Darwinium CEO Alisdair Faulkner

Darwinium CEO: What Happens When 95% of Your Traffic is

AI Employees

Managing AI Employees: Lessons for Fraud Leaders

Suspicious Activity Report (SAR) for cash

Top 5 Things Law Enforcement Wants in SAR Reports

Issuer-side dispute investigator

Dispute Investigator Life: Issuer Judgement Calls vs. Network Rules

Billing identity theft

Billing Identity Theft: When Healthcare Providers Become Victims

Airline chargebacks

Airline Chargebacks Likely to Remain Elevated This Summer Travel Season

Agentic commerce disputes

Agentic Commerce Disputes: A Fraud Window Left Open

Agentic trust

Agentic Trust: When AI Agents Shop, How Do We Know

Authorized push payment fraud (APP fraud)

APP Fraud and the New Dispute System You Can’t Ignore

Digital identity verification

Digital Identity Verification Market to Exceed $29B by 2030

June 28, 2026
Money TLV ad
Login / Sign Up
Notification
Darwinium CEO Alisdair Faulkner

Darwinium CEO: What Happens When 95% of Your

Jun 28, 2026
AI Employees

Managing AI Employees: Lessons for Fraud Leaders

Jun 21, 2026
Suspicious Activity Report (SAR) for cash

Top 5 Things Law Enforcement Wants in SAR

Jun 14, 2026
Issuer-side dispute investigator

Dispute Investigator Life: Issuer Judgement Calls vs. Network

Jun 12, 2026
Billing identity theft

Billing Identity Theft: When Healthcare Providers Become Victims

Jun 07, 2026
Airline chargebacks

Airline Chargebacks Likely to Remain Elevated This Summer

Jun 05, 2026
Agentic commerce disputes

Agentic Commerce Disputes: A Fraud Window Left Open

May 31, 2026
Agentic trust

Agentic Trust: When AI Agents Shop, How Do

May 26, 2026
Authorized push payment fraud (APP fraud)

APP Fraud and the New Dispute System You

May 17, 2026
Digital identity verification

Digital Identity Verification Market to Exceed $29B by

May 14, 2026
FraudBeat > Features & Insights > Expert Interviews > Darwinium CEO: What Happens When 95% of Your Traffic is Fraud?
Darwinium CEO Alisdair Faulkner

Darwinium CEO: What Happens When 95% of Your Traffic is Fraud?

Sponsored Content

Alisdair Faulkner is the co-founder and CEO of Darwinium, a comprehensive agentic security and fraud prevention platform to protect against online fraud and abuse. Before founding Darwinium, Alisdair co-founded and served as Chief Product Officer for ThreatMetrix, a digital identity and fraud prevention platform that was eventually sold to LexisNexis Risk Solutions for $830 million in 2018.

The interview has been condensed and edited for length and meaning. A video snippet from the interview appears below in an embedded video as well as on Fraudbeat’s Youtube channel.

An Agentic Commerce Prediction Fulfilled

Ronen Shnidman: We’re here today as a follow up to an interview I had with you for Merchant Fraud Journal about three years ago, where you predicted that the future of fraud prevention or the major threat on the horizon was adversarial AI. And you literally asked, what would happen when ChatGPT becomes your best customer?

That was the opening line of that article. And now everyone’s talking about agentic commerce and what to do with that and how to determine intent versus identity. So I think you had a head start among all of us.

Alisdair Faulkner: Yeah, I’ve been in fraud for a very long time. I was a co-founder of ThreatMetrix, which is now part of LexisNexis Risk Solutions, and I live and breathe fraud. I guess it’s my job to try and keep ahead of the trends because it takes two to three years to actually build something credible and reliable in the space.

The Jump to Agentic Fraud and Fraud 2.0

RS: So let’s dive in where we left off: what is the biggest blind spot for executives today about AI-based fraud?

AF: I think there’s a high level and then there’s the tactical practicalities. I think at the high level, there’s an appreciation of how fast the market is changing, now that you’ve had the Open Claw moment: I think it has been a real eye-opener. I think a lot of the conversations today about agents and AI have really been from the context of organizational impact, doing more with less, making your operations more efficient, but insufficient amount of time and focus has been spent on the consumer adoption of AI and what that means. For CISOs, it’s harder to control and often it’s overlooked. And the biggest blind spot is the fact that you cannot keep going with the same strategy that you implemented during your digital transformation or Fraud 1.0.

