SardineCon SF/2026

Learn More
The Saturday Fraud Strategist

What AdTech Taught Me About Financial Fraud, with Gilit Saporta

In this episode of The Saturday Fraud Strategist, I talk with Gilit Saporta about ad tech in financial fraud, which sounds very niche until you realize it touches malware, fake traffic, bot detection, consumer abuse, advertising fraud, and a lot of systems quietly pretending they have this handled.

Ad tech fraud is not just “someone clicked a fake ad.” That would almost be simple. What we’re really talking about is a whole ecosystem where fraudsters monetize traffic, hijack devices, manipulate advertising spend, and sometimes pull regular people into the mess without them even knowing it happened.

Gilit brings nearly two decades of fraud-fighting experience across financial services, crypto, e-commerce, and digital advertising, so the conversation gets practical pretty quickly. We look at what makes ad tech in financial fraud different from traditional fraud, where fraud detection is improving, and where systems still fall apart because the context is missing.

And honestly, that’s the part that keeps coming up.

You can have AI fraud prevention. You can have automated fraud detection. You can have dashboards that look very impressive in a board meeting. But if the system can’t tell the difference between a weird but legitimate pattern and an actual fraud signal, now you’ve got a problem. Maybe a very expensive problem.

What you’ll hear in this episode:

  • A step-by-step breakdown of how ad tech fraud works and why it does not behave like traditional financial fraud
  • A practical look at what modern fraud detection is getting right and where it still struggles
  • Why institutions, platforms, and technology teams need to stop treating fraud risk management as someone else’s cleanup job
  • A conversation about AI-powered fraud fighting, automation, accountability, and the uncomfortable gap between speed and judgment
  • How consumers get pulled into device hijacking, malware, scams, fake apps, and fraudulent advertising ecosystems
  • Why better financial fraud prevention depends on context, not just bigger models or faster alerts
  • A discussion about collaboration between fraud teams, trust and safety, researchers, regulators, and the organizations sitting on all the useful data

Who should listen:

  • Fraud professionals and financial institution leaders
  • Risk, compliance, and cybersecurity teams
  • AI, machine learning, and fraud analytics practitioners
  • Trust and safety teams
  • Ad tech, e-commerce, and digital platform leaders
  • Regulators, policy advisors, and industry advocates
  • Anyone trying to understand why fraud keeps finding the cracks between systems

This episode is for people who care about fraud prevention strategies beyond the press release version. Detection matters. Compliance matters. But you’ve got to ask yourself, are we actually preventing harm, or are we just getting better at labeling it after the fact?

Episode notes:

Ad tech in financial fraud has become a very convenient playground for fraudsters. You have money moving through complex advertising systems, traffic that can be faked or manipulated, devices that can be hijacked, and consumers who often have no idea they were part of the operation.

That’s already messy.

Now add AI, automation, bots, fake apps, malware, and advertising networks that were not exactly built for perfect transparency, and the whole thing starts to look less like a simple fraud problem and more like an ecosystem problem.

Gilit and I talk through how organizations are using AI fraud detection, bot detection, advanced fraud analytics, and intelligence sharing to improve prevention. And to be fair, some of this is real progress. I am not here just to complain into the microphone. Mostly.

But there are still major gaps.

AI systems can move fast, but they can also jump to conclusions. They can detect patterns, but they do not always understand why those patterns matter. They can flag anomalies, but without strong fraud investigation workflows and human judgment, you may just end up with very confident confusion.

We also get into the difference between malicious automation, legitimate automation, and wasteful automation. That distinction matters more than people think. If every bot is treated the same, or every strange behavior is treated as fraud, teams create noise. If they ignore the automation problem completely, fraudsters get a very nice invitation.

Not a good look.

The consumer impact is a major part of this conversation. Device hijacking, malware, fraudulent applications, scam-driven advertising, and deceptive ecosystems often hit people who never expected to become victims. And when they do, shame and embarrassment can keep them from reporting it.

Behind the bot traffic, fake installs, automated clicks, and suspicious patterns, there is usually a person somewhere who got exploited, manipulated, or quietly harmed by a system that did not catch the problem early enough.

We also talk about the upcoming Fraud Fighters AI Playbook and what responsible AI adoption should actually look like for fraud teams. Not the shiny version. The operational version. The version where teams have to think about governance, data quality, accountability, fraud prevention technology, investigation workflows, and whether their tools are helping people make better decisions or just giving them more alerts to triage.

