fraud & risk strategy

strong onboarding.
continuous monitoring.
rapid reaction.

the approach that has held up across wallets, lending, and payments. i build fraud systems around them - starting from the data, ending with closed feedback loops that keep evolving.

8+years in fraud and risk
3domains, zero to one
90%fraud loss reduction
core principles
onboarding is where most fraud is won or lost
Bad actors are easiest to stop before they transact. Risk tiering at signup, device and geo checks, blacklist screening - the work done at the front door means less work everywhere else.
you can only react to what you can see
Before rules, models, and dashboards - the right signals need to flow into one place. Device, location, IP, transaction behaviour. A detection system is only as good as its data layer.
short feedback loops beat perfect systems
No fraud system is ever finished. Build something, measure it, find what it misses, fix it. Confirmed fraud cases should feed back into the model automatically. A system that stops learning goes stale fast - particularly in fraud, where the MO keeps evolving.
track record
fast growth outpaces fraud risk. i've spent my career in that gap - connecting data, operations, and compliance before it becomes a problem.
POPTech
POPTechJun 2025 - Present
fraud and risk manager
Joined with no fraud infrastructure. Built the entire fraud framework end to end: chargeback procedures, investigation SOPs, UPI and RuPay transaction monitoring, cashback and coin fraud detection, Shop order and RTO monitoring, a block management feature, and a full fraud attack mitigation and recovery plan.

On the fraud typology side: identified and stopped ATO attacks by strengthening the SIM binding phase, iterating on friction and checks based on confirmed fraud user behaviour patterns. Caught first party fraud including RuPay card-to-cash abuse (mitigated with velocity checks and friction on refund flows), cashback claim fraud via a tech loophole (fixed with automated alerts), and RTO abuse in Shop (built pattern detectors for order, return, and geography based tracking).

Built an anomaly detection and monitoring layer covering onboarding spikes, transaction pattern deviations, error code shifts, and rewards velocity. When a fraud incident hit, worked with the data team to build a risk scoring model - mapping confirmed fraud user patterns across transaction amount, merchant category, error codes, and failure rates. The model kept evolving as new inputs came in, with a plan to integrate it directly into the rule engine as a live feedback loop. Also implementing an AI typology based pattern detector.

Compliance: built the compliance calendar, liaised with the InfoSec team end to end, and drove audit readiness for NPCI infosec audit, ISO 27001, PCI DSS, SOC 2, and DLSAR.
ATO mitigationfirst party fraudrisk scoring modelanomaly detectionai based pattern detectorNPCIISO 27001PCI DSSSOC 2DLSAR
Kissht
Kissht and RingJun 2023 - Sep 2023
senior, risk and fraud analytics
Added the fraud layer: rebuilt onboarding controls, strengthened name-match algorithm accuracy, built anomaly monitoring dashboards based on hexcodes, and identified and blocked 3 high-fraud geographies. 35% reduction in fraud losses in 3 months. 30% reduction in high-risk signups.
onboarding hardeninggeo-risk blockinganomaly dashboards35% fraud loss reduction
FamPay
FamPayOct 2021 - May 2023
manager, risk and fraud
Inherited raw Slack alerts - fraud patterns visible in location and transaction data. Built the complete fraud framework: rule engine on ClickHouse and Metabase, investigation procedures for every fraud type, chargeback procedures, and anomaly monitoring dashboards across transaction, onboarding, and rewards layers.

Key fraud typologies handled: first party fraud where bad actors used the platform to defraud innocent users, and rewards loophole abuse where gaps in cashback and referral logic were exploited at scale. Built detection and response workflows for both.

Also built the AML blacklist screening service on Whitebook to screen sanctioned individuals at onboarding - the first structured AML layer the product had. Migrated all users to a risk-aware onboarding flow. Established RBI regulatory reporting workflows. 90% reduction in fraud. Rs 5M in rewards abuse prevented.
full fraud frameworkrule engineKYC AML blacklist servicefirst party fraudchargeback proceduresregulatory compliance90% fraud reduction
Empower
Empower RetirementJan 2019 - Sep 2021
analyst, fraud and business intelligence
Detected key fraud patterns through data analysis and built a proof-of-concept model that shifted fraud operations from manual to analytics-driven. Built automated fraud detection that cut manual review time by 90% and improved suspicious transaction identification by 15%.
automation90% manual review reduction
Amazon
AmazonAug 2016 - Dec 2018
investigations specialist, sanctions compliance
Investigated suspicious accounts and trained a 120-member investigations team. Built compliance knowledge infrastructure used across a 200-member team.
sanctions investigationsteam training
models and ai

what i've done.
what i'd do next.

