[seopress_breadcrumbs]

The Enemy of My Enemy: Uniting Against Fraud in The Age of AI

•

January 23, 2026

This interview analysis is sponsored by Riskified and was written, edited, and published in alignment with our Emerj sponsored content guidelines. Learn more about our thought leadership and content creation services on our Emerj Media Services page.

Fraud is no longer a cost of doing business — it has become a structural threat that enterprise defenses were never designed to handle.

The Federal Trade Commission’s 2024 data show that consumers reported losing more than $12.5 billion to fraud, a 25% increase over the prior year — and even that figure understates the real damage, since most financial fraud goes unreported. At the account level, the deterioration is sharper still: according to an AARP-backed Javelin Strategy & Research study, account takeover fraud reached $15.6 billion in losses in 2024, up from $12.7 billion the year before, while new-account fraud climbed to $6.2 billion, compared with $5.3 billion in 2023.

What is driving this acceleration is not simply more fraud — it is fundamentally different fraud. The FBI has warned that criminals now exploit generative AI to commit fraud on a larger scale, increasing the believability of their schemes, and that these tools reduce the time and effort criminals must expend to deceive their targets. The result is an asymmetry that is widening every quarter: attackers can automate and industrialize, while most enterprise fraud teams still operate under controls built for a slower, more analog threat environment.

For retailers, the consequences are direct. The FTC recorded more than 1.1 million identity theft reports in 2024, the majority involving hijacked or fraudulently opened payment accounts — precisely the attack vectors that feed retail fraud rings. And critically, the FTC’s own analysis found that the rise in total losses was not driven by more fraud reports, but by a jump in the share of people who actually lost money — from 27% in 2023 to 38% in 2024. Attacks are not just more frequent; they are more effective.

Emerj’s Matthew DeMello sat down with Danielle Dzbanek, Senior Director of Analytics at Riskified, for an on‑demand webinar examining how AI has transformed fraud from isolated incidents into fast‑moving, industry‑wide campaigns. Their discussion focused on why device takeovers and AI‑driven social engineering now evade traditional controls, and how network‑level intelligence, real‑time anomaly detection, and identity‑centric modeling are becoming essential for enterprises to stay ahead of rapidly evolving fraud patterns.

This article examines three critical insights on how enterprises can modernize fraud prevention as AI‑enabled attacks become faster, more scalable, and harder to detect:

Network‑level fraud intelligence: Cross‑merchant visibility reveals industry‑wide attack patterns early enough to stop fraud rings before they pivot across multiple brands.
Real‑time, multi‑layered risk evaluation: Adaptive models and anomaly detection surface pattern‑level inconsistencies that static rules and order‑level review cannot see.
AI‑driven identity and device integrity monitoring: Unified identity and device signals expose compromised accounts and device takeovers that reuse a victim’s legitimate credentials.

Guest: Danielle Dzbanek, Sr. Director, Analytics at Riskified

Expertise: Data Analytics, Fraud & Risk Analytics, Marketing Analytics, Data Strategy

Brief Recognition: Danielle Dzbanek has built her career leading analytics teams and data strategy initiatives across digital advertising and fraud prevention. At Riskified, she progressed from analytics team lead to Senior Director of Analytics, overseeing analytics efforts across the Americas and supporting data-driven decision-making for risk and commerce. Prior to Riskified, she spent more than five years at MediaMath in progressively senior analytics roles and was recognized with the 2019 IAB Data Rockstar Award for innovation and impact in the data industry. She holds a BBA from Emory University with a focus on Finance, Marketing, and Analytic Consulting.

Network‑Level Fraud Intelligence

Danielle opens by reframing modern fraud as a network‑scale threat rather than a merchant‑level one. She explains that fraud rings now behave like distributed systems: they probe one retailer, refine the tactic, and then replicate it across an entire vertical. The core issue, in her view, is structural — each merchant only sees the local symptom, never the full pattern.