Key takeaways:

  • Awareness helps, but awareness is not prevention.
  • Fraud detection needs technology, context, and human judgment working together.
  • AI-powered fraud fighting is only useful when it is supported by strong investigative frameworks.
  • Ad tech in financial fraud creates risk across advertising fraud, identity abuse, malware, consumer protection, and financial services.
  • Organizations need better ways to separate malicious automation from legitimate or simply wasteful automation.
  • Ad fraud detection cannot rely only on faster alerts. It needs better context, better data, and better operational judgment.
  • Fraud teams, trust and safety teams, researchers, regulators, and platforms need to collaborate more directly.
  • The human cost of fraud should not be treated as a side note.

The bigger question is whether organizations are building systems that actually reduce harm, or just systems that explain the harm after it has already happened.

The alternative is accepting fragmented systems, weak accountability, and fraud ecosystems that keep scaling faster than the defenses around them.

That’s not a great plan.

To go deeper, get your copy of The Fraud Fighter’s AI Playbook by Gilit Saporta, Chen Zamir, and Shoshana Maraney on O’Reilly: https://www.oreilly.com/library/view/the-fraud-fighters/9798341660359/


Episode transcript
Chen Zamir
Chen Zamir
00:02
All right. Welcome back, everybody, for another episode of The Saturday Fraud Strategist. And with me today, a very special guest, one that has so much experience in the field of fraud, fraud prevention, and one of the most experienced fraud fighters that I've got to meet throughout my career. I also had the privilege in the last year to be her co-author, writing our upcoming book. We'll talk about it a bit later. Gilit Saporta, it's such a pleasure to have you on the show.
A smiling woman with long brown hair wears a blue-green top.
Gilit Saporta
00:37
It's such a pleasure to be here, Chen. Thank you so much for inviting me. We just realized that you and I go way back, to the point that you still have me saved with my maiden name on your contact list. That's so cool.
Chen Zamir
Chen Zamir
00:51
Yeah, I met Gilit on my first day doing fraud prevention. Well, likely the first day. So that means that we know each other for nearly 17 years now. It's a bit scary to say that, but yeah. Gilit, you've been around, and I'm sure that a lot of the listeners who are listening right now know you either personally, through a conference, or through a podcast. Can you share a bit about who you are and tell us a bit about your career so far, just so we're all on equal ground?
A smiling woman with long brown hair wears a blue-green top.
Gilit Saporta
01:36
So yeah, I've been around, and I was one of the lucky ones to be part of the early days of e-commerce and e-commerce financial crime. Our first opportunity to work together, you and I, was with the reincarnation of my first student job, doing some manual review of credit card payments, mostly for people who were paying for VPN services. Even the ones who were doing so without a stolen credit card back then were probably buying the services to do something nefarious or naughty later on.
Chen Zamir
Chen Zamir
02:30
Not to watch the newest Netflix release.
A smiling woman with long brown hair wears a blue-green top.
Gilit Saporta
02:33
Who knows, who knows? No, Netflix was still a service for shipping DVDs to your home back then. That's how old we are. Do you realize that? So yeah, it was a fun ride and an amazing opportunity to learn about how diverse and creative the human mind can be when it comes to both fraudulent manipulations and just bizarre behaviors that are not fraudulent online. I think that, in a nutshell, characterizes what I do and what I love doing throughout my career. I moved from financial fraud, where you and I met, with PayPal. After nearly a decade with Fraud Sciences, which got acquired by PayPal, I moved into e-commerce with Forter, where I got to be part of the fairly early days of that amazing company. Then I moved into cryptocurrency fraud with Simplex, which got acquired by Nuvei. During the first COVID lockdown in 2020, I moved into DoubleVerify, where I work today as VP of Product for our wonderful Fraud Lab. That gave me the chance to experience both the most sophisticated, targeted version of crypto fraud, where you're targeting one victim in a very spear-phishing kind of way, all the way to bot attacks with DoubleVerify, where we identify massive volumes of events with anomalies in order to help uncover fraud attacks.
Chen Zamir
Chen Zamir
06:26
Yeah, that's amazing. The reason why I was so keen to have you on the show is because you've had such a fascinating journey. When I look at it, I see three things. First, you've spent almost two decades on cutting-edge teams, building cutting-edge technologies. And it's not just one team. You've seen several problems from several different angles over a very extended period of time, always on the forefront, dealing with frontier problems and frontier solutions. Second, you've transitioned from financial fraud and e-commerce fraud into ad tech fraud, which is a space I don't know much about. And third, and this is probably the main reason why I wanted to have you on the show, you've had roles that involved training. That positioned you in a place where you had to think about abstractions, methodologies, and the theory behind fraud and fraud prevention. I thought, who better to talk to about fraud in general, and the differences between financial fraud prevention and ad tech fraud, than Gilit? So I'm super excited to dive into it. Let me start with the first thing that came to mind. I'm not even sure I know what ad tech fraud is. I can imagine, but I can also imagine there are several major typologies. Maybe I know some of them, maybe I don't. Can we start by discussing that and how it's different from financial fraud?
