Cybercriminal investigations: bringing real-world consequences to fraud rings
Guest: Robert Capps & Eric Boles
Today I am talking about cybercriminal investigations, and honestly, this is one of those conversations a lot of fraud fighters have probably imagined at some point. Not just stopping an order. Not just shutting down an account. Not just writing off the loss and moving on. I mean actually identifying the people behind organized fraud rings and helping bring real-world consequences to what they are doing.
Because that usually feels very far away from day-to-day fraud work.
I sat down with Robert Capps and Eric Boles to talk about what it looked like when StubHub built an internal investigations unit focused on going beyond transaction review and into actual fraud ring investigations. And that matters, because most companies never get that far. They are busy containing losses, managing chargebacks, and keeping operations moving. They are not built for post-transaction investigations, long-term case building, or federal law enforcement collaboration.
But StubHub proved it can be done.
And what makes this conversation especially useful is that it is not just about the satisfaction of seeing fraudsters face consequences. It is about what happens when a company starts treating major organized fraud rings as something worth investigating all the way through. The business learns more. The fraud team sees patterns more clearly. Deterrence gets stronger. And in some cases, there is even restitution from fraud cases.
That is the part I think more teams should pay attention to.
Because cybercriminal investigations are not just about punishment. They are about long-term fraud prevention, trust and safety investigations that go deeper than immediate loss prevention, and asking whether companies should rethink how much value there is in pursuing the people behind the fraud instead of only the fraud event itself.
Here is what that cybercriminal investigations mindset means in practice:
- I need to look beyond single incidents and ask whether I am seeing organized fraud rings
- I need fraud case building that connects accounts, orders, devices, and identities over time
- I need law enforcement fraud partnerships when internal investigations reveal broader criminal activity
- I need a fraud deterrence strategy that considers long-term consequences, not just short-term stops
What you’ll hear in this episode:
- Why cybercriminal investigations can create value beyond immediate fraud loss reduction
- How StubHub fraud cases led to deeper fraud ring investigations and real prosecution outcomes
- What post-transaction investigations and internal investigations unit work actually look like
- Why federal law enforcement collaboration matters in large-scale online fraud prosecution
- How long-term fraud prevention gets stronger when criminals face real cybercrime consequences
You should listen to this episode if you:
- Work in fraud, trust and safety, investigations, marketplace risk, or ecommerce operations
- Want to understand how fraud ring investigations can support stronger deterrence
- Are considering post-transaction investigations or building a more mature investigations function
- Need a clearer view of law enforcement fraud partnerships and fraud case building
- Care about marketplace fraud investigations, organized fraud rings, and long-term fraud prevention
If you liked this episode, be sure to subscribe and review the podcast on iTunes, Spotify, YouTube, or wherever you listen to podcasts. It really helps with getting the word out.
Episode notes & key takeaways
This episode is a really good reminder that fraud programs do not have to stop at prevention and loss mitigation. Sometimes the bigger opportunity is in what happens after the fraud attempt, after the account closure, after the refund. Cybercriminal investigations open up a very different layer of value when companies are willing to follow the pattern all the way to the people behind it.
Why cybercriminal investigations matter beyond stopping one transaction
Let’s break this down.
A lot of fraud teams are built to make immediate decisions. Approve. Decline. Review. Refund. Escalate. That makes sense. The volume is high, the pressure is real, and most companies need to contain damage fast. But that operating model also means many organizations never get to the bigger question: who is actually behind this activity, and what happens if we do the work to find out?
That is where cybercriminal investigations change the equation.
Robert and Eric talk through what it looked like when StubHub decided not to stop at transaction-level response. Instead, they built toward fraud ring investigations that tied together accounts, orders, identities, and criminal activity over time. And that matters, because once you move from isolated incidents to organized fraud rings, the strategy shifts. You are no longer just minimizing loss. You are building toward disruption.
That usually creates more value than teams expect.
Because when a company understands how the fraud ring operates, where the ring monetizes, who is connected to whom, and what other criminal activity may be tied to it, the insights go way beyond one case.
- Cybercriminal investigations help companies move from single-event response to broader disruption
- Fraud ring investigations create visibility into repeat offenders and organized activity
- Marketplace fraud investigations become more valuable when the pattern is followed over time
- Long-term fraud prevention improves when companies understand who is behind the attacks
How an internal investigations unit changes what a company can see
Here’s what’s actually happening.
Most online businesses do not have a dedicated internal investigations unit focused on post-transaction investigations. And honestly, that is one reason prolific fraud rings can keep operating longer than they should. If every incident is handled as a separate operational problem, the bigger structure stays hidden.
