Skip to main content

We Built Fraud Systems for Criminals. The Next Threat Is Strategic Customers.

Blog
Fraud
First-Party Fraud
Promotion Abuse
Abuse
Artificial Intelligence
Behavioral Analytics
Identity Analytics
Diarmuid Thoma, VP Fraud & Data Strategies, AtData
Jul 01, 2026
Blog

When optimization and exploitation begin to occupy the same territory

Fraud has always been easier to reason about when it lives at a distance.

We treated it as something external, an opposing force with different incentives, behaviors, and goals. Customers created value; fraudsters extracted it. One participated in commerce; the other worked against it. That framing made risk easier to model and gave our signals something stable to anchor to.

It also meant we knew what to trust.

When behavior became too efficient or too consistent, we didn’t hesitate, because real people didn’t move that way. Their activity carried friction. Coordinated fraud was different by design.

But this kind of distinction isn’t holding up the way it used to.

Customers now move through systems with a level of awareness that used to sit primarily on the other side. They understand where incentives live, how policies flex, and how outcomes can be shaped through deliberate sequences of actions.

What looks like participation increasingly behaves like strategy.

A return policy doesn’t just define a boundary; it presents options. A referral program becomes repeatable. Loyalty structures start to resemble systems you can learn and refine over time.

None of this requires malicious intent. It only requires understanding.

And once you understand a system, it’s hard not to optimize against it.

When structure starts to look like intent

A customer signs up for an offer, cancels within the allowed window, and re-engages later through a different path. They shift payment methods to access incentives, time activity around thresholds, or find ways to re-qualify for benefits. Seen in isolation, most of these behaviors don’t raise alarms.

Over time, though, they compile into something more structured, patterns emerge, sequences repeat, behavior is less situational and more consistent in how it reaches an outcome.

From a fraud model’s perspective, it’s a familiar shape. We’ve spent years tuning systems to detect coordination, efficiency, and repeatability because those patterns tend to signal abuse. What’s changed isn’t the pattern, but who’s capable of producing it.

But this doesn’t mean that customers have become malicious; they’ve just become fluent.

A generation raised on digital systems now designs them, while AI closes the gap between knowing how something works and using it to your advantage. Fluency compresses behavior. What used to unfold across days resolves in minutes. Decisions happen faster, with fewer missteps.

That’s where interpretation gets harder to decipher. Maximizing a promotion or structuring activity around incentives doesn’t break rules outright, but over time, those same actions can produce outcomes resembling abuse, especially at scale.

Push too far on enforcement, and you risk penalizing behavior your system encourages. Pull back, and you create space for sustained value extraction that’s difficult to separate from organized fraud.

Why behavior needs context

Behavior on its own has always been incomplete. It shows how something happens, but not whether it fits, and the distinction is getting harder to make as optimization becomes more common.

A fast, “perfect” interaction doesn’t stand out the way it used to. It’s only meaningful when you understand whether it connects to something carrying continuity.

Over time, an email address accumulates participation — logins, purchases, subscriptions, account changes — creating a through-line across sessions and environments that most signals lose.

When behavior is anchored to persistence, it’s easier to interpret:

  • Velocity stops being absolute: A sudden spike in activity can signal risk or simply reflect an established user behaving differently. Without history, both look the same.
  • Patterns become traceable across time: Promotion cycling, referral chaining, or repeated subscription churn don’t show up clearly at the session level, but when tied back to the same identity over multiple events.
  • Linkages hold even when surfaces change: Devices rotate, sessions reset, IPs shift. Email tends to stay constant long enough to connect fragments into something coherent.
  • Scaling behavior becomes visible: The same optimized sequences replicated across slight variations of an email identity suggest something systematic, even when each individual instance looks within bounds.

This doesn’t change the behavior itself. It changes whether it can be placed, whether it extends from something continuous or appears assembled in the moment.

Without context, you end up classifying efficiency as risk and missing repeatable exploitation that stays just inside policy. With it, the question shifts from, "What happened" to, "Does this pattern belong to this identity over time?"

What this shift demands

We spent years preparing for more sophisticated attackers.

What we didn’t account for was how quickly customers would catch up.

A generation that grew up inside these systems now understands how they work, and AI makes it easier to act on that understanding. The result isn’t behavior that breaks rules, but behavior that consistently pushes against them.

So, the question changes.

It’s less about whether an interaction is legitimate, and more about whether the pattern holds when you anchor it to identity over time. Behavior alone can’t answer that. It flattens everything into the same optimized shape.

When behavior ties back to a persistent email identity, patterns either extend from history or they don’t. It’s the difference between familiarity and replication, between optimization that belongs and activity that only works because it’s fragmented.

We built fraud systems for a world where misuse looked different.

Now it often looks the same.

When optimized behavior becomes the norm, detection needs more than signals. It needs continuity. Email-anchored identity can put behavior back into context.

About AtData

AtData helps organizations connect with real people, prevent fraud, and improve digital trust through permissioned, email-anchored identity intelligence and the largest network of activity signals. With more than 25 years of experience in data quality, identity, and fraud prevention, AtData supports enterprises across marketing, risk, and data operations.

Tagged:
Blue-tinted background of a man watching a webinar

Host a Webinar with the MRC

Help the MRC community stay current on relevant fraud, payments, and law enforcement topics.
Submit a Request

Publish Your Document with the MRC

Feature your case studies, surveys, and whitepapers in the MRC Resource Center.
Submit Your Document

Related Resources

" alt="" loading="lazy">
Jun 24, 2026
Why Human Centric Fraud Needs a New Response Based on Ecommpay’s recent white paper, this webinar will explore how fraud is evolving through social engineering, synthetic identities and organised criminal networks, and why many existing prevention models are struggling to keep pace. It will examine the growing gap between technical fraud controls and the reality of human vulnerability, as well as the regulatory tensions making it harder for merchants and payments businesses to respond effectively.
Jun 10, 2026
Agentic Commerce is Here - How Merchants Can Build Digital Trust and Be Future Ready Your next customer may not be a human. AI agents are already searching, comparing, and making purchase decisions, faster than any consumer ever could. In this new reality, you, as a merchant, aren’t just competing for customers, you are competing for algorithms. The rules of eCommerce are being rewritten. And fraud is evolving just as fast as the technology enabling it.

So how do you build trust and minimize friction when machines are in control? And how do you stay competitive when milliseconds and signals determine who wins the sale?

This panel explores what agentic commerce really means for merchants, and what you must do now to stay relevant.
Jun 03, 2026
Turning Account Takeover Defense into a Revenue Engine This webinar will explore how modern ATO defenses can become a revenue enabler by reducing friction, helping protect customer accounts and improving approval rates. customers.
May 14, 2026
How Agentic Commerce Is Redefining the Merchant Experience & Fraud AI is reshaping how transactions are initiated and creating new opportunities and challenges for merchants along the way. As agentic commerce accelerates, more activities are being initiated by AI acting on behalf of consumers, shifting expectations around speed, convenience, and trust.
View All Resources