A smiling woman with long brown hair wears a blue-green top.
Gilit Saporta
09:06
Yeah, for sure. I think you and I both share this passion for abstraction, methodologies, and training. It's a great way to help teams and the industry think about the next potential attack and threat we should be looking out for. In ad tech, we define fraud as any kind of manipulation that's out there to monetize and drain the advertising budgets of brands. The largest brands in the world are our clients today, which means I get the fun and very stressful experience of having to explain fraud attacks to brands like Disney and many others. There's a huge sensitivity not just to the financial impact, but also to brand reputation, brand suitability, and brand safety. What does it mean for a large organization to be perceived as monetizing fraud? Or supporting fraud? Or allowing children to be exposed to content they shouldn't be exposed to because some manipulation in the advertising pipeline led them there? We see that all the time. The classic example I provide when I explain what I do is how advertising fuels our digital lives. If you look at the mobile device we all have next to us, there is a lot of technology running both in ways we see and under the hood. Once I became more aware of it through our Fraud Lab, I realized that almost every device has some app running code that may be generating ad calls, whether you see them or not. My dad experienced this all the time. No matter how often I told him not to click suspicious links, he would install all sorts of junk apps. Flashlight apps, for example, even though the phone already has a flashlight. A few days later he'd notice the device heating up, the battery draining quickly, or his data plan disappearing. It was malware producing invisible ads that brands were paying for. That's one example of an ad tech fraud typology. A device hijacking attack. Someone is tricked into installing malware. Advertisers pay substantial amounts to run ads on that device around the clock, and nobody is aware of it. These are the kinds of operations I feel proud about uncovering at scale and helping the industry address, especially when there's a human victim involved. Part of my passion for education, and I think yours as well, comes from the fact that we've seen so many fraud attacks that are technically sophisticated but could have been prevented through public awareness. People shouldn't feel ashamed of being victims. My dad often noticed something was wrong, but he felt embarrassed. We see that in romance scams, ransomware, and countless other fraud schemes. We need to remove the shame element so we can all be safer.
Chen Zamir
Chen Zamir
15:46
It's interesting because I expected you to talk about affiliate fraud and things like that. What I didn't expect was how much ad tech fraud resembles scams. There are elements of social engineering, cybersecurity, malware, and classical fraud prevention because ultimately someone needs to monetize and move the money. That's super interesting. Going back to 2020 and your move into DoubleVerify, I'd assume you came in with a tremendous amount of experience compared to many team members, even if not in the ad tech domain itself. What parts of your experience translated directly into your new role? What frameworks or processes were you able to lift from financial fraud and apply on day one?
A smiling woman with long brown hair wears a blue-green top.
Gilit Saporta
17:54
That's such a great question. First, I was completely overwhelmed by the volume of data and expertise I needed to absorb. Even six years later, I'm still amazed by the researchers here. Their understanding, creativity, and mindset are incredible. It felt like walking into Hogwarts, and I definitely wasn't the wizard in that scenario. The first thing we heavily invested in was collaboration, both within the Fraud Lab and across the broader organization. Fraud fighters naturally gravitate toward each other. That's one reason fraud meetups are so enjoyable. We love sharing analytical riddles and discussing attacks. But if you're talking to sales, commercial teams, or even engineering teams, you can quickly lose people. It's important to connect fraud prevention to human outcomes, like my dad's hijacked phone, but also to business outcomes. What's the financial impact? What does this do to the bottom line? Should you accept more risk to gain more scale? That need for cross-organizational collaboration became a major focus. In fact, Shoshana and I, who is also our co-author on the upcoming book, created a video series on FraudLab.com about translating fraud fighter language into business language that executives can understand.
Chen Zamir
Chen Zamir
21:49
And you think that's easier in financial services because the connection to the bottom line is more obvious?
A smiling woman with long brown hair wears a blue-green top.
Gilit Saporta
22:01
