ODBMS.org

Operational Database Management Systems

On The Evolving Enterprise Fraud Landscape. Q&A with Sumit Bahl and Ramesh Chitor.

by · Published · Updated

Moderated by Ramesh Chitor.

Q1. How has the nature of enterprise fraud changed in the last five years?


 Enterprise fraud has become faster, smarter, and industrialized. What was once the domain of lone hackers is now dominated by coordinated, well-funded fraud networks. These actors use bots, stolen credentials, automation, and even deepfakes to exploit businesses at scale.

Their tactics are engineered to mimic normal operations—spamming onboarding forms, manipulating ad clicks, or simulating human behavior to blend in. They don’t break in; they walk in through digital front doors, exploiting gaps between teams and systems. Fraud is no longer a technical glitch—it’s a full-fledged business model run like a company.

Q2. What are the most common blind spots enterprises have when it comes to fraud?

The biggest blind spot is treating fraud as someone else’s problem. Many assume it’s either a security, fraud management, IT, finance, or compliance issue—when in fact it cuts across all departments.

Take Facebook, for example. It overstated video view metrics by up to 80% over two years. Advertisers were misled into thinking their campaigns were performing better than they were. As a result, they poured more ad dollars into the platform, chasing inflated numbers. Facebook eventually paid $40 million to settle the lawsuit. This wasn’t caused by a breach—it was a metrics distortion that created a massive downstream impact.

That’s the point: fraud today doesn’t always come from the outside. It often hides in how systems are measured, how data is interpreted, and how quickly teams act without validating integrity.

Q3. Why is cross-functional alignment so important in fraud management?
 

Because modern fraud doesn’t attack one department—it slips through the cracks between them. If finance approves a payment based on spoofed emails while legal is unaware, you’ve just wired money into the void.

Fraudsters exploit internal silos. Defending against them means aligning product, risk, security, IT, marketing, and finance around shared data, shared detection logic, and clear ownership of response. It’s not just about having the right tools—it’s about having the right conversations between teams.

Q4. Bots are frequently mentioned in fraud prevention. Why are they so dangerous?
 

Bots are dangerous because they’re fast, relentless, and hard to distinguish from real users. They can fill out forms, bypass CAPTCHA, test stolen cards, and hoard inventory—all at scale.

A single fraud ring using bots can flood your platform with fake signups, poison your user base with bad data, and drain your marketing budget without delivering a single real customer. These bots don’t rest. They rotate IPs, mimic browsers, and adapt constantly. Fighting them requires more than just blocking known IPs—it takes real-time behavioral detection and response.

Q5. How does AI reduce the barrier of entry for fraud?
 

AI enables fraudsters to personalize and scale attacks like never before. Phishing emails are now written with perfect grammar and tone, tailored to your brand and audience. Chatbots are weaponized to extract sensitive data from customers. Deepfake voice and video impersonations allow attackers to simulate executives and trigger financial actions under pressure.

In one case, PayPal offered incentives for new account signups—but fraudsters exploited the promo by creating 4.5 million fake accounts using bots and synthetic identities. The scale of abuse forced PayPal to shut down those accounts and revise its growth projections. AI didn’t just make this attack possible—it made it profitable.

This is where Fraud-as-a-Service enters the picture—fraud isn’t just a tactic anymore. It’s a scalable, rentable infrastructure that anyone with intent and a few dollars can tap into.

Q6. You mention “Fraud-as-a-Service.” What exactly is that?

Fraud-as-a-Service (FaaS) is the underground economy where fraud tools, templates, bots, and stolen data are sold or rented like SaaS products. It’s a plug-and-play model for cybercrime.

You don’t need to write code or run infrastructure. Want a phishing kit that looks like your target’s login page? Buy it. Need verified credentials from a specific country? They’re available in bulk. There are even Telegram groups where fraudsters offer refund policies and technical support.

FaaS democratizes fraud. It lowers the barrier of entry and gives low-skill actors the power to launch high-scale attacks. That’s why enterprises are now seeing not just a rise in fraud—but a rise in the number of actors executing it.

Q7. Who should own fraud prevention in the enterprise?