Agentic commerce is fundamentally different and this feeds into the misconceptions and the biggest blind spots. The biggest blind spot is visibility and that’s in two dimensions. One is from a user journey perspective. What you tend to find when you talk to most organizations is that they have a good handle over things like payments and traditional fraud, chargebacks and others, but are looking for more upstream intelligence, what we call the user journey. How did the user find you? What did they do when they arrived at your site or within the application? And so what you find today is that pretty much every organization is siloed to different degrees. But probably the biggest blind spot is that you have traditional automated fraud prevention, what you typically call bot management, managed by the security side. And then you have things like payments, losses, loss prevention kind of separate in its own organization or department, typically managed by fraud and customer experience. 

The challenge there is that in Fraud 1.0, it was perfectly legitimate to say that if it was any form of automation, any kind of bot that was trying to create an account or do a transaction on your site or access your customer’s account, you could block it. And, therefore, it made sense to have that kind of division of labor and expertise within an organization. But agentic commerce picks that up and throws that in the trash bin of history. Not only because it requires something thatI think most fraud folks and practitioners have continuously advocated for: user journey visibility to better understand intent and have better context for a decision and be able to proactively keep bad folks off sites. 

But what they don’t realize now with AI assisted commerce, where you’re looking at ChatGPT and, say shopping for shoes or flights, is fundamentally different in terms of how that user appears to your fraud organization. So the fundamental change is that in Internet 1.0, the user journey would start with someone searching for something on Google. You’d see them land on that site or if they are a returning customer, go directly to the login page. Today, that conversation is happening with an API, specifically MCP servers. Pretty much every single customer facing organization now is standing up an MCP server so that they, to begin with, can be discoverable by AI. So that’s problem number one. 

The challenge is that the fraud side of the department has zero clue about those APIs and those API interactions. And on the security side, you have zero clue about whether this traffic was from an agent or not. So let’s say it is an agent or not an agent, but either way, what happens for that e-commerce site or that airline site or that marketplace is that instead of seeing that user land on a product page and do some investigation, they’ll see it land in the checkout with the highest risk product ready to go. And it will be five minutes to midnight when they can use the promo code, you know, and it’s happening all at once because your customers are using these agents to purchase tickets and do other things, which probably qualifies as policy abuse. In that scenario I just described, which is probably the most common scenario that most e-commerce folks will find, is that is the highest risk transaction you’ll see in terms of fraud based on what your fraud system sees, what your security system sees, is just ChatGPT calling your MCP protocol.

No worries, no problem there. But what your fraud team sees is this person just went straight to checkout and you’re going to get rained down on with false positives. To avoid the problem requires cross-channel analytics for every digital interaction, meaning APIs, web and mobile. And the fact that these journeys are nonlinear, they can start on an API, move to web or start on web and move to APIs. You have to have a fundamentally different approach. And that I would say is probably the biggest blind spot I see for folks as they’re going on their AI assisted e-commerce journey.

Darwinium and Living ‘on the Edge’

RS: Wow, that’s huge! How does Darwinium being situated “on the edge” factor into that? I assume that plays into your advantage in terms of having a view of the whole user journey.

AF: Yeah. I mean, that’s what we’ve been doing in business for five years, and we’ve been advocating this view of having a cyberfraud prevention platform, something that both adds value and can be used and controlled and leveraged by both the security and fraud organizations as they continually move closer and closer together. It’s not necessarily true for all organizations, but we are seeing a bigger trend of fraud moving under the purview of CISO operations. It’s not happening in all industries, but many are experiencing this transition, with e-commerce being an exemplar.

What we call the edge is the customer perimeter edge. And what that translates to is typically your content delivery network, your CDN provider like Cloudflare, CloudFront, Akamai, etc. constitutes your digital perimeter for these e-commerce facing customers.

Regarding what’s different about Darwinium, I think we came from this from an adversarial fraud perspective that the best way to fight AI is with better AI and better AI means better data and better context and the ability to engage in inference in real time. You know, that’s also essential when you’re dealing with high-scale bot attacks. So Darwinium runs within your infrastructure. Anything that touches your customer is delivered via your content delivery network – where the Darwinium solution resides.

