Why the Old Fraud Playbook Is Failing in the Age of AI Commerce

Conveniences can come with a cost. And that cost, at least across digital commerce, is that it grows the attack surface for fraud.

The result is a familiar paradox: The more seamless the customer journey becomes, the more opportunities exist to exploit it. There are one-click checkouts, subscription bundles, loyalty wallets, pay later options, gift cards and generous returns policies. Each step digital commerce takes can complicate the fraud landscape that much further.

Adam Hiatt, vice president of fraud strategy at Spreedly, told PYMNTS that two forces are now moving “in lock step” across the industry. The first is the compounding complexity of user journeys, and the second is the sheer multitude of gray areas that complexity creates across new states, edges and transitions for bad actors to exploit.

“The arms race is continuing, and the proliferation of AI-driven tools is going to only make the job of that professionalized fraudster even easier,” Hiatt said.

“The user experience that merchants are putting out, the innovation is phenomenal,” he added. “But at the same time, all that complexity the merchant puts out there, that’s opportunity for the bad actors.”

This means, as digital commerce enters a new act, that fraud prevention must mature from a discrete function run by a rules engine and a queue of analysts into an always-on, cross-platform capability that increasingly resembles core product infrastructure.

Adapting the Micro Moments

The merchants most likely to feel the contemporary fraud pressures first are those whose growth has forced them into product breadth. Risk complexity doesn’t merely rise with transaction volume; it rises with the number of edges in the business model.

Historically, fraud teams sat alongside the business, operating as a defensive function. Their mandate was loss reduction, their tools bolted on after the fact. When something went wrong, they added a rule. When fraud spiked, they added headcount. The result was a growing stack of point solutions, each optimized for a narrow slice of risk.

Fast forward to today, and tools have multiplied faster than many organizations’ ability to coordinate them. The outcome has not been safety, but fragility, as decisions conflicted, signals lagged, and simple changes required weeks of cross-team negotiation.

“You need to be able to have a unified, contextual risk response,” Hiatt said. “You need to be operating on a singular profile of the customer and apply that singular view in a real-time fashion.”

In leading organizations, fraud prevention now sits in the same conceptual layer as identity, authorization, pricing and fulfillment logic. It is no longer a brake applied at the edge of the business, but a governor embedded in the engine, capable of regulating speed without stopping motion.

“Success is not just improving linearly the way you are saying ‘yes’ or ‘no,’” Hiatt said, but adapting the transaction flow based on risk in real time.

Orchestration, in this view, is not about adding more gates; it’s about choosing the right gate for the right moment, without rebuilding the decisioning stack every time the business changes.

Read more: Orchestrating Trust: The Future of Fraud Prevention in Payments

AI Isn’t a One-Sided Advantage for the Attackers

While AI has, rightfully, gotten lots of attention for its role in democratizing fraud, criminals do not have a monopoly on the technology. Still, the advent of AI and its applications across popular and increasingly industrialized fraud schemes have compressed timelines and raised the level of abstraction at which humans must operate.

“Distinguishing between the good and the bad is turning into something that even good manual review isn’t able to do,” Hiatt said. “It used to be you could throw people at the problem, but that’s becoming tougher.”

Machine learning models now score transactions in milliseconds, adapting to patterns no human could enumerate. But attackers are using similar tools, automating experimentation and probing systems at scale. The result is an expanding gray zone where behavior is ambiguous, statistically noisy, and fast-moving.

That pressure changes the economics of fraud operations. Manual review becomes both less accurate and less scalable, just as transaction volumes surge during peak seasons or major product releases.

“The best way to solve it is data synthesis,” Hiatt said, stressing the need to pull insights across systems rather than relying on isolated tools in order to synthesize signals and automate responses with precision.

“Policy choices should keep up at the speed of development,” he added.

Policy Becomes the Interface

The history of fraud and innovation across digital commerce has had a relatively straightforward trajectory to date. Seamless experiences created complexity. Complexity created attack surfaces. Attack surfaces forced fraud orchestration. And now that the need for fraud orchestration is here, so is the need for systems thinking.

“Being able to pull all the right information together to synthesize the policy choices that need to be made … both in the user experience as well as anything you might do operationally,” Hiatt said, is the essence of “orchestrated decisions.”

That means modernization is often less about discovering new tools than building alignment: showing how fraud affects approvals, chargeback losses, labor costs, customer experience and brand trust, and, as Hiatt noted, how orchestration can connect these outcomes to an explainable policy layer.

At the end of the day, as he added, digital commerce is entering an era where trust must be continuously computed, not assumed. The question, then, is no longer whether companies will need sophisticated defenses; it’s whether they can build a defense model that scales without collapsing under its own tooling.