Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Fraud trust models are shifting from rules to adaptive decisioning


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 11936
Topic starter  

TL;DR: Fraud prevention has moved beyond rules-based systems toward machine learning, real-time trust decisions, and more prescriptive customer guidance as AI reshapes the threat landscape, according to Sift. The identity and access lesson is clear: static controls cannot keep pace with dynamic abuse, especially where account trust, session behaviour, and friction all need to be decided in context.

NHIMG editorial — based on content published by Sift: 15 Years of Sift: Jason Tan and Marc Friend on Fraud, Trust, and What Comes Next

Questions worth separating out

Q: How should security teams balance fraud friction with user experience?

A: Security teams should balance fraud friction by making trust decisions contextual rather than universal.

Q: Why do rules-based fraud controls fail against adaptive attackers?

A: Rules work only for patterns the team already knows, so attackers can shift device, network, or behavioural traits to stay outside static thresholds.

Q: How do teams know if identity security controls are actually working?

A: Identity security controls are working when teams can show a current view of high-risk entitlements, detect privilege drift quickly, and remove access before exposure spreads.

Practitioner guidance

  • Define trust decision ownership Assign explicit ownership for login, recovery, and transaction trust decisions so IAM and fraud teams are not making overlapping or contradictory calls.
  • Instrument trust decision lag Measure the time between a risk signal appearing and the control response being applied.
  • Use adaptive verification for high-value journeys Apply progressive verification only where the session or transaction context warrants it, rather than treating every interaction the same.

What's in the full article

Sift's full post covers the operational detail this post intentionally leaves for the source:

  • How the company describes dynamic trust scoring in live customer flows.
  • The examples it gives for changing checkout friction based on confidence signals.
  • The leadership perspective on how AI is reshaping fraud operations and customer expectations.
  • The longer discussion of culture, decision-making, and what the team says comes next.

👉 Read Sift’s 15-year perspective on fraud trust, AI, and what comes next →

Fraud trust models are shifting from rules to adaptive decisioning?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11491
 

Fraud prevention is now an identity governance problem, not just a detection problem. When trust decisions shape account access, checkout friction, and recovery flows, the control plane becomes part of the identity stack. That means IAM and fraud teams are increasingly responsible for the same runtime decision, even if they own different tooling. Practitioners should treat trust policy as governed identity logic, not isolated fraud scoring.

A question worth separating out:

Q: Who is accountable when a fraudulent recovery or approval occurs?

A: Accountability sits with the organisation that designed the workflow and the controls that govern it. If a recovery or approval path allowed action without adequate verification, that is a governance failure, not just a user mistake. Frameworks such as NIST Cybersecurity Framework 2.0 help teams assign control ownership and review the process.

👉 Read our full editorial: Fraud trust models are shifting from rules to adaptive decisioning



   
ReplyQuote
Share: