Guest: Robert Capps and Eric Boles
Today I’m talking with Robert Capps and Eric Boles about something a whole lot of fraud fighters think about, but very few ever get to see in real life, cybercriminal deterrence that goes beyond blocking the order, closing the account, or writing off the loss.
Because if you work in fraud long enough, you know the frustrating part is not always catching the pattern. It is knowing the same ring will often just move on, regroup, and come back somewhere else. That is why this conversation matters. Robert and Eric helped build something at StubHub that a lot of companies never even attempt, an internal investigations unit focused on tying activity together, identifying the people behind the screens, and working with law enforcement to create actual consequences.
And that matters.
Because post-transaction investigations are not just about revenge, and they are definitely not just about telling a good war story later. They can reduce repeat attacks. They can support fraud restitution recovery. They can expose organized fraud rings tied to other criminal activity. And they can shift the way a company thinks about long-term fraud prevention.
Here is what that approach means in practice:
- Cybercriminal deterrence gets stronger when fraud teams go beyond transaction-level response
- Post-transaction investigations can connect accounts, orders, devices, and people into one clearer case
- Law enforcement collaboration works best when companies bring organized evidence, not just frustration
- Fraud deterrence strategy is much more effective when criminals face real-world consequences
What you’ll hear in this episode:
- Why StubHub built an internal investigations unit focused on prosecuting fraudsters
- How post-transaction investigations helped connect large-scale fraud to organized criminal groups
- What Robert and Eric learned about fraud ring prosecution and law enforcement collaboration
- Why marketplace fraud investigations can create benefits beyond immediate loss reduction
- How merchants and marketplaces can think differently about long-term fraud prevention
You should listen to this episode if you:
- Work in fraud, trust and safety, investigations, or risk and want a more mature fraud deterrence strategy
- Have ever wondered whether organized fraud rings can actually be identified and prosecuted
- Want a better understanding of fraud case building and law enforcement collaboration
- Care about marketplace fraud investigations, merchant fraud investigations, or restitution recovery
- Are thinking about how cybercriminal deterrence fits into a broader fraud operations strategy
If you liked this episode, be sure to subscribe and review the podcast on iTunes, Spotify, YouTube, or wherever you listen to podcasts. It really helps with getting the word out.
Episode notes & key takeaways
This episode gets into a part of fraud work that a lot of teams do not have the time, staffing, or structure to pursue. I’m talking about what happens after the transaction, after the account review, after the chargeback, when a company decides it wants to know who is actually behind the fraud and what it would take to stop them more permanently.
Why cybercriminal deterrence requires more than blocking bad orders
Let’s break this down.
A lot of fraud teams are built to make fast decisions. Approve. Decline. Review. Refund. Escalate. That makes sense. The transaction is happening now, the loss is happening now, and the business wants the answer now. But cybercriminal deterrence usually does not happen in that moment. It happens later, when someone goes back, connects the dots, and treats the fraud like a larger case instead of a single bad event.
That is the part Robert and Eric help bring to life in this conversation.
Because when companies only focus on the immediate transaction, they may stop one attempt without changing much for the future. The ring adapts. The same actors return. The losses keep coming from slightly different angles. But when a team invests in understanding the full operation behind the abuse, the strategy changes.
- Cybercriminal deterrence depends on seeing the fraud beyond one order or one account
- Fraud deterrence strategy is weaker when teams only respond at the transaction level
- Long-term fraud prevention often starts with understanding how repeat offenders actually operate
- Cybercrime consequences are more likely when companies treat fraud as a buildable case
Why post-transaction investigations can change the game
Here’s what’s actually happening.
Post-transaction investigations matter because they give teams time to do the deeper work. To connect all orders and accounts tied to one ring. To look at shared behaviors, devices, locations, and methods. To identify patterns that were not obvious in real time. And eventually, if the evidence is strong enough, to hand something meaningful to law enforcement.
That is a very different level of effort.
And honestly, it is one a lot of companies never get to. Not because they do not care. Because they are stretched thin, focused on immediate losses, and not always staffed for investigations at that level. But StubHub proved it can be done, and the results went beyond just satisfaction. There was fraud restitution recovery. There were reduced attempts. There were real consequences.
That usually gets a fraud team’s attention.
- Post-transaction investigations help connect fragmented fraud into one coherent story
- Internal investigations units can uncover patterns hidden during real-time decisioning
- Fraud case building becomes stronger when teams collect evidence across many events
- Marketplace fraud investigations can reduce future abuse, not just explain past losses
What law enforcement collaboration actually requires
This is where a lot of companies get stuck.
They know they want help from law enforcement. They know the fraud is serious. They know the losses are real. But law enforcement collaboration is not just calling someone and saying, “We’ve got a problem.” It requires evidence. Structure. Documentation. A clear narrative. A reason this case matters beyond one merchant absorbing one set of losses.
Right.
That is why this conversation is so useful. Eric brought experience from the Secret Service into the private sector, and that perspective matters. It shows what kind of fraud case building actually helps move a case forward. Not vague suspicions. Not scattered screenshots. A real case. Something that shows scale, coordination, repeat behavior, and identifiable actors.
- Law enforcement collaboration works best when fraud teams bring organized, usable evidence
- Fraud ring prosecution usually depends on strong documentation and a clear case narrative
- Trust and safety investigations are more effective when they are built with external action in mind
- Prosecuting fraudsters requires patience, structure, and realistic expectations
Why organized fraud rings create a bigger business problem
At first glance, some companies may think of this kind of fraud as just another cost line. A painful one, but still just a cost line. I think that is usually a mistake.
Because organized fraud rings are rarely only hurting one business. They often connect to broader criminal activity, wider networks, and repeat abuse across multiple companies and platforms. That is one of the more important themes in this episode. Once the investigations team identified the people behind the screens, they learned a lot more about what those fraudulent purchases were tied to and what they were funding.
And that matters.
Because it shifts the conversation from “how do we reduce losses this quarter?” to “what role do we want to play in disrupting this larger pattern?” That is a very different question. And not every company can answer it the same way. But more companies should at least ask it.
- Organized fraud rings often create harm far beyond one merchant or marketplace
- Merchant fraud investigations can uncover links to larger criminal networks
- Fraud operations strategy gets stronger when teams understand the broader impact of abuse
- Cybercrime consequences can have deterrent value well beyond a single case
What fraud teams can realistically take from this
So what should fraud teams do with an episode like this if they do not have a full investigations unit today?
Start smaller. Look at whether your team has a way to connect related fraud events after the fact. Ask whether your documentation would support an external case if it needed to. Think about which rings or abuse patterns are truly worth building out. And ask whether your fraud deterrence strategy is only reactive, or whether there is room for more durable disruption.
That is the part I want people to sit with.
Because not every company is going to build a full internal investigations unit tomorrow. But a lot of teams could get better at post-transaction investigations, better at fraud case building, and better at deciding when a pattern deserves more than a decline code.
The big takeaway from this episode is pretty straightforward. Cybercriminal deterrence becomes much more real when fraud teams move beyond stopping individual transactions and start building cases that can create actual consequences. That takes work. It takes structure. It takes collaboration. But as Robert and Eric show, it absolutely can be done.
