The three stages of dealing with fraud are:
Pre-active steps are how we try to identify fraudsters before they make an attack. This is difficult because, often, until the moment of attack, fraudsters look like every other customer.
Reactive steps are those that are focussed on recovery. Civil recovery is hampered, compared to criminal investigations, but if a victim is fast enough, or persistent enough, recoveries do happen. It will almost always start with an internal investigation which may be considered hostile (but should avoid aggressive) because, as dozens of reports say, 80% of fraud against companies includes inside involvement.
Consequential matters are identifying the reasons that the fraud was not identified and stopped, blocking those access points and using that case as a model to develop techniques for identifying other weaknesses. This, whether or not we like it, is an internal investigation, not looking for scapegoats but looking for information.
It also includes recovery.