fraud & risk strategy

strong onboarding.
continuous monitoring.
rapid reaction.

the approach that has held up across wallets, lending, and payments. i build fraud systems around them - starting from the data, ending with closed feedback loops that keep evolving.

8+years in fraud and risk
3domains, zero to one
90%fraud loss reduction
core principles
onboarding is where most fraud is won or lost
Bad actors are easiest to stop before they transact. Risk tiering at signup, device and geo checks, blacklist screening - the work done at the front door means less work everywhere else.
you can only react to what you can see
Before rules, models, and dashboards - the right signals need to flow into one place. Device, location, IP, transaction behaviour. A detection system is only as good as its data layer.
short feedback loops beat perfect systems
No fraud system is ever finished. Build something, measure it, find what it misses, fix it. Confirmed fraud cases should feed back into the model automatically. A system that stops learning goes stale fast - particularly in fraud, where the MO keeps evolving.
track record
fast growth outpaces fraud risk. i've spent my career in that gap - connecting data, operations, and compliance before it becomes a problem.
POPTech
POPTechJun 2025 - Present
fraud and risk manager
ATO mitigation first party fraud NPCI ยท ISO 27001
Built the entire fraud framework end to end: chargeback procedures, investigation SOPs, UPI and RuPay transaction monitoring, cashback and coin fraud detection, Shop order and RTO monitoring, a block management feature, and a fraud attack mitigation and recovery plan.
Built anomaly detection systems, real-time dashboards, and investigation SOPs that eliminated SIM binding fraud, SMS spoofing, referral fraud, and coin farming entirely.
Identified and stopped ATO attacks by strengthening the SIM binding phase - iterating on friction and checks based on confirmed fraud user behaviour patterns.
Caught first party fraud: RuPay card-to-cash abuse (velocity checks and refund friction), cashback claim fraud via tech loophole (automated alerts), and RTO abuse in Shop (pattern detectors for order, return, and geography clustering).
When a fraud incident hit, worked with the data team to build a risk scoring model - mapping confirmed fraud user patterns across transaction amount, merchant category, error codes, and failure rates. Model kept evolving as new inputs came in, with a plan to integrate directly into the rule engine as a live feedback loop.
Implementing an AI typology based pattern detector seeded from confirmed fraud cases.
Compliance: built the compliance calendar, liaised with InfoSec end to end, and drove audit readiness for NPCI, ISO 27001, PCI DSS, SOC 2, and DLSAR - zero lapses.
ATO mitigationfirst party fraudrisk scoring modelanomaly detectionai pattern detectorNPCIISO 27001PCI DSSSOC 2DLSAR
Kissht
Kissht and RingJun 2023 - Sep 2023
senior, risk and fraud analytics
35% fraud reduction geo-risk blocking
Led a team of analysts to build fraud policies and investigation workflows, reducing fraud losses by 35% within 3 months.
Strengthened KYC and onboarding processes and created anomaly monitoring dashboards; identified and blocked 3 high fraud-risk regions, reducing high-risk sign-ups by 30% and boosting credit underwriting compliance by 25%.
Enhanced name-match accuracy by ~5% through algorithm improvements; led inter and intra-user deduplication and blacklisting projects, reducing duplicate accounts by 10%.
onboarding hardeninggeo-risk blockinganomaly dashboards35% fraud loss reduction
FamPay
FamPayOct 2021 - May 2023
manager, risk and fraud
90% fraud reduction AML blacklist
Built the complete fraud framework: rule engine on ClickHouse and Metabase, investigation procedures for every fraud type, chargeback procedures, and anomaly monitoring dashboards across transaction, onboarding, and rewards layers.
Handled first party fraud where bad actors used the platform to defraud innocent users, and rewards loophole abuse where gaps in cashback and referral logic were exploited at scale.
Built the AML blacklist screening service on Whitebook to screen sanctioned individuals at onboarding - first structured AML layer the product had. Established FIU-IND and RBI regulatory reporting workflows.
Migrated all users to a risk-aware onboarding flow. Developed SOPs aligned with KYC and CDD/EDD, resulting in a 40% reduction in case resolution time. ~90% reduction in fraud losses. Rs 5M in rewards abuse prevented.
Launched three fraud-related products working with Engineering, Product, Legal, and Design - resulting in a 30% faster fraud review process.
full fraud frameworkrule engineKYC AML blacklistfirst party fraudregulatory compliance90% fraud reduction
Empower
Empower RetirementJan 2019 - Sep 2021
analyst, fraud and business intelligence
90% manual review reduction
Detected key fraud patterns through data analysis, building a proof-of-concept model that laid the groundwork for shifting fraud operations to an analytics-driven model.
Developed and implemented an automated fraud detection system using Selenium - 90% reduction in manual review time, 15% increase in identification of suspicious transactions.
Led projects to optimise workflows and automate reporting for 5+ departments saving ~100+ hours per week.
automation90% manual review reduction
Amazon
AmazonAug 2016 - Dec 2018
investigations specialist, sanctions compliance
sanctions investigations
Investigated suspicious accounts and trained a 120-member investigations team, enhancing procedures to improve investigation efficiency and consistency.
Built three SharePoint sites for risk assessments, compliance training modules, and reporting surveys, enhancing knowledge sharing across a 200+ member team and improving investigation rates.
sanctions investigationsteam training
the framework