Yes. It's easier when you're in a risk organization that directly measures chargebacks, clawbacks, and financial losses. It's harder when you're in product organizations or ecosystems where scale and bot attacks create more indirect impacts. The second thing that transferred directly was the good story, bad story approach. Whenever we see an anomaly, we ask: What's the most plausible legitimate explanation? And what's the most plausible fraudulent explanation? The ability to ask why is something we still practice every day. In fact, it's one of the biggest challenges for AI agents. Our AI systems tend to jump to conclusions. If they see a traffic spike at 3:00 a.m., they immediately say, "Bot attack." A human analyst would ask, "What if Taylor Swift tickets just went on sale and everyone hit the site at once?" The challenge is teaching AI to consistently generate reasonable human explanations before concluding fraud. You need to hold both possibilities simultaneously.
Chen Zamir
Chen Zamir
26:18
I completely agree. LLMs are incredibly quick to find conspiratorial explanations. I want to double-click on the good story, bad story approach. You're describing it in the context of individual cases, but you work in a Fraud Lab. You're not investigating one case at a time. How does that framework translate into scalable, analytical work?
A smiling woman with long brown hair wears a blue-green top.
Gilit Saporta
27:48
Great question. Our Fraud Lab is somewhat unique because we've automated a lot of the operational work. That allows us to focus on edge-case analytics. You still need automation to process huge volumes of traffic. Whether that's rule engines, machine learning, or AI systems, something has to filter the majority of activity. But I don't believe in one model to rule them all. The attacks targeting senior citizens are different from those targeting gamers, which are different from attacks targeting sports audiences. The patterns vary dramatically. That's why I love the good story, bad story approach. Take a TV generating ads 24 hours a day. One story is that it's a bot attack. Another story is that it's a legitimate display at an airport showing sports programming around the clock. Both explanations fit the data. You need systems capable of distinguishing between them. You can't just say, "24-hour traffic equals fraud." That won't work.
Chen Zamir
Chen Zamir
33:50
How do you actually do that at scale?
A smiling woman with long brown hair wears a blue-green top.
Gilit Saporta
34:35
That's exactly why we need excellent people building these systems. We're like kids in a candy store right now. The challenge isn't access to AI. It's orchestration. We've found success with specialized skills. For example, we have an investigate skill trained to tell good and bad stories. That skill feeds into a detect skill that looks for anomalies and compares them against the outputs of the investigate skill. It's like building with LEGO pieces. You create smaller components and connect them together. One of the motivations behind our book was to show fraud fighters that they can now mix and match capabilities much more easily than before. Even if you're moving from fintech into ad tech, AI can help accelerate the learning process.
Chen Zamir
Chen Zamir
37:59
That's fascinating. We spent years talking about these theories, and suddenly we have tools that can operationalize them. Going back to your first weeks at DoubleVerify, what surprised you? What felt truly novel?
A smiling woman with long brown hair wears a blue-green top.
Gilit Saporta
39:08
I was surprised by the murkiness of the industry. Ad tech is a B2B ecosystem where everyone knows everyone. That was very different from fintech, where many adversaries were anonymous criminals or organized crime groups. In ad tech, you sometimes have companies operating in gray areas. They're not necessarily criminals, but they're serving ads in ways that provide little or no value to advertisers. The industry relies heavily on trust and transparency. That led me to appreciate collaboration in ways I hadn't expected. I never imagined I'd spend part of my job working directly with other fraud labs, such as Roku's, to bring down device hijacking schemes together. That level of cooperation surprised me. It also required learning about legal considerations, business sensitivities, and collaboration across organizations.
Chen Zamir
Chen Zamir
43:34
I don't think I've ever heard of two private companies collaborating to bring down a fraud ring in financial services. How does that work?
A smiling woman with long brown hair wears a blue-green top.
Gilit Saporta
44:14
The regulator plays a major role. The Media Rating Council and organizations like TAG, the Trustworthy Accountability Group, invest heavily in collaboration and education. The goal is to maintain trust in the ecosystem and support a free internet supported by advertising. These groups provide resources, events, and frameworks that help the industry work together. Ad tech is younger than fintech, but in terms of collaboration, I think it's actually more mature.
Chen Zamir
Chen Zamir
46:37
That's amazing. If you returned to financial services tomorrow, what lesson would you bring from ad tech?
A smiling woman with long brown hair wears a blue-green top.
Gilit Saporta
48:06
One major lesson is that bot does not automatically mean fraud. Bots can be shopping assistants, agents, and other forms of automation working on behalf of humans. The challenge is distinguishing malicious bots from legitimate bots. That's something ad tech has spent years refining. We've tried to share many of those ideas in the book.
Chen Zamir
Chen Zamir
50:20