The 4 Advantages of to Darwinium Residing in the CDN

This has four key kinds of advantages. 

Increased Visibility of User Journey

One you touched on, which is visibility. Because you’re there at the edge, you’re effectively proxying within the customer’s own environment or kind of listening into, if you like, every interaction, whether it comes from a mobile, an API or the website. So you’ve had that kind of baseline across your entire organization, which is also important. You know, if someone disables JavaScript, 90% of the fraud prevention players are dead in the water because they just don’t have the telemetry data. Then when it comes to APIs, it’s even worse, because a lot of fraud prevention systems rely heavily on fingerprinting devices, which just aren’t present, or it’s the same with Open AI or Claude servers that are responsible for the majority of your automated traffic. So that’s one. Visibility is big and huge, and it’s kind of the first point. You can’t solve a problem unless you can see it, measure it and put a value or a cost to it, in terms of threat, risk and opportunity. 

Reduced Latency

The second advantage is actually latency; the control of the user’s experience when you’re doing things like device fingerprinting or relying on telemetry from a mobile SDK, often that has to get returned to some data center across the world and then returned back to that customer. 

You can pretty much guarantee that when your customer is a global organization latency becomes an issue. With Darwinium, because we run on your CDN, instead of having to round trip any telemetry data or APIs around the world, we’re typically in the country or even in the city from where that actual customer is. Overall, you get better user experience, less delays. And then also that does translate directly to your fraud effectiveness because often what happens when you’re profiling users from around the world is sometimes you get incomplete data, which leads to incomplete or inconclusive fraud signals.  

Increased Security & Data Sovereignty

Third, which might be surprising to others, but it’s actually security, data sovereignty and privacy. This is actually quite unique to Darwinium. Typically how it works today in the fraud SaaS or API world is you send them your data like email, credit card numbers, whatever it might be that you’re trying to leverage for a specific transaction or event and you’re hopeful that they are both hashing and encrypting that data in a way that is responsible and secure, but also in a jurisdiction of which you’re allowed to operate. By running on the edge, Darwinium actually enables customers to do the encryption themselves and have full control over what data gets identified, how it’s masked and how it’s handled. It is truly a trust-nothing architecture that we are able to implement seamlessly by deploying on the edge. So we’re the only company that can confidently say to the CISO that we do not touch or see any ⁓ decrypted data, not even in memory. Where data is decrypted actually is in the customer’s browser. That’s the reason why the edge is so powerful.

Reduced Time to Remediation

The  fourth advantage I would say is reduced mean-time to remediation and being able to future-proof your security and fraud stack. A big issue when organizations get hit with an attack and this is even more pertinent today, is the mean time to remediation of security incidents. The same thing needs to also apply to your fraud detection systems because the difference between adversarial AI and agentic AI is that once they find a vulnerability, it can hit very, very quickly and be very hard to distinguish between legitimate users and those that have ill intent.

RS: I’m glad you mentioned mean-time to remediation because I had an interview recently with Chen Zamir, where he talks about one of the benefits of AI now for fraud solutions is that you can reduce mean time to remediation.

Which Legacy Anti-Fraud Tools Does Adverserial AI Devalue

RS: And now,  we’re talking about APIs and the problem that the API approach has. What are the anti-fraud tools that are most impacted by adversarial AI in a negative way?

AF: Yeah, it’s interesting. We see amongst our customers that it’s really use case specific, but the key parts are onboarding, authentication and APIs.  Why from an API perspective? We’re seeing even commercial AI platforms being greedy and egregious in terms of their uses and access, but even more so competitor use of AI to scrape entire databases. So if you’re a SaaS, any SaaS business out there that provides a free service or a way to leverage your platform potentially for fraud elsewhere, you will see that abuse happens and it’s pernicious and it’s vicious and it’s continual. 

With onboarding, we have seen the rise of deep fakes start to explode. And what you’re seeing there is the fallback actually is relying more on manual human beings. So the truth is you’ll find a lot of these fully digital onboarding experiences might appear that way to a consumer, but because these deep fakes are getting so good, you know, the take a selfie with your camera kind of thing is being reviewed by humans. Moreover, a lot of these onboarding solutions for convenience are deployed via JavaScript. And a lot of the attacks are attacking the device and the mobile application itself. So your JavaScript has zero idea that it’s running on a jailbroken device and that it has got APIs exposed that have been currently accessed that enable camera and video injection into your application.

