By NHI Mgmt Group Editorial TeamDomain: Identity Beyond IAMSource: SiftPublished August 29, 2025

TL;DR: Fraud prevention is being reframed as a growth lever because false declines, onboarding friction, and manual review overhead can damage conversion, retention, and customer lifetime value, according to Sift and Veriff. That shift matters because trust controls now influence revenue operations as directly as they influence loss reduction.


At a glance

What this is: This is a Sift blog arguing that fraud prevention should be managed as a growth enabler, with the central finding that friction, false declines, and hidden fraud costs can suppress revenue as much as fraud itself.

Why it matters: It matters to identity and security practitioners because fraud controls shape onboarding, authentication, customer trust, and account creation outcomes, which increasingly overlap with IAM, identity verification, and risk-based access decisions.

By the numbers:

👉 Read Sift's analysis of fraud prevention as a growth engine for CFOs


Context

Fraud prevention is no longer only a loss-prevention function. In digital businesses, the same controls that stop abusive activity also shape account creation, payment conversion, and the customer experience, which makes fraud governance relevant to identity verification, access trust, and revenue operations.

The governance gap is that many organisations still measure fraud only by prevented loss, chargebacks, or refunds. That view misses the operational cost of false declines, review friction, and churn, and it also obscures where identity verification and access policy decisions are creating avoidable business drag.


Key questions

Q: How should security teams reduce false declines without weakening fraud controls?

A: Start by separating hard fraud stops from soft operational failures, then improve the context used in payment decisions. The goal is not to loosen controls everywhere, but to raise decision quality by combining customer history, device signals, order details, and retry logic so legitimate activity is less likely to be treated as suspicious.

Q: Why do fraud controls affect revenue as much as they affect loss prevention?

A: Fraud controls decide who gets through the door, how quickly they transact, and whether they return after a bad experience. If the controls are too strict, the business loses legitimate customers through false declines and onboarding abandonment. If they are too loose, fraud losses and chargebacks erode margin. Both sides affect revenue.

Q: What do security and finance teams get wrong about fraud ROI?

A: They often focus only on prevented fraud dollars and miss the operational cost of manual review, customer support, remediation, and churn. A better ROI model includes conversion lift, retention, and time saved by front-line teams. That gives a more realistic picture of whether the control is helping the business grow.

Q: Who should own fraud policy when it influences onboarding and customer trust?

A: Ownership should be shared across finance, fraud operations, identity, and customer experience, with clear executive accountability. Fraud policy affects both access decisions and commercial outcomes, so it cannot live in a single silo. The practical answer is one trust governance model with explicit decision rights and escalation paths.


Technical breakdown

How fraud controls affect conversion and customer friction

Fraud systems sit in the decision path for onboarding, checkout, and account recovery. They score risk using behavioural signals, device intelligence, historical patterns, and identity attributes, then decide whether to approve, challenge, review, or block a transaction or signup. When the thresholds are too strict, legitimate users get false declines. When they are too loose, fraud losses rise. The technical challenge is not just detection accuracy, but decision calibration across the customer lifecycle.

Practical implication: tune fraud thresholds against conversion, abandonment, and loss data rather than loss alone.

Why AI-powered fraud decisioning changes operating models

AI-powered fraud systems can reduce manual review volume by learning patterns across large event streams and applying dynamic scoring instead of static rules alone. That can improve speed, but it also introduces governance requirements around model drift, explainability, and review overrides. If a team cannot explain why good customers are blocked, the control may be numerically effective but commercially harmful. In identity-heavy journeys, this becomes a trust and assurance problem as much as a detection problem.

Practical implication: require calibrated review loops and human override paths for high-value customer journeys.

Where fraud prevention intersects with identity and access trust

Fraud prevention and identity security overlap wherever an organisation must decide whether a person, device, or account should be trusted. Account creation, password resets, step-up checks, and multi-factor prompts are all governance points that influence both fraud exposure and IAM outcomes. This is where trust and safety, identity verification, and access policy converge. The strongest programmes treat these controls as one decision fabric rather than separate operational silos.

Practical implication: align fraud signals with IAM and IDV policy so trust decisions are consistent across channels.


Threat narrative

Attacker objective: The objective is to extract value from the business while staying inside trust thresholds, either through fraudulent transactions, account abuse, or repeated exploitation of onboarding and payment flows.

  1. Entry occurs when attackers or abusive users exploit weak onboarding, synthetic identities, or account creation gaps to enter trusted journeys.
  2. Escalation follows when the system accepts risky behaviour as legitimate, allowing account takeover, payment abuse, or repeated low-friction abuse paths.
  3. Impact appears as chargebacks, refund loss, customer churn, and conversion decline when trust controls block good users or miss bad ones.

NHI Mgmt Group analysis

Fraud prevention is becoming a trust governance problem, not just a loss-mitigation problem. Once fraud controls begin shaping approval rates, onboarding completion, and customer retention, they sit inside the identity decision flow. That makes them relevant to IAM, identity verification, and customer trust frameworks, not just finance. Practitioners should manage fraud policy as a governance layer that affects who is allowed into the business.

False declines are an access control failure in commercial form. When legitimate users are challenged or blocked too often, the control is overfitting to risk and creating avoidable friction. The practical lesson is that business loss can come from overblocking as well as underblocking, so teams need shared metrics that connect fraud policy to conversion and lifetime value.