To make this concrete, Danielle breaks down the mechanics of how these rings operate:

Modular attack design: once a tactic works, it can be reused instantly across multiple brands.
Fragmented visibility: each merchant sees only its own slice of the activity.
Cross‑merchant signal emergence:the earliest signs of a coordinated ring only appear when identities and behaviors are compared across retailers.

These three dynamics, she argues, are why internal data — no matter how large — is structurally insufficient. The fraud ring is engineered so that no single merchant ever sees enough of the pattern to detect it.

“One of the most misleading parts of these attacks is how stable everything looks from the inside. The fraud ring is designed so each merchant sees a week that looks perfectly normal — healthy volume, familiar patterns, nothing alarming. That false sense of stability is part of the strategy, and it’s why merchant‑level visibility will always miss the early stages.”

— Danielle Dzbanek, Senior Director of Analytics, Riskified

For Danielle, the practical takeaway is direct: the earliest warning signs of modern fraud live outside your four walls. Enterprises need cross‑merchant identity intelligence to see coordinated behavior early enough to intervene — before the ring has already extracted value from half the vertical.

Real‑Time, Multi‑Layered Risk Evaluation

Danielle shifts the conversation to the tempo of modern fraud, and she’s blunt: the attacker’s advantage is no longer sophistication — it’s speed. She explains that fraud rings now operate on cycles measured in minutes, not days, and that most enterprise controls still assume abuse evolves slowly enough for humans to intervene. In her view, this mismatch is the root cause of why “clean‑looking” fraud slips through.

Rather than describing fraud as a single problem, Danielle frames it as three overlapping layers of signal that must be evaluated together — and continuously:

Behavioral rhythm: whether the customer behaves like themselves over time, not just in one session.
Session integrity: whether the device and environment behave like a healthy, uncompromised system.
Network resonance: whether similar behaviors are emerging across other identities in the ecosystem.

She emphasizes that none of these layers are detectable through static rules or periodic tuning. The fraudster’s goal is to ensure that every individual order looks normal; the enterprise’s goal must be to detect the pattern that emerges over time and across customers.

“The hardest part for teams is that nothing looks wrong when you’re staring at a single order. The anomalies only reveal themselves when you watch how the behavior moves — the timing, the repetition, the way it spreads across accounts. That motion is the signal, and if you’re not evaluating in real time, you never see it.”

— Danielle Dzbanek, Senior Director of Analytics, Riskified

Real‑time intelligence isn’t about speed for its own sake; it’s about seeing the pattern while it’s still forming, not after the damage is done. The enterprise advantage comes from compressing detection time, not adding more rules.

AI‑Driven Identity and Device Integrity Monitoring

Danielle then turns to what she considers the most misunderstood shift in the fraud landscape, the rise of device‑level compromise. She explains that attackers increasingly bypass authentication entirely by taking control of the customer’s device — meaning the fraudster inherits the victim’s IP, cookies, saved wallets, and behavioral history. To legacy systems, the fraudster is the customer.

She stresses that this is why identity‑centric modeling must now include device integrity as a first‑class signal. The question is no longer “Does this login match the account?” but “Does this device behave like the device this customer actually uses?”

Danielle points to three indicators that consistently reveal compromised devices:

OS regressions: sudden downgrades to older operating systems that allow malware to run silently.
Behavioral discontinuity:navigation patterns that don’t match the customer’s historical rhythm.
Cross‑merchant echoes: the same compromised device appearing in multiple retail environments.

These signals, she notes, are invisible to traditional authentication systems because they rely on credentials rather than behavior.

“What makes these cases so dangerous is that everything looks legitimate — the device, the IP, the wallet, the history. The only clues are the subtle ones: the OS downgrade, the way the session behaves, the fact that the same device shows up in places it shouldn’t. Those are the signals that tell you the customer isn’t the one driving the interaction.”

– Danielle Dzbanek, Sr. Director, Analytics at Riskified

Danielle’s takeaway is that identity and device integrity cannot be separated. To distinguish a legitimate customer from a compromised one, enterprises need models that evaluate how the identity behaves — not just whether the credentials match.