Can you give an example?
A smiling woman with long brown hair wears a blue-green top.
Gilit Saporta
50:57
It becomes almost philosophical. Intent is difficult to measure. We often focus on impact instead. For example, websites today are constantly scraped by bots. Sometimes those bots belong to major AI companies collecting data to train models. Sometimes they're projects built by students. The intent isn't necessarily malicious. But the impact can still be costly. I know of a large e-commerce website that has been scraped continuously for years. It may have started as a school project someone forgot to turn off. But it's still consuming resources and generating costs. That's where I think we all need to become more responsible. Not all bots are malicious, but some are wasteful. And AI has dramatically increased the scale of that problem.
Chen Zamir
Chen Zamir
55:02
That's really interesting. It sounds like we now have a new category that's neither good nor bad, just careless or wasteful.
A smiling woman with long brown hair wears a blue-green top.
Gilit Saporta
55:48
Exactly. And the challenge is scale. One example we discuss in the book involves AI-generated content farms. Some are promoting dropshipping schemes. Others are more dangerous and lead users toward ransomware or other scams. The sophistication isn't always impressive. What's impressive is the volume. That's the challenge we need to solve as an industry.
Chen Zamir
Chen Zamir
59:36
I'm glad you brought up the book. We started writing it about a year ago, and everything has changed since then. The technology, the attacks, the defenses, our understanding of the space. If we started writing it again today, it would be a different book. What made you want to take on such a challenging project?
A smiling woman with long brown hair wears a blue-green top.
Gilit Saporta
61:00
Terrible FOMO. That's the honest answer. Fortunately, O'Reilly has allowed us to keep updating and refining the content until the very last minute. It's daunting to write about a topic moving this quickly. What helped was that you constantly brought us back to frameworks and methodology. I kept showing up with new attacks every week saying, "Put this in the book." You kept saying, "Let's generalize." That balance helped create something more durable. My hope is that readers walk away feeling more confident discussing AI and fraud, regardless of their starting point.
Chen Zamir
Chen Zamir
65:19
I'm curious to see how quickly it ages. One question I ask all guests is this: Leaders know they need to adopt AI. They're being pushed to do it. Where should they start?
A smiling woman with long brown hair wears a blue-green top.
Gilit Saporta
67:13
If your organization is encouraging AI adoption, start by understanding what technology is already integrated into your enterprise environment. What systems already have access to your data? What tools are approved? Our team experimented with everything early on. That was fun, but we also built a lot of things that weren't scalable. Eventually, we rebuilt many of them into workflows where AI could participate across the entire process. From documenting findings in Jira, to accessing data sources, to routing insights to the right business stakeholders. That level of automation requires maturity. A year ago, most organizations didn't have that infrastructure. Today, many do. The key is starting with your existing ecosystem.
Chen Zamir
Chen Zamir
71:19
That's such a good point. Many organizations still think AI is magic. They assume it's plug-and-play. But like any data-driven technology, it depends on the quality and accessibility of your data.
A smiling woman with long brown hair wears a blue-green top.
Gilit Saporta
71:51
And it will lie to your face shamelessly. It will confidently generate information that isn't there. You have to be very careful.
Chen Zamir
Chen Zamir
72:06
Exactly. Gilit, this has been so much fun. Let me summarize some of the key takeaways. Fraud teams often struggle to connect their work directly to business outcomes, even though that connection is critical. We discussed the good story, bad story approach and how AI finally gives us tools to scale that way of thinking. We talked about the importance of granularity rather than trying to build one model that does everything. We discussed how bot detection is no longer about identifying all bots as bad, but rather distinguishing between good, bad, and sometimes simply wasteful automation. And finally, we talked about AI adoption and the importance of getting your data in order before expecting meaningful results.
A smiling woman with long brown hair wears a blue-green top.
Gilit Saporta
74:01
Yeah. It's an inherent challenge. If you're doing a great job in fraud prevention, you're often invisible. It's a bit like parenting teenagers. If everything is working, nobody notices.
Chen Zamir
Chen Zamir
74:16
That's a great description of the catch-22. Gilit, thank you so much for joining me. The Fraud Fighters AI Playbook is either out now or coming very soon. You may still be able to get a free copy from O'Reilly. The link is below. Thank you again for joining me today.
A smiling woman with long brown hair wears a blue-green top.
Gilit Saporta
79:48
Thank you.
Chen Zamir
Chen Zamir
79:50
All the best, and I'll see you all next Saturday.
Host
Chen Zamir
Chen Zamir
Head of Fraud Strategy

Guests

A smiling woman with long brown hair wears a blue-green top.
Gilit Saporta
VP of Product Management, Fraud and Quality at DoubleVerify