A little while ago, I did a podcast with Chris Ward for the CCMA | Contact Centre Management Association (You can find out more info or take a listen here). Part of our conversation was about the role the contact centre has to play in ensuring our organisations and customers stay safe from fraud, all whilst balancing customer experience.

The friction between customer experience and fraud prevention is a recurring theme I see when exploring customer experiences and working with people who are designing out financial crime, all while ensuring regulatory compliance. This friction may seem like a necessary evil, or simply an unintended consequence of keeping fraud at bay, but how our policies are experienced by our customers really matter – and it is often our contact centres that get the brunt of any negative customer feedback.

Recently, I came across an example of how this plays out for genuine customers who are navigating such systems. A friend was trying to book flights to Australia using Avios. They do this every couple of years, saving points deliberately. Rugby League mad, they are travelling to ‘state of origin’ (that will mean something to sporty folk!). This time, they pooled Avios points with a friend to secure the trip.

Outbound flights booked fine with British Airways, but return flights needed via Qatar. Points were transferred from one friend to the other, who then attempted to transfer the points from BA to their Qatar Airlines Privilege account.

Error.

Not once. Not twice. Ten days of error.

Cue hours on the phone to Avios, to British Airways, to Qatar. Different answers every time: “It should resolve in 72 hours.” “It can take up to seven working days.” “Try a different browser.”

None of it worked.

Reddit, however, did.

The consensus from people who had clearly been here before? There appears to be a 14-day hold on newly transferred or pooled Avios before they can be moved to certain partner airlines. Not documented, nor stated in policy, and very much contrary to the public-facing claims on the website that state that transfers are “instant.”

Now, if you work in fraud prevention, you can probably see what’s happening. Avios points are not cuddly loyalty tokens. They are stored value. Stored value attracts fraud. A pattern like this: Recent inbound transfer. Immediate outbound partner transfer. High-value long-haul route. That’s a pattern you’d absolutely build rules around. It looks like a potential account takeover or stolen points being monetised quickly. A 14-day cooling-off period makes operational sense. It allows disputes to surface. It slows down rapid monetisation.

From a security perspective, this is rational. From a customer perspective, it feels like the system is broken. But here’s where it gets interesting – The issue isn’t that a fraud control exists. The issue is that nobody will say it exists, and frontline staff don’t appear to have a clear outcome to communicate. So instead of: “There is a hold following inbound transfers. It will lift on X date.” Customers get: “Keep trying.” “Wait another 72 hours.” “It should be instant.”

That gap, between what the system is doing and what the customer is being told, is where trust starts to erode.

There’s a concept called ‘procedural justice’. People are more likely to accept an unfavourable outcome if they feel the process is fair, consistent and honest. You can tell someone “no” and still retain legitimacy. What people struggle with is uncertainty and contradiction.

In this case, if the customer had been told on day one that “Following a recent transfer, partner redemptions may take up to 14 days to process. Your points will become available on [date].” They might not like it, but they would understand it. Instead, they reverse-engineered the rule on Reddit. Piecing together clues as to when, if at all, they may be able to book their return flight and process their visas.

Here’s the irony that really matters; the reason fraud controls are often kept opaque is to avoid teaching criminals how the system works. That instinct is understandable. If bad actors understand thresholds and triggers, they try to game them. But when legitimate customers are kept in the dark, they crowdsource the answer. They compare notes. They identify patterns. They publish them. Now the 14-day workaround is effectively documented anyway, so the organisation achieves neither goal.

It frustrates customers. It increases the contact centre workload. And it leaks operational patterns through public forums. This is not fraud prevention versus customer service, it’s misalignment. Fraud teams are incentivised to reduce losses. Customer service teams are incentivised to resolve issues and maintain satisfaction. When those two functions aren’t aligned around outcome-level transparency, they undermine each other.

The solution isn’t radical openness. You do not publish your fraud triggers, you do not list your risk scores, and you do not explain exactly which routes are high risk -but you absolutely can communicate outcomes. Security controls introduce friction, friction requires explanation. If you don’t explain it, customers will invent explanations – and those explanations will spread.

There’s also a practical booking risk here. In this case, outbound flights were secured, but the return couldn’t be ticketed due to the hold. That creates stranded itineraries and high-stress situations (oh and the £50 charge to transfer was not held for 14 days, that was taken instantly – so perhaps the original claim was partly true). A simple system warning in the booking flow, “recent inbound transfers may delay partner bookings”, would prevent that scenario entirely by allowing passengers to plan accordingly.

This isn’t about Avios, it’s about legitimacy.

Fraud prevention is not just about stopping criminals. It’s about maintaining confidence in the system. When customers believe the process is coherent and predictable, they comply. When they feel misled, they escalate, complain and document everything publicly.

The lesson here is this: security without clarity breeds resentment, clarity without security breeds loss -The work is in designing both together. The smartest fraud strategies aren’t just technically robust, they are honest about the friction they create.