Revenue-oriented fraud strategy does not remove risk, it redefines the optimisation problem. CFO-led programmes tend to ask whether controls improve margin, retention, and market expansion, which is the right question if governance is still anchored in legacy loss metrics. The challenge is to preserve explainability and auditability while increasing decision speed. Practitioners should tie fraud decisions to measurable trust outcomes, not just incident counts.

Identity verification and fraud operations are converging into a single decision fabric. The same signals now influence onboarding, account recovery, step-up checks, and payment trust. That convergence means silos between fraud, IAM, and customer experience teams create inconsistent policy enforcement. Practitioners should align these functions under one trust model with clear ownership and appeal paths.

Fraud controls need an operating model that is commercial, not only technical. The most useful programmes treat fraud as part of digital growth architecture, with explicit trade-offs between friction, risk, and revenue. That does not mean relaxing controls indiscriminately. It means governance decisions should be made with finance, identity, and security data in the same room, so the organisation can choose the right amount of friction for each journey.

What this signals

Trust decisions now span fraud, identity verification, and access governance, so the programme model has to change. If onboarding, recovery, and payment decisions are made by different teams using different signals, the business gets inconsistent trust outcomes. The practical signal is that organisations need a shared decision layer with measurable override and appeal paths, not just separate fraud tooling.

Secrets and account trust are part of the same risk surface. A business that cannot rapidly remediate exposed credentials or align identity controls across journeys will keep paying for friction later. According to The State of Secrets in AppSec, the average estimated time to remediate a leaked secret is 27 days, which shows how slowly governance can move relative to exposure.

Fraud as growth enablement only works when the team can prove where friction is acceptable. The programme should distinguish between journeys where tighter control protects margin and journeys where a lighter touch improves conversion without materially increasing risk. That governance question is now a finance-and-identity decision, not just a fraud operations decision.


For practitioners

  • Rebase fraud KPIs on business outcomes Measure fraud policy using approval rates, abandonment, chargebacks, and customer lifetime value alongside loss prevention so teams can see whether controls are helping or hurting growth.
  • Map fraud decisions to identity journey points Identify where onboarding, recovery, step-up verification, and payment checks are creating the highest friction, then align those controls with IAM and identity verification owners.
  • Build an override path for high-value legitimate users Create a documented manual review and appeal process for customers who are repeatedly false-declined, especially in premium or high-retention segments.
  • Unify fraud and IAM signal governance Use consistent trust signals across account creation, session risk, and recovery events so one business unit does not approve what another would block.

Key takeaways

  • Fraud prevention affects revenue, customer trust, and operational efficiency, so it should be governed as part of growth strategy rather than treated as a pure loss-control function.
  • The most material hidden costs are false declines, onboarding abandonment, manual review overhead, and churn, which can outweigh visible fraud losses in digital businesses.
  • Teams need shared fraud, IAM, and identity verification governance so trust decisions are consistent, explainable, and tied to measurable business outcomes.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

NIST CSF 2.0, NIST SP 800-53 Rev 5 and NIST SP 800-63 set the technical controls, while GDPR define the regulatory obligations.

FrameworkControl / ReferenceRelevance
NIST CSF 2.0PR.AC-1Fraud prevention decisions shape who is trusted into digital journeys.
NIST SP 800-53 Rev 5IA-5Identity assurance and authenticator handling underpin high-trust customer journeys.
NIST SP 800-63SP 800-63BIdentity proofing and authentication assurance are central to fraud-resistant onboarding.
GDPRArt.32Fraud and identity data handling can involve personal data security obligations.

Map onboarding and recovery trust decisions to PR.AC-1 and review where friction is driving abandonment.


Key terms

  • False decline: A false decline is a legitimate transaction that is rejected because the fraud controls interpret it as risky. It matters because the operational cost is not limited to one lost sale. It can also damage customer trust, reduce retention, and distort fraud programme metrics.
  • Customer Lifetime Value: Customer lifetime value is the estimated total value a customer brings over the full relationship, not just at first purchase. In fraud governance, it helps teams judge whether friction, review, or blocking is protecting revenue or quietly suppressing future growth.
  • Identity verification: Identity verification is the process of confirming that a user, workload, or agent is the entity it claims to be before access is granted. In AI-heavy environments, that verification must include the requester, the system acting on its behalf, and the sensitivity of the action.
  • Trust Decisioning: Trust decisioning is the use of signals and policy to decide whether a user, account, or transaction should be approved, challenged, reviewed, or blocked. It sits at the intersection of fraud, identity, and customer experience because every decision changes both risk and conversion outcomes.

What's in the full article

Sift's full blog covers the operational detail this post intentionally leaves for the source:

  • Revenue and margin framing for finance leaders who need to justify fraud investment in business terms
  • Specific examples of how false declines affect conversion, retention, and customer lifetime value
  • A CFO-oriented ROI structure for comparing manual review cost, chargebacks, and customer churn
  • Cross-functional talking points for aligning fraud, product, and customer experience teams

👉 Sift's full post expands the business case, ROI framing, and cross-functional actions for fraud governance.

Deepen your knowledge

NHI Foundation Level course, the industry's only accredited NHI security programme, covers NHI governance, secrets management, workload identity, and identity lifecycle fundamentals. It is designed for practitioners who need to connect access decisions, trust policy, and operational governance across modern security programmes.
NHIMG Editorial Note
Published by the NHIMG editorial team on July 12, 2026.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org