That is a problem.
What Robert and Eric describe is what becomes possible when a company creates a team whose job is not just to stop the next fraudulent order, but to connect the full story. Which accounts were linked. Which orders were tied together. Which identities were fake. Which real people were behind the screens. That is a very different discipline than queue management.
And this is where things get interesting.
Because trust and safety investigations at that level often uncover a lot more than expected. Not just fraud patterns, but broader criminal ties, operational infrastructure, and links to other forms of abuse. That is one of the clearest benefits of an internal investigations unit. It turns scattered incidents into a real intelligence function.
- An internal investigations unit helps connect what routine fraud operations may miss
- Post-transaction investigations can reveal linked accounts, identities, and criminal infrastructure
- Trust and safety investigations become more strategic when they focus on networks, not only events
- Fraud case building is stronger when investigators have time to follow the pattern, not just clear the queue
Why law enforcement partnerships matter in organized fraud cases
This might not seem like a big deal. But in fraud prevention, it absolutely is.
If a company identifies organized fraud rings but has no path to external action, the deterrence ceiling stays pretty low. Orders get blocked. Accounts get closed. Maybe some losses get reduced. But the people behind the activity often just regroup somewhere else. That usually does not end well.
This is why law enforcement fraud partnerships matter.
Eric brought a law enforcement background into StubHub’s investigations effort, and that perspective helped create a bridge between internal fraud work and federal law enforcement collaboration. That bridge is important because companies can gather a lot of intelligence, but prosecution, arrests, and larger disruption require capabilities that sit outside the business.
Right.
And when those partnerships work, the company benefits too. Not only through cybercrime consequences for the people behind the fraud, but through better deterrence, stronger intelligence, and in some cases restitution from fraud cases that might have otherwise just been written off.
- Law enforcement fraud partnerships help companies turn internal intelligence into external action
- Federal law enforcement collaboration matters when organized fraud rings operate at scale
- Online fraud prosecution can create stronger deterrence than account closures alone
- Restitution from fraud cases is one of several hidden benefits of deeper investigations work
What fraud deterrence really looks like in practice
One of the smartest points in this conversation is that deterrence is not just about making one control a little harder to get around. Real fraud deterrence strategy sometimes means making the environment feel riskier for the criminal, not just safer for the company.
That is a different mindset.
If fraudsters believe the worst outcome is a declined order or a closed account, many of them will just keep going. They will test another card, another identity, another mule address, another account. But when companies build the ability to investigate, refer, and help support prosecution, the cost of doing fraud starts to change.
And that matters.
Because long-term fraud prevention is not only about blocking attacks. It is also about making the platform less attractive to organized abuse in the first place. That is one of the most valuable things cybercriminal investigations can do. They alter the environment, not just the metric.
- Fraud deterrence strategy becomes stronger when criminals face meaningful consequences
- Long-term fraud prevention depends on making abuse more costly, not just less convenient
- Organized fraud rings often respond differently when a company is willing to investigate deeply
- Cybercrime consequences can reduce repeat targeting over time
Why more merchants and marketplaces should reconsider their approach
This is the part I think a lot of leaders should sit with a little longer.
Most merchants and marketplaces have accepted a fairly narrow view of fraud response. Stop the bad order. Reduce the chargeback. Improve the model. Move on. Obviously those things matter. But this episode makes a strong case that companies should at least reconsider whether their current approach leaves too much value on the table.
Because it probably does.
That does not mean every company needs to build a massive investigations department tomorrow. It does mean more teams should ask whether there is room for a more intentional investigations function, especially when they are dealing with repeat offenders, marketplace fraud investigations, or highly coordinated abuse. Even a modest shift toward better fraud case building can create much stronger visibility.
We have seen this playbook before. Fraudsters count on fragmentation. They count on companies being too busy to connect the dots. So when a company starts connecting them anyway, the balance changes.
- Merchants and marketplaces may be underinvesting in deeper investigations and deterrence
- Fraud case building can create value even before a case reaches prosecution
- Marketplace fraud investigations are more effective when repeat activity is connected across time
- Long-term fraud prevention may require more than strong frontline controls
The big takeaway from this episode is pretty straightforward. Cybercriminal investigations are not just about the rare satisfaction of seeing a fraudster face real-world consequences, though obviously that matters too. They are about what companies gain when they stop treating organized fraud as a series of disconnected incidents and start investigating it like the networked criminal activity it often is. Robert Capps and Eric Boles show what becomes possible when trust and safety investigations, post-transaction investigations, and law enforcement fraud partnerships come together. And honestly, it is a strong reminder that deterrence can be a real strategy, not just a nice idea.