6-layer
defence system

every layer targets a distinct fraud vector. click any layer to see what needs to be built and why.
01
onboarding defence
catch bad actors before they transact
02
anomaly detection
population-level pattern watching
03
transaction monitoring
individual user level, real time
04
rewards monitoring
cashbacks, coins, vouchers, referrals
05
user safety
screen protection, scam warnings, reporting
06
ecommerce fraud
orders, returns, RTO, address clustering
models and ai

what i've done.
what i'd do next.

what i've done
fraud risk model built mid-incident
when fraud hit at POPTech, worked with the data team to map every confirmed fraud user's transaction pattern - amount type, merchant category, error codes, failure rates. built a risk score from that dataset. the model kept getting better as new inputs came in, with a plan to wire it into the rule engine as a live feedback loop. i brought the fraud domain insight, the data team built the model.
risk signals from real data
identified and defined the right signals for detection - velocity, device fingerprinting, geo clustering, error code sequences. these fed both the rule engine and the risk scoring layer at POPTech and FamPay.
rule engine typologies from real patterns
seeded AI vendor typologies from confirmed fraud cases - not hypothetical ones. rules that come from actual data stay accurate longer and generate fewer false positives.
model validation and outcome tracking
tracked TPR, FPR, and analyst workload as indicators of whether a rule or model is doing its job. a rule that blocks everything has perfect recall and terrible precision. both matter.
fraud risk model built mid-incident
when fraud hit at POPTech, worked with the data team to map every confirmed fraud user's transaction pattern - amount type, merchant category, error codes, failure rates. built a risk score from that dataset. the model kept getting better as new inputs came in, with a plan to wire it into the rule engine as a live feedback loop. i brought the fraud domain insight, the data team built the model.
risk signals from real data
identified and defined the right signals for detection - velocity, device fingerprinting, geo clustering, error code sequences. these fed both the rule engine and the risk scoring layer at POPTech and FamPay.
rule engine typologies from real patterns
seeded AI vendor typologies from confirmed fraud cases - not hypothetical ones. rules that come from actual data stay accurate longer and generate fewer false positives.
model validation and outcome tracking
tracked TPR, FPR, and analyst workload as indicators of whether a rule or model is doing its job. a rule that blocks everything has perfect recall and terrible precision. both matter.
what i'd build next
dynamic risk scoring
a model that re-scores users continuously as behaviour evolves, not just at onboarding. risk tier gates features and triggers step-up auth in real time. signals: transaction velocity, device consistency, geo behaviour, network graph - who referred them, who they transact with.
network and graph detection for linked accounts
users sharing devices, IPs, referral chains, or beneficiary VPAs are hard to catch with rules alone. graph ML can surface connections traditional models miss. something i've been researching and want to bring into practice.
anomaly explanation for analysts
instead of just flagging - details of the flag: transaction location is 800km from onboarding city, device changed three times in 24 hours, amount pattern matches known ATO sequence. faster investigations, better decisions.
auto-updating rule engine
confirmed fraud cases suggest rule modifications automatically. tighten what is generating false positives. loosen what is missing new patterns. closes the feedback loop without needing a human to review every threshold.
dynamic risk scoring
a model that re-scores users continuously as behaviour evolves, not just at onboarding. risk tier gates features and triggers step-up auth in real time. signals: transaction velocity, device consistency, geo behaviour, network graph - who referred them, who they transact with.
network and graph detection for linked accounts
users sharing devices, IPs, referral chains, or beneficiary VPAs are hard to catch with rules alone. graph ML can surface connections traditional models miss. something i've been researching and want to bring into practice.
anomaly explanation for analysts
instead of just flagging - details of the flag: transaction location is 800km from onboarding city, device changed three times in 24 hours, amount pattern matches known ATO sequence. faster investigations, better decisions.
auto-updating rule engine
confirmed fraud cases suggest rule modifications automatically. tighten what is generating false positives. loosen what is missing new patterns. closes the feedback loop without needing a human to review every threshold.
how i'd apply this anywhere