Having that visibility is a real issue. It’s not just a nice-to-have anymore.

Then on the authentication side, I think the big issue and the thought provoking question for banks or any organization with the consumerization of AI with the Open Claw moment is if I’m a consumer, let’s say accessing my bank and I’m using Claude.

Is that okay? If it’s not, can you tell? And if I’m a consumer and say, hey, it’s my data, you can’t stop me. And if a regulator agrees with that position, then you’re in a real bind as an organization. And then we’re just seeing that the account takeover attacks and bot attacks and credential stuffing attacks are just getting harder, faster and harder to detect in a cost-effective manner.

RS: So let’s discuss what intent-based fraud detection looks like in practice because that was your major insight in our previous interview several years ago. What does that look like to you?

AF: Let’s define what we mean by intent. Because there’s intent as used by the agentic payments protocols, which really just means  this shopper is this agent trying to browse or shop. That is a very limited view of what intent actually means. But the real reason we need it is that that identity is necessary but no longer sufficient where you have scams, i.e. when good customers are being targeted and convinced to do something that’s against their intent or their full awareness of what’s actually happening. In other words, you have good customers that turn bad. An account that belongs to a customer in great standing for all these years and then all of a sudden there’s a bust-out fraud or something like that.

With agents and agentic AI, it translates to a point where you cannot just say no bots allowed. It’s got to be about which kind of bots are allowed and then what are they allowed to do? Not just are they allowed, but what do we actually enable them to do? And it’s that question of authorization where intent really comes into play. 

What’s the value of intent? Well, intent should be predictive or preventative. For example, if you see a person go into the bank with a gun and with a hoodie on after being in a car that’s been scoping the place and kind of circling the block a number of times. Do you need them to actually fire the gun or take the money to take action? No. That’s the idea of intent. If you have good intent, you can approve more customers and remove friction while keeping the threats at bay. 

How do we define intent in practical terms? Intent is everything about you and how you behave, and how you navigate across digital journeys. It’s a combination of the identities you use, the devices that you use, how you behave, and then how that behavior relates to your corporate policies and, you know, abuse policy. 

RS: Is it normally behavioral signals that determine intent? What shows their hand?

AF: Behavior is important, but it has to be behavior on an individualized basis relative to this user. When you dig under the hood with behavioral biometric solutions, you’ll see that they’re trying to evaluate, is this the same for this user? What we’re evaluating is, is the same for this user, but actually, where have we seen that behavior before across the global population of that user?  We are turning behavior not only into an anomaly detection feature, but we actually turn behavior into identity. The same way that CCTV cameras can identify users by how they walk, we can uniquely identify users by how they behave and interact with your application. Not just on a single page, but throughout it, which is a gamechanger.

Darwinium at Work on a Money Mules Case

RS: Regarding first party frauds that are committed, how do you zero in on that? You explained it in general terms for bots and that you can determine intent. So I guess that would help. But can you walk me through an actual example?

AF: Yes, let me give you a fantastic example. One of our customers, a neobank, and also a digital wallet, a number of them were struggling both with fraud and then also scams and money mules. Money mules can be “friendly fraud”. It can be students that are leaving the country, who sell their accounts to a fraudster. You’ll have folks create fake accounts, but really the hard part is these third-party mules that are used, which they may suspect that they’re doing something bad, but it’s hard to tie them to it. Traditional fraud tools are often looking at device anomalies, but not necessarily behavioral ones. And so what was really interesting is that we were able to improve their capture rate of accounts such as these, looking at tying together various user behaviors across multiple accounts. Despite them having multiple fraud tools, dedicated AML, I won’t mention the vendor’s name just out of competitive politeness, the fraud tools that they’re using and the AML tools that they’re using, but we were very effective. So what that looked like is: First, we were deployed at onboarding and authentication and then onto the payments channel for this bank, and this gave the bank full visibility of behavior across customer journeys, and networks of accounts. 

