Green Sheet interviews Accertify's Stuart Mann

Fraud is becoming faster, more automated, identity-driven, and embedded in the digital customer journey, according to the Paladin Vendor Report, published April 9, 2026. The report analyzed fraud prevention providers in 2025, including Accertify, a risk decisioning platform that protected 107 million transactions representing $12.9 billion in value, according to the study.

The Green Sheet recently discussed the evolving threat-scape with Stuart Mann, director of fraud & account protection and product management at Accertify. Following are interview highlights.

Green Sheet: There's been a lot of discussion about how the definition of "end-to-end" in payments and risk has evolved. How do you see that paradigm shifting, and what's driving that change?

Stuart Mann: The definition of "end-to-end" in payments and risk has evolved from a linear, transaction-centric view to a continuously connected, intelligence-driven ecosystem spanning the entire customer lifecycle. Historically, risk assessment was concentrated at the point of payment, with controls designed either to introduce friction for higher-risk transactions—such as 3D Secure—or to absorb losses later through chargebacks for fraud that slipped through.

That approach made sense when fraud was largely transactional and externally driven, but it often produced blunt outcomes: unnecessary friction for legitimate customers, higher checkout abandonment, and limited visibility into risk that materialized outside the payment moment.

Today, that definition has shifted fundamentally because fraud no longer begins—or ends—at payment. Modern attackers treat the entire customer journey as a single attack surface, exploiting account creation, login, account changes, promotions, refunds and customer service interactions long before or well after a purchase occurs.

At the same time, the rise of first-party abuse means many loss-driving behaviors appear perfectly legitimate at checkout. A clean payment no longer guarantees a safe customer. As a result, end-to-end now means continuously assessing risk across the full customer lifecycle and connecting signals across stages rather than evaluating isolated events.

By observing behavior earlier—how an account is created, how familiar a user appears with that account and how they navigate journeys—organizations can reduce false positives at checkout while surfacing risk before it becomes financially or operationally costly.

What's driving this shift is the scale, automation and professionalization of attackers, combined with increasing pressure on businesses to approve more good customers without adding friction. End-to-end risk today isn't about adding more controls at payment; it's about making better, earlier and more confident decisions everywhere.

GS: Historically, fraud prevention has centered on the point of transaction. Why is that no longer sufficient in today's environment?

SM: Historically, fraud prevention centered on the point of transaction because that was where financial loss was most visible and easiest to measure. Controls were designed to assess risk at checkout, apply step-up authentication when a transaction crossed a threshold, or manage losses downstream through chargebacks.

That model assumed fraud was primarily third-party, transactional and concentrated at payment. In today's environment, those assumptions no longer hold.

One reason is the scale and evolution of post-purchase abuse. According to the National Retail Federation and Happy Returns' 2025 Retail Returns Landscape report, approximately 9 percent of all returns are fraudulent, representing an estimated $76.5 billion in losses.

Much of this activity—including wardrobing, false claims, and item switching—cannot be detected at checkout. A payment can look entirely legitimate while the loss materializes days or weeks later through refunds, returns or customer service exploitation. [nrf.com]

At the same time, digital accounts themselves have become valuable assets. Industry estimates suggest between $140 billion and $300 billion in unused loyalty points are sitting idle in customer accounts, effectively functioning as a soft currency that attracts fraudsters.

In these cases, point redemption or gift-card conversion is often just the final step of an attack that began with account compromise, social engineering or low-friction login abuse. Focusing only on the redemption event misses the broader pattern of risk that builds upstream.

Finally, fraud-as-a-service and automation mean attackers can probe business processes repeatedly, not just payments. Checkout-only controls are blind to account creation, login behavior, promotion abuse and post-purchase manipulation.

As fraud shifts from isolated transactions to end-to-end journey exploitation, limiting risk analysis to the point of payment leaves organizations exposed to growing and often invisible losses elsewhere in the customer lifecycle.

GS: You've spoken about fraud, identity and cybersecurity beginning to converge. How is that reshaping how organizations approach risk?

SM: The convergence of fraud, identity and cybersecurity is fundamentally reshaping how organizations think about risk by forcing a shift from isolated controls to continuous, cross-domain risk management. Traditionally, risk was segmented: cybersecurity focused on perimeter defense and system compromise, while fraud teams concentrated on transactional losses at checkout. That separation no longer reflects how modern attacks unfold.

Today's threats are overwhelmingly identity-driven. Attackers don't break in; they log in. They compromise accounts, manipulate sessions, test controls and move laterally across the customer journey before ever attempting monetization.

As a result, risk is no longer tied to a single moment, such as authentication or payment, but accumulates over time through behavior, access and intent. Organizations are responding by treating identity, session integrity, account activity and monetization as parts of a single risk surface rather than distinct problem domains.

This convergence is also changing where, and how, risk is addressed. Instead of reacting "right of boom" after a fraudulent payment or loyalty redemption, leading organizations are adopting a left-of-boom mindset borrowed from cybersecurity.

That means using early signals—automation patterns, behavioral inconsistencies, device spoofing and unusual account changes—to identify compromise before losses occur. Fraud telemetry is increasingly viewed as realtime threat intelligence, while security signals inform downstream fraud decisioning.

Ultimately, convergence reframes risk from being about stopping bad transactions to enabling trusted customers to move freely. By unifying fraud and security data through shared decisioning layers, organizations reduce blind spots, apply friction more precisely, and align risk management with measurable business outcomes. Risk becomes continuous, contextual and proactive rather than reactive and siloed.

GS: How does having more data earlier in the customer journey, such as at account creation or login, improve outcomes later in the transaction lifecycle?

SM: Having richer data earlier in the customer journey fundamentally changes the quality of downstream decisions by shifting risk assessment from probabilistic guesswork to informed context. Signals captured at account creation, login and early engagement—such as device consistency, behavioral familiarity, automation patterns and identity stability—provide foundational insight into who a customer likely is well before a transaction occurs.

When risk systems lack this early context, they are forced to interpret a single moment, often at checkout, in isolation. That leads to binary outcomes: approve, decline or add friction—frequently based on incomplete information. By contrast, early-stage data allows risk to be assessed cumulatively. The system understands how an account was established, how it has been accessed over time, and whether observed behavior aligns with legitimate customer intent.

This has two major downstream benefits. First, it materially reduces false positives. When a customer reaches checkout after a clean behavioral history, fewer defensive measures are required, improving conversion and customer satisfaction. Second, it enables earlier intervention against fraud.

Many attacks—account takeovers, loyalty abuse, refund fraud—are set up long before any monetary transaction occurs. Detecting those signals upstream allows businesses to apply targeted controls before losses materialize.

Importantly, early data also improves accuracy rather than simply adding volume. Knowing that an account has shown stable behavior over weeks or months is often more predictive than any single high-risk transaction attribute. In that sense, early-journey data doesn't just support transactions later; it changes the confidence with which businesses can approve them.

GS: What are the risks or limitations of relying on point solutions when trying to manage fraud and payments risk today?

SM: Point solutions struggle in modern fraud environments because they are inherently narrow, reactive and poorly aligned with how attackers operate. Most are designed to solve a single problem—payments fraud, bot mitigation, account takeover—within a specific channel or moment. That approach creates blind spots between controls, exactly where sophisticated and low-skill attackers alike tend to operate.

One major limitation is fragmented decisioning. Each tool evaluates risk independently, using its own data, thresholds and assumptions. Context is rarely shared in real time, so signals that appear benign in one system may be clearly risky when viewed across the full journey. This leads to inconsistent outcomes, redundant friction and higher operational overhead for fraud teams forced to coordinate across vendors.

Point solutions also increase organizational inertia. Integrating, maintaining and tuning multiple tools slows response times just as attacker tactics are accelerating. When fraud patterns shift, updates must be made in several places, often manually, increasing the likelihood of gaps or misconfigurations. Over time, this defensive sprawl turns strategy into exception management.

There's also a structural incentive problem. Many point providers optimize for their own metric—chargeback liability, bot traffic reduction, authentication success—rather than the merchant's broader goals around approval rates and customer lifetime value. This misalignment often results in overly conservative controls that suppress growth.

Ultimately, point solutions reflect an outdated model of fraud as isolated events. In a world where risk accumulates across identity, behavior and time, managing fraud through disconnected tools increases cost and complexity without delivering proportional protection.

GS: How does a platform-based, lifecycle approach enable businesses to better balance fraud prevention with approval rates and customer experience?

SM: A platform-based, lifecycle approach improves balance by replacing risk thresholds with risk understanding. Instead of making high-impact decisions based on a single event, platforms evaluate customers continuously, adjusting confidence as behavior unfolds across the journey. This allows businesses to reserve friction for situations where it meaningfully reduces risk, rather than applying it defensively by default.

From an approvals perspective, lifecycle platforms excel because they preserve context. A checkout transaction is no longer judged solely on transaction attributes, but on everything that preceded it—account tenure, login patterns, behavioral consistency and prior outcomes. When that context is strong, platforms can approve confidently, even if isolated signals appear noisy.

Customer experience improves because controls become adaptive rather than static. Low-risk users move through flows seamlessly, while higher-risk interactions receive proportionate, targeted safeguards. Importantly, this personalization is driven by real behavioral evidence, not blunt segmentation or channel-specific rules.

Lifecycle platforms also reduce internal tradeoffs. Fraud, payments and customer experience teams often operate with competing objectives. A shared decisioning layer aligns those goals by making outcomes transparent—showing how risk decisions affect loss, conversion and operational workload simultaneously. This enables strategy decisions grounded in business impact rather than fear of loss.

The result is not simply "less fraud" or "more approvals," but better precision. Platforms allow organizations to say yes more often because they can. Prevention and experience stop being opposing forces and instead become complementary outcomes of a unified risk strategy.

GS: As technologies like AI and agentic commerce evolve, how do you expect risk decisioning to change over the next few years?

SM: Risk decisioning is moving from static evaluation toward continuous, autonomous assessment driven by AI-powered agents operating across customer journeys. Rather than scoring individual events, future systems will monitor intent, adaptation and progression—recognizing how risk evolves over time rather than reacting after outcomes occur.

AI will increasingly function as an orchestrator rather than a single model. Specialized models—behavioral, identity, network-based and contextual—will work together, updating confidence levels dynamically as new signals emerge. This enables realtime adjustments to authentication strength, transaction limits or customer flows without manual intervention.

Agentic commerce will further accelerate this shift. As software agents begin acting on behalf of consumers—managing purchases, returns and redemptions—risk systems will need to distinguish between legitimate delegation and automated abuse. That requires understanding not just credentials or devices, but patterns of authority, consistency and behavioral intent across agents and users.

We will also see risk decisioning move earlier and closer to controls. Instead of issuing recommendations, AI systems will directly influence flows—routing customers, adjusting experiences or temporarily constraining actions—based on live risk signals. Crucially, this will happen before losses occur, not after.

The long-term impact is a transition from fraud prevention to trust orchestration. Risk systems will no longer ask, "Is this transaction fraudulent?" but "Does this behavior align with a trusted identity at this moment?" That shift enables more automation, fewer false positives, and a fundamentally more scalable approach to protecting growth in increasingly complex digital ecosystems.

Notice to readers: These are archived articles. Contact information, links and other details may be out of date. We regret any inconvenience.