what i've done
fraud risk model built mid-incident
when fraud hit at POPTech, worked with the data team to map every confirmed fraud user's transaction pattern - amount type, merchant category, error codes, failure rates. built a risk score from that dataset. the model kept getting better as new inputs came in, with a plan to wire it into the rule engine as a live feedback loop. i brought the fraud domain insight, the data team built the model.
feature libraries from real signals
built feature sets across velocity checks, device fingerprinting, geo clustering, and error code sequences. these fed both the rule engine and the risk scoring layer at POPTech and FamPay.
rule engine typologies from real patterns
seeded AI vendor typologies from confirmed fraud cases - not hypothetical ones. rules that come from actual data stay accurate longer and generate fewer false positives.
model validation and outcome tracking
tracked TPR, FPR, and analyst workload as indicators of whether a rule or model is doing its job. a rule that blocks everything has perfect recall and terrible precision. both matter.
what i'd build next
dynamic risk scoring
a model that re-scores users continuously as behaviour evolves, not just at onboarding. risk tier gates features and triggers step-up auth in real time. signals: transaction velocity, device consistency, geo behaviour, network graph - who referred them, who they transact with.
network and graph detection for mule networks
users sharing devices, IPs, referral chains, or beneficiary VPAs are hard to catch with rules alone. graph ML can surface connections traditional models miss. something i've been researching and want to bring into practice - relevant for both consumer platforms and merchant onboarding where synthetic or linked entities are the risk.
anomaly explanation for analysts
instead of just flagging - details of the flag: transaction location is 800km from onboarding city, device changed three times in 24 hours, amount pattern matches known ATO sequence. faster investigations, better decisions. this can also be implemented with the same AI tool that handles typologies and fraud pattern detection.
auto-updating rule engine
confirmed fraud cases suggest rule modifications automatically. tighten what is generating false positives. loosen what is missing new patterns. closes the feedback loop without needing a human to review every threshold.
the framework

6-layer
defence system

every layer targets a distinct fraud vector. this is the exact framework being deployed at POPTech right now. click any layer to see the current state and what gets built.
01
onboarding defence
catch bad actors before they transact
+
02
anomaly detection
population-level pattern watching
+
03
transaction monitoring
individual user level, real time
+
04
rewards monitoring
cashbacks, coins, vouchers, referrals
+
05
user safety
screen protection, scam warnings, reporting
+
06
ecommerce fraud
orders, returns, RTO, address clustering
+
how i'd apply this anywhere

phased plan
for any fintech

phase 1 / foundation
fix the data
instrument / unify / enable
instrument SDK - device ID, lat/long, IP, sensors into backend tables
route all signals to a unified source
internal blocklist - phone, device ID, GAID
NPCI MNRL screening at onboarding
geofencing on known fraud clusters
compliance calendar and audit baseline
phase 2 / detection
build detection
score / alert / monitor
rule engine live with first typologies from real patterns
risk scoring at onboarding - gate COD, restrict new user flows
alert triage - P1 auto-block, P2 and P3 review queues
anomaly dashboards live and queryable
transaction monitoring alerts - UPI and RuPay velocity
AML blacklist screening wired into onboarding
phase 3 / scale
automate and scale
automate / calibrate / evolve
block management tool - bulk, section-level, unblock, audit logs
automate fraud model pipeline - no manual data feeds
rewards monitoring automated across cashback, coins, vouchers
ecommerce signals - bulk orders, address clustering, card abuse
confirmed fraud cases feed back into model automatically
SOPs documented, thresholds calibrated, next quarter plan ready
end goal: model runs automatically / ops blocks without engineering / dashboards give comfort
on new domains

the principles
transfer.

Every domain i have worked in was new for me when i joined. Wallets at FamPay, lending at Kissht, UPI and ecommerce at POPTech. The fraud principles held up each time. The domain knowledge came in quick.

The underlying signals are the same - velocity, network clustering, behavioural deviation from a baseline. The risk vectors shift: correspondent banking exposure, jurisdiction-level FATF risk tiers, merchant-level transaction laundering, synthetic merchant onboarding. The detection logic for all of these maps directly to work i have already built at the user and transaction layer.

I work best when there is real ownership and a short feedback loop. Build something, put it in production, measure it, find what it misses, improve it. That cycle is what keeps a fraud system sharp. A fintech that moves fast needs a fraud function that moves with it.
let's talk

i have built fraud and compliance infrastructure from a product angle. i have an AI-assisted eye for noticing patterns and i like solving for them.

emails.sabarish@gmail.com linkedin profile