Subscribe to the Non-Human & AI Identity Journal

Cross-Platform Fraud

Cross-platform fraud is a scam that begins in one service and is completed in another, often to evade detection or moderation. This pattern defeats single-app controls because the attack path, trust transfer, and loss event are split across different systems.

Expanded Definition

Cross-platform fraud is a coordinated abuse pattern in which a malicious actor starts a scam on one service and completes the harm on another, often by exploiting gaps between moderation, identity proofing, payments, and reporting workflows. In NHI and agentic environments, the term matters because the fraud path can traverse multiple applications, APIs, and identity domains before any single control sees the full chain.

Definitions vary across vendors, but the operational meaning is consistent: the attacker relies on trust transfer between platforms rather than breaking one platform’s controls outright. That makes it distinct from simple account takeover or isolated phishing, because the decisive step is the handoff from one system to another. The relevant control problem is not only detection inside each service, but correlation across services, such as linking an initial social-engineering event to a later payout, credential abuse, or impersonation event. For a security baseline, practitioners often map this to control expectations in NIST SP 800-53 Rev 5 Security and Privacy Controls and identity governance patterns described in Ultimate Guide to NHIs — The NHI Market.

The most common misapplication is treating the fraud as a single-platform moderation failure, which occurs when teams review only the originating app and ignore the downstream service where the loss actually materialises.

Examples and Use Cases

Implementing cross-platform fraud defenses rigorously often introduces correlation overhead, requiring organisations to weigh faster user experience against deeper linkage, event sharing, and review workflows.

  • A scam begins with a forged seller profile in a marketplace, then moves to a messaging app where the victim is pressured to switch to a separate payment channel.
  • An impersonation campaign starts on social media, then completes on a ticketing or support portal where the attacker resets credentials or requests a refund.
  • A bot-assisted recruitment scam initiates on one platform, then shifts to email and collaboration tools to collect documents, secrets, or account recovery codes.
  • A marketplace fraud ring uses one platform to generate legitimacy signals, then executes the chargeback or delivery scam in a different checkout system.
  • An AI agent is manipulated in one workflow and used to trigger actions in another, showing why cross-system trust boundaries need explicit governance in NHI lifecycle discussions and controls such as NIST SP 800-53 Rev 5 Security and Privacy Controls.

In practice, the pattern is easier to spot when teams correlate identity, device, and transaction signals across services instead of treating each platform as a separate trust island.

Why It Matters in NHI Security

Cross-platform fraud is especially dangerous in NHI security because service accounts, API keys, and automation workflows often span multiple applications without a human in the loop. When one platform only sees a benign initial action, an attacker can pivot through legitimate integrations and make the downstream system absorb the actual impact. That is why cross-platform fraud is not just a fraud problem, but also a governance and access-control problem for NHIs, secrets, and agentic workflows.

NHI Mgmt Group research shows that 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, and that 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools. Those conditions make multi-step abuse easier to stage and harder to contain. The same risk logic appears in the Ultimate Guide to NHIs — The NHI Market, where weak visibility and privilege sprawl widen the blast radius of any cross-platform abuse. Teams also need to align monitoring with NIST SP 800-53 Rev 5 Security and Privacy Controls so that signals from the source and destination systems are joined into one investigation path.

Organisations typically encounter the true cost only after a scam crosses from one platform into another and the loss, moderation, and remediation teams all discover different pieces of the same incident.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST CSF 2.0, NIST Zero Trust (SP 800-207) and NIST SP 800-63 set the governance and control requirements practitioners need to meet.

Framework Control / Reference Relevance
NIST CSF 2.0 DE.AE-1 Cross-platform fraud depends on correlating anomalous events across services.
OWASP Non-Human Identity Top 10 NHI-02 Fraud often exploits weak secret handling and trust transfer between systems.
NIST Zero Trust (SP 800-207) JD-1 Zero Trust requires continuous verification across each platform boundary.
NIST SP 800-63 IAL2 Identity proofing gaps can enable abuse that later completes on another service.
OWASP Agentic AI Top 10 A-04 Agentic workflows can be manipulated to move fraudulent actions across tools.

Re-authenticate trust at every handoff and never assume one platform's approval covers another.