phased plan
for any fintech

phase 1 / foundation
enrich data
instrument / unify / enable
instrument SDK - device ID, lat/long, IP into backend tables
route all signals to a unified source
internal blocklist - phone, device ID, GAID
NPCI MNRL screening at onboarding
geofencing on known fraud clusters
compliance calendar and audit baseline
phase 2 / detection
build detection
score / alert / monitor
rule engine live with first typologies from real patterns
risk scoring at onboarding - gate COD, restrict new user flows
alert triage - P1 auto-block, P2 and P3 review queues
anomaly dashboards live and queryable
transaction monitoring - UPI and RuPay velocity
AML blacklist screening wired into onboarding
phase 3 / scale
automate and scale
automate / calibrate / evolve
block management tool - bulk, section-level, unblock, audit logs
automate fraud model pipeline - no manual data feeds
rewards monitoring automated - cashback, coins, vouchers
ecommerce signals - bulk orders, address clustering
confirmed fraud cases feed back into model automatically
SOPs documented, thresholds calibrated
01
enrich data
instrument SDK - device ID, lat/long, IP into backend tables
route all signals to a unified source
internal blocklist - phone, device ID, GAID
NPCI MNRL screening at onboarding
geofencing on known fraud clusters
compliance calendar and audit baseline
02
build detection
rule engine live with first typologies from real patterns
risk scoring at onboarding - gate COD, restrict new user flows
alert triage - P1 auto-block, P2 and P3 review queues
anomaly dashboards live and queryable
transaction monitoring - UPI and RuPay velocity
AML blacklist screening wired into onboarding
03
automate and scale
block management tool - bulk, section-level, unblock, audit logs
automate fraud model pipeline - no manual data feeds
rewards monitoring automated - cashback, coins, vouchers
ecommerce signals - bulk orders, address clustering
confirmed fraud cases feed back into model automatically
SOPs documented, thresholds calibrated
end goal: model runs automatically / ops blocks without engineering / dashboards give comfort
on new domains

the principles
transfer.

Every domain i have worked in was new for me when i joined. Wallets at FamPay, lending at Kissht, UPI and ecommerce at POPTech. The fraud principles held up each time. The domain knowledge came in quick.

The underlying signals are the same - velocity, network clustering, behavioural deviation from a baseline. The risk vectors shift: correspondent banking exposure, jurisdiction-level FATF risk tiers, merchant-level transaction laundering, synthetic merchant onboarding. The detection logic for all of these maps directly to work i have already built at the user and transaction layer.

I work best when there is real ownership and a short feedback loop. Build something, put it in production, measure it, find what it misses, improve it. That cycle is what keeps a fraud system sharp. A fintech that moves fast needs a fraud function that moves with it.
let's talk

i have built fraud and compliance infrastructure from a product angle. i have an AI-assisted eye for noticing patterns and i like solving for them.

emails.sabarish@gmail.com linkedin profile