Interview: Redefining fraud prevention – insights from a former insider

Share this post

Tony Sales, a former fraudster turned fraud prevention specialist and co-founder of WeFightFraud, shares his perspective on effective strategies and technologies businesses can use to protect against evolving threats.

What are the most effective strategies and technologies businesses should adopt to combat fraud today?

Tony Sales advocates a layered approach to fraud prevention, cautioning businesses against relying on a single solution. He points out that businesses often do not fully understand the technologies they adopt, which are generally sold to them based on salespeople’s perspective. He remarks, “We often accept tech solutions without truly understanding what they do or how they operate. Usually, we get an introduction from a salesperson whose main aim is to sell us their product from their own point of view.”

He stresses the importance of using multiple solutions together, likening it to the necessity of having various tools in construction. “I don’t know any companies on the planet using tech that will tell you they have just one solution that solves everything. When solutions work together, they can significantly reduce fraud.”

Furthermore, Sales underscores the need to tailor fraud prevention strategies to each business’s specific threats. This customisation should always include a human element to complement the technological measures. He explains, “Each business faces different threat levels, so it’s essential to understand these differences and always incorporate a human factor. We can’t ignore the human element; it’s very important.”

How have fraud tactics evolved with the advent of new technologies and digital platforms? Can you provide examples of recent trends you’ve observed?

Tony Sales highlights the influential role of new technologies like artificial intelligence (AI), which, although not as significant a threat currently as some might suggest, holds the potential for more complex fraud schemes in the future. He remarks, “Everyone’s talking about AI and how dangerous it is and all the threat factors that come with it… But, you know, the reality is that’s just one threat out there that’s probably not that big at the moment. It could be massive in the future, but at present, it’s definitely not as bad as what everyone’s making out.”

Sales also highlights the increasing issue of mobile fraud, noting the frequent thefts of mobile devices, which can lead to greater vulnerabilities. “Apparently, there’s a phone stolen in London every 10 minutes… How many of those phones are unlocked and instantly losing loads of different ways through all different types of payment gateways?” he explains, stressing the urgency of addressing these security vulnerabilities.

Further, he discusses the risks posed by the spoofing of biometric data, where fraudsters mimic biometric identifiers to bypass security measures. The complexity of fraud tactics is also amplified by social engineering, which Sales describes as a significant and ongoing threat. “It becomes harder for social engineers firstly to be able to socially engineer the victims that they do en masse,” he explains, indicating the adaptive nature of fraudsters as they exploit both new technology and human psychology.

How important is public education on fraud awareness, and what role should industry leaders play in educating consumers about fraud?

Tony Sales stresses the importance of public education in the fight against fraud, highlighting how it equips people to identify and avoid scams. He underscores the importance of such awareness, explaining, “I think it’s absolutely a massive part of being able to prevent it because you need to be able to make people aware of the pitfalls and the things that can happen. They’re much less likely to get caught in a scam.”

Sales also stresses the strategic position of industry leaders, who have access to extensive data about emerging threats and can effectively guide the public and smaller businesses. He notes the benefits of educating people on common fraud tactics, saying, “Once they realise that this is similar to familiar behaviour, stuff that they know, stuff that they’ve seen, it becomes harder for social engineers to manipulate victims.”

He also stresses the importance of keeping educational materials up to date, especially in response to new technologies like AI and biometric spoofing, which continuously reshape the threat landscape.

Sales also stresses the critical nature of raising fraud awareness to prevent significant financial losses: “If people are unaware, they might just write off major fraud as a minor scam, not realising that a single incident can involve significant sums, sometimes as much as half a million quid, as we’ve seen.”

What emerging threats should businesses and consumers be most aware of in the next five years?

Tony Sales highlights a critical shift in the fraud landscape as technological advancements continue to shape criminal tactics. He particularly notes the increasing sophistication of attacks that are tailored to exploit our growing reliance on digital devices. He discusses the evolution of these tactics, stating, People sending links and stuff. I guess as delivery mechanisms get better and as we become more reliant upon devices, more device-specific stuff will happen.” This observation underscores the urgent need for businesses to continually refine their security protocols and for consumers to remain vigilant about the links they click and the apps they download.

Expanding on this point, Sales mentions that as technology progresses, so does fraudsters’ ingenuity in crafting attacks that are harder to detect and more damaging. The increasing use of mobile devices not only for personal communication but also for business transactions presents a lucrative target for criminals, who are quick to exploit any security lapses.

Furthermore, Sales touches on the broader impact of these developments. As digital platforms become more integral to our everyday lives, the potential for significant disruptions caused by fraud increases. This necessitates a robust and adaptive response from both the private sector and regulatory bodies to mitigate risks and protect consumers.

Reflecting on your journey from committing fraud to preventing it, what are the key lessons you wish to pass on to others in the industry or the general public?

Tony Sales delves deeply into his past as a fraudster and his current role as a fraud prevention expert, highlighting the profound lessons learned along the way. He explains the crucial importance of genuinely understanding fraudsters to combat fraud effectively. “You have to understand the adversaries that you’re after. People often say that they try to think like fraudsters, and I’ve forevermore said that it’s not something I believe is possible unless you’ve actually lived it.” 

He adds, “Go up against people who don’t care. They have no moral compass. They’re probably like that because of things that have happened to them. They’re locked in whatever they’re doing, and they’ll continue to do it forevermore.” This deep insight into fraudsters’ psychology is critical for anticipating their moves and preparing robust defences.

Moreover, Sales underlines the pivotal role of awareness and education in fraud prevention. “Understanding them and how they may attack a business or a consumer again comes back to awareness… and I believe that is the strongest form of defence we’ve all got.” He advocates for equipping the public and professionals with as much information as possible to defend against any attack, be it digital, physical, or via social engineering.

Payments Review Summer 2024
Read the entire Payments Review Summer edition here

More To Explore


Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Member of The Payments Association? Log in to continue reading

Subscribe to continue reading

Already a subscriber? Please log in to continue

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?