 Ownership must be distributed because fraud touches every function. Here’s what that looks like:

  • Fraud & Risk Teams: Lead strategy, run investigations, and define detection rules.
  • Security Teams: Protect infrastructure, flag behavioral anomalies, and prevent abuse of privileged access.
  • Finance Teams: Validate transactions, enforce approval workflows, and verify payment details.
  • Marketing Teams: Monitor for promo abuse, bot-driven engagement, and traffic quality.
  • Product Teams: Build with fraud controls in mind—rate limits, identity verification, and abuse prevention.
  • Legal Teams: Vet vendor contracts, validate new onboarding processes, and lead compliance checks.
  • Executives: Set tone and governance from the top—treat fraud as a leadership priority, not a line-item problem.

Fraud is not a one-team issue—it’s an organizational imperative.

Q8. What are the top 3 overlooked sources of fraud in enterprise ecosystems?

  • Customer-Facing Forms and Signups: Fraud often begins at the front door—bots fill out fake forms, create bogus accounts, and poison CRMs. This leads to inflated KPIs, wasted spend, and misdirected campaigns.
  • Executive-Level Communication: Deepfake impersonation is rising. Attackers now simulate executive calls or messages to trigger urgent actions—fund transfers, data sharing, or policy approvals. These social engineering attacks bypass traditional defenses.
  • Third-Party Vendors: Many vendors have system access but weaker security postures. Attackers increasingly compromise these partners to gain access into larger organizations. The weakest node often becomes the entry point.

Q9. What practical steps can leaders take today to harden their fraud posture?
 Here’s a prioritized list for immediate action:

  • Map your fraud attack surface—from signups and payments to executive communication and vendor access.
  • Implement dual approvals for wire transfers, invoice changes, and critical account access.
  • Use behavior-based bot detection and fraud management solutions, not just IP filtering, to stop fake users at the gate.
  • Continuously audit and restrict third-party access—especially for systems with customer or payment data.
  • Run simulated phishing and deepfake drills to train employees on modern deception tactics.
  • Set up a cross-functional fraud response team with reps from finance, legal, product, and security.
  • Align fraud KPIs with executive dashboards to ensure visibility and accountability.
  • Review promotional campaigns for abuse vectors—including referral fraud, cashback abuse, and coupon exploitation.

Q10. What’s the single biggest mindset shift needed to combat modern fraud?

Stop treating fraud like a reactive issue. It’s not something that happens after the fact—it’s happening in real time, silently, every day. The biggest mindset shift is to treat fraud as a business risk, not just a security event. That means integrating fraud defenses into every product flow, every campaign, every third-party integration, every financial transaction. Fraud is no longer the domain of the fraud team—it’s everyone’s job. Because today, every team can either help stop fraud—or help it succeed by accident.

Resources

What the Fraud?: How Organizations Can Defend Against Cyber Fraud in an AI-Powered World Paperback – April 28, 2025

…………………………………………………………………………………

Sumit Bahl is a seasoned security leader who has held leadership roles at top cybersecurity companies, including Cisco, Akamai, Cloudflare, Okta, Imperva, Qualys, and CHEQ. He holds a degree in engineering from the University of Mumbai and an MBA from Carnegie Mellon University. Sumit has a deep understanding of the cybersecurity industry and actively drives awareness on fraud and security issues through writing, speaking, and executive engagement. He is the author of the upcoming book “What the Fraud? How Organizations Can Defend Against Cyber Fraud in an AI-Powered World”, set to release next week.

Connect on LinkedIn

Ramesh Chitor

Ramesh Chitor  is a seasoned business leader with over 20 years of experience in the high-tech industry working for Mondee. Ramesh brings a wealth of expertise in strategic alliances, business development, and go-to-market strategies. His background includes senior roles at prominent companies such as IBM, Cisco, Western Digital, and Rubrik, where he served as Senior Director of Strategic Alliances. Ramesh is  actively contributing as a Business Fellow for Perplexity.

Ramesh is a value and data-driven leader known for his ability to drive successful business outcomes by fostering strong relationships with clients, partners, and the broader ecosystem. His expertise in navigating complex partnerships and his forward-thinking approach to innovation will be invaluable assets to Perplexity’s growth and strategic direction.

Connect on LinkedIn

You may also like...