One of the things that we noticed when we were deployed on the authentication is that we were seeing some behaviors out of the country where the user was purporting to be. We’ve got the ability to pierce proxies and other things. And use a lot of different signals to try and really understand where that user is coming from. But we also noticed unusual account activity. We noticed that there was behavior that looks just like a mule farmer checking in, checking deposits and others. We’ve also got our own AI copilot, which you can ask questions of, for example tell me what these signals are indicative of, or take a look at these transactions and tell me what they show. What are the things these transactions have in common? And can you write some rules that will detect it? It’s that easy, but, you know, you can do that once you have true visibility. 

One of the tactics we found was, when a mule account is enrolled as a part of the wider fraud ring, you’ll often have a device that is using multiple different profiles using app cloning. This lets fraudsters run multiple bank accounts from a single device. This makes it much easier to manage mule networks and account farming operations at scale, without needing a separate physical device per account. We are able to detect this and  to proactively block it at onboarding.

 So that’s one example, a holistic approach, where it’s not just one behavior, but multiple behaviors that rely on visibility of every step in a customer journey. We looked at behavioral biometrics, behavioral identification, account access, onboarding, the velocity of transactions, what identities they were using, where the telephone numbers came from, their commonalities, etc. And it just shows you that if you’re ingesting all this data and all this context, which we do in real time, we do it in a way that doesn’t have to compromise between keeping bank data safe or merchant data safe. It’s trust-nothing architecture. And then with the power of AI and our ability to sift through all that extraordinary amount of data with a decision that optimizes revenue, that’s an extraordinarily powerful situation that improves upon the status quo.

One of our customers replaced one of the better, well-known fraud prevention platforms with us and we achieved 50% better fraud controls and a reduction in their scams at the same time. And that’s largely just because we had better context, not that the previous fraud platform is bad at what they do.

Closing Thought: What Happens When 95% of Your Traffic is Bad

RS: I’d like to end with some closing thoughts from you. 

AF: Yeah, when people are looking at AI, I think things like AI agents within the platform, which we have, we call it co-pilot, enable customers. It’s only as good as your underlying application. That’s really kind of the summary when you agentify anything and that includes your fraud application.  And there are good companies that are specializing in creating agents for existing fraud platforms. You have companies like ourselves, which are building agents into the platform. This is nice because it helps you solve an existing problem more efficiently. But what you find is that those problems are not the same ones that you’re having now. You’ve got adversarial AI, agentic commerce and others. So you need to pay as much attention to not just using AI as an efficiency measure, but also how do you know that you are addressing the true AI threats? Because I know there are many CISOs and fraud folks that are laying awake knowing just how aggressively every organization with any data is coming under attack. And pretty much every CISO that you bring on or talk to, if fraud is part of their remit, they’ll tell you that they’re under an astronomical amount of attacks and threats and pressure.

Well, the thought I left you with last time was: What happens when Chat GPT is your best customer? Well, when I first started ThreatMetrix, the thought was back then that fraud was less than 10% of all your traffic.

My view now is what happens when it’s the inverse. When 95% of everything you’re dealing with is bad and it’s only the 5% or 10% which is good. And that is the future that I do hope that folks listening into this realize is not years and years or decades away. It’s a preeminent future upon us in terms of the ability for fraud to perfectly mimic good consumer traffic, to blend it in, to just increase the scale and velocity. And the fraud pressure on your organization is going to skyrocket. There’ll be those that are ready for it. But unfortunately, most will not.

It requires a new way of thinking to be able to address that because when you’re looking at efficiency and fraud metrics, the cost of fraud prevention is an important metric. And if your fraud operation costs as much as the fraud it is preventing, you need to do the same thing with half the fraud budget or even a tenth, then you’re in a much better position from an efficiency perspective. And we need to get there. 

Elephant Ad
Ronen Shnidman

ABOUT RONEN SHNIDMAN

Before entering the field of fraud tech and founding Fraudbeat, Ronen spent close to a decade as a journalist. He began his career working at the newspapers The Jerusalem Post and Haaretz/The Marker and before shifting to trade journalism and covering the diamond industry. Ronen uses his past experience as a journalist to inform his approach to covering fraud trends and anti-fraud technology with the intent of giving the highest quality information from the sources most in the know.

View All Ronen Shnidman Latest Posts

Leave a comment

Your email address will not be published. Required fields are marked *