Pre-auth vs post-auth fraud: Doriel Abrahams on smarter fraud timing and 3DS strategy
Today we are talking about pre-auth vs post-auth fraud and one of the questions fraud teams wrestle with all the time: where in the transaction flow should you make your most important risk decisions?
I sat down again with Doriel Abrahams, Head of Risk for Forter US, to answer listener questions after his last appearance on Fraudology. And this conversation gets into some of the issues fraud fighters care about most, including the tradeoffs between pre-auth fraud screening and post-auth fraud detection, the real costs and benefits of different 3D Secure strategy decisions, and how to think through fraud signals when a case does not fit the usual pattern.
What I like about this episode is that it does not pretend there is one universal answer. The right payment fraud strategy depends on what you are optimizing for, what market you are in, how your issuer relationships work, and how much visibility you have before and after bank authorization. That is the reality most fraud teams are dealing with, and it is why these questions matter so much.
And that matters.
Because pre-auth vs post-auth fraud is not just a tactical decision. It affects approvals, chargebacks, customer experience, fraud prevention workflow, and how quickly teams can recognize new attack patterns. This episode is about thinking more strategically about fraud authorization timing instead of defaulting to whatever setup has always been in place.
What you’ll hear in this episode:
- The benefits and risks of pre-auth fraud screening compared to post-auth fraud detection
- Why fraud authorization timing affects approvals, losses, and customer experience
- How dynamic 3DS can help balance risk and conversion in the US and other global 3DS markets
- What companies often miss about chargeback liability shift and chargeback monitoring programs
- How fraud signal analysis helps solve unusual fraud cases when intent is not obvious
You should listen to this episode if you:
- Lead fraud, payments, or risk teams and want a sharper view of pre-auth vs post-auth fraud
- Are evaluating a 3D Secure strategy and need a more practical framework
- Care about false approval risks, chargeback exposure, and bank authorization fraud
- Want stronger ecommerce risk management tied to real fraud prevention workflow decisions
- Learn best through fraud case studies and real-world signal analysis
If you liked this episode, be sure to subscribe and review the podcast on iTunes, Spotify, YouTube, or wherever you listen to podcasts. It really helps with getting the word out.
Episode notes & key takeaways
Why pre-auth vs post-auth fraud is really about tradeoffs
Let’s break this down.
One of the biggest takeaways from this conversation is that pre-auth vs post-auth fraud is not a question with one clean answer. It is a strategy decision built around tradeoffs. Pre-auth fraud screening can help stop risky transactions before they ever hit the issuer, which may reduce certain types of fraud exposure and protect authorization performance. But it can also mean turning away good orders earlier if your screening is too aggressive.
Post-auth fraud detection can give teams more information, including issuer response signals, but that later timing can come with its own costs. If the fraud is already through the bank authorization step, the business may be exposed to additional risk, operational complexity, or false approval risks that are harder to unwind. That is why fraud authorization timing has to be aligned to business goals, risk appetite, and the types of attacks a company actually sees.
Here is what is actually changing:
- Pre-auth fraud screening can reduce some risk earlier but may add friction if tuned poorly
- Post-auth fraud detection can offer more visibility but may come later than teams want
- Fraud authorization timing should be based on business goals, not habit
- Payment fraud strategy gets stronger when teams understand the tradeoffs clearly
Why 3D Secure strategy needs to be more dynamic
Here’s what’s actually happening.
3D Secure is one of those areas where teams can get pulled toward simplistic thinking. Either it is the answer or it is the problem. In reality, a good 3D Secure strategy is usually much more nuanced than that. Doriel talks through both the benefits and the risks, including the expensive downside of approving fraudulent orders, diluting the brand experience, or still ending up in chargeback monitoring programs even when liability technically shifts.
That is why dynamic 3DS matters. The goal is not to force every transaction through the same path. The goal is to apply the control strategically based on context, market, and risk. That is especially important across global 3DS markets like Europe, India, and Australia, where customer expectations, regulation, and issuer behavior can be very different from the US.
- Dynamic 3DS is often more effective than applying 3DS the same way to every transaction
- Chargeback liability shift does not remove all business risk
- A poor 3D Secure strategy can still create false approval risks and customer friction
- Global 3DS markets require different assumptions than many US-based teams expect
Why unusual fraud cases still teach the best lessons
This is one of my favorite parts of the episode.
Doriel was asked to share one of his case studies, and what stands out is how valuable fraud case studies can be when the signals are not obvious at first. Some fraud patterns are easy to label. Others are much messier. The intent is unclear. The activity does not fully fit a known scheme. And the team has to work from scattered clues until the picture becomes clear.
That is where strong fraud signal analysis matters so much. Great fraud teams do not just wait for perfect certainty. They learn how to interpret anomalies, connect signals, and keep digging when something feels off. Those are often the moments that reveal a larger issue, a new tactic, or a blind spot in the current fraud prevention workflow.
- Fraud case studies help teams learn how to interpret ambiguity, not just obvious attacks
- Fraud signal analysis is critical when intent is unclear or patterns are incomplete
- Unusual cases often reveal gaps in current fraud prevention workflow
- Strong ecommerce risk management depends on teams that know how to investigate beyond the obvious
Why vendor and platform questions still matter
Another useful part of this conversation is the direct question Doriel gets about whether Forter has changed over the last few years and how it differs from others in the space. I always appreciate when listeners ask those kinds of questions because fraud teams need more honest conversations about what has changed, what has improved, and what actually makes one approach different from another.
That matters because fraud tools do not exist in a vacuum. The way providers evolve, respond to market changes, and support customer goals affects real outcomes. Whether you are evaluating pre-auth fraud screening, post-auth fraud detection, or a broader payment fraud strategy, asking sharper questions is part of doing the job well.
- Fraud teams should ask direct questions about how providers have evolved
- Better vendor conversations can improve fraud prevention workflow decisions
- Ecommerce risk management depends on tools that fit the company’s actual goals
- Stronger strategy comes from better questions, not just more features
The big takeaway from this episode is pretty simple. Pre-auth vs post-auth fraud is not about picking one side and calling it done. It is about understanding timing, context, tradeoffs, and how each decision affects fraud, approvals, chargebacks, and customer experience. Doriel brings a practical lens to all of it, and that is exactly why this episode is worth a listen.
