downstream Fraud, featuring insights from Andrew Hendry, Senior Director of Product Marketing and cybersecurity veteran at DataDome, Dan Ayash, Director of Cybersecurity Solutions at PayPal, and Ronald Praetsch, co-founder at About Fraud. Together, they explored the shifting nature of fraud, the convergence of cybersecurity and fraud prevention, and what it really means to act early, before threats turn into financial loss, reputational damage, and broken customer trust.

Techstrong Gang Youtube

AWS Hub

Whether you’re managing risk for a high-volume fintech platform or just beginning to understand the threats AI brings to your login page, this session offered practical strategies to help you defend upstream, reduce false positives, and maintain a seamless user experience.

Here are five of the most important takeaways from the session, each one reinforced by real-world experience and emerging industry trends.

1. Fraud prevention must start early in the customer journey

One of the most urgent points raised during the session: many organizations wait too long to act. Fraud doesn’t just occur when a stolen card is used or a chargeback hits. It often begins quietly at the very top of the funnel, through automated bots probing your login, registration, or password reset endpoints.

Andrew shared a sobering example from a major peer-to-peer marketplace platform. Despite having fraud detection in place, they were overwhelmed.

  • 80% of total traffic was from bots
  • 33% of new account registrations were fake
  • Hundreds of thousands of sleeper accounts were created each week

These fake accounts weren’t just idle, they were weaponized to sell counterfeit or phantom goods to real users, steal PII, and send phishing messages. Legitimate customers were left with losses, and the internal fraud team was stuck in a costly and demoralizing game of cleanup.

This is exactly why fraud prevention must begin at first touch. Every endpoint, from login to promo code redemption, is a potential target. If you wait for a transaction to flag fraud, you’re already too late.

2. Push detection upstream: meet attackers before they reach your infrastructure

A critical strategy discussed by Dan was PayPal’s decision to push fraud mitigation outside its own infrastructure, deploying defenses at the edge rather than deeper in the stack. This upstream approach means that high-risk traffic is intercepted and scored in real time, long before it can impact systems or skew metrics.

By integrating DataDome at the CDN level, PayPal effectively created a “cleaner funnel” at the very top of their user journey. Dan described it like a filtration system: the earlier you remove noise, the clearer every subsequent layer becomes.

This approach pays off in multiple ways:

  • Less noise for downstream detection models
  • Reduced infrastructure strain and cost
  • Fewer false positives affecting real users
  • More accurate signals to train machine learning models

For organizations operating at internet scale, moving defenses closer to the adversary is essential. It frees up internal resources and allows your risk teams to focus on truly anomalous behavior, not just noise.

3. Detecting intent over identity: how AI agents are changing fraud tactics

The rise of agentic AI is complicating the fraud landscape in new ways. As Andrew pointed out, traditional defenses based on user identity or bot detection are no longer enough.

Today, a legitimate user might deploy an AI agent to compare prices or autofill a form. But attackers can use the same tools to simulate human-like behavior, bypass CAPTCHAs, or manipulate checkout flows. Some bots are “good.” Others are indistinguishable from real users but act with malicious intent.

This is why organizations must shift toward intent-based detection. The key question is no longer “Is this a bot?” but “What is this agent trying to do?”

Effective defenses now require:

  • Behavioral baselining across sessions and entities 
  • Contextual risk scoring that accounts for automation patterns 
  • Controls that adapt in real-time based on evolving intent

Merchants that fail to monitor agentic activity risk becoming invisible to their own fraud. Worse, they risk trusting traffic that’s actively working against them.

4. Why smart friction beats no friction

Dan and Andrew both emphasized that reducing fraud should never come at the cost of a good user experience. But that doesn’t mean all friction is bad.

PayPal has a clear philosophy: fight for legitimate customers. That means tracking false positives as closely as conversion rates. When friction is deployed wisely, such as outside the core user journey, or with silent browser challenges, it can block abuse without alienating real users.

What matters is where and how you introduce those checks:

  • Can they be silent and upstream?
  • Do they adjust based on behavior?
  • Are you measuring their impact in real time?

The most successful programs treat friction as a surgical tool, not a wall. Used correctly, it enhances trust, stops abuse, and supports long-term growth.

5. Aligning cybersecurity and fraud teams for better defense

One of the most insightful exchanges in the webinar was about internal alignment. Fraud and cybersecurity teams often operate separately, with different tools, data models, and KPIs. But as Dan noted, that misalignment comes at a cost.

“Fraudsters don’t operate in silos, and neither should cybersecurity and fraud teams.”

Cybersecurity leaders tend to prioritize infrastructure protection and risk reduction. Fraud teams focus on customer friction, false positives, and transaction completion. Without a shared language or feedback loop, both sides may miss critical patterns and solutions.

The speakers encouraged:

  • Shared taxonomies and metrics across teams
  • Unified data pipelines from the edge to transaction
  • Empathy for each team’s perspective and goals

This isn’t just theory. Industry research suggests that fewer than 5% of organizations have unified fraud and security functions today, but that number is projected to reach 25% in the next three years. Leading teams are already moving in that direction.

Getting ahead of the next wave

The message from the webinar was clear: waiting to detect fraud at checkout is a losing game. Attackers are too fast, too distributed, and too creative.

By acting earlier, pushing defenses upstream, and focusing on intent, organizations can reduce fraud, protect users, and lighten the load on internal teams. That’s not just a security win, it’s a business win.

If you missed the live session, watch the full replay to hear more from the experts.

Fraud prevention is no longer about “is it a bot?” It’s about knowing who (or what) you’re interacting with and why.

And that’s a question every organization needs to be able to answer.

Want to see how this works in action? Request a demo to see how DataDome helps detect bad intent in real time before it becomes downstream fraud.

*** This is a Security Bloggers Network syndicated blog from DataDome authored by Paige Tester. Read the original post at: https://datadome.co/bot-management-protection/stop-fraud-before-it-starts/

Original Post URL: https://securityboulevard.com/2025/06/5-takeaways-from-the-detect-bad-intent-early-webinar-how-to-stop-fraud-before-it-starts/?utm_source=rss&utm_medium=rss&utm_campaign=5-takeaways-from-the-detect-bad-intent-early-webinar-how-to-stop-fraud-before-it-starts

Category & Tags: Security Bloggers Network,Bot & Fraud Protection,bot management,cyberfraud,Financial Services – Security Bloggers Network,Bot & Fraud Protection,bot management,cyberfraud,Financial Services

Views: 2

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post