Fraudology Podcast with Karisse Hendrick

Two Victims, One Session: Unmasking the New Age of Account Takeovers & Agentic AI

Feb 24, 2026

A frontline briefing on two clever e-commerce fraud trends that are baffling investigators. One tactic uses long-standing accounts to add a different victim’s payment method. Another involves malware piggybacking on real customer sessions to buy high-value gift cards. The conversation closes with a warning about autonomous shopping bots that mimic humans and the growing challenge of telling agents from people.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

Two Victim Account Takeover Emerges

Fraudsters now perform a Two-Victim ATO by taking over an active e-commerce account then adding a different person's credit card as payment.
This creates two victims: the account owner (legacy/stored value lost) and the cardholder (unauthorized charge and chargeback risk).

INSIGHT

Card On File Protections Shift Fraud To New Cards

Merchants that block use of cards on file (e.g., require CVV) push fraudsters to monetize account legacy by adding new external cards.
Monitoring and flagging changes to payment method on existing accounts is therefore critical to catch this adaptation.

ANECDOTE

Active Accounts Are Being Targeted Not Dormant Ones

A merchant reported that high-frequency active accounts, not dormant ones, are being targeted because fraudulent activity blends into normal transaction history.
The result is account takeovers that evade detection since the traffic pattern matches typical customer behavior.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Fraudology is presented by Sardine. Request a 1:1 product demo at sardine.ai

In this solo episode, Karisse Hendrick checks in from a hotel room in San Diego at the Merchant Advisory Group (MAG) conference to share urgent intelligence from the front lines of e-commerce fraud before the full chaos of conference season begins.

First, Karisse explores two sophisticated new fraud trends that are leaving even seasoned investigators scratching their heads. She breaks down the rise of the "Two-Victim ATO," a unique spin on account takeover where fraudsters leverage the "legacy" and trust of an active account to bypass security, only to hit it with a completely different person's stolen credit card. Then, she dives into a high-tech trend hitting digital gift card retailers: Malware-driven session hijacking. Karisse discusses how fraudsters "piggyback" on a legitimate customer's active session and device to commit a second, high-value theft—making it nearly impossible for traditional fraud systems to flag as a separate entity.

Later in the episode, Karisse discusses the "scary" new frontier of Agentic AI. She shares insights from recent tests by major retailers showing that autonomous shopping bots are beginning to make purchases that are currently indistinguishable from human behavior, creating a massive "Know Your Agent" (KYA) challenge for the industry.

In this episode, we discuss:

The Two-Victim ATO: Why fraudsters are adding new payment methods to active, high-history accounts instead of just using cards on file.
Session Hijacking & Malware: How bad actors are using VPNs and malware to "replay" or continue a legitimate customer's session to buy high-value gift cards.
Agentic AI & KYA: The difficulty in identifying AI-initiated transactions and why current device ID technology can't tell the difference between a human and a bot.
Upcoming Events: Details on the Merchant Advisory Group, and the first annual Merchant Fraud Alliance Conference in Chicago this October.

Fraudology is hosted by Karisse Hendrick, a fraud fighter with decades of experience advising hundreds of the biggest ecommerce companies in the world on fraud, chargebacks, and other forms of abuse impacting a company's bottom line.

Connect with her on LinkedIn

She brings her experience, expertise, and extensive network of experts to this podcast weekly, on Tuesdays.